diff --git a/.changelog/3013.txt b/.changelog/3013.txt
new file mode 100644
index 000000000..b1f54dc22
--- /dev/null
+++ b/.changelog/3013.txt
@@ -0,0 +1,3 @@
+```release-note:REPLACEME
+
+```
diff --git a/.changelog/3021.txt b/.changelog/3021.txt
new file mode 100644
index 000000000..b1f54dc22
--- /dev/null
+++ b/.changelog/3021.txt
@@ -0,0 +1,3 @@
+```release-note:REPLACEME
+
+```
diff --git a/.changelog/3022.txt b/.changelog/3022.txt
new file mode 100644
index 000000000..b1f54dc22
--- /dev/null
+++ b/.changelog/3022.txt
@@ -0,0 +1,3 @@
+```release-note:REPLACEME
+
+```
diff --git a/.changelog/3026.txt b/.changelog/3026.txt
new file mode 100644
index 000000000..4b0657725
--- /dev/null
+++ b/.changelog/3026.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dns: `google_dns_managed_zone` added support for Non-RFC1918 fields for reverse lookup and fowarding paths.
+```
diff --git a/.changelog/3029.txt b/.changelog/3029.txt
new file mode 100644
index 000000000..b1f54dc22
--- /dev/null
+++ b/.changelog/3029.txt
@@ -0,0 +1,3 @@
+```release-note:REPLACEME
+
+```
diff --git a/.changelog/3031.txt b/.changelog/3031.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/.changelog/3033.txt b/.changelog/3033.txt
new file mode 100644
index 000000000..0b90930cc
--- /dev/null
+++ b/.changelog/3033.txt
@@ -0,0 +1,9 @@
+```release-note:breakingchange
+compute: Added conditional requirement of `google_compute_**region**_backend_service` `backend.capacity_scaler` to no longer accept the API default if not INTERNAL. Non-INTERNAL backend services must now specify `capacity_scaler` explicitly and have a total capacity greater than 0. In addition, API default of 1.0 must now be explicitly set and will be treated as nil or zero if not set in config.
+```
+```release-note:bug
+compute: Fixed `google_compute_**region**_backend_service` so it no longer has a permadiff if `backend.capacity_scaler` is unset in config by requiring capacity scaler.
+```
+```release-note:bug
+compute: Fixed `backend.capacity_scaler` to actually set zero (0.0) value.
+```
diff --git a/.rubocop.yml b/.rubocop.yml
index 3a447792f..c6a829150 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -59,7 +59,8 @@ Style/AndOr:
Style/Not:
Enabled: false
Naming/FileName:
- Enabled: false
+ Enabled: true
+ Regex: !ruby/regexp '/^.{3,100}$/'
Style/TrailingCommaInArrayLiteral:
EnforcedStyleForMultiline: comma
Style/TrailingCommaInHashLiteral:
diff --git a/Gemfile b/Gemfile
index 53e84ee64..019e07c3b 100644
--- a/Gemfile
+++ b/Gemfile
@@ -7,7 +7,7 @@ gem 'google-cloud'
gem 'googleauth'
gem 'inifile'
gem 'inspec-bin', '4.16.0'
-gem 'rubocop'
+gem 'rubocop', '>= 0.77.0'
group :development do
gem 'github_changelog_generator'
diff --git a/README.md b/README.md
index 6620378ec..7e9a8ca0f 100644
--- a/README.md
+++ b/README.md
@@ -392,6 +392,10 @@ Changed Quota:
Sometimes there can be occasional errors when performing the cleanup rake task. This happens when resources are already deleted and can be ignored.
+## Upgrading to version 1.0
+
+A guide on upgrading to version 1.0 can be found [here](docs/version_1_upgrade.md)
+
## Support
The InSpec GCP resources are community supported. For bugs and features, please open a github issue and label it appropriately.
diff --git a/Rakefile b/Rakefile
index 2d5bdbf67..777515c3b 100644
--- a/Rakefile
+++ b/Rakefile
@@ -47,16 +47,12 @@ namespace :test do
sh(cmd)
end
- task :generate_integration_test_variables do
+ task :plan_integration_tests, [:seed] do |t, args|
puts "----> Generating terraform and inspec variable files"
- #p GCPInspecConfig.config[:gcp_project_id]
- GCPInspecConfig.store_json(variable_file_name)
- GCPInspecConfig.store_yaml(profile_attributes)
- end
-
- task :plan_integration_tests do
-
- Rake::Task["test:generate_integration_test_variables"].execute
+ puts "Seeding random suffixes with: #{args.seed}" unless args.seed.nil?
+ config = GCPInspecConfig::Config.new(args.seed)
+ config.store_json(variable_file_name)
+ config.store_yaml(profile_attributes)
puts "----> Setup"
# Create the plan that can be applied to GCP
diff --git a/docs/resources/google_access_context_manager_service_perimeter.md b/docs/resources/google_access_context_manager_service_perimeter.md
index c87aba6ef..dd8496103 100644
--- a/docs/resources/google_access_context_manager_service_perimeter.md
+++ b/docs/resources/google_access_context_manager_service_perimeter.md
@@ -42,6 +42,12 @@ Properties that can be accessed from the `google_access_context_manager_service_
* `restricted_services`: GCP services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.
+ * `vpc_accessible_services`: Specifies how APIs are allowed to communicate within the Service Perimeter.
+
+ * `enable_restriction`: Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowedServices'.
+
+ * `allowed_services`: The list of APIs usable within the Service Perimeter. Must be empty unless `enableRestriction` is True.
+
* `parent`: The AccessPolicy this ServicePerimeter lives in. Format: accessPolicies/{policy_id}
* `name`: Resource name for the ServicePerimeter. The short_name component must begin with a letter and only include alphanumeric and '_'. Format: accessPolicies/{policy_id}/servicePerimeters/{short_name}
diff --git a/docs/resources/google_cloud_scheduler_job.md b/docs/resources/google_cloud_scheduler_job.md
index 7fc253b13..0ed258313 100644
--- a/docs/resources/google_cloud_scheduler_job.md
+++ b/docs/resources/google_cloud_scheduler_job.md
@@ -31,6 +31,8 @@ Properties that can be accessed from the `google_cloud_scheduler_job` resource:
* `time_zone`: Specifies the time zone to be used in interpreting schedule. The value of this field must be a time zone name from the tz database.
+ * `attempt_deadline`: The deadline for job attempts. If the request handler does not respond by this deadline then the request is cancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in execution logs. Cloud Scheduler will retry the job according to the RetryConfig. The allowed duration for this deadline is: * For HTTP targets, between 15 seconds and 30 minutes. * For App Engine HTTP targets, between 15 seconds and 24 hours. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s"
+
* `retry_config`: By default, if a job does not complete successfully, meaning that an acknowledgement is not received from the handler, then it will be retried with exponential backoff according to the settings
* `retry_count`: The number of attempts that the system will make to run a job using the exponential backoff procedure described by maxDoublings. Values greater than 5 and negative values are not allowed.
@@ -45,7 +47,7 @@ Properties that can be accessed from the `google_cloud_scheduler_job` resource:
* `pubsub_target`: Pub/Sub target If the job providers a Pub/Sub target the cron will publish a message to the provided topic
- * `topic_name`: The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by PubSub's PublishRequest.name, for example projects/PROJECT_ID/topics/TOPIC_ID.
+ * `topic_name`: The full resource name for the Cloud Pub/Sub topic to which messages will be published when a job is delivered. ~>**NOTE**: The topic name must be in the same format as required by PubSub's PublishRequest.name, e.g. `projects/my-project/topics/my-topic`.
* `data`: The message payload for PubsubMessage. Pubsub message must contain either non-empty data, or at least one attribute.
diff --git a/docs/resources/google_cloud_scheduler_jobs.md b/docs/resources/google_cloud_scheduler_jobs.md
index d420a6a3c..e4326bd93 100644
--- a/docs/resources/google_cloud_scheduler_jobs.md
+++ b/docs/resources/google_cloud_scheduler_jobs.md
@@ -29,6 +29,7 @@ See [google_cloud_scheduler_job.md](google_cloud_scheduler_job.md) for more deta
* `descriptions`: an array of `google_cloud_scheduler_job` description
* `schedules`: an array of `google_cloud_scheduler_job` schedule
* `time_zones`: an array of `google_cloud_scheduler_job` time_zone
+ * `attempt_deadlines`: an array of `google_cloud_scheduler_job` attempt_deadline
* `retry_configs`: an array of `google_cloud_scheduler_job` retry_config
* `pubsub_targets`: an array of `google_cloud_scheduler_job` pubsub_target
* `app_engine_http_targets`: an array of `google_cloud_scheduler_job` app_engine_http_target
diff --git a/docs/resources/google_cloudbuild_trigger.md b/docs/resources/google_cloudbuild_trigger.md
index 8596b8c76..3246ed5c0 100644
--- a/docs/resources/google_cloudbuild_trigger.md
+++ b/docs/resources/google_cloudbuild_trigger.md
@@ -40,9 +40,9 @@ Properties that can be accessed from the `google_cloudbuild_trigger` resource:
* `filename`: Path, from the source root, to a file whose contents is used for the template. Either a filename or build template must be provided.
- * `ignored_files`: ignoredFiles and includedFiles are file glob matches using http://godoc/pkg/path/filepath#Match extended with support for `**`. If ignoredFiles and changed files are both empty, then they are not used to determine whether or not to trigger a build. If ignoredFiles is not empty, then we ignore any files that match any of the ignored_file globs. If the change has no files that are outside of the ignoredFiles globs, then we do not trigger a build.
+ * `ignored_files`: ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match extended with support for `**`. If ignoredFiles and changed files are both empty, then they are not used to determine whether or not to trigger a build. If ignoredFiles is not empty, then we ignore any files that match any of the ignored_file globs. If the change has no files that are outside of the ignoredFiles globs, then we do not trigger a build.
- * `included_files`: ignoredFiles and includedFiles are file glob matches using http://godoc/pkg/path/filepath#Match extended with support for `**`. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is empty, then as far as this filter is concerned, we should trigger the build. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is not empty, then we make sure that at least one of those files matches a includedFiles glob. If not, then we do not trigger a build.
+ * `included_files`: ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match extended with support for `**`. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is empty, then as far as this filter is concerned, we should trigger the build. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is not empty, then we make sure that at least one of those files matches a includedFiles glob. If not, then we do not trigger a build.
* `trigger_template`: Template describing the types of source changes to trigger a build. Branch and tag names in trigger templates are interpreted as regular expressions. Any branch or tag change that matches that regular expression will trigger a build.
@@ -58,13 +58,31 @@ Properties that can be accessed from the `google_cloudbuild_trigger` resource:
* `commit_sha`: Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.
+ * `github`: (Beta only) Describes the configuration of a trigger that creates a build whenever a GitHub event is received.
+
+ * `owner`: Owner of the repository. For example: The owner for https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform".
+
+ * `name`: Name of the repository. For example: The name for https://github.com/googlecloudplatform/cloud-builders is "cloud-builders".
+
+ * `pull_request`: filter to match changes in pull requests. Specify only one of pullRequest or push.
+
+ * `branch`: Regex of branches to match.
+
+ * `comment_control`: Whether to block builds on a "/gcbrun" comment from a repository owner or collaborator.
+
+ * `push`: filter to match changes in refs, like branches or tags. Specify only one of pullRequest or push.
+
+ * `branch`: Regex of branches to match. Specify only one of branch or tag.
+
+ * `tag`: Regex of tags to match. Specify only one of branch or tag.
+
* `build`: Contents of the build template. Either a filename or build template must be provided.
* `tags`: Tags for annotation of a Build. These are not docker tags.
* `images`: A list of images to be pushed upon the successful completion of all build steps. The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build status is marked FAILURE.
- * `timeout`: Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. The expected format is the number of seconds followed by s. Default time is ten minutes (600s).
+ * `timeout`: Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. The expected format is the number of seconds followed by s. Default time is ten minutes (600s).
* `steps`: The operations to be performed on the workspace.
diff --git a/docs/resources/google_cloudbuild_triggers.md b/docs/resources/google_cloudbuild_triggers.md
index a1080c56e..626807ee5 100644
--- a/docs/resources/google_cloudbuild_triggers.md
+++ b/docs/resources/google_cloudbuild_triggers.md
@@ -36,6 +36,7 @@ See [google_cloudbuild_trigger.md](google_cloudbuild_trigger.md) for more detail
* `ignored_files`: an array of `google_cloudbuild_trigger` ignored_files
* `included_files`: an array of `google_cloudbuild_trigger` included_files
* `trigger_templates`: an array of `google_cloudbuild_trigger` trigger_template
+ * `githubs`: (Beta only) an array of `google_cloudbuild_trigger` github
* `builds`: an array of `google_cloudbuild_trigger` build
## Filter Criteria
diff --git a/docs/resources/google_compute_address.md b/docs/resources/google_compute_address.md
index 229de0c03..0480f4563 100644
--- a/docs/resources/google_compute_address.md
+++ b/docs/resources/google_compute_address.md
@@ -1,29 +1,28 @@
---
-title: About the google_compute_address Resource
+title: About the google_compute_address resource
platform: gcp
---
-# google\_compute\_address
-
-Use the `google_compute_address` InSpec audit resource to test properties of a single GCP compute address.
-
-
-
## Syntax
+A `google_compute_address` is used to test a Google Address resource
-A `google_compute_address` resource block declares the tests for a single GCP compute address by project, region and name.
-
- describe google_compute_address(project: 'chef-inspec-gcp', location: 'europe-west2', name: 'compute-address') do
- it { should exist }
- its('name') { should eq 'compute-address' }
- its('region') { should match 'europe-west2' }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_address(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'inspec-gcp-global-address') do
+ it { should exist }
+ its('address') { should eq '10.2.0.3' }
+ its('address_type') { should eq 'INTERNAL' }
+ its('user_count') { should eq 0 }
+end
+
+describe google_compute_address(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP compute address IP exists
@@ -49,15 +48,40 @@ The following examples show how to use this InSpec audit resource.
its('user_resource_name') { should eq "gcp_ext_vm_name" }
end
-
## Properties
+Properties that can be accessed from the `google_compute_address` resource:
+
+
+ * `address`: The static external IP address represented by this resource. Only IPv4 is supported. An address may only be specified for INTERNAL address types. The IP address must be inside the specified subnetwork, if any.
+
+ * `address_type`: The type of address to reserve, either INTERNAL or EXTERNAL. If unspecified, defaults to EXTERNAL.
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+ * `description`: An optional description of this resource.
+
+ * `id`: The unique identifier for the resource.
+
+ * `name`: Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+ * `purpose`: The purpose of this resource, which can be one of the following values: - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, internal load balancers, and similar resources. This should only be set when using an Internal address.
+
+ * `network_tier`: The networking tier used for configuring this address. This field can take the following values: PREMIUM or STANDARD. If this field is not specified, it is assumed to be PREMIUM.
+
+ * `subnetwork`: The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes.
+
+ * `users`: The URLs of the resources that are using this address.
+
+ * `labels`: (Beta only) Labels to apply to this address. A list of key->value pairs.
+
+ * `label_fingerprint`: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates.
-* `address`, `creation_timestamp`, `description`, `id`, `kind`, `name`, `region`, `status`, `users`
+ * `status`: The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. An address that is RESERVING is currently in the process of being reserved. A RESERVED address is currently reserved and available to use. An IN_USE address is currently being used by another resource and is not available.
-
+ * `region`: URL of the region where the regional address resides. This field is not applicable to global addresses.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_addresses.md b/docs/resources/google_compute_addresses.md
new file mode 100644
index 000000000..40f6a96b3
--- /dev/null
+++ b/docs/resources/google_compute_addresses.md
@@ -0,0 +1,46 @@
+---
+title: About the google_compute_addresses resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_addresses` is used to test a Google Address resource
+
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
+## Examples
+```
+describe google_compute_addresses(project: 'chef-gcp-inspec', location: 'europe-west2') do
+ its('addresses') { should include '10.2.0.3' }
+ its('names') { should include 'inspec-gcp-global-address' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_addresses` resource:
+
+See [google_compute_address.md](google_compute_address.md) for more detailed information
+ * `addresses`: an array of `google_compute_address` address
+ * `address_types`: an array of `google_compute_address` address_type
+ * `creation_timestamps`: an array of `google_compute_address` creation_timestamp
+ * `descriptions`: an array of `google_compute_address` description
+ * `ids`: an array of `google_compute_address` id
+ * `names`: an array of `google_compute_address` name
+ * `purposes`: an array of `google_compute_address` purpose
+ * `network_tiers`: an array of `google_compute_address` network_tier
+ * `subnetworks`: an array of `google_compute_address` subnetwork
+ * `users`: an array of `google_compute_address` users
+ * `labels`: (Beta only) an array of `google_compute_address` labels
+ * `label_fingerprints`: (Beta only) an array of `google_compute_address` label_fingerprint
+ * `statuses`: an array of `google_compute_address` status
+ * `regions`: an array of `google_compute_address` region
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_autoscaler.md b/docs/resources/google_compute_autoscaler.md
index d97dc524d..1ddfa30ee 100644
--- a/docs/resources/google_compute_autoscaler.md
+++ b/docs/resources/google_compute_autoscaler.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_autoscaler` is used to test a Google Autoscaler resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_autoscaler(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-gcp-autoscaler') do
@@ -47,14 +51,18 @@ Properties that can be accessed from the `google_compute_autoscaler` resource:
* `utilization_target`: The target CPU utilization that the autoscaler should maintain. Must be a float value in the range (0, 1]. If not specified, the default is 0.6. If the CPU level is below the target utilization, the autoscaler scales down the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization. If the average CPU is above the target utilization, the autoscaler scales up until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization.
- * `custom_metric_utilizations`: Defines the CPU utilization policy that allows the autoscaler to scale based on the average CPU utilization of a managed instance group.
+ * `custom_metric_utilizations`: Configuration parameters of autoscaling based on a custom metric.
* `metric`: The identifier (type) of the Stackdriver Monitoring metric. The metric cannot have negative values. The metric must have a value type of INT64 or DOUBLE.
+ * `single_instance_assignment`: (Beta only) If scaling is based on a per-group metric value that represents the total amount of work to be done or resource usage, set this value to an amount assigned for a single instance of the scaled group. The autoscaler will keep the number of instances proportional to the value of this metric, the metric itself should not change value due to group resizing. For example, a good metric to use with the target is `pubsub.googleapis.com/subscription/num_undelivered_messages` or a custom metric exporting the total number of requests coming to your instances. A bad example would be a metric exporting an average or median latency, since this value can't include a chunk assignable to a single instance, it could be better used with utilization_target instead.
+
* `utilization_target`: The target value of the metric that autoscaler should maintain. This must be a positive value. A utilization metric scales number of virtual machines handling requests to increase or decrease proportionally to the metric. For example, a good metric to use as a utilizationTarget is www.googleapis.com/compute/instance/network/received_bytes_count. The autoscaler will work to keep this value constant for each of the instances.
* `utilization_target_type`: Defines how target utilization value is expressed for a Stackdriver Monitoring metric. Either GAUGE, DELTA_PER_SECOND, or DELTA_PER_MINUTE.
+ * `filter`: (Beta only) A filter string to be used as the filter string for a Stackdriver Monitoring TimeSeries.list API call. This filter is used to select a specific TimeSeries for the purpose of autoscaling and to determine whether the metric is exporting per-instance or per-group data. You can only use the AND operator for joining selectors. You can only use direct equality comparison operator (=) without any functions for each selector. You can specify the metric in both the filter string and in the metric field. However, if specified in both places, the metric must be identical. The monitored resource type determines what kind of values are expected for the metric. If it is a gce_instance, the autoscaler expects the metric to include a separate TimeSeries for each instance in a group. In such a case, you cannot filter on resource labels. If the resource type is any other value, the autoscaler expects this metric to contain values that apply to the entire autoscaled instance group and resource label filtering can be performed to point autoscaler at the correct TimeSeries to scale upon. This is called a per-group metric for the purpose of autoscaling. If not specified, the type defaults to gce_instance. You should provide a filter that is selective enough to pick just one TimeSeries for the autoscaled group or for each of the instances (if you are using gce_instance resource type). If multiple TimeSeries are returned upon the query execution, the autoscaler will sum their respective values to obtain its scaling value.
+
* `load_balancing_utilization`: Configuration parameters of autoscaling based on a load balancer.
* `utilization_target`: Fraction of backend capacity utilization (set in HTTP(s) load balancing configuration) that autoscaler should maintain. Must be a positive float value. If not defined, the default is 0.8.
diff --git a/docs/resources/google_compute_autoscalers.md b/docs/resources/google_compute_autoscalers.md
index b71a0c9e2..4b5348477 100644
--- a/docs/resources/google_compute_autoscalers.md
+++ b/docs/resources/google_compute_autoscalers.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_autoscalers` is used to test a Google Autoscaler resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
autoscalers = google_compute_autoscalers(project: 'chef-gcp-inspec', zone: 'zone')
diff --git a/docs/resources/google_compute_backend_bucket.md b/docs/resources/google_compute_backend_bucket.md
index 78c4529bc..c183499ea 100644
--- a/docs/resources/google_compute_backend_bucket.md
+++ b/docs/resources/google_compute_backend_bucket.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_backend_bucket` is used to test a Google BackendBucket resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_backend_bucket(project: 'chef-gcp-inspec', name: 'inspec-gcp-backend-bucket') do
diff --git a/docs/resources/google_compute_backend_buckets.md b/docs/resources/google_compute_backend_buckets.md
index 7b78ecc8b..c473934f4 100644
--- a/docs/resources/google_compute_backend_buckets.md
+++ b/docs/resources/google_compute_backend_buckets.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_backend_buckets` is used to test a Google BackendBucket resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_backend_buckets(project: 'chef-gcp-inspec', name: 'inspec-gcp-backend-bucket') do
diff --git a/docs/resources/google_compute_backend_service.md b/docs/resources/google_compute_backend_service.md
index 8a3350313..80f0d32ed 100644
--- a/docs/resources/google_compute_backend_service.md
+++ b/docs/resources/google_compute_backend_service.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_backend_service` is used to test a Google BackendService resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_backend_service(project: 'chef-gcp-inspec', name: 'inspec-gcp-backend-service') do
@@ -52,6 +56,42 @@ Properties that can be accessed from the `google_compute_backend_service` resour
* `max_utilization`: Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. The default is 0.8. Valid range is [0.0, 1.0].
+ * `circuit_breakers`: (Beta only) Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.
+
+ * `connect_timeout`: The timeout for new network connections to hosts.
+
+ * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
+
+ * `nanos`: Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
+
+ * `max_requests_per_connection`: Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
+
+ * `max_connections`: The maximum number of connections to the backend cluster. Defaults to 1024.
+
+ * `max_pending_requests`: The maximum number of pending requests to the backend cluster. Defaults to 1024.
+
+ * `max_requests`: The maximum number of parallel requests to the backend cluster. Defaults to 1024.
+
+ * `max_retries`: The maximum number of parallel retries to the backend cluster. Defaults to 3.
+
+ * `consistent_hash`: (Beta only) Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH.
+
+ * `http_cookie`: Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE.
+
+ * `ttl`: Lifetime of the cookie.
+
+ * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
+
+ * `nanos`: Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
+
+ * `name`: Name of the cookie.
+
+ * `path`: Path to set for the cookie.
+
+ * `http_header_name`: The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
+
+ * `minimum_ring_size`: The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
+
* `cdn_policy`: Cloud CDN configuration for this BackendService.
* `cache_key_policy`: The CacheKeyPolicy for this CdnPolicy.
@@ -74,6 +114,8 @@ Properties that can be accessed from the `google_compute_backend_service` resour
* `creation_timestamp`: Creation timestamp in RFC3339 text format.
+ * `custom_request_headers`: (Beta only) Headers that the HTTP/S load balancer should add to proxied requests.
+
* `fingerprint`: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
* `description`: An optional description of this resource.
@@ -96,8 +138,42 @@ Properties that can be accessed from the `google_compute_backend_service` resour
* `load_balancing_scheme`: Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. Must be `EXTERNAL` or `INTERNAL_SELF_MANAGED` for a global backend service. Defaults to `EXTERNAL`.
+ * `locality_lb_policy`: (Beta only) The load balancing algorithm used within the scope of the locality. The possible values are - ROUND_ROBIN - This is a simple policy in which each healthy backend is selected in round robin order. LEAST_REQUEST - An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. RING_HASH - The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. RANDOM - The load balancer selects a random healthy host. ORIGINAL_DESTINATION - Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. MAGLEV - used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.
+
* `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+ * `outlier_detection`: (Beta only) Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.
+
+ * `base_ejection_time`: The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s.
+
+ * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
+
+ * `nanos`: Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive.
+
+ * `consecutive_errors`: Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
+
+ * `consecutive_gateway_failure`: The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
+
+ * `enforcing_consecutive_errors`: The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
+
+ * `enforcing_consecutive_gateway_failure`: The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
+
+ * `enforcing_success_rate`: The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
+
+ * `interval`: Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds.
+
+ * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
+
+ * `nanos`: Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive.
+
+ * `max_ejection_percent`: Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
+
+ * `success_rate_minimum_hosts`: The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
+
+ * `success_rate_request_volume`: The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
+
+ * `success_rate_stdev_factor`: This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
+
* `port_name`: Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
* `protocol`: The protocol this BackendService uses to communicate with backends. Possible values are HTTP, HTTPS, HTTP2, TCP, and SSL. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API.
@@ -108,6 +184,12 @@ Properties that can be accessed from the `google_compute_backend_service` resour
* `timeout_sec`: How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400].
+ * `log_config`: (Beta only) This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver.
+
+ * `enable`: Whether to enable logging for the load balancer traffic served by this backend service.
+
+ * `sample_rate`: This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
+
## GCP Permissions
diff --git a/docs/resources/google_compute_backend_services.md b/docs/resources/google_compute_backend_services.md
index 48ce6d878..7a5d44bbd 100644
--- a/docs/resources/google_compute_backend_services.md
+++ b/docs/resources/google_compute_backend_services.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_backend_services` is used to test a Google BackendService resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_backend_services(project: 'chef-gcp-inspec') do
@@ -23,9 +27,12 @@ Properties that can be accessed from the `google_compute_backend_services` resou
See [google_compute_backend_service.md](google_compute_backend_service.md) for more detailed information
* `affinity_cookie_ttl_secs`: an array of `google_compute_backend_service` affinity_cookie_ttl_sec
* `backends`: an array of `google_compute_backend_service` backends
+ * `circuit_breakers`: (Beta only) an array of `google_compute_backend_service` circuit_breakers
+ * `consistent_hashes`: (Beta only) an array of `google_compute_backend_service` consistent_hash
* `cdn_policies`: an array of `google_compute_backend_service` cdn_policy
* `connection_drainings`: an array of `google_compute_backend_service` connection_draining
* `creation_timestamps`: an array of `google_compute_backend_service` creation_timestamp
+ * `custom_request_headers`: (Beta only) an array of `google_compute_backend_service` custom_request_headers
* `fingerprints`: an array of `google_compute_backend_service` fingerprint
* `descriptions`: an array of `google_compute_backend_service` description
* `enable_cdns`: an array of `google_compute_backend_service` enable_cdn
@@ -33,12 +40,15 @@ See [google_compute_backend_service.md](google_compute_backend_service.md) for m
* `ids`: an array of `google_compute_backend_service` id
* `iaps`: an array of `google_compute_backend_service` iap
* `load_balancing_schemes`: an array of `google_compute_backend_service` load_balancing_scheme
+ * `locality_lb_policies`: (Beta only) an array of `google_compute_backend_service` locality_lb_policy
* `names`: an array of `google_compute_backend_service` name
+ * `outlier_detections`: (Beta only) an array of `google_compute_backend_service` outlier_detection
* `port_names`: an array of `google_compute_backend_service` port_name
* `protocols`: an array of `google_compute_backend_service` protocol
* `security_policies`: an array of `google_compute_backend_service` security_policy
* `session_affinities`: an array of `google_compute_backend_service` session_affinity
* `timeout_secs`: an array of `google_compute_backend_service` timeout_sec
+ * `log_configs`: (Beta only) an array of `google_compute_backend_service` log_config
## Filter Criteria
This resource supports all of the above properties as filter criteria, which can be used
diff --git a/docs/resources/google_compute_disk.md b/docs/resources/google_compute_disk.md
index 189f06a98..05014de01 100644
--- a/docs/resources/google_compute_disk.md
+++ b/docs/resources/google_compute_disk.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_disk` is used to test a Google Disk resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
@@ -63,6 +67,8 @@ Properties that can be accessed from the `google_compute_disk` resource:
* `source_image`: The source image used to create this disk. If the source image is deleted, this field will not be set. To create a disk with one of the public operating system images, specify the image by its family name. For example, specify family/debian-8 to use the latest Debian 8 image: projects/debian-cloud/global/images/family/debian-8 Alternatively, use a specific version of a public operating system image: projects/debian-cloud/global/images/debian-8-jessie-vYYYYMMDD To create a disk with a private image that you created, specify the image name in the following format: global/images/my-private-image You can also specify a private image by its image family, which returns the latest version of the image in that family. Replace the image name with family/family-name: global/images/family/my-private-family
+ * `resource_policies`: (Beta only) Resource policies applied to this disk for automatic snapshot creations.
+
* `zone`: A reference to the zone where the disk resides.
* `source_image_encryption_key`: The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key.
diff --git a/docs/resources/google_compute_disks.md b/docs/resources/google_compute_disks.md
index f76c16051..d2aa8b890 100644
--- a/docs/resources/google_compute_disks.md
+++ b/docs/resources/google_compute_disks.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_disks` is used to test a Google Disk resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
most_recent_image = google_compute_image(project: 'debian-cloud', name: 'debian-10-buster-v20191014')
@@ -34,6 +38,7 @@ See [google_compute_disk.md](google_compute_disk.md) for more detailed informati
* `physical_block_size_bytes`: an array of `google_compute_disk` physical_block_size_bytes
* `types`: an array of `google_compute_disk` type
* `source_images`: an array of `google_compute_disk` source_image
+ * `resource_policies`: (Beta only) an array of `google_compute_disk` resource_policies
* `zones`: an array of `google_compute_disk` zone
* `source_image_encryption_keys`: an array of `google_compute_disk` source_image_encryption_key
* `source_image_ids`: an array of `google_compute_disk` source_image_id
diff --git a/docs/resources/google_compute_firewall.md b/docs/resources/google_compute_firewall.md
index f04ff04ae..67111a6ee 100644
--- a/docs/resources/google_compute_firewall.md
+++ b/docs/resources/google_compute_firewall.md
@@ -1,28 +1,23 @@
---
-title: About the google_compute_firewall Resource
+title: About the google_compute_firewall resource
platform: gcp
---
-# google\_compute\_firewall
-
-Use the `google_compute_firewall` InSpec audit resource to test properties of a single GCP compute compute firewall.
-
-
-
## Syntax
+A `google_compute_firewall` is used to test a Google Firewall resource
-A `google_compute_firewall` resource block declares the tests for a single GCP compute firewall by project and name.
- describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'firewall-rule') do
- it { should exist }
- its('name') { should eq 'firewall-rule' }
- end
-
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_firewall(project: 'chef-gcp-inspec', name: 'inspec-gcp-firewall') do
+ its('direction') { should cmp 'INGRESS' }
+ its('log_config_enabled?') { should be true }
+ its('source_tags') { should include 'some-tag' }
+end
+```
### Test that a GCP compute firewall allows SSH access on port 22
@@ -76,19 +71,56 @@ The following examples show how to use this InSpec audit resource.
it { should allow_target_tags_only ["allow-gcp-other-tag"] }
end
-
## Properties
+Properties that can be accessed from the `google_compute_firewall` resource:
+
+
+ * `allowed`: The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
+
+ * `ip_protocol`: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp, ipip), or the IP protocol number.
+
+ * `ports`: An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+ * `denied`: The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.
+
+ * `ip_protocol`: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp, ipip), or the IP protocol number.
+
+ * `ports`: An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
+
+ * `description`: An optional description of this resource. Provide this property when you create the resource.
+
+ * `destination_ranges`: If destination ranges are specified, the firewall will apply only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Only IPv4 is supported.
+
+ * `direction`: Direction of traffic to which this firewall applies; default is INGRESS. Note: For INGRESS traffic, it is NOT supported to specify destinationRanges; For EGRESS traffic, it is NOT supported to specify sourceRanges OR sourceTags.
+
+ * `disabled`: Denotes whether the firewall rule is disabled, i.e not applied to the network it is associated with. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.
+
+ * `log_config`: This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.
+
+ * `enable_logging`: This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.
+
+ * `id`: The unique identifier for the resource.
+
+ * `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+ * `network`: URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs: https://www.googleapis.com/compute/v1/projects/myproject/global/ networks/my-network projects/myproject/global/networks/my-network global/networks/default
+
+ * `priority`: Priority for this rule. This is an integer between 0 and 65535, both inclusive. When not specified, the value assumed is 1000. Relative priorities determine precedence of conflicting rules. Lower value of priority implies higher precedence (eg, a rule with priority 0 has higher precedence than a rule with priority 1). DENY rules take precedence over ALLOW rules having equal priority.
+
+ * `source_ranges`: If source ranges are specified, the firewall will apply only to traffic that has source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply. Only IPv4 is supported.
-* `allowed`, `creation_timestamp`, `description`, `direction`, `id`, `kind`, `name`, `network`, `priority`, `source_ranges`, `target_tags`
+ * `source_service_accounts`: If source service accounts are specified, the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both properties for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.
-In addition, the following helpers are available:
+ * `source_tags`: If source tags are specified, the firewall will apply only to traffic with source IP that belongs to a tag listed in source tags. Source tags cannot be used to control traffic to an instance's external IP address. Because tags are associated with an instance, not an IP address. One or both of sourceRanges and sourceTags may be set. If both properties are set, the firewall will apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to apply.
-* `allowed_http?`, `allowed_ssh?`, `allow_port_protocol`, `allow_source_tags`, `allow_source_tags_only`, `allow_target_tags`, `allow_target_tags_only`, `allow_ip_ranges`, `allow_ip_ranges_only`
+ * `target_service_accounts`: A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.
-
+ * `target_tags`: A list of instance tags indicating sets of instances located in the network that may make network connections as specified in allowed[]. If no targetTags are specified, the firewall rule applies to all instances on the specified network.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_firewalls.md b/docs/resources/google_compute_firewalls.md
index 4666d3cd5..08af1691c 100644
--- a/docs/resources/google_compute_firewalls.md
+++ b/docs/resources/google_compute_firewalls.md
@@ -1,36 +1,23 @@
---
-title: About the google_compute_firewalls Resource
+title: About the google_compute_firewalls resource
platform: gcp
---
-# google\_compute\_firewalls
-
-Use the `google_compute_firewalls` InSpec audit resource to test properties of all, or a filtered group of, GCP compute firewalls for a project.
-
-
-
## Syntax
+A `google_compute_firewalls` is used to test a Google Firewall resource
-A `google_compute_firewalls` resource block collects GCP firewalls by project then tests that group.
-
- describe google_compute_firewalls(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_firewall`.
-
- google_compute_firewalls(project: 'chef-inspec-gcp').firewall_names.each do |firewall_name|
- describe google_compute_firewall(project: 'chef-inspec-gcp', name: firewall_name) do
- it { should exist }
- its('kind') { should eq "compute#firewall" }
- end
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_firewalls(project: 'chef-gcp-inspec') do
+ its('count') { should be >= 1 }
+ its('firewall_names') { should include 'inspec-gcp-firewall' }
+ its('firewall_directions') { should include 'INGRESS' }
+end
+```
### Test that there are no more than a specified number of firewalls available for the project
@@ -56,21 +43,32 @@ The following examples show how to use this InSpec audit resource.
it { should_not exist }
end
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `firewall_id`; `firewall_name`; and `firewall_direction`. Any of these may be used with `where`, as a block or as a method.
-
## Properties
+Properties that can be accessed from the `google_compute_firewalls` resource:
+
+See [google_compute_firewall.md](google_compute_firewall.md) for more detailed information
+ * `alloweds`: an array of `google_compute_firewall` allowed
+ * `creation_timestamps`: an array of `google_compute_firewall` creation_timestamp
+ * `denieds`: an array of `google_compute_firewall` denied
+ * `descriptions`: an array of `google_compute_firewall` description
+ * `destination_ranges`: an array of `google_compute_firewall` destination_ranges
+ * `firewall_directions`: an array of `google_compute_firewall` direction
+ * `disableds`: an array of `google_compute_firewall` disabled
+ * `log_configs`: an array of `google_compute_firewall` log_config
+ * `firewall_ids`: an array of `google_compute_firewall` id
+ * `firewall_names`: an array of `google_compute_firewall` name
+ * `networks`: an array of `google_compute_firewall` network
+ * `priorities`: an array of `google_compute_firewall` priority
+ * `source_ranges`: an array of `google_compute_firewall` source_ranges
+ * `source_service_accounts`: an array of `google_compute_firewall` source_service_accounts
+ * `source_tags`: an array of `google_compute_firewall` source_tags
+ * `target_service_accounts`: an array of `google_compute_firewall` target_service_accounts
+ * `target_tags`: an array of `google_compute_firewall` target_tags
-* `firewall_ids` - an array of google_compute_firewall identifier integers
-* `firewall_names` - an array of google_compute_firewall name strings
-* `firewall_directions`- an array of google_compute_firewall directions containing strings e.g. "INGRESS" or "EGRESS"
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_forwarding_rule.md b/docs/resources/google_compute_forwarding_rule.md
index afaa2480c..47d7833dd 100644
--- a/docs/resources/google_compute_forwarding_rule.md
+++ b/docs/resources/google_compute_forwarding_rule.md
@@ -1,29 +1,31 @@
---
-title: About the google_compute_forwarding_rule Resource
+title: About the google_compute_forwarding_rule resource
platform: gcp
---
-# google\_compute\_forwarding_rule
-
-Use the `google_compute_forwarding_rule` InSpec audit resource to test properties of a single GCP compute forwarding_rule.
-
-
-
## Syntax
+A `google_compute_forwarding_rule` is used to test a Google ForwardingRule resource
-A `google_compute_forwarding_rule` resource block declares the tests for a single GCP forwarding_rule by project, region and name.
-
- describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do
- it { should exist }
- its('name') { should eq 'gcp-inspec-forwarding_rule' }
- its('region') { should match 'europe-west2' }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+
+describe google_compute_forwarding_rule(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'udp-forwarding-rule') do
+ it { should exist }
+ its('region') { should match 'europe-west2' }
+ its('creation_timestamp') { should be > Time.now - 365*60*60*24*10 }
+ its('load_balancing_scheme') { should match 'EXTERNAL' }
+ its('port_range') { should match "500-500" }
+ its('ip_protocol') { should match "UDP" }
+end
+
+describe google_compute_forwarding_rule(project: 'chef-gcp-inspec', region: 'europe-west2', name: "nonexistent") do
+ it { should_not exist }
+end
+```
### Test that a GCP compute forwarding_rule exists
@@ -61,15 +63,55 @@ The following examples show how to use this InSpec audit resource.
its('network') { should match "gcp_network_name" }
end
-
-
## Properties
+Properties that can be accessed from the `google_compute_forwarding_rule` resource:
+
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+ * `is_mirroring_collector`: (Beta only) Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
+
+ * `description`: An optional description of this resource. Provide this property when you create the resource.
+
+ * `id`: The unique identifier for the resource.
+
+ * `ip_address`: The IP address that this forwarding rule is serving on behalf of. Addresses are restricted based on the forwarding rule's load balancing scheme (EXTERNAL or INTERNAL) and scope (global or regional). When the load balancing scheme is EXTERNAL, for global forwarding rules, the address must be a global IP, and for regional forwarding rules, the address must live in the same region as the forwarding rule. If this field is empty, an ephemeral IPv4 address from the same scope (global or regional) will be assigned. A regional forwarding rule supports IPv4 only. A global forwarding rule supports either IPv4 or IPv6. When the load balancing scheme is INTERNAL, this can only be an RFC 1918 IP address belonging to the network/subnet configured for the forwarding rule. By default, if this field is empty, an ephemeral internal IP address will be automatically allocated from the IP range of the subnet or network configured for this forwarding rule. An address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid: * 100.1.2.3 * https://www.googleapis.com/compute/v1/projects/project/regions/ region/addresses/address * projects/project/regions/region/addresses/address * regions/region/addresses/address * global/addresses/address * address
+
+ * `ip_protocol`: The IP protocol to which this rule applies. Valid options are TCP, UDP, ESP, AH, SCTP or ICMP. When the load balancing scheme is INTERNAL, only TCP and UDP are valid.
+
+ * `backend_service`: A BackendService to receive the matched traffic. This is used only for INTERNAL load balancing.
+
+ * `load_balancing_scheme`: This signifies what the ForwardingRule will be used for and can be EXTERNAL, INTERNAL, or INTERNAL_MANAGED. EXTERNAL is used for Classic Cloud VPN gateways, protocol forwarding to VMs from an external IP address, and HTTP(S), SSL Proxy, TCP Proxy, and Network TCP/UDP load balancers. INTERNAL is used for protocol forwarding to VMs from an internal IP address, and internal TCP/UDP load balancers. INTERNAL_MANAGED is used for internal HTTP(S) load balancers.
+
+ * `name`: Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+ * `network`: For internal load balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If this field is not specified, the default network will be used. This field is only used for INTERNAL load balancing.
+
+ * `port_range`: This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: * TargetHttpProxy: 80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222 * TargetVpnGateway: 500, 4500
+
+ * `ports`: This field is used along with the backend_service field for internal load balancing. When the load balancing scheme is INTERNAL, a single port or a comma separated list of ports can be configured. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. You may specify a maximum of up to 5 ports.
+
+ * `subnetwork`: The subnetwork that the load balanced IP should belong to for this Forwarding Rule. This field is only used for INTERNAL load balancing. If the network specified is in auto subnet mode, this field is optional. However, if the network is in custom subnet mode, a subnetwork must be specified.
+
+ * `target`: The URL of the target resource to receive the matched traffic. The target must live in the same region as the forwarding rule. The forwarded traffic must be of a type appropriate to the target object.
+
+ * `allow_global_access`: If true, clients can access ILB from all regions. Otherwise only allows from the local region the ILB is located at.
+
+ * `labels`: (Beta only) Labels to apply to this forwarding rule. A list of key->value pairs.
+
+ * `label_fingerprint`: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates.
+
+ * `all_ports`: For internal TCP/UDP load balancing (i.e. load balancing scheme is INTERNAL and protocol is TCP/UDP), set this to true to allow packets addressed to any ports to be forwarded to the backends configured with this forwarding rule. Used with backend service. Cannot be set if port or portRange are set.
+
+ * `network_tier`: The networking tier used for configuring this address. This field can take the following values: PREMIUM or STANDARD. If this field is not specified, it is assumed to be PREMIUM.
+
+ * `service_label`: An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
-* `backend_service`, `creation_timestamp`, `description`, `id`, `ip_address`, `ip_protocol`, `ip_version`, `kind`, `load_balancing_scheme`, `name`, `network`, `port_range`, `ports`, `region`, `self_link`, `subnetwork`, `target`
+ * `service_name`: The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
-
+ * `region`: A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_forwarding_rules.md b/docs/resources/google_compute_forwarding_rules.md
index dc07d551d..64f20b92e 100644
--- a/docs/resources/google_compute_forwarding_rules.md
+++ b/docs/resources/google_compute_forwarding_rules.md
@@ -1,37 +1,22 @@
---
-title: About the google_compute_forwarding_rules Resource
+title: About the google_compute_forwarding_rules resource
platform: gcp
---
-# google\_compute\_forwarding_rules
-
-Use the `google_compute_forwarding_rules` InSpec audit resource to test properties of all, or a filtered group of, GCP compute forwarding_rules for a project and region.
-
-
-
## Syntax
+A `google_compute_forwarding_rules` is used to test a Google ForwardingRule resource
-A `google_compute_forwarding_rules` resource block collects GCP forwarding_rules by project and region, then tests that group.
-
- describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_forwarding_rule`.
-
- google_compute_forwarding_rules(project: 'chef-inspec-gcp', region:'europe-west2').forwarding_rule_names.each do |forwarding_rule_name|
- describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: forwarding_rule_name) do
- its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
- its('network') { should match "gcp_network_name" }
- its('load_balancing_scheme') { should match "INTERNAL" }
- end
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
-The following examples show how to use this InSpec audit resource.
+describe google_compute_forwarding_rules(project: 'chef-gcp-inspec', region: 'europe-west2') do
+ its('forwarding_rule_names') { should include 'udp-forwarding-rule' }
+end
+```
### Test that there are no more than a specified number of forwarding_rules available for the project and region
@@ -58,23 +43,37 @@ The following examples show how to use this InSpec audit resource.
its('forwarding_rule_networks') { should not include "network-name" }
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `forwarding_rule_id`; `forwarding_rule_name`; `forwarding_rule_load_balancing_scheme` and `forwarding_rule_network`. Any of these may be used with `where`, as a block or as a method.
-
## Properties
+Properties that can be accessed from the `google_compute_forwarding_rules` resource:
+
+See [google_compute_forwarding_rule.md](google_compute_forwarding_rule.md) for more detailed information
+ * `creation_timestamps`: an array of `google_compute_forwarding_rule` creation_timestamp
+ * `is_mirroring_collectors`: (Beta only) an array of `google_compute_forwarding_rule` is_mirroring_collector
+ * `descriptions`: an array of `google_compute_forwarding_rule` description
+ * `forwarding_rule_ids`: an array of `google_compute_forwarding_rule` id
+ * `ip_addresses`: an array of `google_compute_forwarding_rule` ip_address
+ * `ip_protocols`: an array of `google_compute_forwarding_rule` ip_protocol
+ * `backend_services`: an array of `google_compute_forwarding_rule` backend_service
+ * `forwarding_rule_load_balancing_schemes`: an array of `google_compute_forwarding_rule` load_balancing_scheme
+ * `forwarding_rule_names`: an array of `google_compute_forwarding_rule` name
+ * `forwarding_rule_networks`: an array of `google_compute_forwarding_rule` network
+ * `port_ranges`: an array of `google_compute_forwarding_rule` port_range
+ * `ports`: an array of `google_compute_forwarding_rule` ports
+ * `subnetworks`: an array of `google_compute_forwarding_rule` subnetwork
+ * `targets`: an array of `google_compute_forwarding_rule` target
+ * `allow_global_accesses`: an array of `google_compute_forwarding_rule` allow_global_access
+ * `labels`: (Beta only) an array of `google_compute_forwarding_rule` labels
+ * `label_fingerprints`: (Beta only) an array of `google_compute_forwarding_rule` label_fingerprint
+ * `all_ports`: an array of `google_compute_forwarding_rule` all_ports
+ * `network_tiers`: an array of `google_compute_forwarding_rule` network_tier
+ * `service_labels`: an array of `google_compute_forwarding_rule` service_label
+ * `service_names`: an array of `google_compute_forwarding_rule` service_name
+ * `regions`: an array of `google_compute_forwarding_rule` region
-* `forwarding_rule_ids` - an array of google_compute_forwarding_rule identifier integers
-* `forwarding_rule_names` - an array of google_compute_forwarding_rule name strings
-* `forwarding_rule_networks` - an array of google_compute_network name strings
-* `forwarding_rule_load_balancing_schemes` - an array of load_balancing_scheme strings
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_global_address.md b/docs/resources/google_compute_global_address.md
index 7acd0c872..36fa660ef 100644
--- a/docs/resources/google_compute_global_address.md
+++ b/docs/resources/google_compute_global_address.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_global_address` is used to test a Google GlobalAddress resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_global_address(project: 'chef-gcp-inspec', name: 'inspec-gcp-global-address') do
@@ -32,6 +36,10 @@ Properties that can be accessed from the `google_compute_global_address` resourc
* `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+ * `labels`: (Beta only) Labels to apply to this address. A list of key->value pairs.
+
+ * `label_fingerprint`: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates.
+
* `ip_version`: The IP Version that will be used by this address. Valid options are `IPV4` or `IPV6`. The default value is `IPV4`.
* `region`: A reference to the region where the regional address resides.
diff --git a/docs/resources/google_compute_global_addresses.md b/docs/resources/google_compute_global_addresses.md
index 40a45de60..97633d944 100644
--- a/docs/resources/google_compute_global_addresses.md
+++ b/docs/resources/google_compute_global_addresses.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_global_addresses` is used to test a Google GlobalAddress resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_global_addresses(project: 'chef-gcp-inspec', name: 'inspec-gcp-global-address') do
@@ -24,6 +28,8 @@ See [google_compute_global_address.md](google_compute_global_address.md) for mor
* `descriptions`: an array of `google_compute_global_address` description
* `ids`: an array of `google_compute_global_address` id
* `names`: an array of `google_compute_global_address` name
+ * `labels`: (Beta only) an array of `google_compute_global_address` labels
+ * `label_fingerprints`: (Beta only) an array of `google_compute_global_address` label_fingerprint
* `ip_versions`: an array of `google_compute_global_address` ip_version
* `regions`: an array of `google_compute_global_address` region
* `prefix_lengths`: an array of `google_compute_global_address` prefix_length
diff --git a/docs/resources/google_compute_global_forwarding_rule.md b/docs/resources/google_compute_global_forwarding_rule.md
index 3e7782235..b1e3a886f 100644
--- a/docs/resources/google_compute_global_forwarding_rule.md
+++ b/docs/resources/google_compute_global_forwarding_rule.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_global_forwarding_rule` is used to test a Google GlobalForwardingRule resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_global_forwarding_rule(project: 'chef-gcp-inspec', name: 'inspec-gcp-global-forwarding-rule') do
@@ -35,6 +39,10 @@ Properties that can be accessed from the `google_compute_global_forwarding_rule`
* `ip_version`: The IP Version that will be used by this global forwarding rule. Valid options are IPV4 or IPV6.
+ * `labels`: (Beta only) Labels to apply to this forwarding rule. A list of key->value pairs.
+
+ * `label_fingerprint`: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates.
+
* `load_balancing_scheme`: This signifies what the GlobalForwardingRule will be used for. The value of INTERNAL_SELF_MANAGED means that this will be used for Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy) NOTE: Currently global forwarding rules cannot be used for INTERNAL load balancing.
* `metadata_filters`: Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED.
diff --git a/docs/resources/google_compute_global_forwarding_rules.md b/docs/resources/google_compute_global_forwarding_rules.md
index 23e07cf70..043249b3a 100644
--- a/docs/resources/google_compute_global_forwarding_rules.md
+++ b/docs/resources/google_compute_global_forwarding_rules.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_global_forwarding_rules` is used to test a Google GlobalForwardingRule resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_global_forwarding_rules(project: 'chef-gcp-inspec') do
@@ -24,6 +28,8 @@ See [google_compute_global_forwarding_rule.md](google_compute_global_forwarding_
* `ip_addresses`: an array of `google_compute_global_forwarding_rule` ip_address
* `ip_protocols`: an array of `google_compute_global_forwarding_rule` ip_protocol
* `ip_versions`: an array of `google_compute_global_forwarding_rule` ip_version
+ * `labels`: (Beta only) an array of `google_compute_global_forwarding_rule` labels
+ * `label_fingerprints`: (Beta only) an array of `google_compute_global_forwarding_rule` label_fingerprint
* `load_balancing_schemes`: an array of `google_compute_global_forwarding_rule` load_balancing_scheme
* `metadata_filters`: an array of `google_compute_global_forwarding_rule` metadata_filters
* `names`: an array of `google_compute_global_forwarding_rule` name
diff --git a/docs/resources/google_compute_health_check.md b/docs/resources/google_compute_health_check.md
index 46dec43c0..7a1d6071e 100644
--- a/docs/resources/google_compute_health_check.md
+++ b/docs/resources/google_compute_health_check.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_health_check` is used to test a Google HealthCheck resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_health_check(project: 'chef-gcp-inspec', name: 'inspec-gcp-health-check') do
diff --git a/docs/resources/google_compute_health_checks.md b/docs/resources/google_compute_health_checks.md
index c943fcba1..f37775753 100644
--- a/docs/resources/google_compute_health_checks.md
+++ b/docs/resources/google_compute_health_checks.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_health_checks` is used to test a Google HealthCheck resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_health_checks(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_http_health_check.md b/docs/resources/google_compute_http_health_check.md
index ee25196ea..76a99f5ac 100644
--- a/docs/resources/google_compute_http_health_check.md
+++ b/docs/resources/google_compute_http_health_check.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_http_health_check` is used to test a Google HttpHealthCheck resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_http_health_check(project: 'chef-gcp-inspec', name: 'inspec-gcp-http-health-check') do
diff --git a/docs/resources/google_compute_http_health_checks.md b/docs/resources/google_compute_http_health_checks.md
index 346b230ac..c306f0925 100644
--- a/docs/resources/google_compute_http_health_checks.md
+++ b/docs/resources/google_compute_http_health_checks.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_http_health_checks` is used to test a Google HttpHealthCheck resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_http_health_checks(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_https_health_check.md b/docs/resources/google_compute_https_health_check.md
index 4742a2199..5a4054388 100644
--- a/docs/resources/google_compute_https_health_check.md
+++ b/docs/resources/google_compute_https_health_check.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_https_health_check` is used to test a Google HttpsHealthCheck resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_https_health_check(project: 'chef-gcp-inspec', name: 'inspec-gcp-https-health-check') do
diff --git a/docs/resources/google_compute_https_health_checks.md b/docs/resources/google_compute_https_health_checks.md
index d7bc536dd..fa6ce2675 100644
--- a/docs/resources/google_compute_https_health_checks.md
+++ b/docs/resources/google_compute_https_health_checks.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_https_health_checks` is used to test a Google HttpsHealthCheck resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_https_health_checks(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_image.md b/docs/resources/google_compute_image.md
index 4b422f205..adef585b4 100644
--- a/docs/resources/google_compute_image.md
+++ b/docs/resources/google_compute_image.md
@@ -1,28 +1,26 @@
---
-title: About the google_compute_image Resource
+title: About the google_compute_image resource
platform: gcp
---
-# google\_compute\_image
-
-Use the `google_compute_image` InSpec audit resource to test properties of a single GCP compute image. This resource will attempt to retrieve a project custom image then image from a family before giving up.
-
-
-
## Syntax
+A `google_compute_image` is used to test a Google Image resource
-A `google_compute_image` resource block declares the tests for a single GCP compute image by project and name.
-
- describe google_compute_image(project: 'chef-inspec-gcp', name: 'image-1') do
- it { should exist }
- its('name') { should eq 'image-1' }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
+describe google_compute_image(project: 'chef-gcp-inspec', name: 'inspec-image') do
+ it { should exist }
+ its('disk_size_gb') { should cmp 3 }
+end
-The following examples show how to use this InSpec audit resource.
+describe google_compute_image(project: 'chef-gcp-inspec', name: 'notfound') do
+ it { should_not exist }
+end
+```
### Test that a GCP compute image is in a particular status e.g. "READY" means available for use
@@ -36,15 +34,81 @@ The following examples show how to use this InSpec audit resource.
its('family') { should match "ubuntu" }
end
-
-
## Properties
+Properties that can be accessed from the `google_compute_image` resource:
+
+
+ * `archive_size_bytes`: Size of the image tar.gz archive stored in Google Cloud Storage (in bytes).
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+ * `deprecated`: The deprecation status associated with this image.
+
+ * `deleted`: An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DELETED. This is only informational and the status will not change unless the client explicitly changes it.
+
+ * `deprecated`: An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DEPRECATED. This is only informational and the status will not change unless the client explicitly changes it.
+
+ * `obsolete`: An optional RFC3339 timestamp on or after which the state of this resource is intended to change to OBSOLETE. This is only informational and the status will not change unless the client explicitly changes it.
+
+ * `replacement`: The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource.
+
+ * `state`: The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error.
+
+ * `description`: An optional description of this resource. Provide this property when you create the resource.
+
+ * `disk_size_gb`: Size of the image when restored onto a persistent disk (in GB).
+
+ * `family`: The name of the image family to which this image belongs. You can create disks by specifying an image family instead of a specific image name. The image family always returns its latest image that is not deprecated. The name of the image family must comply with RFC1035.
+
+ * `guest_os_features`: A list of features to enable on the guest operating system. Applicable only for bootable images.
+
+ * `type`: The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options.
+
+ * `id`: The unique identifier for the resource. This identifier is defined by the server.
+
+ * `image_encryption_key`: Encrypts the image using a customer-supplied encryption key. After you encrypt an image with a customer-supplied key, you must provide the same key if you use the image later (e.g. to create a disk from the image)
+
+ * `raw_key`: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.
+
+ * `sha256`: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
+
+ * `kms_key_name`: (Beta only) The name of the encryption key that is stored in Google Cloud KMS.
+
+ * `labels`: Labels to apply to this Image.
+
+ * `label_fingerprint`: The fingerprint used for optimistic locking of this resource. Used internally during updates.
+
+ * `licenses`: Any applicable license URI.
+
+ * `name`: Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+ * `raw_disk`: The parameters of the raw disk image.
+
+ * `container_type`: The format used to encode and transmit the block device, which should be TAR. This is just a container and transmission format and not a runtime format. Provided by the client when the disk image is created.
+
+ * `sha1_checksum`: An optional SHA1 checksum of the disk image before unpackaging. This is provided by the client when the disk image is created.
+
+ * `source`: The full Google Cloud Storage URL where disk storage is stored You must provide either this property or the sourceDisk property but not both.
+
+ * `source_disk`: The source disk to create this image based on. You must provide either this property or the rawDisk.source property but not both to create an image.
+
+ * `source_disk_encryption_key`: The customer-supplied encryption key of the source disk. Required if the source disk is protected by a customer-supplied encryption key.
+
+ * `raw_key`: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.
+
+ * `sha256`: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
+
+ * `kms_key_name`: (Beta only) The name of the encryption key that is stored in Google Cloud KMS.
+
+ * `source_disk_id`: The ID value of the disk used to create this image. This value may be used to determine whether the image was taken from the current or a previous instance of a given disk name.
+
+ * `source_type`: The type of the image used to create this disk. The default and only value is RAW
-* `archive_size_bytes`, `creation_timestamp`, `description`, `disk_size_gb`, `family`, `guest_os_features`, `id`, `kind`, `label_fingerprint`, `licenses`, `name`, `raw_disk`, `source_type`, `status`
+ * `self_link`: The self link of the image
-
+ * `status`: The status of the image. Either `READY` `PENDING` or `FAILED`.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_instance.md b/docs/resources/google_compute_instance.md
index 48db761f3..1ab8bdcc5 100644
--- a/docs/resources/google_compute_instance.md
+++ b/docs/resources/google_compute_instance.md
@@ -1,29 +1,31 @@
---
-title: About the google_compute_instance Resource
+title: About the google_compute_instance resource
platform: gcp
---
-# google\_compute\_instance
-
-Use the `google_compute_instance` InSpec audit resource to test properties of a single GCP compute instance.
-
-
-
## Syntax
+A `google_compute_instance` is used to test a Google Instance resource
-A `google_compute_instance` resource block declares the tests for a single GCP instance by project, zone and name.
-
- describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
- it { should exist }
- its('name') { should eq 'inspec-test-vm' }
- its('zone') { should match 'us-east1-b' }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+
+describe google_compute_instance(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-instance') do
+ it { should exist }
+ its('machine_type') { should match 'n1-standard-1' }
+ its('tags.items') { should include 'foo' }
+ its('tags.items') { should include 'bar' }
+ its('tag_count') { should cmp 2 }
+ its('service_account_scopes') { should include 'https://www.googleapis.com/auth/compute.readonly' }
+end
+
+describe google_compute_instance(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP compute instance does not exist
@@ -96,15 +98,149 @@ The following examples show how to use this InSpec audit resource.
it { should match '^\d{1}-\d{2}$' }
end
-
-
## Properties
+Properties that can be accessed from the `google_compute_instance` resource:
+
+
+ * `can_ip_forward`: Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes.
+
+ * `cpu_platform`: The CPU platform used by this instance.
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+ * `deletion_protection`: Whether the resource should be protected against deletion.
+
+ * `disks`: An array of disks that are associated with the instances that are created from this template.
+
+ * `auto_delete`: Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance). Tip: Disks should be set to autoDelete=true so that leftover disks are not left behind on machine deletion.
+
+ * `boot`: Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.
+
+ * `device_name`: Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance.
+
+ * `disk_encryption_key`: Encrypts or decrypts a disk using a customer-supplied encryption key.
+
+ * `raw_key`: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.
+
+ * `rsa_encrypted_key`: Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource.
+
+ * `sha256`: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
+
+ * `index`: Assigns a zero-based index to this disk, where 0 is reserved for the boot disk. For example, if you have many disks attached to an instance, each disk would have a unique index number. If not specified, the server will choose an appropriate value.
+
+ * `initialize_params`: Specifies the parameters for a new disk that will be created alongside the new instance. Use initialization parameters to create boot disks or local SSDs attached to the new instance.
+
+ * `disk_name`: Specifies the disk name. If not specified, the default is to use the name of the instance.
+
+ * `disk_size_gb`: Specifies the size of the disk in base-2 GB.
+
+ * `disk_type`: Reference to a disk type. Specifies the disk type to use to create the instance. If not specified, the default is pd-standard.
+
+ * `source_image`: The source image to create this disk. When creating a new instance, one of initializeParams.sourceImage or disks.source is required. To create a disk with one of the public operating system images, specify the image by its family name.
+
+ * `source_image_encryption_key`: The customer-supplied encryption key of the source image. Required if the source image is protected by a customer-supplied encryption key. Instance templates do not store customer-supplied encryption keys, so you cannot create disks for instances in a managed instance group if the source images are encrypted with your own keys.
+
+ * `raw_key`: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.
+
+ * `sha256`: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
+
+ * `interface`: Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI. Persistent disks must always use SCSI and the request will fail if you attempt to attach a persistent disk in any other format than SCSI.
+
+ * `mode`: The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.
+
+ * `source`: Reference to a disk. When creating a new instance, one of initializeParams.sourceImage or disks.source is required. If desired, you can also attach existing non-root persistent disks using this property. This field is only applicable for persistent disks.
+
+ * `type`: Specifies the type of the disk, either SCRATCH or PERSISTENT. If not specified, the default is PERSISTENT.
+
+ * `licenses`: Any applicable publicly visible licenses.
+
+ * `guest_accelerators`: List of the type and count of accelerator cards attached to the instance
+
+ * `accelerator_count`: The number of the guest accelerator cards exposed to this instance.
+
+ * `accelerator_type`: Full or partial URL of the accelerator type resource to expose to this instance.
+
+ * `hostname`: The hostname of the instance to be created. The specified hostname must be RFC1035 compliant. If hostname is not specified, the default hostname is [INSTANCE_NAME].c.[PROJECT_ID].internal when using the global DNS, and [INSTANCE_NAME].[ZONE].c.[PROJECT_ID].internal when using zonal DNS.
+
+ * `id`: The unique identifier for the resource. This identifier is defined by the server.
+
+ * `label_fingerprint`: The fingerprint used for optimistic locking of this resource. Used internally during updates.
+
+ * `labels`: Labels to apply to this instance. A list of key->value pairs.
+
+ * `metadata`: The metadata key/value pairs to assign to instances that are created from this template. These pairs can consist of custom metadata or predefined keys.
+
+ * `machine_type`: A reference to a machine type which defines VM kind.
+
+ * `min_cpu_platform`: Specifies a minimum CPU platform for the VM instance. Applicable values are the friendly names of CPU platforms
+
+ * `name`: The name of the resource, provided by the client when initially creating the resource. The resource name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+ * `network_interfaces`: An array of configurations for this interface. This specifies how this interface is configured to interact with other network services, such as connecting to the internet. Only one network interface is supported per instance.
+
+ * `access_configs`: An array of configurations for this interface. Currently, only one access config, ONE_TO_ONE_NAT, is supported. If there are no accessConfigs specified, then this instance will have no external internet access.
+
+ * `name`: The name of this access configuration. The default and recommended name is External NAT but you can use any arbitrary string you would like. For example, My external IP or Network Access.
+
+ * `nat_ip`: Reference to an address. An external IP address associated with this instance. Specify an unused static external IP address available to the project or leave this field undefined to use an IP from a shared ephemeral IP address pool. If you specify a static external IP address, it must live in the same region as the zone of the instance.
+
+ * `type`: The type of configuration. The default and only option is ONE_TO_ONE_NAT.
+
+ * `set_public_ptr`: Specifies whether a public DNS PTR record should be created to map the external IP address of the instance to a DNS domain name.
+
+ * `public_ptr_domain_name`: The DNS domain name for the public PTR record. You can set this field only if the setPublicPtr field is enabled.
+
+ * `network_tier`: This signifies the networking tier used for configuring this access configuration. If an AccessConfig is specified without a valid external IP address, an ephemeral IP will be created with this networkTier. If an AccessConfig with a valid external IP address is specified, it must match that of the networkTier associated with the Address resource owning that IP.
+
+ * `alias_ip_ranges`: An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.
+
+ * `ip_cidr_range`: The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. This range may be a single IP address (e.g. 10.2.3.4), a netmask (e.g. /24) or a CIDR format string (e.g. 10.1.2.0/24).
+
+ * `subnetwork_range_name`: Optional subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.
+
+ * `name`: The name of the network interface, generated by the server. For network devices, these are eth0, eth1, etc
+
+ * `network`: Specifies the title of an existing network. When creating an instance, if neither the network nor the subnetwork is specified, the default network global/networks/default is used; if the network is not specified but the subnetwork is specified, the network is inferred.
+
+ * `network_ip`: An IPv4 internal network address to assign to the instance for this network interface. If not specified by the user, an unused internal IP is assigned by the system.
+
+ * `subnetwork`: Reference to a VPC network. If the network resource is in legacy mode, do not provide this property. If the network is in auto subnet mode, providing the subnetwork is optional. If the network is in custom subnet mode, then this field should be specified.
+
+ * `scheduling`: Sets the scheduling options for this instance.
+
+ * `automatic_restart`: Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). You can only set the automatic restart option for standard instances. Preemptible instances cannot be automatically restarted.
+
+ * `on_host_maintenance`: Defines the maintenance behavior for this instance. For standard instances, the default behavior is MIGRATE. For preemptible instances, the default and only possible behavior is TERMINATE. For more information, see Setting Instance Scheduling Options.
+
+ * `preemptible`: Defines whether the instance is preemptible. This can only be set during instance creation, it cannot be set or changed after the instance has been created.
+
+ * `service_accounts`: A list of service accounts, with their specified scopes, authorized for this instance. Only one service account per VM instance is supported.
+
+ * `email`: Email address of the service account.
+
+ * `scopes`: The list of scopes to be made available for this service account.
+
+ * `shielded_instance_config`: Configuration for various parameters related to shielded instances.
+
+ * `enable_secure_boot`: Defines whether the instance has Secure Boot enabled.
+
+ * `enable_vtpm`: Defines whether the instance has the vTPM enabled
+
+ * `enable_integrity_monitoring`: Defines whether the instance has integrity monitoring enabled.
+
+ * `status`: The status of the instance. One of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, and TERMINATED. As a user, use RUNNING to keep a machine "on" and TERMINATED to turn a machine off
+
+ * `status_message`: An optional, human-readable explanation of the status.
+
+ * `tags`: A list of tags to apply to this instance. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during instance creation. The tags can be later modified by the setTags method. Each tag within the list must comply with RFC1035.
+
+ * `fingerprint`: Specifies a fingerprint for this request, which is essentially a hash of the metadata's contents and used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update metadata. You must always provide an up-to-date fingerprint hash in order to update or change metadata.
-* `cpu_platform`, `creation_timestamp`, `deletion_protection`, `disks`, `id`, `kind`, `label_fingerprint`, `machine_type`, `metadata`, `name`, `network_interfaces`, `scheduling`, `start_restricted`, `status`, `tags`, `zone`, `labels_keys`, `labels_values`, `label_value_by_key`, `metadata_keys`, `metadata_values`, `metadata_value_by_key`
+ * `items`: An array of tags. Each tag must be 1-63 characters long, and comply with RFC1035.
-
+ * `zone`: A reference to the zone where the machine resides.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_instance_group.md b/docs/resources/google_compute_instance_group.md
index 25988770a..79451649f 100644
--- a/docs/resources/google_compute_instance_group.md
+++ b/docs/resources/google_compute_instance_group.md
@@ -1,28 +1,30 @@
---
-title: About the google_compute_instance_group Resource
+title: About the google_compute_instance_group resource
platform: gcp
---
-# google\_compute\_instance\_group
-
-Use the `google_compute_instance_group` InSpec audit resource to test properties of a single GCP compute instance group.
-
-
-
## Syntax
+A `google_compute_instance_group` is used to test a Google InstanceGroup resource
-A `google_compute_instance_group` resource block declares the tests for a single GCP compute instance group by project, zone and name.
- describe google_compute_instance_group(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'gcp-inspec-test') do
- it { should exist }
- its('size') { should eq 2 }
- end
-
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
-The following examples show how to use this InSpec audit resource.
+describe google_compute_instance_group(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-instance-group') do
+ it { should exist }
+ its('description') { should cmp 'My instance group for testing' }
+ its('named_ports.count') { should cmp 1 }
+ its('named_ports.first.name') { should cmp 'https' }
+ its('named_ports.first.port') { should cmp '8080' }
+end
+
+describe google_compute_instance_group(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP compute instance group has the expected size
@@ -37,15 +39,34 @@ The following examples show how to use this InSpec audit resource.
its('port_value') { should eq 80 }
end
-
## Properties
+Properties that can be accessed from the `google_compute_instance_group` resource:
+
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+ * `description`: An optional description of this resource. Provide this property when you create the resource.
+
+ * `id`: A unique identifier for this instance group.
+
+ * `name`: The name of the instance group. The name must be 1-63 characters long, and comply with RFC1035.
+
+ * `named_ports`: Assigns a name to a port number. For example: {name: "http", port: 80}. This allows the system to reference ports by the assigned name instead of a port number. Named ports can also contain multiple ports. For example: [{name: "http", port: 80},{name: "http", port: 8080}] Named ports apply to all instances in this instance group.
+
+ * `name`: The name for this named port. The name must be 1-63 characters long, and comply with RFC1035.
+
+ * `port`: The port number, which can be a value between 1 and 65535.
+
+ * `network`: The network to which all instances in the instance group belong.
+
+ * `region`: The region where the instance group is located (for regional resources).
-* `creation_timestamp`, `description`, `fingerprint`, `id`, `kind`, `name`, `named_ports`, `network`, `size`, `subnetwork`, `zone`
+ * `subnetwork`: The subnetwork to which all instances in the instance group belong.
-
+ * `zone`: A reference to the zone where the instance group resides.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_instance_group_manager.md b/docs/resources/google_compute_instance_group_manager.md
index 6573bea14..bd7058bc7 100644
--- a/docs/resources/google_compute_instance_group_manager.md
+++ b/docs/resources/google_compute_instance_group_manager.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_instance_group_manager` is used to test a Google InstanceGroupManager resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_instance_group_manager(project: 'chef-gcp-inspec', zone: 'zone', name: 'inspec-gcp-igm') do
diff --git a/docs/resources/google_compute_instance_group_managers.md b/docs/resources/google_compute_instance_group_managers.md
index ff0151a0b..c7cd3c907 100644
--- a/docs/resources/google_compute_instance_group_managers.md
+++ b/docs/resources/google_compute_instance_group_managers.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_instance_group_managers` is used to test a Google InstanceGroupManager resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_instance_group_managers(project: 'chef-gcp-inspec', zone: 'zone') do
diff --git a/docs/resources/google_compute_instance_groups.md b/docs/resources/google_compute_instance_groups.md
index 37de22a20..f2231635a 100644
--- a/docs/resources/google_compute_instance_groups.md
+++ b/docs/resources/google_compute_instance_groups.md
@@ -1,35 +1,22 @@
---
-title: About the google_compute_instance_groups Resource
+title: About the google_compute_instance_groups resource
platform: gcp
---
-# google\_compute\_instance\_groups
-
-Use the `google_compute_instance_groups` InSpec audit resource to test properties of all, or a filtered group of, GCP compute instance groups for a project in a particular zone.
-
-
-
## Syntax
+A `google_compute_instance_groups` is used to test a Google InstanceGroup resource
-A `google_compute_instance_groups` resource block collects GCP instance groups by project and zone, then tests that group.
- describe google_compute_instance_groups(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_instance_group`.
-
- google_compute_instance_groups(project: 'chef-inspec-gcp').instance_group_names.each do |instance_group_name|
- describe google_compute_instance_group(project: 'chef-inspec-gcp', instance_group: instance_group_name) do
- it { should exist }
- end
- end
-
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
-The following examples show how to use this InSpec audit resource.
+describe google_compute_instance_groups(project: 'chef-gcp-inspec', zone: 'zone') do
+ its('instance_group_names') { should include 'inspec-instance-group' }
+end
+```
### Test that there are no more than a specified number of instance groups available for the project
@@ -51,21 +38,25 @@ The following examples show how to use this InSpec audit resource.
its('size') { should be > 0 }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `instance_group_id` and `instance_group_name`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_compute_instance_groups` resource:
+
+See [google_compute_instance_group.md](google_compute_instance_group.md) for more detailed information
+ * `creation_timestamps`: an array of `google_compute_instance_group` creation_timestamp
+ * `descriptions`: an array of `google_compute_instance_group` description
+ * `instance_group_ids`: an array of `google_compute_instance_group` id
+ * `instance_group_names`: an array of `google_compute_instance_group` name
+ * `named_ports`: an array of `google_compute_instance_group` named_ports
+ * `networks`: an array of `google_compute_instance_group` network
+ * `regions`: an array of `google_compute_instance_group` region
+ * `subnetworks`: an array of `google_compute_instance_group` subnetwork
+ * `zones`: an array of `google_compute_instance_group` zone
-* `instance_group_ids` - an array of google_compute_instance_group identifier integers
-* `instance_group_names` - an array of google_compute_instance_group name strings
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_instance_template.md b/docs/resources/google_compute_instance_template.md
index 7b5a9985d..2b0ec7989 100644
--- a/docs/resources/google_compute_instance_template.md
+++ b/docs/resources/google_compute_instance_template.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_instance_template` is used to test a Google InstanceTemplate resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_instance_template(project: 'chef-gcp-inspec', name: 'inspec-gcp-instance-template') do
@@ -46,6 +50,8 @@ Properties that can be accessed from the `google_compute_instance_template` reso
* `disks`: An array of disks that are associated with the instances that are created from this template.
+ * `licenses`: Any applicable license URI.
+
* `auto_delete`: Specifies whether the disk will be auto-deleted when the instance is deleted (but not when the disk is detached from the instance). Tip: Disks should be set to autoDelete=true so that leftover disks are not left behind on machine deletion.
* `boot`: Indicates that this is a boot disk. The virtual machine will use the first partition of the disk for its root filesystem.
diff --git a/docs/resources/google_compute_instance_templates.md b/docs/resources/google_compute_instance_templates.md
index 6d02f7cf8..db70a74da 100644
--- a/docs/resources/google_compute_instance_templates.md
+++ b/docs/resources/google_compute_instance_templates.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_instance_templates` is used to test a Google InstanceTemplate resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_instance_templates(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_instances.md b/docs/resources/google_compute_instances.md
index 7569edbcd..95c1892c8 100644
--- a/docs/resources/google_compute_instances.md
+++ b/docs/resources/google_compute_instances.md
@@ -1,39 +1,22 @@
---
-title: About the google_compute_instances Resource
+title: About the google_compute_instances resource
platform: gcp
---
-# google\_compute\_instances
-
-Use the `google_compute_instances` InSpec audit resource to test properties of all, or a filtered group of, GCP compute instances for a project in a particular zone.
-
-
-
## Syntax
+A `google_compute_instances` is used to test a Google Instance resource
-A `google_compute_instances` resource block collects GCP instances by project and zone then tests that group.
-
- describe google_compute_instances(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_instance`.
-
- google_compute_instances(project: 'chef-inspec-gcp', zone: 'europe-west2-a').instance_names.each do |instance_name|
- describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: instance_name) do
- it { should exist }
- its('zone') { should match gcp_zone }
- its('kind') { should eq "compute#instance" }
- its('status') { should eq 'RUNNING' }
- its('tag_count'){ should be >= 1 }
- end
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
-The following examples show how to use this InSpec audit resource.
+describe google_compute_instances(project: 'chef-gcp-inspec', zone: 'zone') do
+ its('instance_names') { should include 'inspec-instance' }
+end
+```
### Test that there are no more than a specified number of instances in the project and zone
@@ -53,20 +36,37 @@ The following examples show how to use this InSpec audit resource.
its('instance_names') { should include "my-favourite-instance" }
end
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `instance_id` and `instance_name`. Either of these may be used with `where`, as a block or as a method.
-
## Properties
+Properties that can be accessed from the `google_compute_instances` resource:
+
+See [google_compute_instance.md](google_compute_instance.md) for more detailed information
+ * `can_ip_forwards`: an array of `google_compute_instance` can_ip_forward
+ * `cpu_platforms`: an array of `google_compute_instance` cpu_platform
+ * `creation_timestamps`: an array of `google_compute_instance` creation_timestamp
+ * `deletion_protections`: an array of `google_compute_instance` deletion_protection
+ * `disks`: an array of `google_compute_instance` disks
+ * `guest_accelerators`: an array of `google_compute_instance` guest_accelerators
+ * `hostnames`: an array of `google_compute_instance` hostname
+ * `instance_ids`: an array of `google_compute_instance` id
+ * `label_fingerprints`: an array of `google_compute_instance` label_fingerprint
+ * `labels`: an array of `google_compute_instance` labels
+ * `metadata`: an array of `google_compute_instance` metadata
+ * `machine_types`: an array of `google_compute_instance` machine_type
+ * `min_cpu_platforms`: an array of `google_compute_instance` min_cpu_platform
+ * `instance_names`: an array of `google_compute_instance` name
+ * `network_interfaces`: an array of `google_compute_instance` network_interfaces
+ * `schedulings`: an array of `google_compute_instance` scheduling
+ * `service_accounts`: an array of `google_compute_instance` service_accounts
+ * `shielded_instance_configs`: an array of `google_compute_instance` shielded_instance_config
+ * `statuses`: an array of `google_compute_instance` status
+ * `status_messages`: an array of `google_compute_instance` status_message
+ * `tags`: an array of `google_compute_instance` tags
+ * `zones`: an array of `google_compute_instance` zone
-* `instance_ids` - an array of google_compute_instance identifier integers
-* `instance_names` - an array of google_compute_instance name strings
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_network.md b/docs/resources/google_compute_network.md
index bfd954c13..4a8ffbb08 100644
--- a/docs/resources/google_compute_network.md
+++ b/docs/resources/google_compute_network.md
@@ -1,28 +1,26 @@
---
-title: About the google_compute_network Resource
+title: About the google_compute_network resource
platform: gcp
---
-# google\_compute\_network
-
-Use the `google_compute_network` InSpec audit resource to test properties of a single GCP compute network.
-
-
-
## Syntax
+A `google_compute_network` is used to test a Google Network resource
-A `google_compute_network` resource block declares the tests for a single GCP zone by project and name.
-
- describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do
- it { should exist }
- its('name') { should eq 'gcp-inspec-network' }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
+describe google_compute_network(project: 'chef-gcp-inspec', name: 'inspec-network') do
+ it { should exist }
+ its('routing_config.routing_mode') { should cmp 'REGIONAL' }
+end
-The following examples show how to use this InSpec audit resource.
+describe google_compute_network(project: 'chef-gcp-inspec', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP compute network exists
@@ -63,15 +61,29 @@ The following examples show how to use this InSpec audit resource.
its ('routing_config.routing_mode') { should eq "REGIONAL" }
end
-
-
## Properties
+Properties that can be accessed from the `google_compute_network` resource:
+
+
+ * `description`: An optional description of this resource. The resource must be recreated to modify this field.
+
+ * `gateway_ipv4`: The gateway address for default routing out of the network. This value is selected by GCP.
+
+ * `id`: The unique identifier for the resource.
+
+ * `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+ * `subnetworks`: Server-defined fully-qualified URLs for all subnetworks in this network.
+
+ * `auto_create_subnetworks`: When set to `true`, the network is created in "auto subnet mode" and it will create a subnet for each region automatically across the `10.128.0.0/9` address range. When set to `false`, the network is created in "custom subnet mode" so the user can explicitly connect subnetwork resources.
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
-* `auto_create_subnetworks`, `creation_timestamp`, `creation_timestamp_date`, `id`, `kind`, `name`, `routing_config`, `subnetworks`
+ * `routing_config`: The network-level routing configuration for this network. Used by Cloud Router to determine what type of network-wide routing behavior to enforce.
-
+ * `routing_mode`: The network-wide routing mode to use. If set to `REGIONAL`, this network's cloud routers will only advertise routes with subnetworks of this network in the same region as the router. If set to `GLOBAL`, this network's cloud routers will advertise routes with all subnetworks of this network, across regions.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_network_endpoint_group.md b/docs/resources/google_compute_network_endpoint_group.md
index 5043b252e..0a030d0cb 100644
--- a/docs/resources/google_compute_network_endpoint_group.md
+++ b/docs/resources/google_compute_network_endpoint_group.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_network_endpoint_group` is used to test a Google NetworkEndpointGroup resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
diff --git a/docs/resources/google_compute_network_endpoint_groups.md b/docs/resources/google_compute_network_endpoint_groups.md
index fe7c287a4..cb0f7c48a 100644
--- a/docs/resources/google_compute_network_endpoint_groups.md
+++ b/docs/resources/google_compute_network_endpoint_groups.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_network_endpoint_groups` is used to test a Google NetworkEndpointGroup resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
diff --git a/docs/resources/google_compute_networks.md b/docs/resources/google_compute_networks.md
index b25715450..099d22cb8 100644
--- a/docs/resources/google_compute_networks.md
+++ b/docs/resources/google_compute_networks.md
@@ -1,38 +1,21 @@
---
-title: About the google_compute_networks Resource
+title: About the google_compute_networks resource
platform: gcp
---
-# google\_compute\_networks
-
-Use the `google_compute_networks` InSpec audit resource to test properties of all, or a filtered group of, GCP compute networks for a project.
-
-
-
## Syntax
+A `google_compute_networks` is used to test a Google Network resource
-A `google_compute_networks` resource block collects GCP networks by project then tests that group.
-
- describe google_compute_networks(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_network`.
-
- google_compute_networks(project: 'chef-inspec-gcp').network_names.each do |network_name|
- describe google_compute_network(project: 'chef-inspec-gcp', name: network_name) do
- its ('subnetworks.count') { should be < 10 }
- its ('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
- its ('routing_config.routing_mode') { should eq "REGIONAL" }
- its ('auto_create_subnetworks'){ should be false }
- end
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_networks(project: 'chef-gcp-inspec') do
+ its('network_names') { should include 'inspec-network' }
+end
+```
### Test that there are no more than a specified number of networks available for the project
@@ -52,21 +35,24 @@ The following examples show how to use this InSpec audit resource.
its('network_names') { should include "network-name" }
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `network_id` and `network_name`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_compute_networks` resource:
+
+See [google_compute_network.md](google_compute_network.md) for more detailed information
+ * `descriptions`: an array of `google_compute_network` description
+ * `gateway_ipv4s`: an array of `google_compute_network` gateway_ipv4
+ * `network_ids`: an array of `google_compute_network` id
+ * `network_names`: an array of `google_compute_network` name
+ * `subnetworks`: an array of `google_compute_network` subnetworks
+ * `auto_create_subnetworks`: an array of `google_compute_network` auto_create_subnetworks
+ * `creation_timestamps`: an array of `google_compute_network` creation_timestamp
+ * `routing_configs`: an array of `google_compute_network` routing_config
-* `network_ids` - an array of google_compute_network identifier integers
-* `network_names` - an array of google_compute_network name strings
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_node_group.md b/docs/resources/google_compute_node_group.md
index 61f95aa18..a3a166d52 100644
--- a/docs/resources/google_compute_node_group.md
+++ b/docs/resources/google_compute_node_group.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_node_group` is used to test a Google NodeGroup resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
@@ -34,6 +38,14 @@ Properties that can be accessed from the `google_compute_node_group` resource:
* `size`: The total number of nodes in the node group.
+ * `autoscaling_policy`: (Beta only) If you use sole-tenant nodes for your workloads, you can use the node group autoscaler to automatically manage the sizes of your node groups.
+
+ * `mode`: The autoscaling mode. Set to one of the following: - OFF: Disables the autoscaler. - ON: Enables scaling in and scaling out. - ONLY_SCALE_OUT: Enables only scaling out. You must use this mode if your node groups are configured to restart their hosted VMs on minimal servers.
+
+ * `min_nodes`: Minimum size of the node group. Must be less than or equal to max-nodes. The default value is 0.
+
+ * `max_nodes`: Maximum size of the node group. Set to a value less than or equal to 100 and greater than or equal to min-nodes.
+
* `zone`: Zone where this node group is located
diff --git a/docs/resources/google_compute_node_groups.md b/docs/resources/google_compute_node_groups.md
index 41067010e..d0a97cf51 100644
--- a/docs/resources/google_compute_node_groups.md
+++ b/docs/resources/google_compute_node_groups.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_node_groups` is used to test a Google NodeGroup resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
@@ -26,6 +30,7 @@ See [google_compute_node_group.md](google_compute_node_group.md) for more detail
* `names`: an array of `google_compute_node_group` name
* `node_templates`: an array of `google_compute_node_group` node_template
* `sizes`: an array of `google_compute_node_group` size
+ * `autoscaling_policies`: (Beta only) an array of `google_compute_node_group` autoscaling_policy
* `zones`: an array of `google_compute_node_group` zone
## Filter Criteria
diff --git a/docs/resources/google_compute_node_template.md b/docs/resources/google_compute_node_template.md
index 42d8c2340..1a845b67c 100644
--- a/docs/resources/google_compute_node_template.md
+++ b/docs/resources/google_compute_node_template.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_node_template` is used to test a Google NodeTemplate resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
@@ -41,6 +45,10 @@ Properties that can be accessed from the `google_compute_node_template` resource
* `local_ssd`: Use local SSD
+ * `server_binding`: (Beta only) The server binding policy for nodes using this template. Determines where the nodes should restart following a maintenance event.
+
+ * `type`: Type of server binding policy. If `RESTART_NODE_ON_ANY_SERVER`, nodes using this template will restart on any physical server following a maintenance event. If `RESTART_NODE_ON_MINIMAL_SERVER`, nodes using this template will restart on the same physical server following a maintenance event, instead of being live migrated to or restarted on a new physical server. This option may be useful if you are using software licenses tied to the underlying server characteristics such as physical sockets or cores, to avoid the need for additional licenses when maintenance occurs. However, VMs on such nodes will experience outages while maintenance is applied.
+
* `region`: Region where nodes using the node template will be created
diff --git a/docs/resources/google_compute_node_templates.md b/docs/resources/google_compute_node_templates.md
index e3cbb1363..dc2865a3a 100644
--- a/docs/resources/google_compute_node_templates.md
+++ b/docs/resources/google_compute_node_templates.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_node_templates` is used to test a Google NodeTemplate resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
@@ -24,6 +28,7 @@ See [google_compute_node_template.md](google_compute_node_template.md) for more
* `node_affinity_labels`: an array of `google_compute_node_template` node_affinity_labels
* `node_types`: an array of `google_compute_node_template` node_type
* `node_type_flexibilities`: an array of `google_compute_node_template` node_type_flexibility
+ * `server_bindings`: (Beta only) an array of `google_compute_node_template` server_binding
* `regions`: an array of `google_compute_node_template` region
## Filter Criteria
diff --git a/docs/resources/google_compute_project_info.md b/docs/resources/google_compute_project_info.md
index 903032a48..cfba14c3c 100644
--- a/docs/resources/google_compute_project_info.md
+++ b/docs/resources/google_compute_project_info.md
@@ -1,27 +1,22 @@
---
-title: About the google_compute_project_info Resource
+title: About the google_compute_project_info resource
platform: gcp
---
-# google\_compute\_project\_info
-
-Use the `google_compute_project_info` InSpec audit resource to test GCP compute project information.
-
-
-
## Syntax
+A `google_compute_project_info` is used to test a Google ProjectInfo resource
-A `google_compute_project_info` resource block declares the tests for GCP compute project information by project identifier.
-
- describe google_compute_project_info(project: 'chef-inspec-gcp') do
- its('name') { should match 'chef-inspec-gcp' }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_project_info(project: 'chef-gcp-inspec') do
+ it { should exist }
+ its('default_service_account') { should match "developer.gserviceaccount.com" }
+end
+```
### Test that GCP compute project information exists
@@ -35,15 +30,41 @@ The following examples show how to use this InSpec audit resource.
its('default_service_account') { should eq '12345-compute@developer.gserviceaccount.com' }
end
-
-
## Properties
+Properties that can be accessed from the `google_compute_project_info` resource:
+
+
+ * `name`: The name of this project
+
+ * `common_instance_metadata`: Metadata shared for all instances in this project
+
+ * `items`: Array of key/values
+
+ * `key`: Key of the metadata key/value pair
+
+ * `value`: Value of the metadata key/value pair
+
+ * `enabled_features`: Restricted features enabled for use on this project
+
+ * `default_service_account`: Default service account used by VMs in this project
+
+ * `xpn_project_status`: The role this project has in a shared VPC configuration.
+
+ * `default_network_tier`: The default network tier used for configuring resources in this project
+
+ * `quotas`: Quotas applied to this project
+
+ * `metric`: Name of the quota metric
+
+ * `limit`: Quota limit for this metric
+
+ * `usage`: Current usage of this metric
-* `common_instance_metadata`, `creation_timestamp`, `creation_timestamp_date`, `default_service_account`, `id`, `kind`, `name`, `quotas`, `xpn_project_status`
+ * `owner`: Owning resource. This is the resource on which this quota is applied.
-
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_region.md b/docs/resources/google_compute_region.md
index 2ade15f28..3db48219d 100644
--- a/docs/resources/google_compute_region.md
+++ b/docs/resources/google_compute_region.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_region` is used to test a Google Region resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_region(project: 'chef-gcp-inspec', name: 'europe-west2') do
diff --git a/docs/resources/google_compute_region_backend_service.md b/docs/resources/google_compute_region_backend_service.md
index 2269ed192..de38cd658 100644
--- a/docs/resources/google_compute_region_backend_service.md
+++ b/docs/resources/google_compute_region_backend_service.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_region_backend_service` is used to test a Google RegionBackendService resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_region_backend_service(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-gcp-region-backend-service') do
@@ -24,29 +28,69 @@ end
Properties that can be accessed from the `google_compute_region_backend_service` resource:
+ * `affinity_cookie_ttl_sec`: (Beta only) Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
+
* `backends`: The set of backends that serve this RegionBackendService.
* `balancing_mode`: Specifies the balancing mode for this backend. Defaults to CONNECTION.
- * `capacity_scaler`: A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
+ * `capacity_scaler`: A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). ~>**NOTE**: This field cannot be set for INTERNAL region backend services (default loadBalancingScheme), but is required for non-INTERNAL backend service. The total capacity_scaler for all backends must be non-zero. A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
* `description`: An optional description of this resource. Provide this property when you create the resource.
+ * `failover`: (Beta only) This field designates whether this is a failover backend. More than one failover backend can be configured for a given RegionBackendService.
+
* `group`: The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. When the `load_balancing_scheme` is INTERNAL, only instance groups are supported. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
- * `max_connections`: The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
+ * `max_connections`: The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. Cannot be set for INTERNAL backend services. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
+
+ * `max_connections_per_instance`: The max number of simultaneous connections that a single backend instance can handle. Cannot be set for INTERNAL backend services. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
+
+ * `max_connections_per_endpoint`: The max number of simultaneous connections that a single backend network endpoint can handle. Cannot be set for INTERNAL backend services. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
+
+ * `max_rate`: The max requests per second (RPS) of the group. Cannot be set for INTERNAL backend services. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. Either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
+
+ * `max_rate_per_instance`: The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set. Cannot be set for INTERNAL backend services.
+
+ * `max_rate_per_endpoint`: The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set. Cannot be set for INTERNAL backend services.
+
+ * `max_utilization`: Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0]. Cannot be set for INTERNAL backend services.
+
+ * `circuit_breakers`: (Beta only) Settings controlling the volume of connections to a backend service. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2.
+
+ * `connect_timeout`: The timeout for new network connections to hosts.
- * `max_connections_per_instance`: The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
+ * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
- * `max_connections_per_endpoint`: The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
+ * `nanos`: Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
- * `max_rate`: The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. Either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
+ * `max_requests_per_connection`: Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
- * `max_rate_per_instance`: The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
+ * `max_connections`: The maximum number of connections to the backend cluster. Defaults to 1024.
- * `max_rate_per_endpoint`: The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
+ * `max_pending_requests`: The maximum number of pending requests to the backend cluster. Defaults to 1024.
- * `max_utilization`: Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
+ * `max_requests`: The maximum number of parallel requests to the backend cluster. Defaults to 1024.
+
+ * `max_retries`: The maximum number of parallel retries to the backend cluster. Defaults to 3.
+
+ * `consistent_hash`: (Beta only) Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies when all of the following are true - * `load_balancing_scheme` is set to INTERNAL_MANAGED * `protocol` is set to HTTP, HTTPS, or HTTP2 * `locality_lb_policy` is set to MAGLEV or RING_HASH
+
+ * `http_cookie`: Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE.
+
+ * `ttl`: Lifetime of the cookie.
+
+ * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
+
+ * `nanos`: Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
+
+ * `name`: Name of the cookie.
+
+ * `path`: Path to set for the cookie.
+
+ * `http_header_name`: The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
+
+ * `minimum_ring_size`: The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
* `connection_draining`: Settings for connection draining
@@ -56,6 +100,14 @@ Properties that can be accessed from the `google_compute_region_backend_service`
* `description`: An optional description of this resource.
+ * `failover_policy`: (Beta only) Policy for failovers.
+
+ * `disable_connection_drain_on_failover`: On failover or failback, this field indicates whether connection drain will be honored. Setting this to true has the following effect: connections to the old active pool are not drained. Connections to the new active pool use the timeout of 10 min (currently fixed). Setting to false has the following effect: both old and new connections will have a drain timeout of 10 min. This can be set to true only if the protocol is TCP. The default is false.
+
+ * `drop_traffic_if_unhealthy`: This option is used only when no healthy VMs are detected in the primary and backup instance groups. When set to true, traffic is dropped. When set to false, new connections are sent across all VMs in the primary group. The default is false.
+
+ * `failover_ratio`: The value of the field must be in [0, 1]. If the ratio of the healthy VMs in the primary backend is at or below this number, traffic arriving at the load-balanced IP will be directed to the failover backend. In case where 'failoverRatio' is not set or all the VMs in the backup backend are unhealthy, the traffic will be directed back to the primary backend in the "force" mode, where traffic will be spread to the healthy VMs with the best effort, or to all VMs when no VM is healthy. This field is only used with l4 load balancing.
+
* `fingerprint`: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
* `health_checks`: The set of URLs to HealthCheck resources for health checking this RegionBackendService. Currently at most one health check can be specified, and a health check is required.
@@ -64,14 +116,56 @@ Properties that can be accessed from the `google_compute_region_backend_service`
* `load_balancing_scheme`: Indicates what kind of load balancing this regional backend service will be used for. A backend service created for one type of load balancing cannot be used with the other(s). Must be `INTERNAL` or `INTERNAL_MANAGED`. Defaults to `INTERNAL`.
+ * `locality_lb_policy`: (Beta only) The load balancing algorithm used within the scope of the locality. The possible values are - ROUND_ROBIN - This is a simple policy in which each healthy backend is selected in round robin order. LEAST_REQUEST - An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. RING_HASH - The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. RANDOM - The load balancer selects a random healthy host. ORIGINAL_DESTINATION - Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. MAGLEV - used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2.
+
* `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+ * `outlier_detection`: (Beta only) Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2.
+
+ * `base_ejection_time`: The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s.
+
+ * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
+
+ * `nanos`: Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive.
+
+ * `consecutive_errors`: Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
+
+ * `consecutive_gateway_failure`: The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
+
+ * `enforcing_consecutive_errors`: The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
+
+ * `enforcing_consecutive_gateway_failure`: The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
+
+ * `enforcing_success_rate`: The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
+
+ * `interval`: Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds.
+
+ * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
+
+ * `nanos`: Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive.
+
+ * `max_ejection_percent`: Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
+
+ * `success_rate_minimum_hosts`: The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
+
+ * `success_rate_request_volume`: The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
+
+ * `success_rate_stdev_factor`: This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
+
* `protocol`: The protocol this RegionBackendService uses to communicate with backends. Possible values are HTTP, HTTPS, HTTP2, SSL, TCP, and UDP. The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API.
* `session_affinity`: Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP.
* `timeout_sec`: How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400].
+ * `log_config`: (Beta only) This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver.
+
+ * `enable`: Whether to enable logging for the load balancer traffic served by this backend service.
+
+ * `sample_rate`: This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
+
+ * `network`: The URL of the network to which this backend service belongs. This field can only be specified when the load balancing scheme is set to INTERNAL.
+
* `region`: A reference to the region where the regional backend service resides.
diff --git a/docs/resources/google_compute_region_backend_services.md b/docs/resources/google_compute_region_backend_services.md
index 6e6a98fba..7435c1d3e 100644
--- a/docs/resources/google_compute_region_backend_services.md
+++ b/docs/resources/google_compute_region_backend_services.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_region_backend_services` is used to test a Google RegionBackendService resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_region_backend_services(project: 'chef-gcp-inspec', region: 'europe-west2') do
@@ -20,18 +24,26 @@ end
Properties that can be accessed from the `google_compute_region_backend_services` resource:
See [google_compute_region_backend_service.md](google_compute_region_backend_service.md) for more detailed information
+ * `affinity_cookie_ttl_secs`: (Beta only) an array of `google_compute_region_backend_service` affinity_cookie_ttl_sec
* `backends`: an array of `google_compute_region_backend_service` backends
+ * `circuit_breakers`: (Beta only) an array of `google_compute_region_backend_service` circuit_breakers
+ * `consistent_hashes`: (Beta only) an array of `google_compute_region_backend_service` consistent_hash
* `connection_drainings`: an array of `google_compute_region_backend_service` connection_draining
* `creation_timestamps`: an array of `google_compute_region_backend_service` creation_timestamp
* `descriptions`: an array of `google_compute_region_backend_service` description
+ * `failover_policies`: (Beta only) an array of `google_compute_region_backend_service` failover_policy
* `fingerprints`: an array of `google_compute_region_backend_service` fingerprint
* `health_checks`: an array of `google_compute_region_backend_service` health_checks
* `ids`: an array of `google_compute_region_backend_service` id
* `load_balancing_schemes`: an array of `google_compute_region_backend_service` load_balancing_scheme
+ * `locality_lb_policies`: (Beta only) an array of `google_compute_region_backend_service` locality_lb_policy
* `names`: an array of `google_compute_region_backend_service` name
+ * `outlier_detections`: (Beta only) an array of `google_compute_region_backend_service` outlier_detection
* `protocols`: an array of `google_compute_region_backend_service` protocol
* `session_affinities`: an array of `google_compute_region_backend_service` session_affinity
* `timeout_secs`: an array of `google_compute_region_backend_service` timeout_sec
+ * `log_configs`: (Beta only) an array of `google_compute_region_backend_service` log_config
+ * `networks`: an array of `google_compute_region_backend_service` network
* `regions`: an array of `google_compute_region_backend_service` region
## Filter Criteria
diff --git a/docs/resources/google_compute_region_instance_group_manager.md b/docs/resources/google_compute_region_instance_group_manager.md
index a2792bb48..060aeba36 100644
--- a/docs/resources/google_compute_region_instance_group_manager.md
+++ b/docs/resources/google_compute_region_instance_group_manager.md
@@ -1,27 +1,30 @@
---
-title: About the google_compute_region_instance_group_manager Resource
+title: About the google_compute_region_instance_group_manager resource
platform: gcp
---
-# google\_compute\_region\_instance\_group\_manager
-
-Use the `google_compute_region_instance_group_manager` InSpec audit resource to test properties of a single multi-zone GCP compute instance group.
-
-
-
## Syntax
+A `google_compute_region_instance_group_manager` is used to test a Google RegionInstanceGroupManager resource
-A `google_compute_region_instance_group_manager` resource block declares the tests for a single GCP compute instance group by project, region and name.
-
- describe google_compute_region_instance_group_manager(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-test') do
- it { should exist }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_region_instance_group_manager(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-rigm') do
+ it { should exist }
+ its('base_instance_name') { should eq 'rigm1' }
+ its('target_size') { should eq '1' }
+ its('named_ports.first.name') { should eq 'https' }
+ its('named_ports.first.port') { should eq '8888' }
+ its('auto_healing_policies.first.initial_delay_sec') { should eq '300' }
+end
+
+describe google_compute_region_instance_group_manager(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP compute region instance group manager has the expected size
@@ -35,15 +38,61 @@ The following examples show how to use this InSpec audit resource.
its('named_ports') { should include "http" }
end
-
-
## Properties
+Properties that can be accessed from the `google_compute_region_instance_group_manager` resource:
+
+
+ * `base_instance_name`: The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with RFC1035.
+
+ * `creation_timestamp`: The creation timestamp for this managed instance group in RFC3339 text format.
+
+ * `current_actions`: The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions.
+
+ * `abandoning`: The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it.
+
+ * `creating`: The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully. If you have disabled creation retries, this field will not be populated; instead, the creatingWithoutRetries field will be populated.
+
+ * `creating_without_retries`: The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group's targetSize value accordingly.
+
+ * `deleting`: The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted.
+
+ * `none`: The number of instances in the managed instance group that are running and have no scheduled actions.
+
+ * `recreating`: The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template.
+
+ * `refreshing`: The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance.
+
+ * `restarting`: The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted.
+
+ * `description`: An optional description of this resource. Provide this property when you create the resource.
+
+ * `id`: A unique identifier for this resource
+
+ * `instance_group`: The instance group being managed
+
+ * `instance_template`: The instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group.
+
+ * `name`: The name of the managed instance group. The name must be 1-63 characters long, and comply with RFC1035.
+
+ * `named_ports`: Named ports configured for the Instance Groups complementary to this Instance Group Manager.
+
+ * `name`: The name for this named port. The name must be 1-63 characters long, and comply with RFC1035.
+
+ * `port`: The port number, which can be a value between 1 and 65535.
+
+ * `target_pools`: TargetPool resources to which instances in the instanceGroup field are added. The target pools automatically apply to all of the instances in the managed instance group.
+
+ * `target_size`: The target number of running instances for this managed instance group. Deleting or abandoning instances reduces this number. Resizing the group changes this number.
+
+ * `auto_healing_policies`: The autohealing policy for this managed instance group
+
+ * `health_check`: The URL for the health check that signals autohealing.
-* `base_instance_name`, `creation_timestamp`, `current_actions`, `description`, `fingerprint`, `id`, `instance_group`, `instance_template`, `kind`, `name`, `named_ports`, `region`, `self_link`, `target_pools`, `target_size`, `region`
+ * `initial_delay_sec`: The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances
-
+ * `region`: The region the managed instance group resides.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_region_instance_group_managers.md b/docs/resources/google_compute_region_instance_group_managers.md
index 9fffe11b1..b6a4ba09d 100644
--- a/docs/resources/google_compute_region_instance_group_managers.md
+++ b/docs/resources/google_compute_region_instance_group_managers.md
@@ -1,35 +1,22 @@
---
-title: About the google_compute_region_instance_group_managers Resource
+title: About the google_compute_region_instance_group_managers resource
platform: gcp
---
-# google\_compute\_region\_instance\_group\_managers
-
-Use the `google_compute_region_instance_group_managerss` InSpec audit resource to test properties of all, or a filtered group of, GCP compute instance groups for a project in a particular region.
-
-
-
## Syntax
+A `google_compute_region_instance_group_managers` is used to test a Google RegionInstanceGroupManager resource
-A `google_compute_region_instance_group_managers` resource block collects GCP instance groups by project and region, then tests that group.
-
- describe google_compute_region_instance_group_managers(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_instance_group`.
-
- google_compute_region_instance_group_managers(project: 'chef-inspec-gcp', region: 'europe-west2').instance_group_names.each do |instance_group_name|
- describe google_compute_instance_group(project: 'chef-inspec-gcp', region: 'europe-west2', instance_group: instance_group_name) do
- it { should exist }
- end
- end
-
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_region_instance_group_managers(project: 'chef-gcp-inspec', region: 'europe-west2') do
+ its('instance_group_manager_names') { should include 'inspec-rigm' }
+ its('base_instance_names') { should include 'rigm1' }
+end
+```
### Test that there are no more than a specified number of instance groups available for the project
@@ -51,21 +38,29 @@ The following examples show how to use this InSpec audit resource.
its('target_size') { should be > 0 }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `instance_group_id` and `instance_group_name`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_compute_region_instance_group_managers` resource:
+
+See [google_compute_region_instance_group_manager.md](google_compute_region_instance_group_manager.md) for more detailed information
+ * `base_instance_names`: an array of `google_compute_region_instance_group_manager` base_instance_name
+ * `creation_timestamps`: an array of `google_compute_region_instance_group_manager` creation_timestamp
+ * `current_actions`: an array of `google_compute_region_instance_group_manager` current_actions
+ * `descriptions`: an array of `google_compute_region_instance_group_manager` description
+ * `instance_group_manager_ids`: an array of `google_compute_region_instance_group_manager` id
+ * `instance_groups`: an array of `google_compute_region_instance_group_manager` instance_group
+ * `instance_templates`: an array of `google_compute_region_instance_group_manager` instance_template
+ * `instance_group_manager_names`: an array of `google_compute_region_instance_group_manager` name
+ * `named_ports`: an array of `google_compute_region_instance_group_manager` named_ports
+ * `target_pools`: an array of `google_compute_region_instance_group_manager` target_pools
+ * `target_sizes`: an array of `google_compute_region_instance_group_manager` target_size
+ * `auto_healing_policies`: an array of `google_compute_region_instance_group_manager` auto_healing_policies
+ * `regions`: an array of `google_compute_region_instance_group_manager` region
-* `instance_group_ids` - an array of google_compute_instance_group identifier integers
-* `instance_group_names` - an array of google_compute_instance_group name strings
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_regions.md b/docs/resources/google_compute_regions.md
index 626a01a24..e7b96f988 100644
--- a/docs/resources/google_compute_regions.md
+++ b/docs/resources/google_compute_regions.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_regions` is used to test a Google Region resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_regions(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_route.md b/docs/resources/google_compute_route.md
index 69091bb80..c41491f99 100644
--- a/docs/resources/google_compute_route.md
+++ b/docs/resources/google_compute_route.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_route` is used to test a Google Route resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_route(project: 'chef-gcp-inspec', name: 'inspec-gcp-route') do
@@ -47,6 +51,8 @@ Properties that can be accessed from the `google_compute_route` resource:
* `next_hop_network`: URL to a Network that should handle matching packets.
+ * `next_hop_ilb`: The URL to a forwarding rule of type loadBalancingScheme=INTERNAL that should handle matching packets. You can only specify the forwarding rule as a partial or full URL. For example, the following are all valid URLs: https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule regions/region/forwardingRules/forwardingRule Note that this can only be used when the destinationRange is a public (non-RFC 1918) IP CIDR range.
+
## GCP Permissions
diff --git a/docs/resources/google_compute_router.md b/docs/resources/google_compute_router.md
index 100ff0bf8..def49b8f4 100644
--- a/docs/resources/google_compute_router.md
+++ b/docs/resources/google_compute_router.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_router` is used to test a Google Router resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-gcp-router') do
diff --git a/docs/resources/google_compute_router_nat.md b/docs/resources/google_compute_router_nat.md
index e2fae89fe..fae3c0098 100644
--- a/docs/resources/google_compute_router_nat.md
+++ b/docs/resources/google_compute_router_nat.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_router_nat` is used to test a Google RouterNat resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_router_nat(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router', name: 'inspec-router-nat') do
@@ -32,6 +36,8 @@ Properties that can be accessed from the `google_compute_router_nat` resource:
* `nat_ips`: Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
+ * `drain_nat_ips`: A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
+
* `source_subnetwork_ip_ranges_to_nat`: How NAT should be configured per Subnetwork. If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the IP ranges in every Subnetwork are allowed to Nat. If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP ranges in every Subnetwork are allowed to Nat. `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region.
* `subnetwork`: One or more subnetwork NAT configurations. Only used if `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS`
diff --git a/docs/resources/google_compute_router_nats.md b/docs/resources/google_compute_router_nats.md
index 5e5558c07..12d9341b7 100644
--- a/docs/resources/google_compute_router_nats.md
+++ b/docs/resources/google_compute_router_nats.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_router_nats` is used to test a Google RouterNat resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_router_nats(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router') do
@@ -20,6 +24,7 @@ See [google_compute_router_nat.md](google_compute_router_nat.md) for more detail
* `names`: an array of `google_compute_router_nat` name
* `nat_ip_allocate_options`: an array of `google_compute_router_nat` nat_ip_allocate_option
* `nat_ips`: an array of `google_compute_router_nat` nat_ips
+ * `drain_nat_ips`: an array of `google_compute_router_nat` drain_nat_ips
* `source_subnetwork_ip_ranges_to_nats`: an array of `google_compute_router_nat` source_subnetwork_ip_ranges_to_nat
* `subnetworks`: an array of `google_compute_router_nat` subnetwork
* `min_ports_per_vms`: an array of `google_compute_router_nat` min_ports_per_vm
diff --git a/docs/resources/google_compute_routers.md b/docs/resources/google_compute_routers.md
index 56e203753..8905a8f10 100644
--- a/docs/resources/google_compute_routers.md
+++ b/docs/resources/google_compute_routers.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_routers` is used to test a Google Router resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_routers(project: 'chef-gcp-inspec', region: 'europe-west2') do
diff --git a/docs/resources/google_compute_routes.md b/docs/resources/google_compute_routes.md
index 631694fbb..9b14c3b53 100644
--- a/docs/resources/google_compute_routes.md
+++ b/docs/resources/google_compute_routes.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_routes` is used to test a Google Route resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_routes(project: 'chef-gcp-inspec') do
@@ -31,6 +35,7 @@ See [google_compute_route.md](google_compute_route.md) for more detailed informa
* `next_hop_ips`: an array of `google_compute_route` next_hop_ip
* `next_hop_vpn_tunnels`: an array of `google_compute_route` next_hop_vpn_tunnel
* `next_hop_networks`: an array of `google_compute_route` next_hop_network
+ * `next_hop_ilbs`: an array of `google_compute_route` next_hop_ilb
## Filter Criteria
This resource supports all of the above properties as filter criteria, which can be used
diff --git a/docs/resources/google_compute_snapshot.md b/docs/resources/google_compute_snapshot.md
index bcf011471..d84db230e 100644
--- a/docs/resources/google_compute_snapshot.md
+++ b/docs/resources/google_compute_snapshot.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_snapshot` is used to test a Google Snapshot resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
diff --git a/docs/resources/google_compute_snapshots.md b/docs/resources/google_compute_snapshots.md
index 55f391fb7..519b5d1ef 100644
--- a/docs/resources/google_compute_snapshots.md
+++ b/docs/resources/google_compute_snapshots.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_snapshots` is used to test a Google Snapshot resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
diff --git a/docs/resources/google_compute_ssl_certificate.md b/docs/resources/google_compute_ssl_certificate.md
index ec13992b9..4860b7ec0 100644
--- a/docs/resources/google_compute_ssl_certificate.md
+++ b/docs/resources/google_compute_ssl_certificate.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_ssl_certificate` is used to test a Google SslCertificate resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_ssl_certificate(project: 'chef-gcp-inspec', name: 'inspec-gcp-ssl-certificate') do
diff --git a/docs/resources/google_compute_ssl_certificates.md b/docs/resources/google_compute_ssl_certificates.md
index 6bd3a253e..97d2bc9ce 100644
--- a/docs/resources/google_compute_ssl_certificates.md
+++ b/docs/resources/google_compute_ssl_certificates.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_ssl_certificates` is used to test a Google SslCertificate resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_ssl_certificates(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_ssl_policies.md b/docs/resources/google_compute_ssl_policies.md
index de48b3d2a..c3ab56520 100644
--- a/docs/resources/google_compute_ssl_policies.md
+++ b/docs/resources/google_compute_ssl_policies.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_ssl_policies` is used to test a Google SslPolicy resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_ssl_policies(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_ssl_policy.md b/docs/resources/google_compute_ssl_policy.md
index 7b43d1b02..533a5705f 100644
--- a/docs/resources/google_compute_ssl_policy.md
+++ b/docs/resources/google_compute_ssl_policy.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_ssl_policy` is used to test a Google SslPolicy resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_ssl_policy(project: 'chef-gcp-inspec', name: 'inspec-gcp-ssl-policy') do
diff --git a/docs/resources/google_compute_subnetwork.md b/docs/resources/google_compute_subnetwork.md
index 1ed8b46b7..902859e46 100644
--- a/docs/resources/google_compute_subnetwork.md
+++ b/docs/resources/google_compute_subnetwork.md
@@ -1,29 +1,30 @@
---
-title: About the google_compute_subnetwork Resource
+title: About the google_compute_subnetwork resource
platform: gcp
---
-# google\_compute\_subnetwork
-
-Use the `google_compute_subnetwork` InSpec audit resource to test properties of a single GCP compute subnetwork.
-
-
-
## Syntax
+A `google_compute_subnetwork` is used to test a Google Subnetwork resource
-A `google_compute_subnetwork` resource block declares the tests for a single GCP subnetwork by project, region and name.
-
- describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do
- it { should exist }
- its('name') { should eq 'gcp-inspec-subnetwork' }
- its('region') { should match 'europe-west2' }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_subnetwork(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-subnet') do
+ it { should exist }
+ its('ip_cidr_range') { should eq '10.2.0.0/16' }
+ its('log_config.enable') { should be true }
+ its('log_config.flow_sampling') { should cmp '0.5' }
+ its('log_config.aggregation_interval') { should cmp 'INTERVAL_10_MIN' }
+ its('log_config.metadata') { should include 'INCLUDE_ALL_METADATA' }
+end
+
+describe google_compute_subnetwork(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP compute subnetwork exists
@@ -34,7 +35,7 @@ The following examples show how to use this InSpec audit resource.
### Test when a GCP compute subnetwork was created
describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do
- its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
+ its('creation_timestamp') { should be > Time.now - 365*60*60*24*10 }
end
### Test for an expected subnetwork identifier
@@ -67,15 +68,49 @@ The following examples show how to use this InSpec audit resource.
its('private_ip_google_access') { should be false }
end
-
-
## Properties
+Properties that can be accessed from the `google_compute_subnetwork` resource:
+
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+ * `description`: An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time.
+
+ * `gateway_address`: The gateway address for default routes to reach destination addresses outside this subnetwork.
+
+ * `id`: The unique identifier for the resource.
+
+ * `ip_cidr_range`: The range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported.
+
+ * `name`: The name of the resource, provided by the client when initially creating the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+ * `network`: The network this subnet belongs to. Only networks that are in the distributed mode can have subnetworks.
+
+ * `purpose`: (Beta only) The purpose of the resource. This field can be either PRIVATE or INTERNAL_HTTPS_LOAD_BALANCER. A subnetwork with purpose set to INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. If unspecified, the purpose defaults to PRIVATE. If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the role.
+
+ * `role`: (Beta only) The role of subnetwork. Currently, this field is only used when purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining.
+
+ * `secondary_ip_ranges`: An array of configurations for secondary IP ranges for VM instances contained in this subnetwork. The primary IP of such VM must belong to the primary ipCidrRange of the subnetwork. The alias IPs may belong to either primary or secondary ranges.
+
+ * `range_name`: The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork.
+
+ * `ip_cidr_range`: The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported.
+
+ * `private_ip_google_access`: When enabled, VMs in this subnetwork without external IP addresses can access Google APIs and services by using Private Google Access.
+
+ * `region`: URL of the GCP region for this subnetwork.
+
+ * `log_config`: Denotes the logging options for the subnetwork flow logs. If logging is enabled logs will be exported to Stackdriver. This field cannot be set if the `purpose` of this subnetwork is `INTERNAL_HTTPS_LOAD_BALANCER`
+
+ * `enable`: If logging is enabled for this subnetwork
+
+ * `aggregation_interval`: Can only be specified if VPC flow logging for this subnetwork is enabled. Toggles the aggregation interval for collecting flow logs. Increasing the interval time will reduce the amount of generated flow logs for long lasting connections. Default is an interval of 5 seconds per connection. Possible values are INTERVAL_5_SEC, INTERVAL_30_SEC, INTERVAL_1_MIN, INTERVAL_5_MIN, INTERVAL_10_MIN, INTERVAL_15_MIN
-* `creation_timestamp`, `creation_timestamp_date`, `gateway_address`, `id`, `ip_cidr_range`, `kind`, `name`, `network`, `private_ip_google_access`, `region`
+ * `flow_sampling`: Can only be specified if VPC flow logging for this subnetwork is enabled. The value of the field must be in [0, 1]. Set the sampling rate of VPC flow logs within the subnetwork where 1.0 means all collected logs are reported and 0.0 means no logs are reported. Default is 0.5 which means half of all collected logs are reported.
-
+ * `metadata`: Can only be specified if VPC flow logging for this subnetwork is enabled. Configures whether metadata fields should be added to the reported VPC flow logs. Default is `INCLUDE_ALL_METADATA`.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_subnetwork_iam_binding.md b/docs/resources/google_compute_subnetwork_iam_binding.md
new file mode 100644
index 000000000..f7e90781a
--- /dev/null
+++ b/docs/resources/google_compute_subnetwork_iam_binding.md
@@ -0,0 +1,28 @@
+---
+title: About the google_compute_subnetwork_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_subnetwork_iam_binding` is used to test a Google Subnetwork Iam Bindings
+
+## Examples
+```
+describe google_compute_subnetwork_iam_binding(project: "project", region: "region", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+
+## Properties
+Properties that can be accessed from the `google_compute_subnetwork_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_subnetwork_iam_policy.md b/docs/resources/google_compute_subnetwork_iam_policy.md
index 64da00441..bb51b569f 100644
--- a/docs/resources/google_compute_subnetwork_iam_policy.md
+++ b/docs/resources/google_compute_subnetwork_iam_policy.md
@@ -23,6 +23,8 @@ end
## Properties
Properties that can be accessed from the `google_compute_subnetwork_iam_policy` resource:
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
* `bindings`: Associates a list of members to a role.
* `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
diff --git a/docs/resources/google_compute_subnetworks.md b/docs/resources/google_compute_subnetworks.md
index 553a0759b..964b09546 100644
--- a/docs/resources/google_compute_subnetworks.md
+++ b/docs/resources/google_compute_subnetworks.md
@@ -1,38 +1,22 @@
---
-title: About the google_compute_subnetworks Resource
+title: About the google_compute_subnetworks resource
platform: gcp
---
-# google\_compute\_subnetworks
-
-Use the `google_compute_subnetworks` InSpec audit resource to test properties of all, or a filtered group of, GCP compute subnetworks for a project and region.
-
-
-
## Syntax
+A `google_compute_subnetworks` is used to test a Google Subnetwork resource
-A `google_compute_subnetworks` resource block collects GCP subnetworks by project and region, then tests that group.
-
- describe google_compute_subnetworks(project: 'chef-inspec-gcp', region: 'europe-west2') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_subnetwork`.
-
- google_compute_subnetworks(project: 'chef-inspec-gcp', region:'europe-west2').subnetwork_names.each do |subnetwork_name|
- describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: name: subnetwork_name) do
- its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
- its('ip_cidr_range') { should eq "10.2.0.0/29" }
- its('network') { should match "gcp_network_name" }
- its('private_ip_google_access') { should be false }
- end
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_subnetworks(project: 'chef-gcp-inspec', region: 'europe-west2') do
+ its('ip_cidr_ranges') { should include '10.2.0.0/16' }
+ its('subnetwork_names') { should include 'inspec-subnet' }
+end
+```
### Test that there are no more than a specified number of subnetworks available for the project and region
@@ -59,23 +43,28 @@ The following examples show how to use this InSpec audit resource.
its('subnetwork_networks') { should not include "network-name" }
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `subnetwork_id`; `subnetwork_name`; `enable_flow_logs` and `subnetwork_network`. Any of these may be used with `where`, as a block or as a method.
-
## Properties
+Properties that can be accessed from the `google_compute_subnetworks` resource:
+
+See [google_compute_subnetwork.md](google_compute_subnetwork.md) for more detailed information
+ * `creation_timestamps`: an array of `google_compute_subnetwork` creation_timestamp
+ * `descriptions`: an array of `google_compute_subnetwork` description
+ * `gateway_addresses`: an array of `google_compute_subnetwork` gateway_address
+ * `subnetwork_ids`: an array of `google_compute_subnetwork` id
+ * `ip_cidr_ranges`: an array of `google_compute_subnetwork` ip_cidr_range
+ * `subnetwork_names`: an array of `google_compute_subnetwork` name
+ * `networks`: an array of `google_compute_subnetwork` network
+ * `purposes`: (Beta only) an array of `google_compute_subnetwork` purpose
+ * `roles`: (Beta only) an array of `google_compute_subnetwork` role
+ * `secondary_ip_ranges`: an array of `google_compute_subnetwork` secondary_ip_ranges
+ * `private_ip_google_accesses`: an array of `google_compute_subnetwork` private_ip_google_access
+ * `regions`: an array of `google_compute_subnetwork` region
+ * `log_configs`: an array of `google_compute_subnetwork` log_config
-* `subnetwork_ids` - an array of google_compute_subnetwork identifier integers
-* `subnetwork_names` - an array of google_compute_subnetwork name strings
-* `subnetwork_networks` - an array of google_compute_network name strings
-* `enable_flow_logs` - an array of enable_flow_log booleans
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_target_http_proxies.md b/docs/resources/google_compute_target_http_proxies.md
index dd91b6254..e81a275bc 100644
--- a/docs/resources/google_compute_target_http_proxies.md
+++ b/docs/resources/google_compute_target_http_proxies.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_target_http_proxies` is used to test a Google TargetHttpProxy resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_target_http_proxies(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_target_http_proxy.md b/docs/resources/google_compute_target_http_proxy.md
index 8a382d076..8d0d485f4 100644
--- a/docs/resources/google_compute_target_http_proxy.md
+++ b/docs/resources/google_compute_target_http_proxy.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_target_http_proxy` is used to test a Google TargetHttpProxy resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_target_http_proxy(project: 'chef-gcp-inspec', name: 'inspec-gcp-http-proxy') do
diff --git a/docs/resources/google_compute_target_https_proxies.md b/docs/resources/google_compute_target_https_proxies.md
index ec709dae4..a95f18f12 100644
--- a/docs/resources/google_compute_target_https_proxies.md
+++ b/docs/resources/google_compute_target_https_proxies.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_target_https_proxies` is used to test a Google TargetHttpsProxy resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_target_https_proxies(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_target_https_proxy.md b/docs/resources/google_compute_target_https_proxy.md
index 59b8d8eed..548817444 100644
--- a/docs/resources/google_compute_target_https_proxy.md
+++ b/docs/resources/google_compute_target_https_proxy.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_target_https_proxy` is used to test a Google TargetHttpsProxy resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_target_https_proxy(project: 'chef-gcp-inspec', name: 'inspec-gcp-https-proxy') do
diff --git a/docs/resources/google_compute_target_pool.md b/docs/resources/google_compute_target_pool.md
index 621fdac5c..556fee347 100644
--- a/docs/resources/google_compute_target_pool.md
+++ b/docs/resources/google_compute_target_pool.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_target_pool` is used to test a Google TargetPool resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_target_pool(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-gcp-target-pool') do
diff --git a/docs/resources/google_compute_target_pools.md b/docs/resources/google_compute_target_pools.md
index b1a3d8b3d..0abe4fff8 100644
--- a/docs/resources/google_compute_target_pools.md
+++ b/docs/resources/google_compute_target_pools.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_target_pools` is used to test a Google TargetPool resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_target_pools(project: 'chef-gcp-inspec', region: 'europe-west2') do
diff --git a/docs/resources/google_compute_target_tcp_proxies.md b/docs/resources/google_compute_target_tcp_proxies.md
index d10ea1bb5..73e9a051c 100644
--- a/docs/resources/google_compute_target_tcp_proxies.md
+++ b/docs/resources/google_compute_target_tcp_proxies.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_target_tcp_proxies` is used to test a Google TargetTcpProxy resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_target_tcp_proxies(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_target_tcp_proxy.md b/docs/resources/google_compute_target_tcp_proxy.md
index 3dc20f07f..0cfc90a89 100644
--- a/docs/resources/google_compute_target_tcp_proxy.md
+++ b/docs/resources/google_compute_target_tcp_proxy.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_target_tcp_proxy` is used to test a Google TargetTcpProxy resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_target_tcp_proxy(project: 'chef-gcp-inspec', name: 'inspec-gcp-target-tcp-proxy') do
diff --git a/docs/resources/google_compute_url_map.md b/docs/resources/google_compute_url_map.md
index cdac30945..daf0c78ba 100644
--- a/docs/resources/google_compute_url_map.md
+++ b/docs/resources/google_compute_url_map.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_url_map` is used to test a Google UrlMap resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_url_map(project: 'chef-gcp-inspec', name: 'inspec-gcp-url-map') do
@@ -74,7 +78,7 @@ Properties that can be accessed from the `google_compute_url_map` resource:
* `path_matchers`: The list of named PathMatchers to use against the URL.
- * `default_service`: The BackendService resource. This will be used if none of the pathRules or routeRules defined by this PathMatcher are matched. For example, the following are all valid URLs to a BackendService resource: - https://www.googleapis.com/compute/v1/projects/project/global/backendServices/backen dService - compute/v1/projects/project/global/backendServices/backendService - global/backendServices/backendService If defaultRouteAction is additionally specified, advanced routing actions like URL Rewrites, etc. take effect prior to sending the request to the backend. However, if defaultService is specified, defaultRouteAction cannot contain any weightedBackendServices. Conversely, if defaultRouteAction specifies any weightedBackendServices, defaultService must not be specified. Only one of defaultService, defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. Authorization requires one or more of the following Google IAM permissions on the specified resource default_service: - compute.backendBuckets.use - compute.backendServices.use
+ * `default_service`: The BackendService resource. This will be used if none of the pathRules or routeRules defined by this PathMatcher are matched. For example, the following are all valid URLs to a BackendService resource: - https://www.googleapis.com/compute/v1/projects/project/global/backendServices/backen dService - compute/v1/projects/project/global/backendServices/backendService - global/backendServices/backendService If defaultRouteAction is additionally specified, advanced routing actions like URL Rewrites, etc. take effect prior to sending the request to the backend. However, if defaultService is specified, defaultRouteAction cannot contain any weightedBackendServices. Conversely, if defaultRouteAction specifies any weightedBackendServices, defaultService must not be specified. Only one of defaultService, defaultUrlRedirect or defaultRouteAction.weightedBackendService must be set. Authorization requires one or more of the following Google IAM permissions on the specified resource default_service: - compute.backendBuckets.use - compute.backendServices.use
* `description`: An optional description of this resource. Provide this property when you create the resource.
diff --git a/docs/resources/google_compute_url_maps.md b/docs/resources/google_compute_url_maps.md
index a77dbdcdc..97def2c13 100644
--- a/docs/resources/google_compute_url_maps.md
+++ b/docs/resources/google_compute_url_maps.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_compute_url_maps` is used to test a Google UrlMap resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_compute_url_maps(project: 'chef-gcp-inspec') do
diff --git a/docs/resources/google_compute_vpn_tunnel.md b/docs/resources/google_compute_vpn_tunnel.md
index adaf655ef..d8f1e00e4 100644
--- a/docs/resources/google_compute_vpn_tunnel.md
+++ b/docs/resources/google_compute_vpn_tunnel.md
@@ -1,29 +1,26 @@
---
-title: About the google_compute_vpn_tunnel Resource
+title: About the google_compute_vpn_tunnel resource
platform: gcp
---
-# google\_compute\_vpn\_tunnel
-
-Use the `google_compute_vpn_tunnel` InSpec audit resource to test properties of a single GCP compute vpn_tunnel.
-
-
-
## Syntax
+A `google_compute_vpn_tunnel` is used to test a Google VpnTunnel resource
-A `google_compute_vpn_tunnel` resource block declares the tests for a single GCP vpn_tunnel by project, region and name.
-
- describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn-tunnel') do
- it { should exist }
- its('name') { should eq 'gcp-inspec-vpn-tunnel' }
- its('region') { should match 'europe-west2' }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
+describe google_compute_vpn_tunnel(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-vpn-tunnel') do
+ it { should exist }
+ its('peer_ip') { should eq '15.0.0.120' }
+end
-The following examples show how to use this InSpec audit resource.
+describe google_compute_vpn_tunnel(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP compute vpn_tunnel exists
@@ -53,17 +50,53 @@ The following examples show how to use this InSpec audit resource.
describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn_tunnel') do
its('status') { should eq "ESTABLISHED" }
- end
-
-
+ end
## Properties
+Properties that can be accessed from the `google_compute_vpn_tunnel` resource:
+
+
+ * `id`: The unique identifier for the resource. This identifier is defined by the server.
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+ * `name`: Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+ * `description`: An optional description of this resource.
+
+ * `target_vpn_gateway`: URL of the Target VPN gateway with which this VPN tunnel is associated.
+
+ * `vpn_gateway`: (Beta only) URL of the VPN gateway with which this VPN tunnel is associated. This must be used if a High Availability VPN gateway resource is created.
+
+ * `vpn_gateway_interface`: (Beta only) The interface ID of the VPN gateway with which this VPN tunnel is associated.
+
+ * `peer_external_gateway`: (Beta only) URL of the peer side external VPN gateway to which this VPN tunnel is connected.
+
+ * `peer_external_gateway_interface`: (Beta only) The interface ID of the external VPN gateway to which this VPN tunnel is connected.
+
+ * `peer_gcp_gateway`: (Beta only) URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected. If provided, the VPN tunnel will automatically use the same vpn_gateway_interface ID in the peer GCP VPN gateway.
+
+ * `router`: URL of router resource to be used for dynamic routing.
+
+ * `peer_ip`: IP address of the peer VPN gateway. Only IPv4 is supported.
+
+ * `shared_secret`: Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.
+
+ * `shared_secret_hash`: Hash of the shared secret.
+
+ * `ike_version`: IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2.
+
+ * `local_traffic_selector`: Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported.
+
+ * `remote_traffic_selector`: Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example `192.168.0.0/16`. The ranges should be disjoint. Only IPv4 is supported.
+
+ * `labels`: (Beta only) Labels to apply to this VpnTunnel.
-* `creation_timestamp`, `description`, `detailed_status`, `id`, `ike_version`, `kind`, `local_traffic_selector`, `name`, `peer_ip`, `region`, `remote_traffic_selector`, `router`, `self_link`, `shared_secret`, `shared_secret_hash`, `status`, `target_vpn_gateway`
+ * `label_fingerprint`: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates.
-
+ * `region`: The region where the tunnel is located.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_vpn_tunnels.md b/docs/resources/google_compute_vpn_tunnels.md
index c50dcd5c1..9844f66a6 100644
--- a/docs/resources/google_compute_vpn_tunnels.md
+++ b/docs/resources/google_compute_vpn_tunnels.md
@@ -1,38 +1,22 @@
---
-title: About the google_compute_vpn_tunnels Resource
+title: About the google_compute_vpn_tunnels resource
platform: gcp
---
-# google\_compute\_vpn\_tunnels
-
-Use the `google_compute_vpn_tunnels` InSpec audit resource to test properties of all, or a filtered group of, GCP compute vpn_tunnels for a project and region.
-
-
-
## Syntax
+A `google_compute_vpn_tunnels` is used to test a Google VpnTunnel resource
-A `google_compute_vpn_tunnels` resource block collects GCP vpn_tunnels by project and region, then tests that group.
-
- describe google_compute_vpn_tunnels(project: 'chef-inspec-gcp', region: 'europe-west2') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_vpn_tunnel`.
-
- google_compute_vpn_tunnels(project: 'chef-inspec-gcp', region:'europe-west2').vpn_tunnel_names.each do |vpn_tunnel_name|
- describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: vpn_tunnel_name) do
- its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
- its('target_vpn_gateway') { should match /gateway_name/ }
- its('remote_traffic_selector') { should include "0.0.0.0/0" }
- its('status') { should_not eq "ESTABLISHED" }
- end
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_vpn_tunnels(project: 'chef-gcp-inspec', region: 'europe-west2') do
+ its('vpn_tunnel_names') { should include 'inspec-vpn-tunnel' }
+ its('peer_ips') { should include '15.0.0.120' }
+end
+```
### Test that there are no more than a specified number of vpn_tunnels available for the project and region
@@ -52,21 +36,35 @@ The following examples show how to use this InSpec audit resource.
its('vpn_tunnel_target_vpn_gateways') { should not include "gateway-name" }
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `vpn_tunnel_name` and `vpn_tunnel_target_vpn_gateway`. Any of these may be used with `where`, as a block or as a method.
-
## Properties
+Properties that can be accessed from the `google_compute_vpn_tunnels` resource:
+
+See [google_compute_vpn_tunnel.md](google_compute_vpn_tunnel.md) for more detailed information
+ * `ids`: an array of `google_compute_vpn_tunnel` id
+ * `creation_timestamps`: an array of `google_compute_vpn_tunnel` creation_timestamp
+ * `vpn_tunnel_names`: an array of `google_compute_vpn_tunnel` name
+ * `descriptions`: an array of `google_compute_vpn_tunnel` description
+ * `target_vpn_gateways`: an array of `google_compute_vpn_tunnel` target_vpn_gateway
+ * `vpn_gateways`: (Beta only) an array of `google_compute_vpn_tunnel` vpn_gateway
+ * `vpn_gateway_interfaces`: (Beta only) an array of `google_compute_vpn_tunnel` vpn_gateway_interface
+ * `peer_external_gateways`: (Beta only) an array of `google_compute_vpn_tunnel` peer_external_gateway
+ * `peer_external_gateway_interfaces`: (Beta only) an array of `google_compute_vpn_tunnel` peer_external_gateway_interface
+ * `peer_gcp_gateways`: (Beta only) an array of `google_compute_vpn_tunnel` peer_gcp_gateway
+ * `routers`: an array of `google_compute_vpn_tunnel` router
+ * `peer_ips`: an array of `google_compute_vpn_tunnel` peer_ip
+ * `shared_secrets`: an array of `google_compute_vpn_tunnel` shared_secret
+ * `shared_secret_hashes`: an array of `google_compute_vpn_tunnel` shared_secret_hash
+ * `ike_versions`: an array of `google_compute_vpn_tunnel` ike_version
+ * `local_traffic_selectors`: an array of `google_compute_vpn_tunnel` local_traffic_selector
+ * `remote_traffic_selectors`: an array of `google_compute_vpn_tunnel` remote_traffic_selector
+ * `labels`: (Beta only) an array of `google_compute_vpn_tunnel` labels
+ * `label_fingerprints`: (Beta only) an array of `google_compute_vpn_tunnel` label_fingerprint
+ * `regions`: an array of `google_compute_vpn_tunnel` region
-* `vpn_tunnel_names` - an array of google_compute_vpn_tunnel name strings
-* `vpn_tunnel_target_vpn_gateway` - an array of google_compute_target_vpn_gateway name strings
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_zone.md b/docs/resources/google_compute_zone.md
index 6f826445c..c0c9b07e3 100644
--- a/docs/resources/google_compute_zone.md
+++ b/docs/resources/google_compute_zone.md
@@ -1,27 +1,22 @@
---
-title: About the google_compute_zone Resource
+title: About the google_compute_zone resource
platform: gcp
---
-# google\_compute\_zone
-
-Use the `google_compute_zone` InSpec audit resource to test properties of a single GCP compute zone.
-
-
-
## Syntax
+A `google_compute_zone` is used to test a Google Zone resource
-A `google_compute_zone` resource block declares the tests for a single GCP zone by project and name.
-
- describe google_compute_zone(project: 'chef-inspec-gcp', zone: 'us-east1-b') do
- its('name') { should match 'us-east1-b' }
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_compute_zone(project: 'chef-gcp-inspec', name: "us-central1-a") do
+ it { should exist }
+ it { should be_up }
+end
+```
### Test that a GCP compute zone exists
@@ -43,15 +38,37 @@ The following examples show how to use this InSpec audit resource.
its('available_cpu_platforms') { should include "Intel Skylake" }
end
-
-
## Properties
+Properties that can be accessed from the `google_compute_zone` resource:
+
+
+ * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+ * `deprecated`: The deprecation status associated with this machine type.
+
+ * `deleted`: An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DELETED. This is only informational and the status will not change unless the client explicitly changes it.
+
+ * `deprecated`: An optional RFC3339 timestamp on or after which the state of this resource is intended to change to DEPRECATED. This is only informational and the status will not change unless the client explicitly changes it.
+
+ * `obsolete`: An optional RFC3339 timestamp on or after which the state of this resource is intended to change to OBSOLETE. This is only informational and the status will not change unless the client explicitly changes it.
+
+ * `replacement`: The URL of the suggested replacement for a deprecated resource. The suggested replacement resource must be the same kind of resource as the deprecated resource.
+
+ * `state`: The deprecation state of this resource. This can be DEPRECATED, OBSOLETE, or DELETED. Operations which create a new resource using a DEPRECATED resource will return successfully, but with a warning indicating the deprecated resource and recommending its replacement. Operations which use OBSOLETE or DELETED resources will be rejected and result in an error.
+
+ * `description`: An optional textual description of the resource.
+
+ * `id`: The unique identifier for the resource.
+
+ * `name`: Name of the resource.
+
+ * `region`: The region where the zone is located.
-* `available_cpu_platforms`, `creation_timestamp`, `description`, `id`, `kind`, `name`, `region`, `status`, `region_name`
+ * `status`: The status of the zone.
-
+ * `available_cpu_platforms`: The available CPU platforms in this zone
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_compute_zones.md b/docs/resources/google_compute_zones.md
index 63253c532..04c88ed3f 100644
--- a/docs/resources/google_compute_zones.md
+++ b/docs/resources/google_compute_zones.md
@@ -1,37 +1,24 @@
---
-title: About the google_compute_zones Resource
+title: About the google_compute_zones resource
platform: gcp
---
-# google\_compute\_zones
-
-Use the `google_compute_zones` InSpec audit resource to test properties of all, or a filtered group of, GCP compute zones for a project in a particular zone.
-
-
-
## Syntax
+A `google_compute_zones` is used to test a Google Zone resource
-A `google_compute_zones` resource block collects GCP zones by project then tests that group.
-
- describe google_compute_zones(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_zone`.
-
- google_compute_zones(project: 'chef-inspec-gcp').zone_names.each do |zone_name|
- describe google_compute_zone(project: 'chef-inspec-gcp', zone: zone_name) do
- it { should exist }
- its('kind') { should eq "compute#zone" }
- its('status') { should eq 'UP' }
- end
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+google_compute_zones(project: 'chef-gcp-inspec').zone_names.each do |zone_name|
+ describe google_compute_zone(project: 'chef-gcp-inspec', name: zone_name) do
+ it { should exist }
+ it { should be_up }
+ end
+end
+```
### Test that there are no more than a specified number of zones available for the project
@@ -62,26 +49,27 @@ The following examples show how to use this InSpec audit resource.
google_compute_zones(project: 'chef-inspec-gcp').where(zone_name: /^us/).zone_names.each do |zone_name|
describe google_compute_zone(project: 'chef-inspec-gcp', zone: zone_name) do
it { should exist }
- its('kind') { should eq "compute#zone" }
its('status') { should eq 'UP' }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `zone_id`; `zone_name` and `zone_status`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_compute_zones` resource:
+
+See [google_compute_zone.md](google_compute_zone.md) for more detailed information
+ * `creation_timestamps`: an array of `google_compute_zone` creation_timestamp
+ * `deprecateds`: an array of `google_compute_zone` deprecated
+ * `descriptions`: an array of `google_compute_zone` description
+ * `zone_ids`: an array of `google_compute_zone` id
+ * `zone_names`: an array of `google_compute_zone` name
+ * `regions`: an array of `google_compute_zone` region
+ * `zone_statuses`: an array of `google_compute_zone` status
+ * `available_cpu_platforms`: an array of `google_compute_zone` available_cpu_platforms
-* `zone_ids` - an array of google_compute_zone identifier integers
-* `zone_names` - an array of google_compute_zone name strings
-* `zone_statuses`- an array of google_compute_zone statuses
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_container_cluster.md b/docs/resources/google_container_cluster.md
index ae5a3338b..64b3fbfc4 100644
--- a/docs/resources/google_container_cluster.md
+++ b/docs/resources/google_container_cluster.md
@@ -1,59 +1,58 @@
---
-title: About the google_container_cluster Resource
+title: About the google_container_cluster resource
platform: gcp
---
-# google\_container\_cluster
-
-Use the `google_container_cluster` InSpec audit resource to test properties of a single GCP container cluster.
-
-
-
## Syntax
+A `google_container_cluster` is used to test a Google Cluster resource
-A `google_container_cluster` resource block declares the tests for a single GCP container cluster by project, zone and name.
- describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
- it { should exist }
- its('name') { should eq 'inspec-gcp-kube-cluster' }
- its('zone') { should match 'europe-west2-a' }
- end
-
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
+describe google_container_cluster(project: 'chef-gcp-inspec', location: 'europe-west2-a', name: 'gcp-inspec-kube-cluster') do
+ it { should exist }
+ its('locations.sort'){ should cmp [ 'europe-west2-a', 'europe-west2-b', 'europe-west2-c' ].sort }
+
+ its('master_auth.username') { should eq 'gcp-inspec-kube-admin' }
+end
-The following examples show how to use this InSpec audit resource.
+describe google_container_cluster(project: 'chef-gcp-inspec', location: 'europe-west2-a', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP container cluster is in a particular state e.g. "RUNNING"
- describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
+ describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
its('status') { should eq 'RUNNING' }
end
### Test that a GCP container cluster has the expected kube master user/password
- describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
+ describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
its('master_auth.username'){ should eq "user_name"}
its('master_auth.password'){ should eq "choose_something_strong"}
end
### Test that the locations where the GCP container cluster is running match those expected
- describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
+ describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
its('locations.sort'){should cmp ["europe-west2-a", "europe-west2-b", "europe-west2-c"].sort}
end
### Test GCP container cluster network and subnetwork settings
- describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
+ describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
its('network'){should eq "default"}
its('subnetwork'){should eq "default"}
end
### Test GCP container cluster node pool configuration settings
- describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
+ describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: 'inspec-gcp-kube-cluster') do
its('node_config.disk_size_gb'){should eq 100}
its('node_config.image_type'){should eq "COS"}
its('node_config.machine_type'){should eq "n1-standard-1"}
@@ -61,15 +60,209 @@ The following examples show how to use this InSpec audit resource.
its('node_pools.count'){should eq 1}
end
-
-
## Properties
+Properties that can be accessed from the `google_container_cluster` resource:
+
+
+ * `name`: The name of this cluster. The name must be unique within this project and location, and can be up to 40 characters. Must be Lowercase letters, numbers, and hyphens only. Must start with a letter. Must end with a number or a letter.
+
+ * `description`: An optional description of this cluster.
+
+ * `initial_node_count`: The number of nodes to create in this cluster. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "nodeConfig") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time. This field has been deprecated. Please use nodePool.initial_node_count instead.
+
+ * `node_config`: Parameters used in creating the cluster's nodes. For requests, this field should only be used in lieu of a "nodePool" object, since this configuration (along with the "initialNodeCount") will be used to create a "NodePool" object with an auto-generated name. Do not use this and a nodePool at the same time. For responses, this field will be populated with the node configuration of the first node pool. If unspecified, the defaults are used.
+
+ * `machine_type`: The name of a Google Compute Engine machine type (e.g. n1-standard-1). If unspecified, the default machine type is n1-standard-1.
+
+ * `disk_size_gb`: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB.
+
+ * `oauth_scopes`: The set of Google API scopes to be made available on all of the node VMs under the "default" service account. The following scopes are recommended, but not required, and by default are not included: https://www.googleapis.com/auth/compute is required for mounting persistent storage on your nodes. https://www.googleapis.com/auth/devstorage.read_only is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.
+
+ * `service_account`: The Google Cloud Platform Service Account to be used by the node VMs. If no Service Account is specified, the "default" service account is used.
+
+ * `metadata`: The metadata key/value pairs assigned to instances in the cluster. Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes in length. These are reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project or be one of the four reserved keys: "instance-template", "kube-env", "startup-script", and "user-data" Values are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on them is that each value's size must be less than or equal to 32 KB. The total size of all keys and values must be less than 512 KB. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
+
+ * `image_type`: The image type to use for this node. Note that for a given image type, the latest version of it will be used.
+
+ * `labels`: The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. In case of conflict in label keys, the applied set may differ depending on the Kubernetes version -- it's best to assume the behavior is undefined and conflicts should be avoided. For more information, including usage and the valid values, see: http://kubernetes.io/v1.1/docs/user-guide/labels.html An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
+
+ * `local_ssd_count`: The number of local SSD disks to be attached to the node. The limit for this value is dependant upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd#local_ssd_limits for more information.
+
+ * `tags`: The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035.
+
+ * `preemptible`: Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances.
+
+ * `accelerators`: A list of hardware accelerators to be attached to each node. See https://cloud.google.com/compute/docs/gpus for more information about support for GPUs.
+
+ * `accelerator_count`: The number of accelerator cards exposed to an instance.
+
+ * `accelerator_type`: The accelerator type resource name
+
+ * `disk_type`: Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') If unspecified, the default disk type is 'pd-standard'
+
+ * `min_cpu_platform`: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.
+
+ * `taints`: List of kubernetes taints to be applied to each node. For more information, including usage and the valid values, see: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+
+ * `key`: Key for taint
+
+ * `value`: Value for taint
+
+ * `effect`: Effect for taint
+
+ * `master_auth`: The authentication information for accessing the master endpoint.
+
+ * `username`: The username to use for HTTP basic authentication to the master endpoint.
+
+ * `password`: The password to use for HTTP basic authentication to the master endpoint. Because the master endpoint is open to the Internet, you should create a strong password with a minimum of 16 characters.
+
+ * `client_certificate_config`: Configuration for client certificate authentication on the cluster. For clusters before v1.12, if no configuration is specified, a client certificate is issued.
+
+ * `issue_client_certificate`: Issue a client certificate.
+
+ * `cluster_ca_certificate`: Base64-encoded public certificate that is the root of trust for the cluster.
+
+ * `client_certificate`: Base64-encoded public certificate used by clients to authenticate to the cluster endpoint.
+
+ * `client_key`: Base64-encoded private key used by clients to authenticate to the cluster endpoint.
+
+ * `logging_service`: The logging service the cluster should use to write logs. Currently available options: logging.googleapis.com - the Google Cloud Logging service. none - no logs will be exported from the cluster. if left as an empty string,logging.googleapis.com will be used.
+
+ * `monitoring_service`: The monitoring service the cluster should use to write metrics. Currently available options: monitoring.googleapis.com - the Google Cloud Monitoring service. none - no metrics will be exported from the cluster. if left as an empty string, monitoring.googleapis.com will be used.
+
+ * `network`: The name of the Google Compute Engine network to which the cluster is connected. If left unspecified, the default network will be used.
+
+ * `private_cluster_config`: Configuration for a private cluster.
+
+ * `enable_private_nodes`: Whether nodes have internal IP addresses only. If enabled, all nodes are given only RFC 1918 private addresses and communicate with the master via private networking.
+
+ * `enable_private_endpoint`: Whether the master's internal IP address is used as the cluster endpoint.
+
+ * `master_ipv4_cidr_block`: The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning internal IP addresses to the master or set of masters, as well as the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network.
+
+ * `private_endpoint`: The internal IP address of this cluster's master endpoint.
+
+ * `public_endpoint`: The external IP address of this cluster's master endpoint.
+
+ * `cluster_ipv4_cidr`: The IP address range of the container pods in this cluster, in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8.
+
+ * `enable_tpu`: (Optional) Whether to enable Cloud TPU resources in this cluster. See the official documentation - https://cloud.google.com/tpu/docs/kubernetes-engine-setup
+
+ * `tpu_ipv4_cidr_block`: The IP address range of the Cloud TPUs in this cluster, in [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) notation (e.g. `1.2.3.4/29`).
+
+ * `addons_config`: Configurations for the various addons available to run in the cluster.
+
+ * `http_load_balancing`: Configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster.
+
+ * `disabled`: Whether the HTTP Load Balancing controller is enabled in the cluster. When enabled, it runs a small pod in the cluster that manages the load balancers.
+
+ * `horizontal_pod_autoscaling`: Configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods.
+
+ * `disabled`: Whether the Horizontal Pod Autoscaling feature is enabled in the cluster. When enabled, it ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service.
+
+ * `kubernetes_dashboard`: Configuration for the Kubernetes Dashboard. This addon is deprecated, and will be disabled in 1.15. It is recommended to use the Cloud Console to manage and monitor your Kubernetes clusters, workloads and applications.
+
+ * `disabled`: Whether the Kubernetes Dashboard is enabled for this cluster.
+
+ * `network_policy_config`: Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes.
+
+ * `disabled`: Whether NetworkPolicy is enabled for this cluster.
+
+ * `subnetwork`: The name of the Google Compute Engine subnetwork to which the cluster is connected.
+
+ * `locations`: The list of Google Compute Engine zones in which the cluster's nodes should be located.
+
+ * `resource_labels`: The resource labels for the cluster to use to annotate any related Google Compute Engine resources.
+
+ * `label_fingerprint`: The fingerprint of the set of labels for this cluster.
+
+ * `legacy_abac`: Configuration for the legacy ABAC authorization mode.
+
+ * `enabled`: Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
+
+ * `network_policy`: Configuration options for the NetworkPolicy feature.
+
+ * `provider`: The selected network policy provider.
+
+ * `enabled`: Whether network policy is enabled on the cluster.
+
+ * `default_max_pods_constraint`: The default constraint on the maximum number of pods that can be run simultaneously on a node in the node pool of this cluster. Only honored if cluster created with IP Alias support.
+
+ * `max_pods_per_node`: Constraint enforced on the max num of pods per node.
+
+ * `ip_allocation_policy`: Configuration for controlling how IPs are allocated in the cluster
+
+ * `use_ip_aliases`: Whether alias IPs will be used for pod IPs in the cluster
+
+ * `create_subnetwork`: Whether a new subnetwork will be created automatically for the cluster
+
+ * `subnetwork_name`: A custom subnetwork name to be used if createSubnetwork is true. If this field is empty, then an automatic name will be chosen for the new subnetwork.
+
+ * `cluster_secondary_range_name`: The name of the secondary range to be used for the cluster CIDR block. The secondary range will be used for pod IP addresses. This must be an existing secondary range associated with the cluster subnetwork
+
+ * `services_secondary_range_name`: The name of the secondary range to be used as for the services CIDR block. The secondary range will be used for service ClusterIPs. This must be an existing secondary range associated with the cluster subnetwork.
+
+ * `cluster_ipv4_cidr_block`: The IP address range for the cluster pod IPs. If this field is set, then cluster.cluster_ipv4_cidr must be left blank. This field is only applicable when useIpAliases is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
+
+ * `node_ipv4_cidr_block`: The IP address range of the instance IPs in this cluster. This is applicable only if createSubnetwork is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
+
+ * `services_ipv4_cidr_block`: The IP address range of the services IPs in this cluster. If blank, a range will be automatically chosen with the default size. This field is only applicable when useIpAliases is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
+
+ * `tpu_ipv4_cidr_block`: The IP address range of the Cloud TPUs in this cluster. If unspecified, a range will be automatically chosen with the default size. This field is only applicable when useIpAliases is true. If unspecified, the range will use the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask.
+
+ * `endpoint`: The IP address of this cluster's master endpoint. The endpoint can be accessed from the internet at https://username:password@endpoint/ See the masterAuth property of this resource for username and password information.
+
+ * `initial_cluster_version`: The software version of the master endpoint and kubelets used in the cluster when it was first created. The version can be upgraded over time.
+
+ * `current_master_version`: The current software version of the master endpoint.
+
+ * `current_node_version`: The current version of the node software components. If they are currently at multiple versions because they're in the process of being upgraded, this reflects the minimum version of all nodes.
+
+ * `create_time`: The time the cluster was created, in RFC3339 text format.
+
+ * `status`: The current status of this cluster.
+
+ * `status_message`: Additional information about the current status of this cluster, if available.
+
+ * `node_ipv4_cidr_size`: The size of the address space on each node for hosting containers. This is provisioned from within the container_ipv4_cidr range.
+
+ * `services_ipv4_cidr`: The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.
+
+ * `current_node_count`: The number of nodes currently in the cluster.
+
+ * `expire_time`: The time the cluster will be automatically deleted in RFC3339 text format.
+
+ * `conditions`: Which conditions caused the current cluster state.
+
+ * `code`: Machine-friendly representation of the condition
+
+ * `message`: Human-friendly representation of the condition
+
+ * `master_authorized_networks_config`: Configuration for controlling how IPs are allocated in the cluster
+
+ * `enabled`: Whether or not master authorized networks is enabled.
+
+ * `cidr_blocks`: Define up to 50 external networks that could access Kubernetes master through HTTPS.
+
+ * `display_name`: Optional field used to identify cidr blocks
+
+ * `cidr_block`: Block specified in CIDR notation
+
+ * `node_pools`: Node pools belonging to this cluster
+
+ * `name`: Name of the node pool
+
+ * `pod_security_policy_config`: (Beta only) Configuration for the PodSecurityPolicy feature.
+
+ * `enabled`: If enabled, pods must be valid under a PodSecurityPolicy to be created.
+
+ * `binary_authorization`: Configuration for the BinaryAuthorization feature.
-* `addons_config`, `cluster_ipv4_cidr`, `create_time`, `current_master_version`, `current_node_count`, `current_node_version`, `endpoint`, `initial_cluster_version`, `initial_node_count`, `instance_group_urls`, `label_fingerprint`, `legacy_abac`, `locations`, `logging_service`, `master_auth`, `monitoring_service`, `name`, `network`, `node_config`, `node_ipv4_cidr_size`, `node_pools`, `services_ipv4_cidr`, `status`, `subnetwork`, `zone`
+ * `enabled`: If enabled, all container images will be validated by Binary Authorization.
-
+ * `location`: The location where the cluster is deployed
## GCP Permissions
-Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_container_clusters.md b/docs/resources/google_container_clusters.md
index 4250a93bd..241ff30d0 100644
--- a/docs/resources/google_container_clusters.md
+++ b/docs/resources/google_container_clusters.md
@@ -1,78 +1,96 @@
---
-title: About the google_container_clusters Resource
+title: About the google_container_clusters resource
platform: gcp
---
-# google\_container\_clusters
-
-Use the `google_container_clusters` InSpec audit resource to test properties of all, or a filtered group of, GCP container clusters for a project in a particular `google_compute_zone`.
-
-
-
## Syntax
+A `google_container_clusters` is used to test a Google Cluster resource
-A `google_container_clusters` resource block collects GCP clusters by project and zone, then tests that group.
-
- describe google_container_clusters(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do
- it { should exist }
- end
-Use this InSpec resource to enumerate IDs then test in-depth using `google_container_cluster`.
-
- google_container_clusters(project: 'chef-inspec-gcp', zone: 'europe-west2-a').cluster_names.each do |cluster_name|
- describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: cluster_name) do
- it { should exist }
- end
- end
-
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_container_clusters(project: 'chef-gcp-inspec', location: 'europe-west2-a') do
+ its('cluster_names') { should include 'gcp-inspec-kube-cluster' }
+end
+```
### Test that there are no more than a specified number of clusters available for the project in a particular zone
- describe google_container_clusters(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do
+ describe google_container_clusters(project: 'chef-inspec-gcp', location: 'europe-west2-a') do
its('count') { should be <= 5}
end
### Test that an expected cluster is available for the project
- describe google_container_clusters(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do
+ describe google_container_clusters(project: 'chef-inspec-gcp', location: 'europe-west2-a') do
its('cluster_names') { should include "my-cluster" }
end
### Test whether any clusters are in status "STOPPING"
- describe google_container_clusters(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do
+ describe google_container_clusters(project: 'chef-inspec-gcp', location: 'europe-west2-a') do
its('cluster_statuses') { should_not include "STOPPING" }
end
### Test that a subset of all clusters matching "kube*" are "RUNNING"
google_container_clusters(project: gcp_project_id).where(cluster_name: /^kube/).cluster_names.each do |cluster_name|
- describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: cluster_name) do
+ describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: cluster_name) do
it { should exist }
its('status') { should eq 'RUNNING' }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `cluster_name`, `cluster_subnetwork`, and `cluster_status`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_container_clusters` resource:
+
+See [google_container_cluster.md](google_container_cluster.md) for more detailed information
+ * `cluster_names`: an array of `google_container_cluster` name
+ * `descriptions`: an array of `google_container_cluster` description
+ * `initial_node_counts`: an array of `google_container_cluster` initial_node_count
+ * `node_configs`: an array of `google_container_cluster` node_config
+ * `master_auths`: an array of `google_container_cluster` master_auth
+ * `logging_services`: an array of `google_container_cluster` logging_service
+ * `monitoring_services`: an array of `google_container_cluster` monitoring_service
+ * `cluster_networks`: an array of `google_container_cluster` network
+ * `private_cluster_configs`: an array of `google_container_cluster` private_cluster_config
+ * `cluster_ipv4_cidrs`: an array of `google_container_cluster` cluster_ipv4_cidr
+ * `enable_tpus`: an array of `google_container_cluster` enable_tpu
+ * `tpu_ipv4_cidr_blocks`: an array of `google_container_cluster` tpu_ipv4_cidr_block
+ * `addons_configs`: an array of `google_container_cluster` addons_config
+ * `subnetworks`: an array of `google_container_cluster` subnetwork
+ * `locations`: an array of `google_container_cluster` locations
+ * `resource_labels`: an array of `google_container_cluster` resource_labels
+ * `label_fingerprints`: an array of `google_container_cluster` label_fingerprint
+ * `legacy_abacs`: an array of `google_container_cluster` legacy_abac
+ * `network_policies`: an array of `google_container_cluster` network_policy
+ * `default_max_pods_constraints`: an array of `google_container_cluster` default_max_pods_constraint
+ * `ip_allocation_policies`: an array of `google_container_cluster` ip_allocation_policy
+ * `endpoints`: an array of `google_container_cluster` endpoint
+ * `initial_cluster_versions`: an array of `google_container_cluster` initial_cluster_version
+ * `current_master_versions`: an array of `google_container_cluster` current_master_version
+ * `current_node_versions`: an array of `google_container_cluster` current_node_version
+ * `create_times`: an array of `google_container_cluster` create_time
+ * `cluster_statuses`: an array of `google_container_cluster` status
+ * `status_messages`: an array of `google_container_cluster` status_message
+ * `node_ipv4_cidr_sizes`: an array of `google_container_cluster` node_ipv4_cidr_size
+ * `services_ipv4_cidrs`: an array of `google_container_cluster` services_ipv4_cidr
+ * `current_node_counts`: an array of `google_container_cluster` current_node_count
+ * `expire_times`: an array of `google_container_cluster` expire_time
+ * `conditions`: an array of `google_container_cluster` conditions
+ * `master_authorized_networks_configs`: an array of `google_container_cluster` master_authorized_networks_config
+ * `node_pools`: an array of `google_container_cluster` node_pools
+ * `pod_security_policy_configs`: (Beta only) an array of `google_container_cluster` pod_security_policy_config
+ * `binary_authorizations`: an array of `google_container_cluster` binary_authorization
+ * `locations`: an array of `google_container_cluster` location
-* `cluster_names` - an array of google_container_cluster name strings
-* `cluster_subnetworks` - an array of google_compute_subnetwork name strings
-* `cluster_statuses`- an array of google_container_cluster status strings
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_container_node_pool.md b/docs/resources/google_container_node_pool.md
index 9937ea82e..55903bee6 100644
--- a/docs/resources/google_container_node_pool.md
+++ b/docs/resources/google_container_node_pool.md
@@ -1,69 +1,146 @@
---
-title: About the google_container_node_pool Resource
+title: About the google_container_node_pool resource
platform: gcp
---
-# google\_container\_node\_pool
-
-Use the `google_container_node_pool` InSpec audit resource to test properties of a single GCP container node pool.
-
-
-
## Syntax
+A `google_container_node_pool` is used to test a Google NodePool resource
-A `google_container_node_pool` resource block declares the tests for a single GCP container node pool by project, zone, cluster name and nodepool name.
- describe google_container_node_pool(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
- it { should exist }
- its('name') { should eq 'inspec-gcp-kube-node-pool' }
- its('zone') { should match 'europe-west2-a' }
- end
-
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
+describe google_container_node_pool(project: 'chef-gcp-inspec', location: 'europe-west2-a', cluster_name: 'gcp-inspec-kube-cluster', nodepool_name: 'inspec-gcp-regional-node-pool') do
+ it { should exist }
+ its('initial_node_count') { should eq '1'}
+end
-The following examples show how to use this InSpec audit resource.
+describe google_container_node_pool(project: 'chef-gcp-inspec', location: 'europe-west2-a', cluster_name: 'gcp-inspec-kube-cluster', nodepool_name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP container node pool is in a particular state e.g. "RUNNING"
- describe google_container_node_pool(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
+ describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
its('status') { should eq 'RUNNING' }
end
### Test GCP container node pool disk size in GB is as expected
- describe google_container_node_pool(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
+ describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
its('node_config.disk_size_gb'){should eq 100}
end
### Test GCP container node pool machine type is as expected
- describe google_container_node_pool(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
+ describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
its('node_config.machine_type'){should eq "n1-standard-1"}
end
### Test GCP container node pool node image type is as expected
- describe google_container_node_pool(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
+ describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
its('node_config.image_type'){should eq "COS"}
end
### Test GCP container node pool initial node count is as expected
- describe google_container_node_pool(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
+ describe google_container_node_pool(project: 'chef-inspec-gcp', locations: 'europe-west2-a', cluster_name: 'inspec-gcp-kube-cluster', nodepool_name: 'inspec-gcp-kube-node-pool') do
its('initial_node_count'){should eq 3}
end
-
-
## Properties
+Properties that can be accessed from the `google_container_node_pool` resource:
+
+
+ * `name`: The name of the node pool.
+
+ * `config`: The node configuration of the pool.
+
+ * `machine_type`: The name of a Google Compute Engine machine type (e.g. n1-standard-1). If unspecified, the default machine type is n1-standard-1.
+
+ * `disk_size_gb`: Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB. If unspecified, the default disk size is 100GB.
+
+ * `oauth_scopes`: The set of Google API scopes to be made available on all of the node VMs under the "default" service account. The following scopes are recommended, but not required, and by default are not included: https://www.googleapis.com/auth/compute is required for mounting persistent storage on your nodes. https://www.googleapis.com/auth/devstorage.read_only is required for communicating with gcr.io (the Google Container Registry). If unspecified, no scopes are added, unless Cloud Logging or Cloud Monitoring are enabled, in which case their required scopes will be added.
+
+ * `service_account`: The Google Cloud Platform Service Account to be used by the node VMs. If no Service Account is specified, the "default" service account is used.
+
+ * `metadata`: The metadata key/value pairs assigned to instances in the cluster. Keys must conform to the regexp [a-zA-Z0-9-_]+ and be less than 128 bytes in length. These are reflected as part of a URL in the metadata server. Additionally, to avoid ambiguity, keys must not conflict with any other metadata keys for the project or be one of the four reserved keys: "instance-template", "kube-env", "startup-script", and "user-data" Values are free-form strings, and only have meaning as interpreted by the image running in the instance. The only restriction placed on them is that each value's size must be less than or equal to 32 KB. The total size of all keys and values must be less than 512 KB. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
+
+ * `image_type`: The image type to use for this node. Note that for a given image type, the latest version of it will be used.
+
+ * `labels`: The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node. In case of conflict in label keys, the applied set may differ depending on the Kubernetes version -- it's best to assume the behavior is undefined and conflicts should be avoided. For more information, including usage and the valid values, see: http://kubernetes.io/v1.1/docs/user-guide/labels.html An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
+
+ * `local_ssd_count`: The number of local SSD disks to be attached to the node. The limit for this value is dependant upon the maximum number of disks available on a machine per zone. See: https://cloud.google.com/compute/docs/disks/local-ssd#local_ssd_limits for more information.
+
+ * `tags`: The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035.
+
+ * `preemptible`: Whether the nodes are created as preemptible VM instances. See: https://cloud.google.com/compute/docs/instances/preemptible for more information about preemptible VM instances.
+
+ * `accelerators`: A list of hardware accelerators to be attached to each node
+
+ * `accelerator_count`: The number of the accelerator cards exposed to an instance.
+
+ * `accelerator_type`: The accelerator type resource name
+
+ * `disk_type`: Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') If unspecified, the default disk type is 'pd-standard'
+
+ * `min_cpu_platform`: Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform
+
+ * `taints`: List of kubernetes taints to be applied to each node.
+
+ * `key`: Key for taint
+
+ * `value`: Value for taint
+
+ * `effect`: Effect for taint
+
+ * `initial_node_count`: The initial node count for the pool. You must ensure that your Compute Engine resource quota is sufficient for this number of instances. You must also have available firewall and routes quota.
+
+ * `status`: Status of nodes in this pool instance
+
+ * `status_message`: Additional information about the current status of this node pool instance
+
+ * `version`: The version of the Kubernetes of this node.
+
+ * `autoscaling`: Autoscaler configuration for this NodePool. Autoscaler is enabled only if a valid configuration is present.
+
+ * `enabled`: Is autoscaling enabled for this node pool.
+
+ * `min_node_count`: Minimum number of nodes in the NodePool. Must be >= 1 and <= maxNodeCount.
+
+ * `max_node_count`: Maximum number of nodes in the NodePool. Must be >= minNodeCount. There has to enough quota to scale up the cluster.
+
+ * `management`: Management configuration for this NodePool.
+
+ * `auto_upgrade`: A flag that specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.
+
+ * `auto_repair`: A flag that specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.
+
+ * `upgrade_options`: Specifies the Auto Upgrade knobs for the node pool.
+
+ * `auto_upgrade_start_time`: This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.
+
+ * `description`: This field is set when upgrades are about to commence with the description of the upgrade.
+
+ * `max_pods_constraint`: The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.
+
+ * `max_pods_per_node`: Constraint enforced on the max num of pods per node.
+
+ * `conditions`: Which conditions caused the current node pool state.
+
+ * `code`: Machine-friendly representation of the condition
+
+ * `pod_ipv4_cidr_size`: The pod CIDR block size per node in this node pool.
-* `config`, `initial_node_count`, `instance_group_urls`, `management`, `name`, `status`, `version`
+ * `cluster`: The cluster this node pool belongs to.
-
+ * `location`: The location where the node pool is deployed
## GCP Permissions
-Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_container_node_pools.md b/docs/resources/google_container_node_pools.md
index 8897bdd7b..623c9f2e2 100644
--- a/docs/resources/google_container_node_pools.md
+++ b/docs/resources/google_container_node_pools.md
@@ -1,36 +1,21 @@
---
-title: About the google_container_node_pools Resource
+title: About the google_container_node_pools resource
platform: gcp
---
-# google\_container\_node_pools
-
-Use the `google_container_node_pools` InSpec audit resource to test properties of all, or a filtered group of, GCP container node_pools for a project, cluster and zone.
-
-
-
## Syntax
+A `google_container_node_pools` is used to test a Google NodePool resource
-A `google_container_node_pools` resource block collects GCP node pools by project, cluster and zone then tests that group.
-
- describe google_container_node_pools(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_container_node_pool`.
-
- google_container_node_pools(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster').node_pool_names.each do |node_pool_name|
- describe google_container_node_pool(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster', nodepool_name: node_pool_name) do
- it { should exist }
- its('status') { should eq 'RUNNING' }
- end
- end
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_container_node_pools(project: 'chef-gcp-inspec', location: 'europe-west2-a', cluster_name: 'gcp-inspec-kube-cluster') do
+ its('initial_node_counts') { should include '1'}
+end
+```
### Test that there are no more than a specified number of node pools available for the project
@@ -46,27 +31,35 @@ The following examples show how to use this InSpec audit resource.
### Test that a subset of all node pools matching "mypool*" are "UP"
- google_container_node_pools(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster').where(node_pool_name: /^mypool/).node_pool_names.each do |node_pool_name|
- describe google_container_node_pool(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster', nodepool_name: node_pool_name) do
+ google_container_node_pools(project: 'chef-inspec-gcp', location: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster').where(node_pool_name: /^mypool/).node_pool_names.each do |node_pool_name|
+ describe google_container_node_pool(project: 'chef-inspec-gcp', location: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster', nodepool_name: node_pool_name) do
it { should exist }
its('status') { should eq 'RUNNING' }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `node_pool_name` and `node_pool_status`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_container_node_pools` resource:
+
+See [google_container_node_pool.md](google_container_node_pool.md) for more detailed information
+ * `node_pool_names`: an array of `google_container_node_pool` name
+ * `configs`: an array of `google_container_node_pool` config
+ * `initial_node_counts`: an array of `google_container_node_pool` initial_node_count
+ * `node_pool_statuses`: an array of `google_container_node_pool` status
+ * `status_messages`: an array of `google_container_node_pool` status_message
+ * `versions`: an array of `google_container_node_pool` version
+ * `autoscalings`: an array of `google_container_node_pool` autoscaling
+ * `managements`: an array of `google_container_node_pool` management
+ * `max_pods_constraints`: an array of `google_container_node_pool` max_pods_constraint
+ * `conditions`: an array of `google_container_node_pool` conditions
+ * `pod_ipv4_cidr_sizes`: an array of `google_container_node_pool` pod_ipv4_cidr_size
+ * `clusters`: an array of `google_container_node_pool` cluster
+ * `locations`: an array of `google_container_node_pool` location
-* `node_pool_names` - an array of google_container_node_pool name strings
-* `node_pool_statuses`- an array of google_container_node_pool status stringss
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Kubernetes Engine API](https://console.cloud.google.com/apis/library/container.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_container_regional_cluster.md b/docs/resources/google_container_regional_cluster.md
index 26d6975f0..40c7a59ef 100644
--- a/docs/resources/google_container_regional_cluster.md
+++ b/docs/resources/google_container_regional_cluster.md
@@ -105,6 +105,10 @@ Properties that can be accessed from the `google_container_regional_cluster` res
* `cluster_ipv4_cidr`: The IP address range of the container pods in this cluster, in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8.
+ * `enable_tpu`: (Optional) Whether to enable Cloud TPU resources in this cluster. See the official documentation - https://cloud.google.com/tpu/docs/kubernetes-engine-setup
+
+ * `tpu_ipv4_cidr_block`: The IP address range of the Cloud TPUs in this cluster, in [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) notation (e.g. `1.2.3.4/29`).
+
* `addons_config`: Configurations for the various addons available to run in the cluster.
* `http_load_balancing`: Configuration for the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster.
@@ -187,10 +191,6 @@ Properties that can be accessed from the `google_container_regional_cluster` res
* `expire_time`: The time the cluster will be automatically deleted in RFC3339 text format.
- * `enable_tpu`: Enable the ability to use Cloud TPUs in this cluster.
-
- * `tpu_ipv4_cidr_block`: The IP address range of the Cloud TPUs in this cluster, in CIDR notation
-
* `conditions`: Which conditions caused the current cluster state.
* `code`: Machine-friendly representation of the condition
diff --git a/docs/resources/google_container_regional_clusters.md b/docs/resources/google_container_regional_clusters.md
index 3917f4432..027d18563 100644
--- a/docs/resources/google_container_regional_clusters.md
+++ b/docs/resources/google_container_regional_clusters.md
@@ -29,6 +29,8 @@ See [google_container_regional_cluster.md](google_container_regional_cluster.md)
* `networks`: an array of `google_container_regional_cluster` network
* `private_cluster_configs`: an array of `google_container_regional_cluster` private_cluster_config
* `cluster_ipv4_cidrs`: an array of `google_container_regional_cluster` cluster_ipv4_cidr
+ * `enable_tpus`: an array of `google_container_regional_cluster` enable_tpu
+ * `tpu_ipv4_cidr_blocks`: an array of `google_container_regional_cluster` tpu_ipv4_cidr_block
* `addons_configs`: an array of `google_container_regional_cluster` addons_config
* `subnetworks`: an array of `google_container_regional_cluster` subnetwork
* `locations`: an array of `google_container_regional_cluster` locations
@@ -49,8 +51,6 @@ See [google_container_regional_cluster.md](google_container_regional_cluster.md)
* `services_ipv4_cidrs`: an array of `google_container_regional_cluster` services_ipv4_cidr
* `current_node_counts`: an array of `google_container_regional_cluster` current_node_count
* `expire_times`: an array of `google_container_regional_cluster` expire_time
- * `enable_tpus`: an array of `google_container_regional_cluster` enable_tpu
- * `tpu_ipv4_cidr_blocks`: an array of `google_container_regional_cluster` tpu_ipv4_cidr_block
* `conditions`: an array of `google_container_regional_cluster` conditions
* `master_authorized_networks_configs`: an array of `google_container_regional_cluster` master_authorized_networks_config
* `locations`: an array of `google_container_regional_cluster` location
diff --git a/docs/resources/google_dataproc_cluster.md b/docs/resources/google_dataproc_cluster.md
index f78295b87..e1d1437aa 100644
--- a/docs/resources/google_dataproc_cluster.md
+++ b/docs/resources/google_dataproc_cluster.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_dataproc_cluster` is used to test a Google Cluster resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_dataproc_cluster(project: 'chef-gcp-inspec', region: 'europe-west2', cluster_name: 'inspec-dataproc-cluster') do
diff --git a/docs/resources/google_dataproc_clusters.md b/docs/resources/google_dataproc_clusters.md
index 398698731..39371b642 100644
--- a/docs/resources/google_dataproc_clusters.md
+++ b/docs/resources/google_dataproc_clusters.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_dataproc_clusters` is used to test a Google Cluster resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_dataproc_clusters(project: 'chef-gcp-inspec', region: 'europe-west2') do
diff --git a/docs/resources/google_dns_managed_zone.md b/docs/resources/google_dns_managed_zone.md
index 2e523c163..e92511ecb 100644
--- a/docs/resources/google_dns_managed_zone.md
+++ b/docs/resources/google_dns_managed_zone.md
@@ -1,27 +1,30 @@
---
-title: About the google_dns_managed_zones Resource
+title: About the google_dns_managed_zone resource
platform: gcp
---
-# google\_dns\_managed\_zone
-
-Use the `google_dns_managed_zones` InSpec audit resource to test properties of a single GCP DNS managed zone.
-
-
-
## Syntax
+A `google_dns_managed_zone` is used to test a Google ManagedZone resource
-A `google_dns_managed_zone` resource block declares the tests for a single GCP zone by project and name.
- describe google_dns_managed_zone(project: 'chef-inspec-gcp', zone: 'zone-name') do
- it { should exist }
- end
-
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
+```
+describe google_dns_managed_zone(project: 'chef-gcp-inspec', zone: 'example-zone') do
+ it { should exist }
+ its('dns_name') { should cmp 'dns-zone-name.com.' }
-The following examples show how to use this InSpec audit resource.
+ its('description') { should cmp 'example description' }
+ its('zone_signing_key_algorithm') { should cmp 'rsasha256' }
+ its('key_signing_key_algorithm') { should cmp 'rsasha512' }
+end
+
+describe google_dns_managed_zone(project: 'chef-gcp-inspec', zone: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP compute zone exists
@@ -41,16 +44,69 @@ The following examples show how to use this InSpec audit resource.
its('name_servers') { should include 'ns-cloud-d1.googledomains.com.' }
end
+## Properties
+Properties that can be accessed from the `google_dns_managed_zone` resource:
+
-
+ * `description`: A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the managed zone's function.
-## Properties
+ * `dns_name`: The DNS name of this managed zone, for instance "example.com.".
+
+ * `dnssec_config`: DNSSEC configuration
+
+ * `kind`: Identifies what kind of resource this is
+
+ * `non_existence`: Specifies the mechanism used to provide authenticated denial-of-existence responses. non_existence can only be updated when the state is `off`.
+
+ * `state`: Specifies whether DNSSEC is enabled, and what mode it is in
+
+ * `default_key_specs`: Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. If you provide a spec for keySigning or zoneSigning, you must also provide one for the other. default_key_specs can only be updated when the state is `off`.
+
+ * `algorithm`: String mnemonic specifying the DNSSEC algorithm of this key
+
+ * `key_length`: Length of the keys in bits
+
+ * `key_type`: Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets.
+
+ * `kind`: Identifies what kind of resource this is
+
+ * `id`: Unique identifier for the resource; defined by the server.
+
+ * `name`: User assigned name for this resource. Must be unique within the project.
+
+ * `name_servers`: Delegate your managed_zone to these virtual name servers; defined by the server
+
+ * `name_server_set`: Optionally specifies the NameServerSet for this ManagedZone. A NameServerSet is a set of DNS name servers that all host the same ManagedZones. Most users will leave this field unset.
+
+ * `creation_time`: The time that this resource was created on the server. This is in RFC3339 text format.
+
+ * `labels`: A set of key/value label pairs to assign to this ManagedZone.
+
+ * `visibility`: The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources. Must be one of: `public`, `private`.
+
+ * `private_visibility_config`: For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from.
+
+ * `networks`: The list of VPC networks that can see this zone.
+
+ * `network_url`: The fully qualified URL of the VPC network to bind to. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`
+
+ * `forwarding_config`: (Beta only) The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to.
+
+ * `target_name_servers`: List of target name servers to forward to. Cloud DNS will select the best available name server if more than one target is given.
+
+ * `ipv4_address`: IPv4 address of a target name server.
+
+ * `forwarding_path`: Forwarding path for this TargetNameServer. If unset or `default` Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to `private`, Cloud DNS will always send queries through VPC for this target
+
+ * `peering_config`: (Beta only) The presence of this field indicates that DNS Peering is enabled for this zone. The value of this field contains the network to peer with.
+
+ * `target_network`: The network with which to peer.
-* `creation_time`, `creation_time_date`, `description`, `dns_name`, `dnssec_config`, `id`, `kind`, `name`, `name_servers`, `key_signing_key_algorithm`, `zone_signing_key_algorithm`
+ * `network_url`: The fully qualified URL of the VPC network to forward queries to. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`
-
+ * `reverse_lookup`: (Beta only) Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse lookup queries using automatically configured records for VPC resources. This only applies to networks listed under `private_visibility_config`.
## GCP Permissions
-Ensure the [Cloud DNS API](https://console.cloud.google.com/apis/api/dns.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Google Cloud DNS API](https://console.cloud.google.com/apis/library/dns.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_dns_managed_zones.md b/docs/resources/google_dns_managed_zones.md
index cfcb3c7c1..baed2eb31 100644
--- a/docs/resources/google_dns_managed_zones.md
+++ b/docs/resources/google_dns_managed_zones.md
@@ -1,35 +1,23 @@
---
-title: About the google_dns_managed_zones Resource
+title: About the google_dns_managed_zones resource
platform: gcp
---
-# google\_dns\_managed\_zones
-
-Use the `google_dns_managed_zones` InSpec audit resource to test properties of all, or a filtered group of, GCP DNS managed zones for a project.
-
-
-
## Syntax
+A `google_dns_managed_zones` is used to test a Google ManagedZone resource
-A `google_dns_managed_zones` resource block collects GCP zones by project then tests that group.
-
- describe google_dns_managed_zones(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-Use this InSpec resource to enumerate IDs then test in-depth using `google_dns_managed_zone`.
-
- google_dns_managed_zones(project: 'chef-inspec-gcp').zone_names.each do |zone_name|
- describe google_dns_managed_zone(project: 'chef-inspec-gcp', zone: zone_name) do
- it { should exist }
- end
- end
-
-
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_dns_managed_zones(project: 'chef-gcp-inspec') do
+ it { should exist }
+ its('zone_names') { should include 'example-zone' }
+ its('zone_dns_names') { should include 'dns-zone-name.com.' }
+end
+```
### Test that there are no more than a specified number of zones available for the project
@@ -50,23 +38,30 @@ The following examples show how to use this InSpec audit resource.
it { should exist }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `zone_id`; `zone_name`; `zone_dns_name` and `dnssec_enabled`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_dns_managed_zones` resource:
+
+See [google_dns_managed_zone.md](google_dns_managed_zone.md) for more detailed information
+ * `descriptions`: an array of `google_dns_managed_zone` description
+ * `zone_dns_names`: an array of `google_dns_managed_zone` dns_name
+ * `dnssec_configs`: an array of `google_dns_managed_zone` dnssec_config
+ * `zone_ids`: an array of `google_dns_managed_zone` id
+ * `zone_names`: an array of `google_dns_managed_zone` name
+ * `name_servers`: an array of `google_dns_managed_zone` name_servers
+ * `name_server_sets`: an array of `google_dns_managed_zone` name_server_set
+ * `creation_times`: an array of `google_dns_managed_zone` creation_time
+ * `labels`: an array of `google_dns_managed_zone` labels
+ * `visibilities`: an array of `google_dns_managed_zone` visibility
+ * `private_visibility_configs`: an array of `google_dns_managed_zone` private_visibility_config
+ * `forwarding_configs`: (Beta only) an array of `google_dns_managed_zone` forwarding_config
+ * `peering_configs`: (Beta only) an array of `google_dns_managed_zone` peering_config
+ * `reverse_lookups`: (Beta only) an array of `google_dns_managed_zone` reverse_lookup
-* `zone_ids` - an array of google_dns_managed_zone identifier integers
-* `zone_names` - an array of google_dns_managed_zone name strings
-* `zone_dns_names` - an array of google_dns_managed_zone dns name strings
-* `dnssec_config_state`- an array of google_dns_managed_zone dnssec_config boolean values
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Cloud DNS API](https://console.cloud.google.com/apis/api/dns.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Google Cloud DNS API](https://console.cloud.google.com/apis/library/dns.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_dns_resource_record_set.md b/docs/resources/google_dns_resource_record_set.md
index 2f95b898e..aa4896568 100644
--- a/docs/resources/google_dns_resource_record_set.md
+++ b/docs/resources/google_dns_resource_record_set.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_dns_resource_record_set` is used to test a Google ResourceRecordSet resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_dns_resource_record_set(project: 'chef-gcp-inspec', name: 'backend.my.domain.com.', type: 'A', managed_zone: 'inspec-gcp-managed-zone') do
diff --git a/docs/resources/google_dns_resource_record_sets.md b/docs/resources/google_dns_resource_record_sets.md
index b1c5dce02..dfaa7471f 100644
--- a/docs/resources/google_dns_resource_record_sets.md
+++ b/docs/resources/google_dns_resource_record_sets.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_dns_resource_record_sets` is used to test a Google ResourceRecordSet resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_dns_resource_record_sets(project: 'chef-gcp-inspec', name: 'backend.my.domain.com.', managed_zone: 'inspec-gcp-managed-zone') do
diff --git a/docs/resources/google_iam_custom_role.md b/docs/resources/google_iam_custom_role.md
new file mode 100644
index 000000000..67a300868
--- /dev/null
+++ b/docs/resources/google_iam_custom_role.md
@@ -0,0 +1,41 @@
+---
+title: About the google_iam_custom_role resource
+platform: gcp
+---
+
+## Syntax
+A `google_iam_custom_role` is used to test a Google CustomRole resource
+
+## Examples
+```
+describe google_iam_custom_role(project: 'chef-gcp-inspec', name: 'admin-role') do
+ it { should exist }
+ its('stage') { should eq 'GA' }
+ its('included_permissions') { should eq ["iam.roles.list"] }
+end
+
+describe google_iam_custom_role(project: 'chef-gcp-inspec', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_iam_custom_role` resource:
+
+
+ * `name`: The name of the role.
+
+ * `title`: A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
+
+ * `description`: Human-readable description for the role
+
+ * `included_permissions`: Names of permissions this role grants when bound in an IAM policy.
+
+ * `stage`: The current launch stage of the role.
+
+ * `deleted`: The current deleted state of the role
+
+
+## GCP Permissions
+
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_iam_custom_roles.md b/docs/resources/google_iam_custom_roles.md
new file mode 100644
index 000000000..139109b91
--- /dev/null
+++ b/docs/resources/google_iam_custom_roles.md
@@ -0,0 +1,33 @@
+---
+title: About the google_iam_custom_roles resource
+platform: gcp
+---
+
+## Syntax
+A `google_iam_custom_roles` is used to test a Google CustomRole resource
+
+## Examples
+```
+describe google_iam_custom_roles(project: 'chef-gcp-inspec') do
+ its('names') { should include "projects/project-id/roles/role-id" }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_iam_custom_roles` resource:
+
+See [google_iam_custom_role.md](google_iam_custom_role.md) for more detailed information
+ * `names`: an array of `google_iam_custom_role` name
+ * `titles`: an array of `google_iam_custom_role` title
+ * `descriptions`: an array of `google_iam_custom_role` description
+ * `included_permissions`: an array of `google_iam_custom_role` included_permissions
+ * `stages`: an array of `google_iam_custom_role` stage
+ * `deleteds`: an array of `google_iam_custom_role` deleted
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_iam_organization_custom_role.md b/docs/resources/google_iam_organization_custom_role.md
new file mode 100644
index 000000000..5e3cec0a5
--- /dev/null
+++ b/docs/resources/google_iam_organization_custom_role.md
@@ -0,0 +1,41 @@
+---
+title: About the google_iam_organization_custom_role resource
+platform: gcp
+---
+
+## Syntax
+A `google_iam_organization_custom_role` is used to test a Google OrganizationCustomRole resource
+
+## Examples
+```
+describe google_iam_organization_custom_role(org_id: '12345', name: 'org-role') do
+ it { should exist }
+ its('stage') { should eq 'GA' }
+ its('included_permissions') { should eq ["iam.roles.list"] }
+end
+
+describe google_iam_organization_custom_role(org_id: '12345', name: 'org-role', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_iam_organization_custom_role` resource:
+
+
+ * `name`: The name of the role.
+
+ * `title`: A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
+
+ * `description`: Human-readable description for the role
+
+ * `included_permissions`: Names of permissions this role grants when bound in an IAM policy.
+
+ * `stage`: The current launch stage of the role.
+
+ * `deleted`: The current deleted state of the role
+
+
+## GCP Permissions
+
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_iam_organization_custom_roles.md b/docs/resources/google_iam_organization_custom_roles.md
new file mode 100644
index 000000000..fead8430f
--- /dev/null
+++ b/docs/resources/google_iam_organization_custom_roles.md
@@ -0,0 +1,33 @@
+---
+title: About the google_iam_organization_custom_roles resource
+platform: gcp
+---
+
+## Syntax
+A `google_iam_organization_custom_roles` is used to test a Google OrganizationCustomRole resource
+
+## Examples
+```
+describe google_iam_organization_custom_roles(org_id: '190694428152') do
+ its('names') { should include "organizations/123456/roles/role-id" }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_iam_organization_custom_roles` resource:
+
+See [google_iam_organization_custom_role.md](google_iam_organization_custom_role.md) for more detailed information
+ * `names`: an array of `google_iam_organization_custom_role` name
+ * `titles`: an array of `google_iam_organization_custom_role` title
+ * `descriptions`: an array of `google_iam_organization_custom_role` description
+ * `included_permissions`: an array of `google_iam_organization_custom_role` included_permissions
+ * `stages`: an array of `google_iam_organization_custom_role` stage
+ * `deleteds`: an array of `google_iam_organization_custom_role` deleted
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_iam_service_account.md b/docs/resources/google_iam_service_account.md
new file mode 100644
index 000000000..8993be942
--- /dev/null
+++ b/docs/resources/google_iam_service_account.md
@@ -0,0 +1,40 @@
+---
+title: About the google_iam_service_account resource
+platform: gcp
+---
+
+## Syntax
+A `google_iam_service_account` is used to test a Google ServiceAccount resource
+
+## Examples
+```
+describe google_iam_service_account(project: 'chef-gcp-inspec', name: "display-name@project-id.iam.gserviceaccount.com") do
+ it { should exist }
+ its('display_name') { should cmp '' }
+end
+
+describe google_iam_service_account(project: 'chef-gcp-inspec', name: "nonexistent@project-id.iam.gserviceaccount.com") do
+ it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_iam_service_account` resource:
+
+
+ * `name`: The name of the service account.
+
+ * `project_id`: Id of the project that owns the service account.
+
+ * `unique_id`: Unique and stable id of the service account
+
+ * `email`: Email address of the service account.
+
+ * `display_name`: User specified description of service account.
+
+ * `oauth2_client_id`: OAuth2 client id for the service account.
+
+
+## GCP Permissions
+
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_iam_service_account_key.md b/docs/resources/google_iam_service_account_key.md
new file mode 100644
index 000000000..500fc8f13
--- /dev/null
+++ b/docs/resources/google_iam_service_account_key.md
@@ -0,0 +1,43 @@
+---
+title: About the google_iam_service_account_key resource
+platform: gcp
+---
+
+## Syntax
+A `google_iam_service_account_key` is used to test a Google ServiceAccountKey resource
+
+## Examples
+```
+google_iam_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com").key_names.each do |sa_key_name|
+ describe
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_iam_service_account_key` resource:
+
+
+ * `name`: The name of the key.
+
+ * `private_key_type`: Output format for the service account key.
+
+ * `key_algorithm`: Specifies the algorithm for the key.
+
+ * `private_key_data`: Private key data. Base-64 encoded.
+
+ * `public_key_data`: Public key data. Base-64 encoded.
+
+ * `valid_after_time`: Key can only be used after this time.
+
+ * `valid_before_time`: Key can only be used before this time.
+
+ * `key_type`: Specifies the type of the key. Possible values include KEY_TYPE_UNSPECIFIED, USER_MANAGED and SYSTEM_MANAGED
+
+ * `service_account`: The name of the serviceAccount.
+
+ * `path`: The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. File path must be absolute.
+
+
+## GCP Permissions
+
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_iam_service_account_keys.md b/docs/resources/google_iam_service_account_keys.md
new file mode 100644
index 000000000..bad98ef5b
--- /dev/null
+++ b/docs/resources/google_iam_service_account_keys.md
@@ -0,0 +1,37 @@
+---
+title: About the google_iam_service_account_keys resource
+platform: gcp
+---
+
+## Syntax
+A `google_iam_service_account_keys` is used to test a Google ServiceAccountKey resource
+
+## Examples
+```
+describe google_iam_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do
+ its('count') { should be <= 1000 }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_iam_service_account_keys` resource:
+
+See [google_iam_service_account_key.md](google_iam_service_account_key.md) for more detailed information
+ * `key_names`: an array of `google_iam_service_account_key` name
+ * `private_key_types`: an array of `google_iam_service_account_key` private_key_type
+ * `key_algorithms`: an array of `google_iam_service_account_key` key_algorithm
+ * `private_key_data`: an array of `google_iam_service_account_key` private_key_data
+ * `public_key_data`: an array of `google_iam_service_account_key` public_key_data
+ * `valid_after_times`: an array of `google_iam_service_account_key` valid_after_time
+ * `valid_before_times`: an array of `google_iam_service_account_key` valid_before_time
+ * `key_types`: an array of `google_iam_service_account_key` key_type
+ * `service_accounts`: an array of `google_iam_service_account_key` service_account
+ * `paths`: an array of `google_iam_service_account_key` path
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_iam_service_accounts.md b/docs/resources/google_iam_service_accounts.md
new file mode 100644
index 000000000..66cb58718
--- /dev/null
+++ b/docs/resources/google_iam_service_accounts.md
@@ -0,0 +1,34 @@
+---
+title: About the google_iam_service_accounts resource
+platform: gcp
+---
+
+## Syntax
+A `google_iam_service_accounts` is used to test a Google ServiceAccount resource
+
+## Examples
+```
+describe google_iam_service_accounts(project: 'chef-gcp-inspec', name: "display-name@project-id.iam.gserviceaccount.com") do
+ its('service_account_emails') { should include "display-name@project-id.iam.gserviceaccount.com" }
+ its('count') { should be <= 1000 }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_iam_service_accounts` resource:
+
+See [google_iam_service_account.md](google_iam_service_account.md) for more detailed information
+ * `service_account_names`: an array of `google_iam_service_account` name
+ * `project_ids`: an array of `google_iam_service_account` project_id
+ * `service_account_ids`: an array of `google_iam_service_account` unique_id
+ * `service_account_emails`: an array of `google_iam_service_account` email
+ * `service_account_display_names`: an array of `google_iam_service_account` display_name
+ * `oauth2_client_ids`: an array of `google_iam_service_account` oauth2_client_id
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_kms_crypto_key.md b/docs/resources/google_kms_crypto_key.md
index 7ecdd25e9..679bf00d4 100644
--- a/docs/resources/google_kms_crypto_key.md
+++ b/docs/resources/google_kms_crypto_key.md
@@ -1,27 +1,26 @@
---
-title: About the google_kms_crypto_key Resource
+title: About the google_kms_crypto_key resource
platform: gcp
---
-# google\_kms\_crypto\_key
-
-Use the `google_kms_crypto_key` InSpec audit resource to test properties of a single GCP KMS crypto key. See [this page](https://cloud.google.com/kms/docs/object-hierarchy?hl=en_US&_ga=2.223343707.-1730338523.1522320263#cryptokeyversion) for useful background.
-
-
-
## Syntax
-
-A `google_kms_crypto_key` resource block declares the tests for a single GCP KMS crypto key by project, location, key ring name and key name.
-
- describe google_kms_crypto_key(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring', name: 'crypto-key') do
- it { should exist }
- end
-
-
+A `google_kms_crypto_key` is used to test a Google CryptoKey resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_kms_crypto_key(project: 'chef-gcp-inspec', location: 'europe-west2', key_ring_name: 'kms-key-ring', name: 'kms-key') do
+ it { should exist }
+ its('crypto_key_name') { should cmp 'kms-key' }
+ its('primary_state') { should eq "ENABLED" }
+ its('purpose') { should eq "ENCRYPT_DECRYPT" }
+ its('next_rotation_time') { should be > Time.now - 100000 }
+ its('create_time') { should be > Time.now - 365*60*60*24*10 }
+end
+
+describe google_kms_crypto_key(project: 'chef-gcp-inspec', location: 'europe-west2', key_ring_name: 'kms-key-ring', name: "nonexistent") do
+ it { should_not exist }
+end
+```
### Test that a GCP KMS crypto key was created recently
@@ -46,17 +45,32 @@ The following examples show how to use this InSpec audit resource.
describe google_kms_crypto_key(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring', name: 'crypto-key') do
its('primary_state') { should eq "ENABLED" }
end
-
-
-
## Properties
+Properties that can be accessed from the `google_kms_crypto_key` resource:
+
+
+ * `crypto_key_name`: The resource name for the CryptoKey.
+
+ * `create_time`: The time that this resource was created on the server. This is in RFC3339 text format.
+
+ * `labels`: Labels with user-defined metadata to apply to this resource.
+
+ * `purpose`: The immutable purpose of this CryptoKey. See the [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) for possible inputs.
+
+ * `rotation_period`: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter `s` (seconds). It must be greater than a day (ie, 86400).
+
+ * `version_template`: A template describing settings for new crypto key versions.
+
+ * `algorithm`: The algorithm to use when creating a version based on this template. See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.
+
+ * `protection_level`: The protection level to use when creating a version based on this template.
-* `create_time`, `create_time_date`, `name`, `crypto_key_name`, `crypto_key_url`, `next_rotation_time`, `next_rotation_time_date`, `primary_create_time`, `primary_create_time_date`, `primary_name`, `primary_state`, `purpose`, `rotation_period`
+ * `next_rotation_time`: The time when KMS will create a new version of this Crypto Key.
-
+ * `key_ring`: The KeyRing that this key belongs to. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`.
## GCP Permissions
-Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_kms_crypto_key_iam_binding.md b/docs/resources/google_kms_crypto_key_iam_binding.md
index 1e8e243b5..8ba0ebe55 100644
--- a/docs/resources/google_kms_crypto_key_iam_binding.md
+++ b/docs/resources/google_kms_crypto_key_iam_binding.md
@@ -1,49 +1,28 @@
---
-title: About the google_kms_crypto_key_iam_binding Resource
+title: About the google_kms_crypto_key_iam_binding resource
platform: gcp
---
-# google\_kms\_crypto\_key\_iam\_binding
-
-Use the `google_kms_crypto_key_iam_binding` InSpec audit resource to test properties of a single GCP KMS Crypto Key IAM Binding.
-
-
-
## Syntax
-
-A `google_kms_crypto_key_iam_binding` resource block declares the tests for a single KMS Crypto Key IAM Binding for specified role.
-
- describe google_kms_crypto_key_iam_binding(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name', role: "roles/owner") do
- it { should exist }
- end
-
-
+A `google_kms_crypto_key_iam_binding` is used to test a Google CryptoKey Iam Bindings
## Examples
+```
+describe google_kms_crypto_key_iam_binding(project: "project", location: "location", key_ring_name: "key_ring_name", crypto_key_name: "crypto_key_name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
-The following examples show how to use this InSpec audit resource.
-
-### Test that a GCP KMS Crypto Key IAM Binding exists for the specified role
-
- describe google_kms_crypto_key_iam_binding(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name', role: "roles/owner") do
- it { should exist }
- end
-
-### Test that a GCP KMS Crypto Key IAM Binding has the desired user included for the specified role
-
- describe google_kms_crypto_key_iam_binding(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name', role: "roles/owner") do
- its('members') {should include 'user:someuser@domain.com' }
- end
-
-
## Properties
+Properties that can be accessed from the `google_kms_crypto_key_iam_binding` resource:
-* `members`
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
-
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
## GCP Permissions
-Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_kms_crypto_key_iam_bindings.md b/docs/resources/google_kms_crypto_key_iam_bindings.md
index b8dcdc5bd..afb1a23c0 100644
--- a/docs/resources/google_kms_crypto_key_iam_bindings.md
+++ b/docs/resources/google_kms_crypto_key_iam_bindings.md
@@ -5,6 +5,8 @@ platform: gcp
# google\_kms\_crypto\_key\_iam\_bindings
+**This resource is deprecated. Please use google_kms_crypto_key_iam_policy instead**
+
Use the `google_kms_crypto_key_iam_bindings` InSpec audit resource to test properties of all, or a filtered group of, GCP KMS Crypto Key IAM Bindings.
diff --git a/docs/resources/google_kms_crypto_key_iam_policy.md b/docs/resources/google_kms_crypto_key_iam_policy.md
new file mode 100644
index 000000000..85c20932f
--- /dev/null
+++ b/docs/resources/google_kms_crypto_key_iam_policy.md
@@ -0,0 +1,48 @@
+---
+title: About the google_kms_crypto_key_iam_policy resource
+platform: gcp
+---
+
+## Syntax
+A `google_kms_crypto_key_iam_policy` is used to test a Google CryptoKey Iam Policy resource
+
+## Examples
+```
+describe google_kms_crypto_key_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name", crypto_key_name: "crypto_key_name") do
+ it { should exist }
+end
+
+google_kms_crypto_key_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name", crypto_key_name: "crypto_key_name").bindings.each do |binding|
+ describe binding do
+ its('role') { should eq 'roles/editor'}
+ its('members') { should include 'user:testuser@example.com'}
+ end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_kms_crypto_key_iam_policy` resource:
+
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
+ * `bindings`: Associates a list of members to a role.
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+ * `audit_configs`: Specifies cloud audit logging configuration for this policy.
+
+ * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
+
+ * `audit_log_configs`: The configuration for logging of each type of permission.
+
+ * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
+
+ * `exempted_members`: Specifies the identities that do not cause logging for this type of permission.
+
+
+
+## GCP Permissions
+
+Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_kms_crypto_keys.md b/docs/resources/google_kms_crypto_keys.md
index bde2a1782..164dde1fa 100644
--- a/docs/resources/google_kms_crypto_keys.md
+++ b/docs/resources/google_kms_crypto_keys.md
@@ -1,38 +1,18 @@
---
-title: About the google_kms_crypto_keys Resource
+title: About the google_kms_crypto_keys resource
platform: gcp
---
-# google\_kms\_crypto\_keys
-
-Use the `google_kms_crypto_keys` InSpec audit resource to test properties of all, or a filtered group of, GCP KMS crypto keys for supplied project, location and key ring name.
-
-
-
## Syntax
-
-A `google_kms_crypto_keys` resource block collects GCP KMS crypto keys then tests that group.
-
- describe google_kms_crypto_keys(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_kms_crypto_key`.
-
- google_kms_crypto_keys(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring').crypto_key_names.each do |key_name|
- describe google_kms_crypto_key(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring', name: key_name) do
- it { should exist }
- its('create_time_date') { should be > Time.now - 365*60*60*24*10 }
- its('purpose') { should eq "ENCRYPT_DECRYPT" }
- its('primary_state') { should eq "ENABLED" }
- end
- end
-
-
+A `google_kms_crypto_keys` is used to test a Google CryptoKey resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_kms_crypto_keys(project: 'chef-gcp-inspec', location: 'europe-west2', key_ring_name: 'kms-key-ring') do
+ its('count') { should be >= 1 }
+ its('crypto_key_names') { should include 'kms-key' }
+end
+```
### Test that there are no more than a specified number of keys in the key ring
@@ -45,21 +25,24 @@ The following examples show how to use this InSpec audit resource.
describe google_kms_crypto_keys(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring') do
its('crypto_key_names') { should include "my-crypto-key-name" }
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `key_name`. This may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_kms_crypto_keys` resource:
+
+See [google_kms_crypto_key.md](google_kms_crypto_key.md) for more detailed information
+ * `crypto_key_names`: an array of `google_kms_crypto_key` crypto_key_name
+ * `create_times`: an array of `google_kms_crypto_key` create_time
+ * `labels`: an array of `google_kms_crypto_key` labels
+ * `purposes`: an array of `google_kms_crypto_key` purpose
+ * `rotation_periods`: an array of `google_kms_crypto_key` rotation_period
+ * `version_templates`: an array of `google_kms_crypto_key` version_template
+ * `next_rotation_times`: an array of `google_kms_crypto_key` next_rotation_time
+ * `key_rings`: an array of `google_kms_crypto_key` key_ring
-* `crypto_key_names` - an array of google_kms_crypto_key name strings e.g. `['key-name']`
-* `crypto_key_urls` - an array of google_kms_crypto_key url strings e.g. `['projects/PROJECT/locations/LOCATION/keyRings/key-ring-name/cryptoKeys/key-name']`
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_kms_key_ring.md b/docs/resources/google_kms_key_ring.md
index 546d35006..2ac3fabc3 100644
--- a/docs/resources/google_kms_key_ring.md
+++ b/docs/resources/google_kms_key_ring.md
@@ -1,27 +1,24 @@
---
-title: About the google_kms_key_ring Resource
+title: About the google_kms_key_ring resource
platform: gcp
---
-# google\_kms\_key\_ring
-
-Use the `google_kms_key_ring` InSpec audit resource to test properties of a single GCP kms key ring.
-
-
-
## Syntax
-
-A `google_kms_key_ring` resource block declares the tests for a single GCP key ring by project and name.
-
- describe google_kms_key_ring(project: 'chef-inspec-gcp', location: 'us-east1', name: 'key-ring-name') do
- it { should exist }
- end
-
-
+A `google_kms_key_ring` is used to test a Google KeyRing resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_kms_key_ring(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'kms-key-ring') do
+ it { should exist }
+ its('create_time') { should be > Time.now - 365*60*60*24*10 }
+ its('key_ring_name'){ should eq 'kms-key-ring' }
+ its('key_ring_url'){ should match 'kms-key-ring' }
+end
+
+describe google_kms_key_ring(project: 'chef-gcp-inspec', location: 'europe-west2', name: "nonexistent") do
+ it { should_not exist }
+end
+```
### Test that a GCP kms key ring exists
@@ -37,15 +34,17 @@ For any existing key ring, below should definitely be true!
its('create_time_date') { should be > Time.now - 365*60*60*24*50 }
end
-
-
## Properties
+Properties that can be accessed from the `google_kms_key_ring` resource:
+
+
+ * `create_time`: The time that this resource was created on the server. This is in RFC3339 text format.
-* `create_time`, `create_time_date`, `name`, `key_ring_name`, `key_ring_url`
+ * `key_ring_url`: The full resource name for the KeyRing
-
+ * `location`: The location for the KeyRing. A full list of valid locations can be found by running `gcloud kms locations list`.
## GCP Permissions
-Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_kms_key_ring_iam_binding.md b/docs/resources/google_kms_key_ring_iam_binding.md
index 19a68b00f..499645d35 100644
--- a/docs/resources/google_kms_key_ring_iam_binding.md
+++ b/docs/resources/google_kms_key_ring_iam_binding.md
@@ -1,50 +1,28 @@
---
-title: About the google_kms_key_ring_iam_binding Resource
+title: About the google_kms_key_ring_iam_binding resource
platform: gcp
---
-# google\_kms\_key\_ring\_iam\_binding
-
-Use the `google_kms_key_ring_iam_binding` InSpec audit resource to test properties of a single GCP KMS key ring IAM binding.
-
-
-
## Syntax
-
-A `google_kms_key_ring_iam_binding` resource block declares the tests for a single GCP KMS key ring IAM binding by role.
-
- describe google_kms_key_ring_iam_binding(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring', role: 'roles/compute.admin') do
- it { should exist }
- its('members') {should include 'user:someuser@domain.com' }
- end
-
-
+A `google_kms_key_ring_iam_binding` is used to test a Google KeyRing Iam Bindings
## Examples
+```
+describe google_kms_key_ring_iam_binding(project: "project", location: "location", key_ring_name: "key_ring_name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
-The following examples show how to use this InSpec audit resource.
-
-### Test that a GCP project KMS key ring IAM binding exists
-
- describe google_kms_key_ring_iam_binding(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring', role: 'roles/compute.admin') do
- it { should exist }
- end
-
-### Test that a GCP project KMS key ring IAM binding has the desired user included
-
- describe google_kms_key_ring_iam_binding(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring', role: 'roles/compute.admin') do
- its('members') {should include 'user:someuser@domain.com' }
- end
-
-
## Properties
+Properties that can be accessed from the `google_kms_key_ring_iam_binding` resource:
-* `members`
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
-
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
## GCP Permissions
-Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_kms_key_ring_iam_bindings.md b/docs/resources/google_kms_key_ring_iam_bindings.md
index aae8df8df..925f09aca 100644
--- a/docs/resources/google_kms_key_ring_iam_bindings.md
+++ b/docs/resources/google_kms_key_ring_iam_bindings.md
@@ -5,6 +5,8 @@ platform: gcp
# google\_kms\_key\_ring\_iam\_bindings
+**This resource is deprecated. Please use `google_kms_key_ring_iam_policy` instead**
+
Use the `google_kms_key_ring_iam_bindings` InSpec audit resource to test properties of all, or a filtered group of, GCP KMS key ring IAM bindings.
diff --git a/docs/resources/google_kms_key_ring_iam_policy.md b/docs/resources/google_kms_key_ring_iam_policy.md
new file mode 100644
index 000000000..d5585f971
--- /dev/null
+++ b/docs/resources/google_kms_key_ring_iam_policy.md
@@ -0,0 +1,48 @@
+---
+title: About the google_kms_key_ring_iam_policy resource
+platform: gcp
+---
+
+## Syntax
+A `google_kms_key_ring_iam_policy` is used to test a Google KeyRing Iam Policy resource
+
+## Examples
+```
+describe google_kms_key_ring_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name") do
+ it { should exist }
+end
+
+google_kms_key_ring_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name").bindings.each do |binding|
+ describe binding do
+ its('role') { should eq 'roles/editor'}
+ its('members') { should include 'user:testuser@example.com'}
+ end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_kms_key_ring_iam_policy` resource:
+
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
+ * `bindings`: Associates a list of members to a role.
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+ * `audit_configs`: Specifies cloud audit logging configuration for this policy.
+
+ * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
+
+ * `audit_log_configs`: The configuration for logging of each type of permission.
+
+ * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
+
+ * `exempted_members`: Specifies the identities that do not cause logging for this type of permission.
+
+
+
+## GCP Permissions
+
+Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_kms_key_rings.md b/docs/resources/google_kms_key_rings.md
index 06ff921bc..21263460f 100644
--- a/docs/resources/google_kms_key_rings.md
+++ b/docs/resources/google_kms_key_rings.md
@@ -1,37 +1,25 @@
---
-title: About the google_kms_key_rings Resource
+title: About the google_kms_key_rings resource
platform: gcp
---
-# google\_kms\_key\_rings
-
-Use the `google_kms_key_rings` InSpec audit resource to test properties of all, or a filtered group of, GCP KMS key rings for a project in a particular location.
-
-
-
## Syntax
-
-A `google_kms_key_rings` resource block collects GCP kms_key_rings by project then tests that group.
-
- describe google_kms_key_rings(project: 'chef-inspec-gcp', location: 'us-east1') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_kms_key_ring`.
-
- google_kms_key_rings(project: 'chef-inspec-gcp', location: 'us-east1').key_ring_names.each do |kms_key_ring_name|
- describe google_kms_key_ring(project: 'chef-inspec-gcp', kms_key_ring: kms_key_ring_name) do
- it { should exist }
- its('kind') { should eq "compute#kms_key_ring" }
- its('status') { should eq 'UP' }
- end
- end
-
-
+A `google_kms_key_rings` is used to test a Google KeyRing resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_kms_key_rings(project: 'chef-gcp-inspec', location: 'europe-west2') do
+ its('key_ring_names'){ should include 'kms-key-ring' }
+end
+
+describe.one do
+ google_kms_key_rings(project: 'chef-gcp-inspec', location: 'europe-west2').key_ring_urls do |url|
+ describe url do
+ it { should match 'kms-key-ring' }
+ end
+ end
+end
+```
### Test that there are no more than a specified number of kms_key_rings available for the project
@@ -54,21 +42,19 @@ The following examples show how to use this InSpec audit resource.
its('create_time_date') { should be > Time.now - 365*60*60*24 }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `key_ring_name`. This may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_kms_key_rings` resource:
-* `key_ring_names` - an array of google_kms_key_ring name strings e.g.`['key-ring-name']`
-* `key_ring_urls` - an array of google_kms_key_ring name url strings e.g. `['projects/PROJECT/locations/LOCATION/keyRings/key-ring-name']`
-
-
+See [google_kms_key_ring.md](google_kms_key_ring.md) for more detailed information
+ * `create_times`: an array of `google_kms_key_ring` create_time
+ * `key_ring_urls`: an array of `google_kms_key_ring` key_ring_url
+ * `locations`: an array of `google_kms_key_ring` location
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the project where the resource is located.
\ No newline at end of file
+Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_logging_project_exclusion.md b/docs/resources/google_logging_project_exclusion.md
index 593d7f09e..841c645de 100644
--- a/docs/resources/google_logging_project_exclusion.md
+++ b/docs/resources/google_logging_project_exclusion.md
@@ -1,27 +1,24 @@
---
-title: About the google_logging_project_exclusion Resource
+title: About the google_logging_project_exclusion resource
platform: gcp
---
-# google\_logging\_project\_exclusion
-
-Use the `google_logging_project_exclusion` InSpec audit resource to test properties of a single GCP logging project exclusion.
-
-
-
## Syntax
-
-A `google_logging_project_exclusion` resource block declares the tests for a single GCP logging project exclusion by project and exclusion name.
-
- describe google_logging_project_exclusion(project: 'chef-inspec-gcp', exclusion: 'exclusion-name-abcd') do
- it { should exist }
- end
-
-
+A `google_logging_project_exclusion` is used to test a Google ProjectExclusion resource
## Examples
+```
+
+describe google_logging_project_exclusion(project: 'chef-gcp-inspec', name: 'inspec-project-exclusion') do
+ it { should exist }
+ its('description'){ should cmp 'My project exclusion description' }
+ its('filter'){ should cmp 'resource.type = gce_instance AND severity <= DEBUG' }
+end
-The following examples show how to use this InSpec audit resource.
+describe google_logging_project_exclusion(project: 'chef-gcp-inspec', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP project logging exclusion name is as expected
@@ -41,15 +38,21 @@ The following examples show how to use this InSpec audit resource.
its('description') { should eq 'Exclude GCE instance debug logs' }
end
-
-
## Properties
+Properties that can be accessed from the `google_logging_project_exclusion` resource:
+
+
+ * `project`: Id of the project that this exclusion applies to.
+
+ * `name`: Name of the exclusion, specified by the server during create.
+
+ * `description`: A user provided description of this exclusion.
-* `description`, `filter`, `name`
+ * `filter`: An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter.
-
+ * `disabled`: If set to true then this exclusion is disabled and it does not exclude any log entries.
## GCP Permissions
-Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/api/logging.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_logging_project_exclusions.md b/docs/resources/google_logging_project_exclusions.md
new file mode 100644
index 000000000..bdc96b17d
--- /dev/null
+++ b/docs/resources/google_logging_project_exclusions.md
@@ -0,0 +1,33 @@
+---
+title: About the google_logging_project_exclusions resource
+platform: gcp
+---
+
+## Syntax
+A `google_logging_project_exclusions` is used to test a Google ProjectExclusion resource
+
+## Examples
+```
+
+describe google_logging_project_exclusions(project: 'chef-gcp-inspec') do
+ its('names'){ should include 'inspec-folder-exclusion' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_logging_project_exclusions` resource:
+
+See [google_logging_project_exclusion.md](google_logging_project_exclusion.md) for more detailed information
+ * `projects`: an array of `google_logging_project_exclusion` project
+ * `names`: an array of `google_logging_project_exclusion` name
+ * `descriptions`: an array of `google_logging_project_exclusion` description
+ * `filters`: an array of `google_logging_project_exclusion` filter
+ * `disableds`: an array of `google_logging_project_exclusion` disabled
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_logging_project_sink.md b/docs/resources/google_logging_project_sink.md
index e0069cbe2..3da21a519 100644
--- a/docs/resources/google_logging_project_sink.md
+++ b/docs/resources/google_logging_project_sink.md
@@ -1,29 +1,22 @@
---
-title: About the google_compute_zone Resource
+title: About the google_logging_project_sink resource
platform: gcp
---
-# google\_logging\_project\_sink
-
-Use the `google_logging_project_sink` InSpec audit resource to test properties of a single GCP logging project sink.
-
-
-
## Syntax
-
-A `google_logging_project_sink` resource block declares the tests for a single GCP logging project sink by project and sink name.
-
- describe google_logging_project_sink(project: 'chef-inspec-gcp', sink: 'sink-name-abcd') do
- it { should exist }
- its('name') { should eq 'sink-name-abcd' }
- end
-
-
+A `google_logging_project_sink` is used to test a Google ProjectSink resource
## Examples
+```
+describe google_logging_project_sink(project: 'chef-gcp-inspec', name: 'inspec-gcp-org-sink') do
+ it { should exist }
+ its('filter') { should cmp 'resource.type = gce_instance AND severity = DEBUG' }
+end
-The following examples show how to use this InSpec audit resource.
-
+describe google_logging_project_sink(project: 'chef-gcp-inspec', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP project logging sink destination is correct
@@ -50,15 +43,23 @@ The following examples show how to use this InSpec audit resource.
end
-
-
## Properties
+Properties that can be accessed from the `google_logging_project_sink` resource:
+
+
+ * `project`: Id of the project that this sink belongs to.
+
+ * `name`: Name of the log sink.
+
+ * `filter`: An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter.
+
+ * `destination`: The export destination.
-* `destination`, `filter`, `name`, `output_version_format`, `writer_identity`
+ * `writer_identity`: An IAM identity—a service account or group—under which Logging writes the exported log entries to the sink's destination. This field is set by sinks.create and sinks.update based on the value of uniqueWriterIdentity in those methods.
-
+ * `include_children`: If the field is false, the default, only the logs owned by the sink's parent resource are available for export. If the field is true, then logs from all the projects, folders, and billing accounts contained in the sink's parent resource are also available for export. Whether a particular log entry from the children is exported depends on the sink's filter expression.
## GCP Permissions
-Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/api/logging.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_logging_project_sinks.md b/docs/resources/google_logging_project_sinks.md
index 865a9163d..fb688d8c7 100644
--- a/docs/resources/google_logging_project_sinks.md
+++ b/docs/resources/google_logging_project_sinks.md
@@ -1,35 +1,17 @@
---
-title: About the google_logging_project_sinks Resource
+title: About the google_logging_project_sinks resource
platform: gcp
---
-# google\_logging\_project\_sinks
-
-Use the `google_logging_project_sinks` InSpec audit resource to test properties of all, or a filtered group of, GCP compute project logging sinks for a project.
-
-
-
## Syntax
-
-A `google_logging_project_sinks` resource block collects GCP project logging sinks by project then tests that group.
-
- describe google_logging_project_sinks(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_logging_project_sink`.
-
- google_logging_project_sinks(project: 'chef-inspec-gcp').sink_names.each do |sink_name|
- describe google_logging_project_sink(project: 'chef-inspec-gcp', sink: sink_name) do
- it { should exist }
- end
- end
-
-
+A `google_logging_project_sinks` is used to test a Google ProjectSink resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_logging_project_sinks(project: 'chef-gcp-inspec') do
+ its('names') { should include 'inspec-gcp-org-sink' }
+end
+```
### Test that there are no more than a specified number of sinks available for the project
@@ -56,22 +38,22 @@ The following examples show how to use this InSpec audit resource.
its('writer_identity') { should eq "serviceAccount:my-logging-service-account.iam.gserviceaccount.com" }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `sink_name`; `sink_filter` and `sink_destination`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_logging_project_sinks` resource:
-* `sink_names` - an array of google_logging_project_sink name strings
-* `sink_destinations`- an array of google_logging_project_sink destinations
-* `sink_filters`- an array of google_logging_project_sink filters
-
-
+See [google_logging_project_sink.md](google_logging_project_sink.md) for more detailed information
+ * `projects`: an array of `google_logging_project_sink` project
+ * `names`: an array of `google_logging_project_sink` name
+ * `filters`: an array of `google_logging_project_sink` filter
+ * `destinations`: an array of `google_logging_project_sink` destination
+ * `writer_identities`: an array of `google_logging_project_sink` writer_identity
+ * `include_children`: an array of `google_logging_project_sink` include_children
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/api/logging.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_organization.md b/docs/resources/google_organization.md
index 44437f9db..816ed7dda 100644
--- a/docs/resources/google_organization.md
+++ b/docs/resources/google_organization.md
@@ -1,32 +1,19 @@
---
-title: About the google_organization Resource
+title: About the google_organization resource
platform: gcp
---
-# google\_organization
-
-Use the `google_organization` InSpec audit resource to test properties of a GCP organization.
-
-
-
## Syntax
-
-Google organization have a name, display name (or domain) and lifecycle state. For more info, please see [here](https://cloud.google.com/resource-manager/docs/creating-managing-organization).
-
-A `google_organization` resource block declares the tests for a single GCP organization identified by `name`:
-
- describe google_organization(display_name: 'organizations/1234') do
- it { should exist }
- its('name') { should eq 'organizations/1234' }
- its('display_name') { should eq 'google.com' }
- its('lifecycle_state') { should eq 'ACTIVE' }
- end
-
-
+A `google_organization` is used to test a Google Organization resource
## Examples
+```
-The following examples show how to use this InSpec audit resource.
+describe google_organization(name: "organizations/123456") do
+ its('name') { should eq "organizations/123456" }
+ its('lifecycle_state') { should cmp 'ACTIVE' }
+end
+```
### Test that a GCP organization has the expected name
@@ -40,15 +27,23 @@ The following examples show how to use this InSpec audit resource.
its('lifecycle_state') { should eq "ACTIVE" }
end
-
-
## Properties
+Properties that can be accessed from the `google_organization` resource:
+
+
+ * `name`: The resource name of the organization. This is the organization's relative path in the API. Its format is "organizations/[organizationId]". For example, "organizations/1234".
+
+ * `display_name`: A human-readable string that refers to the Organization in the GCP Console UI. This string is set by the server and cannot be changed. The string will be set to the primary domain (for example, "google.com") of the G Suite customer that owns the organization.
+
+ * `lifecycle_state`: The lifecycle state of the folder. Updates to the lifecycleState must be performed via folders.delete and folders.undelete.
+
+ * `creation_time`: Timestamp when the Organization was created. Assigned by the server.
-* `name`, `display_name`, `lifecycle_state`
+ * `owner`: The entity that owns the Organization
-
+ * `directory_customer_id`: The G Suite customer id used in the Directory API
## GCP Permissions
-Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_organization_iam_binding.md b/docs/resources/google_organization_iam_binding.md
new file mode 100644
index 000000000..cb7f51c9c
--- /dev/null
+++ b/docs/resources/google_organization_iam_binding.md
@@ -0,0 +1,28 @@
+---
+title: About the google_organization_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_organization_iam_binding` is used to test a Google Organization Iam Bindings
+
+## Examples
+```
+describe google_organization_iam_binding(name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+
+## Properties
+Properties that can be accessed from the `google_organization_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_organization_iam_policy.md b/docs/resources/google_organization_iam_policy.md
new file mode 100644
index 000000000..68441a41e
--- /dev/null
+++ b/docs/resources/google_organization_iam_policy.md
@@ -0,0 +1,48 @@
+---
+title: About the google_organization_iam_policy resource
+platform: gcp
+---
+
+## Syntax
+A `google_organization_iam_policy` is used to test a Google Organization Iam Policy resource
+
+## Examples
+```
+describe google_organization_iam_policy(name: "name") do
+ it { should exist }
+end
+
+google_organization_iam_policy(name: "name").bindings.each do |binding|
+ describe binding do
+ its('role') { should eq 'roles/editor'}
+ its('members') { should include 'user:testuser@example.com'}
+ end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_organization_iam_policy` resource:
+
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
+ * `bindings`: Associates a list of members to a role.
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+ * `audit_configs`: Specifies cloud audit logging configuration for this policy.
+
+ * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
+
+ * `audit_log_configs`: The configuration for logging of each type of permission.
+
+ * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
+
+ * `exempted_members`: Specifies the identities that do not cause logging for this type of permission.
+
+
+
+## GCP Permissions
+
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_organizations.md b/docs/resources/google_organizations.md
index 5b0c7b355..4737af65e 100644
--- a/docs/resources/google_organizations.md
+++ b/docs/resources/google_organizations.md
@@ -1,37 +1,18 @@
---
-title: About the google_organizations Resource
+title: About the google_organizations resource
platform: gcp
---
-# google\_organizations
-
-Use the `google_organizations` InSpec audit resource to test properties of all, or a filtered group of, GCP
-organizations.
-
-
-
## Syntax
-
-A `google_organizations` resource block collects GCP organizations then tests that group.
-
- describe google_organizations do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_organization`.
-
- google_organizations.names.each do |name|
- describe google_organization(name: name) do
- it { should exist }
- its('lifecycle_state') { should eq "ACTIVE" }
- end
- end
-
-
+A `google_organizations` is used to test a Google Organization resource
## Examples
+```
-The following examples show how to use this InSpec audit resource.
+describe google_organizations do
+ its('names') { should include "organizations/123456" }
+end
+```
### Test that there are no more than a specified number of organizations available
@@ -64,22 +45,21 @@ The following examples show how to use this InSpec audit resource.
it { should exist }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `name`; `display_name` and `lifecycle_state`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_organizations` resource:
-* `names` - an array of google_organization identifier strings
-* `display_names` - an array of google_organization display name strings
-* `lifecycle_state`- an array of google_organization lifecycle state strings
-
-
+See [google_organization.md](google_organization.md) for more detailed information
+ * `names`: an array of `google_organization` name
+ * `display_names`: an array of `google_organization` display_name
+ * `lifecycle_states`: an array of `google_organization` lifecycle_state
+ * `creation_times`: an array of `google_organization` creation_time
+ * `owners`: an array of `google_organization` owner
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project.md b/docs/resources/google_project.md
index 99ef1cf34..71567fcbd 100644
--- a/docs/resources/google_project.md
+++ b/docs/resources/google_project.md
@@ -1,37 +1,19 @@
---
-title: About the google_project Resource
+title: About the google_project resource
platform: gcp
---
-# google\_project
-
-Use the `google_project` InSpec audit resource to test properties of a GCP project.
-
-
-
## Syntax
-
-Google projects have a name, ID and number as described [here](https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects).
-
-A `google_project` resource block declares the tests for a single GCP project identified by `project_id` or `project_number`:
-
- describe google_project(project: 'chef-inspec-gcp') do
- it { should exist }
- its('name') { should eq 'chef-inspec-gcp' }
- its('project_number') { should eq 12345678 }
- end
-
- describe google_project(project: 12345678) do
- it { should exist }
- its('name') { should eq 'chef-inspec-gcp' }
- its('project_number') { should eq 12345678 }
- end
-
-
+A `google_project` is used to test a Google Project resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_project(project: 'chef-gcp-inspec') do
+ it { should exist }
+ its('project_id') { should cmp 'chef-gcp-inspec' }
+ its('lifecycle_state') { should cmp 'ACTIVE' }
+end
+```
### Test that a GCP project has the expected project number
@@ -51,15 +33,29 @@ The following examples show how to use this InSpec audit resource.
it {should match '^(winter|spring|summer|autumn)$' }
end
-
-
## Properties
+Properties that can be accessed from the `google_project` resource:
+
+
+ * `number`: Number uniquely identifying the project.
+
+ * `lifecycle_state`: The Project lifecycle state.
+
+ * `name`: The user-assigned display name of the Project. It must be 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point.
+
+ * `create_time`: Time of creation
+
+ * `labels`: The labels associated with this Project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label values must be between 0 and 63 characters long and must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. No more than 256 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed
+
+ * `parent`: A parent organization
+
+ * `type`: Must be organization.
-* `create_time`, `lifecycle_state`, `name`, `parent`, `project_id`, `project_number`, `label_value_by_key`
+ * `id`: Id of the organization
-
+ * `project_id`: The unique, user-assigned ID of the Project. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.
## GCP Permissions
-Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project_alert_policies.md b/docs/resources/google_project_alert_policies.md
index c811497b0..fcdd009b6 100644
--- a/docs/resources/google_project_alert_policies.md
+++ b/docs/resources/google_project_alert_policies.md
@@ -1,36 +1,19 @@
---
-title: About the google_project_alert_policies Resource
+title: About the google_project_alert_policies resource
platform: gcp
---
-# google\_compute\_alert\_policies
-
-Use the `google_project_alert_policies` InSpec audit resource to test properties of all, or a filtered group of, GCP project alert policies.
-
-
-
## Syntax
-
-A `google_project_alert_policies` resource block collects GCP project alert policies by project then tests that group.
-
- describe google_project_alert_policies(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_project_alert_policy`.
-
- google_project_alert_policies(project: 'chef-inspec-gcp').policy_names.each do |policy_name|
- describe google_project_alert_policy(policy: policy_name) do
- it { should exist }
- it { should be_enabled }
- end
- end
-
-
+A `google_project_alert_policies` is used to test a Google AlertPolicy resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_project_alert_policies(project: 'chef-gcp-inspec') do
+ it { should exist }
+ its('policy_display_names') { should include 'Display'}
+ its('combiners') { should include 'OR'}
+end
+```
### Test that there are no more than a specified number of project alert policies available for the project
@@ -55,24 +38,25 @@ The following examples show how to use this InSpec audit resource.
describe google_project_alert_policies(project: 'chef-inspec-gcp') do
its('policy_enabled_states') { should_not include false }
end
-
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `policy_name`; `policy_display_name`; `policy_filter_list` and `policy_enabled_state`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_project_alert_policies` resource:
+
+See [google_project_alert_policy.md](google_project_alert_policy.md) for more detailed information
+ * `policy_names`: an array of `google_project_alert_policy` name
+ * `policy_display_names`: an array of `google_project_alert_policy` display_name
+ * `combiners`: an array of `google_project_alert_policy` combiner
+ * `creation_records`: an array of `google_project_alert_policy` creation_record
+ * `policy_enabled_states`: an array of `google_project_alert_policy` enabled
+ * `conditions`: an array of `google_project_alert_policy` conditions
+ * `notification_channels`: an array of `google_project_alert_policy` notification_channels
+ * `user_labels`: an array of `google_project_alert_policy` user_labels
+ * `documentations`: an array of `google_project_alert_policy` documentation
-* `policy_names` - an array of google_project_alert_policy name strings
-* `policy_display_names` - an array of google_project_alert_policy display name strings
-* `policy_enabled_states`- an array of google_project_alert_policy enabled status booleans
-* `policy_filter_lists`- an array of google_project_alert_policy_condition filter string arrays
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/api/logging.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Stackdriver Monitoring API](https://console.cloud.google.com/apis/library/monitoring.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project_alert_policy.md b/docs/resources/google_project_alert_policy.md
index fa44418d2..e0232b898 100644
--- a/docs/resources/google_project_alert_policy.md
+++ b/docs/resources/google_project_alert_policy.md
@@ -1,49 +1,132 @@
---
-title: About the google_project_alert_policy Resource
+title: About the google_project_alert_policy resource
platform: gcp
---
-# google\_project\_alert\_policy
-
-Use the `google_project_alert_policy` InSpec audit resource to test properties of a single GCP project alert policy.
-
-
-
## Syntax
+A `google_project_alert_policy` is used to test a Google AlertPolicy resource
-A `google_project_alert_policy` resource block declares the tests for a single GCP project alert policy by name.
-
- describe google_project_alert_policy(policy: 'projects/spaterson-project/alertPolicies/9271751234503117449') do
+## Examples
+```
+describe.one do
+ google_project_alert_policies(project: 'chef-gcp-inspec').policy_names do |policy_name|
+ describe google_project_alert_policy(project: 'chef-gcp-inspec', name: policy_name) do
it { should exist }
+ its('display_name') { should cmp 'Display'}
+ its('combiner') { should cmp 'OR'}
+ it { should be_enabled }
end
-
-
-
-## Examples
-
-The following examples show how to use this InSpec audit resource.
+ end
+end
+```
### Test that a GCP alert policy is enabled
- describe google_project_alert_policy(policy: 'projects/spaterson-project/alertPolicies/9271751234503117449') do
+ describe google_project_alert_policy(policy: 'spaterson', name: '9271751234503117449') do
it { should be_enabled }
end
### Test that a GCP compute alert policy display name is correct
- describe google_project_alert_policy(policy: 'projects/spaterson-project/alertPolicies/9271751234503117449') do
+ describe google_project_alert_policy(policy: 'spaterson-project', name: '9271751234503117449') do
its('display_name') { should eq 'policy name' }
end
-
-
## Properties
+Properties that can be accessed from the `google_project_alert_policy` resource:
+
+
+ * `name`: The unique resource name for this policy. Its syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]
+
+ * `display_name`: A short name or phrase used to identify the policy in dashboards, notifications, and incidents. To avoid confusion, don't use the same display name for multiple policies in the same project. The name is limited to 512 Unicode characters.
+
+ * `combiner`: How to combine the results of multiple conditions to determine if an incident should be opened.
+
+ * `creation_record`: A read-only record of the creation of the alerting policy. If provided in a call to create or update, this field will be ignored.
+
+ * `mutate_time`: When the change occurred.
+
+ * `mutated_by`: The email address of the user making the change.
+
+ * `enabled`: Whether or not the policy is enabled. The default is true.
+
+ * `conditions`: A list of conditions for the policy. The conditions are combined by AND or OR according to the combiner field. If the combined conditions evaluate to true, then an incident is created. A policy can have from one to six conditions.
+
+ * `condition_absent`: A condition that checks that a time series continues to receive new data points.
+
+ * `aggregations`: Specifies the alignment of data points in individual time series as well as how to combine the retrieved time series together (such as when aggregating multiple streams on each resource to a single stream for each resource or when aggregating streams across all members of a group of resources). Multiple aggregations are applied in the order specified.
+
+ * `per_series_aligner`: The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
+
+ * `group_by_fields`: The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored.
+
+ * `alignment_period`: The alignment period for per-time series alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned.
+
+ * `cross_series_reducer`: The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
+
+ * `trigger`: The number/percent of time series for which the comparison must hold in order for the condition to trigger. If unspecified, then the condition will trigger if the comparison is true for any of the time series that have been identified by filter and aggregations.
+
+ * `percent`: The percentage of time series that must fail the predicate for the condition to be triggered.
+
+ * `count`: The absolute number of time series that must fail the predicate for the condition to be triggered.
+
+ * `duration`: The amount of time that a time series must fail to report new data to be considered failing. Currently, only values that are a multiple of a minute--e.g. 60s, 120s, or 300s --are supported.
+
+ * `filter`: A filter that identifies which time series should be compared with the threshold.The filter is similar to the one that is specified in the MetricService.ListTimeSeries request (that call is useful to verify the time series that will be retrieved / processed) and must specify the metric type and optionally may contain restrictions on resource type, resource labels, and metric labels. This field may not exceed 2048 Unicode characters in length.
+
+ * `name`: The unique resource name for this condition. Its syntax is: projects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID] [CONDITION_ID] is assigned by Stackdriver Monitoring when the condition is created as part of a new or updated alerting policy.
+
+ * `condition_threshold`: A condition that compares a time series against a threshold.
+
+ * `threshold_value`: A value against which to compare the time series.
+
+ * `denominator_filter`: A filter that identifies a time series that should be used as the denominator of a ratio that will be compared with the threshold. If a denominator_filter is specified, the time series specified by the filter field will be used as the numerator.The filter is similar to the one that is specified in the MetricService.ListTimeSeries request (that call is useful to verify the time series that will be retrieved / processed) and must specify the metric type and optionally may contain restrictions on resource type, resource labels, and metric labels. This field may not exceed 2048 Unicode characters in length.
+
+ * `denominator_aggregations`: Specifies the alignment of data points in individual time series selected by denominatorFilter as well as how to combine the retrieved time series together (such as when aggregating multiple streams on each resource to a single stream for each resource or when aggregating streams across all members of a group of resources).When computing ratios, the aggregations and denominator_aggregations fields must use the same alignment period and produce time series that have the same periodicity and labels.This field is similar to the one in the MetricService.ListTimeSeries request. It is advisable to use the ListTimeSeries method when debugging this field.
+
+ * `per_series_aligner`: The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
+
+ * `group_by_fields`: The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored.
+
+ * `alignment_period`: The alignment period for per-time series alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned.
+
+ * `cross_series_reducer`: The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
+
+ * `duration`: The amount of time that a time series must violate the threshold to be considered failing. Currently, only values that are a multiple of a minute--e.g., 0, 60, 120, or 300 seconds--are supported. If an invalid value is given, an error will be returned. When choosing a duration, it is useful to keep in mind the frequency of the underlying time series data (which may also be affected by any alignments specified in the aggregations field); a good duration is long enough so that a single outlier does not generate spurious alerts, but short enough that unhealthy states are detected and alerted on quickly.
+
+ * `comparison`: The comparison to apply between the time series (indicated by filter and aggregation) and the threshold (indicated by threshold_value). The comparison is applied on each time series, with the time series on the left-hand side and the threshold on the right-hand side. Only COMPARISON_LT and COMPARISON_GT are supported currently.
+
+ * `trigger`: The number/percent of time series for which the comparison must hold in order for the condition to trigger. If unspecified, then the condition will trigger if the comparison is true for any of the time series that have been identified by filter and aggregations, or by the ratio, if denominator_filter and denominator_aggregations are specified.
+
+ * `percent`: The percentage of time series that must fail the predicate for the condition to be triggered.
+
+ * `count`: The absolute number of time series that must fail the predicate for the condition to be triggered.
+
+ * `aggregations`: Specifies the alignment of data points in individual time series as well as how to combine the retrieved time series together (such as when aggregating multiple streams on each resource to a single stream for each resource or when aggregating streams across all members of a group of resources). Multiple aggregations are applied in the order specified.This field is similar to the one in the MetricService.ListTimeSeries request. It is advisable to use the ListTimeSeries method when debugging this field.
+
+ * `per_series_aligner`: The approach to be used to align individual time series. Not all alignment functions may be applied to all time series, depending on the metric type and value type of the original time series. Alignment may change the metric type or the value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
+
+ * `group_by_fields`: The set of fields to preserve when crossSeriesReducer is specified. The groupByFields determine how the time series are partitioned into subsets prior to applying the aggregation function. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The crossSeriesReducer is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains resource.type. Fields not specified in groupByFields are aggregated away. If groupByFields is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If crossSeriesReducer is not defined, this field is ignored.
+
+ * `alignment_period`: The alignment period for per-time series alignment. If present, alignmentPeriod must be at least 60 seconds. After per-time series alignment, each time series will contain data points only on the period boundaries. If perSeriesAligner is not specified or equals ALIGN_NONE, then this field is ignored. If perSeriesAligner is specified and does not equal ALIGN_NONE, then this field must be defined; otherwise an error is returned.
+
+ * `cross_series_reducer`: The approach to be used to combine time series. Not all reducer functions may be applied to all time series, depending on the metric type and the value type of the original time series. Reduction may change the metric type of value type of the time series.Time series data must be aligned in order to perform cross- time series reduction. If crossSeriesReducer is specified, then perSeriesAligner must be specified and not equal ALIGN_NONE and alignmentPeriod must be specified; otherwise, an error is returned.
+
+ * `filter`: A filter that identifies which time series should be compared with the threshold.The filter is similar to the one that is specified in the MetricService.ListTimeSeries request (that call is useful to verify the time series that will be retrieved / processed) and must specify the metric type and optionally may contain restrictions on resource type, resource labels, and metric labels. This field may not exceed 2048 Unicode characters in length.
+
+ * `display_name`: A short name or phrase used to identify the condition in dashboards, notifications, and incidents. To avoid confusion, don't use the same display name for multiple conditions in the same policy.
+
+ * `notification_channels`: Identifies the notification channels to which notifications should be sent when incidents are opened or closed or when new violations occur on an already opened incident. Each element of this array corresponds to the name field in each of the NotificationChannel objects that are returned from the notificationChannels.list method. The syntax of the entries in this field is `projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]`
+
+ * `user_labels`: This field is intended to be used for organizing and identifying the AlertPolicy objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.
+
+ * `documentation`: A short name or phrase used to identify the policy in dashboards, notifications, and incidents. To avoid confusion, don't use the same display name for multiple policies in the same project. The name is limited to 512 Unicode characters.
-* `combiner`, `conditions`, `creation_record`, `display_name`, `enabled`, `mutation_record`, `name`
+ * `content`: The text of the documentation, interpreted according to mimeType. The content may not exceed 8,192 Unicode characters and may not exceed more than 10,240 bytes when encoded in UTF-8 format, whichever is smaller.
-
+ * `mime_type`: The format of the content field. Presently, only the value "text/markdown" is supported.
## GCP Permissions
-Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/api/logging.googleapis.com/) is enabled for the project.
+Ensure the [Stackdriver Monitoring API](https://console.cloud.google.com/apis/library/monitoring.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project_iam_binding.md b/docs/resources/google_project_iam_binding.md
index d7de9aa35..21c37dad1 100644
--- a/docs/resources/google_project_iam_binding.md
+++ b/docs/resources/google_project_iam_binding.md
@@ -1,49 +1,48 @@
---
-title: About the google_project_iam_binding Resource
+title: About the google_project_iam_binding resource
platform: gcp
---
-# google\_project\_iam\_binding
-
-Use the `google_project_iam_binding` InSpec audit resource to test properties of a single GCP project IAM binding.
-
-
-
## Syntax
-
-A `google_project_iam_binding` resource block declares the tests for a single GCP project IAM binding by role.
-
- describe google_project_iam_binding(project: 'chef-inspec-gcp', role: 'roles/compute.admin') do
- it { should exist }
- end
-
-
+A `google_project_iam_binding` is used to test a Google Project Iam Bindings
## Examples
+```
+describe google_project_iam_binding(project: "project", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+
+This resource supports [IAM conditions](https://cloud.google.com/iam/docs/conditions-overview). Specifying a `condition` in the constructor matches only bindings with that condition. `condition` has three possible fields, `title`, `expression` and `description`. If any of these fields are unspecified they will not be matched.
+
+```
+describe google_project_iam_binding(project: "project", role: "roles/browser", condition: { title: "my title" }) do
+ it { should exist }
+ its('members.count'){ should cmp 1 }
+ its('members') { should include 'user:testuser@example.com' }
+ its('condition.title') {should cmp 'my title' }
+ its('condition.expression') { should cmp "request.time < timestamp('2020-10-01T00:00:00.000Z')" }
+end
+```
-The following examples show how to use this InSpec audit resource.
-
-### Test that a GCP project iam_binding exists
-
- describe google_project_iam_binding(project: 'chef-inspec-gcp', role: 'roles/compute.admin') do
- it { should exist }
- end
+## Properties
+Properties that can be accessed from the `google_project_iam_binding` resource:
-### Test that a GCP project IAM binding role has the desired user included
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
- describe google_project_iam_binding(project: 'chef-inspec-gcp', role: 'roles/compute.admin') do
- its('members') {should include 'user:someuser@domain.com' }
- end
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
-
+ * `condition`: Contains information about when this binding is to be applied.
-## Properties
+ * `expression`: Textual representation of an expression in Common Expression Language syntax.
-* `members`
+ * `title`: An optional title for the expression, i.e. a short string describing its purpose.
-
+ * `description`: An optional description of the expression. This is a longer text which describes the expression.
## GCP Permissions
-Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project_iam_bindings.md b/docs/resources/google_project_iam_bindings.md
index 05bfad6cc..bdccd49c4 100644
--- a/docs/resources/google_project_iam_bindings.md
+++ b/docs/resources/google_project_iam_bindings.md
@@ -5,6 +5,8 @@ platform: gcp
# google\_project\_iam\_bindings
+**This resource is deprecated. Please use `google_project_iam_policy` instead**
+
Use the `google_project_iam_bindings` InSpec audit resource to test properties of all, or a filtered group of, GCP project IAM bindings.
diff --git a/docs/resources/google_project_iam_custom_role.md b/docs/resources/google_project_iam_custom_role.md
index ee3690c11..1598257c5 100644
--- a/docs/resources/google_project_iam_custom_role.md
+++ b/docs/resources/google_project_iam_custom_role.md
@@ -1,28 +1,23 @@
---
-title: About the google_project_iam_custom_role Resource
+title: About the google_project_iam_custom_role resource
platform: gcp
---
-# google\_project\_iam\_custom\_role
-
-Use the `google_project_iam_custom_role` InSpec audit resource to test properties of a GCP project IAM custom role.
-
-
s
-
## Syntax
-
-A `google_project_iam_custom_role` resource block declares the tests for a single GCP project IAM custom role by project and name.
-
- describe google_project_iam_custom_role(project: 'chef-inspec-gcp', name: 'chef-inspec-gcp-role-abcd') do
- it { should exist }
- its('name') { should eq 'chef-inspec-gcp-role-abcd' }
- end
-
-
+A `google_project_iam_custom_role` is used to test a Google CustomRole resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_project_iam_custom_role(project: 'chef-gcp-inspec', name: 'admin-role') do
+ it { should exist }
+ its('stage') { should eq 'GA' }
+ its('included_permissions') { should eq ["iam.roles.list"] }
+end
+
+describe google_project_iam_custom_role(project: 'chef-gcp-inspec', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP project IAM custom role has the expected stage in the launch lifecycle
@@ -36,15 +31,23 @@ The following examples show how to use this InSpec audit resource.
its('included_permissions') { should eq ["iam.roles.list"] }
end
-
-
## Properties
+Properties that can be accessed from the `google_project_iam_custom_role` resource:
+
+
+ * `name`: The name of the role.
+
+ * `title`: A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
+
+ * `description`: Human-readable description for the role
+
+ * `included_permissions`: Names of permissions this role grants when bound in an IAM policy.
-* `description`, `etag`, `included_permissions`, `name`, `stage`, `title`
+ * `stage`: The current launch stage of the role.
-
+ * `deleted`: The current deleted state of the role
## GCP Permissions
-Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project_iam_custom_roles.md b/docs/resources/google_project_iam_custom_roles.md
new file mode 100644
index 000000000..7f8399509
--- /dev/null
+++ b/docs/resources/google_project_iam_custom_roles.md
@@ -0,0 +1,33 @@
+---
+title: About the google_project_iam_custom_roles resource
+platform: gcp
+---
+
+## Syntax
+A `google_project_iam_custom_roles` is used to test a Google CustomRole resource
+
+## Examples
+```
+describe google_project_iam_custom_roles(project: 'chef-gcp-inspec') do
+ its('names') { should include "projects/project-id/roles/role-id" }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_project_iam_custom_roles` resource:
+
+See [google_project_iam_custom_role.md](google_project_iam_custom_role.md) for more detailed information
+ * `names`: an array of `google_project_iam_custom_role` name
+ * `titles`: an array of `google_project_iam_custom_role` title
+ * `descriptions`: an array of `google_project_iam_custom_role` description
+ * `included_permissions`: an array of `google_project_iam_custom_role` included_permissions
+ * `stages`: an array of `google_project_iam_custom_role` stage
+ * `deleteds`: an array of `google_project_iam_custom_role` deleted
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project_iam_policy.md b/docs/resources/google_project_iam_policy.md
new file mode 100644
index 000000000..7c5962dd9
--- /dev/null
+++ b/docs/resources/google_project_iam_policy.md
@@ -0,0 +1,58 @@
+---
+title: About the google_project_iam_policy resource
+platform: gcp
+---
+
+## Syntax
+A `google_project_iam_policy` is used to test a Google Project Iam Policy resource
+
+## Examples
+```
+describe google_project_iam_policy(project: "project") do
+ it { should exist }
+end
+
+google_project_iam_policy(project: "project").bindings.each do |binding|
+ describe binding do
+ its('role') { should eq 'roles/editor'}
+ its('members') { should include 'user:testuser@example.com'}
+ end
+end
+```
+
+This resource supports [IAM conditions](https://cloud.google.com/iam/docs/conditions-overview).
+
+## Properties
+Properties that can be accessed from the `google_project_iam_policy` resource:
+
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
+ * `bindings`: Associates a list of members to a role.
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+ * `condition`: Contains information about when this binding is to be applied.
+
+ * `expression`: Textual representation of an expression in Common Expression Language syntax.
+
+ * `title`: An optional title for the expression, i.e. a short string describing its purpose.
+
+ * `description`: An optional description of the expression. This is a longer text which describes the expression.
+
+ * `audit_configs`: Specifies cloud audit logging configuration for this policy.
+
+ * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
+
+ * `audit_log_configs`: The configuration for logging of each type of permission.
+
+ * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
+
+ * `exempted_members`: Specifies the identities that do not cause logging for this type of permission.
+
+
+
+## GCP Permissions
+
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project_metric.md b/docs/resources/google_project_metric.md
index bc070c96a..bcec72dfc 100644
--- a/docs/resources/google_project_metric.md
+++ b/docs/resources/google_project_metric.md
@@ -1,27 +1,24 @@
---
-title: About the google_project_metric Resource
+title: About the google_project_metric resource
platform: gcp
---
-# google\_project\_metric
-
-Use the `google_project_metric` InSpec audit resource to test properties of a single GCP project metric.
-
-
-
## Syntax
-
-A `google_project_metric` resource block declares the tests for a single GCP zone by project and name.
-
- describe google_project_metric(project: 'chef-inspec-gcp', metric: 'metric_name') do
- it { should exist }
- end
-
-
+A `google_project_metric` is used to test a Google Metric resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_project_metric(project: 'chef-gcp-inspec', name: 'some/metric') do
+ it { should exist }
+ its('filter') { should cmp 'resource.type=gae_app AND severity>=ERROR' }
+ its('metric_descriptor.metric_kind') { should cmp 'DELTA' }
+ its('metric_descriptor.value_type') { should cmp 'INT64' }
+end
+
+describe google_project_metric(project: 'chef-gcp-inspec', name: 'nonexistent') do
+ it { should_not exist }
+end
+```
### Test that a GCP project metric exists
@@ -35,15 +32,63 @@ The following examples show how to use this InSpec audit resource.
its('filter') { should eq "(protoPayload.serviceName=\"cloudresourcemanager.googleapis.com\")" }
end
-
-
## Properties
+Properties that can be accessed from the `google_project_metric` resource:
+
+
+ * `name`: The client-assigned metric identifier. Examples - "error_count", "nginx/requests". Metric identifiers are limited to 100 characters and can include only the following characters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash character (/) denotes a hierarchy of name pieces, and it cannot be the first character of the name.
+
+ * `description`: A description of this metric, which is used in documentation. The maximum length of the description is 8000 characters.
+
+ * `filter`: An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which is used to match log entries.
+
+ * `metric_descriptor`: The metric descriptor associated with the logs-based metric.
+
+ * `unit`: The unit in which the metric value is reported. It is only applicable if the valueType is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The supported units are a subset of [The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard
+
+ * `value_type`: Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. For counter metrics, set this to INT64.
+
+ * `metric_kind`: Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. For counter metrics, set this to DELTA.
+
+ * `labels`: The set of labels that can be used to describe a specific instance of this metric type. For example, the appengine.googleapis.com/http/server/response_latencies metric type has a label for the HTTP response code, response_code, so you can look at latencies for successful responses or just for responses that failed.
+
+ * `key`: The label key.
+
+ * `description`: A human-readable description for the label.
+
+ * `value_type`: The type of data that can be assigned to the label.
+
+ * `display_name`: A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example "Request count". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota.
+
+ * `type`: The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`.
+
+ * `label_extractors`: A map from a label key string to an extractor expression which is used to extract data from a log entry field and assign as the label value. Each label key specified in the LabelDescriptor must have an associated extractor expression in this map. The syntax of the extractor expression is the same as for the valueExtractor field.
+
+ * `value_extractor`: A valueExtractor is required when using a distribution logs-based metric to extract the values to record from a log entry. Two functions are supported for value extraction - EXTRACT(field) or REGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which the value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax (https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified log entry field. The value of the field is converted to a string before applying the regex. It is an error to specify a regex that does not include exactly one capture group.
+
+ * `bucket_options`: The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it describes the bucket boundaries used to create a histogram of the extracted values.
+
+ * `linear_buckets`: Specifies a linear sequence of buckets that all have the same width (except overflow and underflow). Each bucket represents a constant absolute uncertainty on the specific value in the bucket.
+
+ * `num_finite_buckets`: Must be greater than 0.
+
+ * `width`: Must be greater than 0.
+
+ * `offset`: Lower bound of the first bucket.
+
+ * `exponential_buckets`: Specifies an exponential sequence of buckets that have a width that is proportional to the value of the lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket.
+
+ * `num_finite_buckets`: Must be greater than 0.
+
+ * `growth_factor`: Must be greater than 1.
+
+ * `scale`: Must be greater than 0.
-* `filter`, `name`, `metric_descriptor`
+ * `explicit_buckets`: Specifies a set of buckets with arbitrary widths.
-
+ * `bounds`: The values must be monotonically increasing.
## GCP Permissions
-Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/api/logging.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project_metrics.md b/docs/resources/google_project_metrics.md
index 0cf9391a0..557a6a9a0 100644
--- a/docs/resources/google_project_metrics.md
+++ b/docs/resources/google_project_metrics.md
@@ -1,35 +1,27 @@
---
-title: About the google_project_metrics Resource
+title: About the google_project_metrics resource
platform: gcp
---
-# google\_project\_metrics
-
-Use the `google_project_metrics` InSpec audit resource to test properties of all, or a filtered group of, GCP project metrics.
-
-
-
## Syntax
-
-A `google_project_metrics` resource block collects GCP project logging sinks by project then tests that group.
-
- describe google_project_metrics(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_project_metric`.
-
- google_project_metrics(project: 'chef-inspec-gcp').sink_names.each do |metric_name|
- describe google_project_metric(project: 'chef-inspec-gcp', metric: metric_name) do
- it { should exist }
- end
- end
-
-
+A `google_project_metrics` is used to test a Google Metric resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_project_metrics(project: 'chef-gcp-inspec') do
+ it { should exist }
+ its('metric_filters') { should include 'resource.type=gae_app AND severity>=ERROR' }
+ its('metric_names') { should include 'some/metric' }
+end
+
+describe.one do
+ google_project_metrics(project: 'chef-gcp-inspec').metric_types.each do |metric_type|
+ describe metric_type do
+ it { should match 'some/metric' }
+ end
+ end
+end
+```
### Test that there are no more than a specified number of metrics available for the project
@@ -50,22 +42,23 @@ The following examples show how to use this InSpec audit resource.
its('filter') { should eq "(protoPayload.serviceName=\"cloudresourcemanager.googleapis.com\")" }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `metric_name`; `metric_type` and `metric_filter`. Either of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_project_metrics` resource:
-* `metric_names` - an array of google_project_metric name strings
-* `metric_filters`- an array of google_project_metric filter strings
-* `metric_types` - an array of google_project_metric type strings
-
-
+See [google_project_metric.md](google_project_metric.md) for more detailed information
+ * `metric_names`: an array of `google_project_metric` name
+ * `descriptions`: an array of `google_project_metric` description
+ * `metric_filters`: an array of `google_project_metric` filter
+ * `metric_descriptors`: an array of `google_project_metric` metric_descriptor
+ * `label_extractors`: an array of `google_project_metric` label_extractors
+ * `value_extractors`: an array of `google_project_metric` value_extractor
+ * `bucket_options`: an array of `google_project_metric` bucket_options
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/api/logging.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_project_service.md b/docs/resources/google_project_service.md
index 99f05564e..0f8f2f890 100644
--- a/docs/resources/google_project_service.md
+++ b/docs/resources/google_project_service.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_project_service` is used to test a Google Service resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_project_service(project: 'chef-gcp-inspec', name: 'maps-android-backend.googleapis.com') do
diff --git a/docs/resources/google_project_services.md b/docs/resources/google_project_services.md
index bffba8a86..62f003225 100644
--- a/docs/resources/google_project_services.md
+++ b/docs/resources/google_project_services.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_project_services` is used to test a Google Service resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe.one do
diff --git a/docs/resources/google_projects.md b/docs/resources/google_projects.md
index b0a3fce15..467c889da 100644
--- a/docs/resources/google_projects.md
+++ b/docs/resources/google_projects.md
@@ -1,36 +1,19 @@
---
-title: About the google_projects Resource
+title: About the google_projects resource
platform: gcp
---
-# google\_projects
-
-Use the `google_projects` InSpec audit resource to test properties of all, or a filtered group of, GCP projects in a particular organisation.
-
-
-
## Syntax
-
-A `google_projects` resource block collects GCP projects then tests that group.
-
- describe google_projects do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_project`.
-
- google_projects.project_ids.each do |project_id|
- describe google_project(project: project_id) do
- it { should exist }
- its('lifecycle_state') { should eq "ACTIVE" }
- end
- end
-
-
+A `google_projects` is used to test a Google Project resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_projects() do
+ its('count') { should be >= 1 }
+ its('project_ids') { should include 'chef-gcp-inspec' }
+ its('lifecycle_states') { should include 'ACTIVE' }
+end
+```
### Test that there are no more than a specified number of projects available for the project
@@ -72,23 +55,23 @@ The following examples show how to use this InSpec audit resource.
it { should exist }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `project_id`; `project_name`; `project_number` and `lifecycle_state`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_projects` resource:
-* `project_ids` - an array of google_compute_project identifier strings
-* `project_names` - an array of google_compute_project name strings
-* `project_numbers`- an array of google_compute_project number identifier integers
-* `lifecycle_state`- an array of google_compute_project lifecycle state strings
-
-
+See [google_project.md](google_project.md) for more detailed information
+ * `project_numbers`: an array of `google_project` number
+ * `lifecycle_states`: an array of `google_project` lifecycle_state
+ * `project_names`: an array of `google_project` name
+ * `create_times`: an array of `google_project` create_time
+ * `labels`: an array of `google_project` labels
+ * `parents`: an array of `google_project` parent
+ * `project_ids`: an array of `google_project` project_id
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_pubsub_subscription.md b/docs/resources/google_pubsub_subscription.md
index 783017891..de1c1aab6 100644
--- a/docs/resources/google_pubsub_subscription.md
+++ b/docs/resources/google_pubsub_subscription.md
@@ -49,6 +49,12 @@ Properties that can be accessed from the `google_pubsub_subscription` resource:
* `ttl`: Specifies the "time-to-live" duration for an associated resource. The resource expires if it is not active for a period of ttl. If ttl is not set, the associated resource never expires. A duration in seconds with up to nine fractional digits, terminated by 's'. Example - "3.5s".
+ * `dead_letter_policy`: A policy that specifies the conditions for dead lettering messages in this subscription. If dead_letter_policy is not set, dead lettering is disabled. The Cloud Pub/Sub service account associated with this subscriptions's parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Acknowledge() messages on this subscription.
+
+ * `dead_letter_topic`: The name of the topic to which dead letter messages should be published. Format is `projects/{project}/topics/{topic}`. The Cloud Pub/Sub service\naccount associated with the enclosing subscription's parent project (i.e., service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Publish() to this topic. The operation will fail if the topic does not exist. Users should ensure that there is a subscription attached to this topic since messages published to a topic with no subscriptions are lost.
+
+ * `max_delivery_attempts`: The maximum number of delivery attempts for any message. The value must be between 5 and 100. The number of delivery attempts is defined as 1 + (the sum of number of NACKs and number of times the acknowledgement deadline has been exceeded for the message). A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that client libraries may automatically extend ack_deadlines. This field will be honored on a best effort basis. If this parameter is 0, a default value of 5 is used.
+
## GCP Permissions
diff --git a/docs/resources/google_pubsub_subscription_iam_binding.md b/docs/resources/google_pubsub_subscription_iam_binding.md
new file mode 100644
index 000000000..13e78b2d7
--- /dev/null
+++ b/docs/resources/google_pubsub_subscription_iam_binding.md
@@ -0,0 +1,28 @@
+---
+title: About the google_pubsub_subscription_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_pubsub_subscription_iam_binding` is used to test a Google Subscription Iam Bindings
+
+## Examples
+```
+describe google_pubsub_subscription_iam_binding(project: "project", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+
+## Properties
+Properties that can be accessed from the `google_pubsub_subscription_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_pubsub_subscription_iam_policy.md b/docs/resources/google_pubsub_subscription_iam_policy.md
index a403d34a4..893848dc4 100644
--- a/docs/resources/google_pubsub_subscription_iam_policy.md
+++ b/docs/resources/google_pubsub_subscription_iam_policy.md
@@ -23,6 +23,8 @@ end
## Properties
Properties that can be accessed from the `google_pubsub_subscription_iam_policy` resource:
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
* `bindings`: Associates a list of members to a role.
* `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
diff --git a/docs/resources/google_pubsub_subscriptions.md b/docs/resources/google_pubsub_subscriptions.md
index d95d60dd4..b2171e346 100644
--- a/docs/resources/google_pubsub_subscriptions.md
+++ b/docs/resources/google_pubsub_subscriptions.md
@@ -31,6 +31,7 @@ See [google_pubsub_subscription.md](google_pubsub_subscription.md) for more deta
* `message_retention_durations`: an array of `google_pubsub_subscription` message_retention_duration
* `retain_acked_messages`: an array of `google_pubsub_subscription` retain_acked_messages
* `expiration_policies`: an array of `google_pubsub_subscription` expiration_policy
+ * `dead_letter_policies`: an array of `google_pubsub_subscription` dead_letter_policy
## Filter Criteria
This resource supports all of the above properties as filter criteria, which can be used
diff --git a/docs/resources/google_pubsub_topic.md b/docs/resources/google_pubsub_topic.md
index e2c18a785..f9c025aeb 100644
--- a/docs/resources/google_pubsub_topic.md
+++ b/docs/resources/google_pubsub_topic.md
@@ -23,7 +23,7 @@ Properties that can be accessed from the `google_pubsub_topic` resource:
* `name`: Name of the topic.
- * `kms_key_name`: The resource name of the Cloud KMS CryptoKey to be used to protect access to messages published on this topic. Your project's PubSub service account (`service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com`) must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`
+ * `kms_key_name`: The resource name of the Cloud KMS CryptoKey to be used to protect access to messages published on this topic. Your project's PubSub service account (`service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com`) must have `roles/cloudkms.cryptoKeyEncrypterDecrypter` to use this feature. The expected format is `projects/*/locations/*/keyRings/*/cryptoKeys/*`
* `labels`: A set of key/value label pairs to assign to this Topic.
diff --git a/docs/resources/google_pubsub_topic_iam_binding.md b/docs/resources/google_pubsub_topic_iam_binding.md
new file mode 100644
index 000000000..acd5cf3c6
--- /dev/null
+++ b/docs/resources/google_pubsub_topic_iam_binding.md
@@ -0,0 +1,28 @@
+---
+title: About the google_pubsub_topic_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_pubsub_topic_iam_binding` is used to test a Google Topic Iam Bindings
+
+## Examples
+```
+describe google_pubsub_topic_iam_binding(project: "project", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+
+## Properties
+Properties that can be accessed from the `google_pubsub_topic_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_pubsub_topic_iam_policy.md b/docs/resources/google_pubsub_topic_iam_policy.md
index 36ec4bc25..b00d3227b 100644
--- a/docs/resources/google_pubsub_topic_iam_policy.md
+++ b/docs/resources/google_pubsub_topic_iam_policy.md
@@ -23,6 +23,8 @@ end
## Properties
Properties that can be accessed from the `google_pubsub_topic_iam_policy` resource:
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
* `bindings`: Associates a list of members to a role.
* `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
diff --git a/docs/resources/google_redis_instance.md b/docs/resources/google_redis_instance.md
index 08b8c9eca..87880b4ef 100644
--- a/docs/resources/google_redis_instance.md
+++ b/docs/resources/google_redis_instance.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_redis_instance` is used to test a Google Instance resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_redis_instance(project: 'chef-gcp-inspec', region: 'us-central1', name: 'my-redis-cache') do
@@ -32,6 +36,8 @@ Properties that can be accessed from the `google_redis_instance` resource:
* `authorized_network`: The full name of the Google Compute Engine network to which the instance is connected. If left unspecified, the default network will be used.
+ * `connect_mode`: The connection mode of the Redis instance. Can be either `DIRECT_PEERING` or `PRIVATE_SERVICE_ACCESS`. The default connect mode if not provided is `DIRECT_PEERING`.
+
* `create_time`: The time the instance was created in RFC3339 UTC "Zulu" format, accurate to nanoseconds.
* `current_location_id`: The current zone where the Redis endpoint is placed. For Basic Tier instances, this will always be the same as the [locationId] provided by the user at creation time. For Standard Tier instances, this can be either [locationId] or [alternativeLocationId] and can change after a failover event.
diff --git a/docs/resources/google_redis_instances.md b/docs/resources/google_redis_instances.md
index 28d4a9c64..6a994816f 100644
--- a/docs/resources/google_redis_instances.md
+++ b/docs/resources/google_redis_instances.md
@@ -6,6 +6,10 @@ platform: gcp
## Syntax
A `google_redis_instances` is used to test a Google Instance resource
+
+## Beta Resource
+This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource
+
## Examples
```
describe google_redis_instances(project: 'chef-gcp-inspec', region: 'us-central1') do
@@ -24,6 +28,7 @@ Properties that can be accessed from the `google_redis_instances` resource:
See [google_redis_instance.md](google_redis_instance.md) for more detailed information
* `alternative_location_ids`: an array of `google_redis_instance` alternative_location_id
* `authorized_networks`: an array of `google_redis_instance` authorized_network
+ * `connect_modes`: an array of `google_redis_instance` connect_mode
* `create_times`: an array of `google_redis_instance` create_time
* `current_location_ids`: an array of `google_redis_instance` current_location_id
* `display_names`: an array of `google_redis_instance` display_name
diff --git a/docs/resources/google_resourcemanager_folder_iam_binding.md b/docs/resources/google_resourcemanager_folder_iam_binding.md
new file mode 100644
index 000000000..a57afbf37
--- /dev/null
+++ b/docs/resources/google_resourcemanager_folder_iam_binding.md
@@ -0,0 +1,28 @@
+---
+title: About the google_resourcemanager_folder_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_resourcemanager_folder_iam_binding` is used to test a Google Folder Iam Bindings
+
+## Examples
+```
+describe google_resourcemanager_folder_iam_binding(name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+
+## Properties
+Properties that can be accessed from the `google_resourcemanager_folder_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_resourcemanager_folder_iam_policy.md b/docs/resources/google_resourcemanager_folder_iam_policy.md
new file mode 100644
index 000000000..d9559ac87
--- /dev/null
+++ b/docs/resources/google_resourcemanager_folder_iam_policy.md
@@ -0,0 +1,48 @@
+---
+title: About the google_resourcemanager_folder_iam_policy resource
+platform: gcp
+---
+
+## Syntax
+A `google_resourcemanager_folder_iam_policy` is used to test a Google Folder Iam Policy resource
+
+## Examples
+```
+describe google_resourcemanager_folder_iam_policy(name: "name") do
+ it { should exist }
+end
+
+google_resourcemanager_folder_iam_policy(name: "name").bindings.each do |binding|
+ describe binding do
+ its('role') { should eq 'roles/editor'}
+ its('members') { should include 'user:testuser@example.com'}
+ end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_resourcemanager_folder_iam_policy` resource:
+
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
+ * `bindings`: Associates a list of members to a role.
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+ * `audit_configs`: Specifies cloud audit logging configuration for this policy.
+
+ * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
+
+ * `audit_log_configs`: The configuration for logging of each type of permission.
+
+ * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
+
+ * `exempted_members`: Specifies the identities that do not cause logging for this type of permission.
+
+
+
+## GCP Permissions
+
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_resourcemanager_project_iam_binding.md b/docs/resources/google_resourcemanager_project_iam_binding.md
new file mode 100644
index 000000000..637b12738
--- /dev/null
+++ b/docs/resources/google_resourcemanager_project_iam_binding.md
@@ -0,0 +1,27 @@
+---
+title: About the google_resourcemanager_project_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_resourcemanager_project_iam_binding` is used to test a Google Project Iam Bindings
+
+## Examples
+```
+describe google_resourcemanager_project_iam_binding(project_id: "projectId", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_resourcemanager_project_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_resourcemanager_project_iam_policy.md b/docs/resources/google_resourcemanager_project_iam_policy.md
index 65970c3a0..17070a0b9 100644
--- a/docs/resources/google_resourcemanager_project_iam_policy.md
+++ b/docs/resources/google_resourcemanager_project_iam_policy.md
@@ -23,6 +23,8 @@ end
## Properties
Properties that can be accessed from the `google_resourcemanager_project_iam_policy` resource:
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
* `bindings`: Associates a list of members to a role.
* `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
diff --git a/docs/resources/google_runtime_config_config_iam_binding.md b/docs/resources/google_runtime_config_config_iam_binding.md
new file mode 100644
index 000000000..917b7b9d5
--- /dev/null
+++ b/docs/resources/google_runtime_config_config_iam_binding.md
@@ -0,0 +1,28 @@
+---
+title: About the google_runtime_config_config_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_runtime_config_config_iam_binding` is used to test a Google Config Iam Bindings
+
+## Examples
+```
+describe google_runtime_config_config_iam_binding(project: "project", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+
+## Properties
+Properties that can be accessed from the `google_runtime_config_config_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_runtime_config_config_iam_policy.md b/docs/resources/google_runtime_config_config_iam_policy.md
index f7692ff82..a8e5ea0a6 100644
--- a/docs/resources/google_runtime_config_config_iam_policy.md
+++ b/docs/resources/google_runtime_config_config_iam_policy.md
@@ -23,6 +23,8 @@ end
## Properties
Properties that can be accessed from the `google_runtime_config_config_iam_policy` resource:
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
* `bindings`: Associates a list of members to a role.
* `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
diff --git a/docs/resources/google_service_account.md b/docs/resources/google_service_account.md
index 2ef4cf575..6d0568702 100644
--- a/docs/resources/google_service_account.md
+++ b/docs/resources/google_service_account.md
@@ -1,28 +1,22 @@
---
-title: About the google_service_account Resource
+title: About the google_service_account resource
platform: gcp
---
-# google\_service\_account
-
-Use the `google_service_account` InSpec audit resource to test properties of a GCP project IAM service account.
-
-
-
## Syntax
-
-A `google_service_account` resource block declares the tests for a single GCP project IAM service account by fully qualified name.
-
- describe google_service_account(name: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do
- its('display_name') { should eq 'gcp-inspec-service-account' }
- its('project_id') { should eq 'chef-inspec-gcp' }
- end
-
-
+A `google_service_account` is used to test a Google ServiceAccount resource
## Examples
+```
+describe google_service_account(project: 'chef-gcp-inspec', name: "display-name@project-id.iam.gserviceaccount.com") do
+ it { should exist }
+ its('display_name') { should cmp '' }
+end
-The following examples show how to use this InSpec audit resource.
+describe google_service_account(project: 'chef-gcp-inspec', name: "nonexistent@project-id.iam.gserviceaccount.com") do
+ it { should_not exist }
+end
+```
### Test that a GCP project IAM service account has the expected unique identifier
@@ -42,15 +36,23 @@ The following examples show how to use this InSpec audit resource.
it { should have_user_managed_keys }
end
-
-
## Properties
+Properties that can be accessed from the `google_service_account` resource:
+
+
+ * `name`: The name of the service account.
+
+ * `project_id`: Id of the project that owns the service account.
+
+ * `unique_id`: Unique and stable id of the service account
+
+ * `email`: Email address of the service account.
-* `display_name`, `email`, `etag`, `name`, `oauth2_client_id`, `project_id`, `unique_id`
+ * `display_name`: User specified description of service account.
-
+ * `oauth2_client_id`: OAuth2 client id for the service account.
## GCP Permissions
-Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the project.
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_service_account_key.md b/docs/resources/google_service_account_key.md
index 909876e1e..906eaa15e 100644
--- a/docs/resources/google_service_account_key.md
+++ b/docs/resources/google_service_account_key.md
@@ -1,44 +1,49 @@
---
-title: About the google_service_account_key Resource
+title: About the google_service_account_key resource
platform: gcp
---
-# google\_service\_account\_key
-
-Use the `google_service_account_key` InSpec audit resource to test properties of a GCP project IAM service account key.
-
-
-
## Syntax
+A `google_service_account_key` is used to test a Google ServiceAccountKey resource
-A `google_service_account_key` resource block declares the tests for a single GCP project IAM service account key by fully qualified name.
+## Examples
+```
+google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com").key_names.each do |sa_key_name|
+ describe
+end
+```
+
+### Test that a GCP project IAM service account key has the expected key algorithm
describe google_service_account_key(name: "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" ) do
- it { should exist }
- its('name'){ should eq "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" }
+ its('key_algorithm') { should eq "KEY_ALG_RSA_2048" }
end
-
+## Properties
+Properties that can be accessed from the `google_service_account_key` resource:
-## Examples
-The following examples show how to use this InSpec audit resource.
+ * `name`: The name of the key.
-### Test that a GCP project IAM service account key has the expected key algorithm
+ * `private_key_type`: Output format for the service account key.
- describe google_service_account_key(name: "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" ) do
- its('key_algorithm') { should eq "KEY_ALG_RSA_2048" }
- end
+ * `key_algorithm`: Specifies the algorithm for the key.
-
+ * `private_key_data`: Private key data. Base-64 encoded.
-## Properties
+ * `public_key_data`: Public key data. Base-64 encoded.
+
+ * `valid_after_time`: Key can only be used after this time.
+
+ * `valid_before_time`: Key can only be used before this time.
+
+ * `key_type`: Specifies the type of the key. Possible values include KEY_TYPE_UNSPECIFIED, USER_MANAGED and SYSTEM_MANAGED
-* `key_algorithm`, `name`, `valid_after_time`, `valid_after_time_date`, `valid_before_time`, `valid_before_time_date`
+ * `service_account`: The name of the serviceAccount.
-
+ * `path`: The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. File path must be absolute.
## GCP Permissions
-Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the project.
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_service_account_keys.md b/docs/resources/google_service_account_keys.md
index 201a1a2d9..d9be8141f 100644
--- a/docs/resources/google_service_account_keys.md
+++ b/docs/resources/google_service_account_keys.md
@@ -1,36 +1,17 @@
---
-title: About the google_service_account_keys Resource
+title: About the google_service_account_keys resource
platform: gcp
---
-# google\_service\_account_keys
-
-Use the `google_service_account_keys` InSpec audit resource to test properties of all, or a filtered group of, GCP service account keys.
-
-
-
## Syntax
-
-A `google_service_account_keys` resource block collects GCP service account keys by project then tests that group.
-
- describe google_service_account_keys(service_account: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_service_account_key`.
-
- google_service_account_keys(service_account: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com').key_names.each do |sa_key_name|
- describe google_service_account_key(name: sa_key_name) do
- it { should exist }
- its('key_algorithm') { should eq "KEY_ALG_RSA_2048" }
- end
- end
-
-
+A `google_service_account_keys` is used to test a Google ServiceAccountKey resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do
+ its('count') { should be <= 1000 }
+end
+```
### Test that there are no more than a specified number of keys for the service account
@@ -44,21 +25,25 @@ The following examples show how to use this InSpec audit resource.
its('key_names'){ should include "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" }
end
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `key_name`; `valid_after_time` and `valid_before_time`. Any of these may be used with `where`, as a block or as a method.
-
## Properties
+Properties that can be accessed from the `google_service_account_keys` resource:
+
+See [google_service_account_key.md](google_service_account_key.md) for more detailed information
+ * `key_names`: an array of `google_service_account_key` name
+ * `private_key_types`: an array of `google_service_account_key` private_key_type
+ * `key_algorithms`: an array of `google_service_account_key` key_algorithm
+ * `private_key_data`: an array of `google_service_account_key` private_key_data
+ * `public_key_data`: an array of `google_service_account_key` public_key_data
+ * `valid_after_times`: an array of `google_service_account_key` valid_after_time
+ * `valid_before_times`: an array of `google_service_account_key` valid_before_time
+ * `key_types`: an array of `google_service_account_key` key_type
+ * `service_accounts`: an array of `google_service_account_key` service_account
+ * `paths`: an array of `google_service_account_key` path
-* `key_names` - an array of google_service_account_key name strings
-* `valid_after_times` - an array of google_service_account_key Time objects
-* `valid_before_times` - an array of google_service_account_key Time objects
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_service_accounts.md b/docs/resources/google_service_accounts.md
index 07fe1a685..e4acf8f14 100644
--- a/docs/resources/google_service_accounts.md
+++ b/docs/resources/google_service_accounts.md
@@ -1,35 +1,18 @@
---
-title: About the google_service_accounts Resource
+title: About the google_service_accounts resource
platform: gcp
---
-# google\_service\_accounts
-
-Use the `google_service_accounts` InSpec audit resource to test properties of all, or a filtered group of, GCP service accounts for a project.
-
-
-
## Syntax
-
-A `google_service_accounts` resource block collects GCP service accounts by project then tests that group.
-
- describe google_service_accounts(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_service_account`.
-
- google_service_accounts(project: 'chef-inspec-gcp').service_account_names.each do |sa_name|
- describe google_service_account(name: sa_name) do
- it { should exist }
- end
- end
-
-
+A `google_service_accounts` is used to test a Google ServiceAccount resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_service_accounts(project: 'chef-gcp-inspec', name: "display-name@project-id.iam.gserviceaccount.com") do
+ its('service_account_emails') { should include "display-name@project-id.iam.gserviceaccount.com" }
+ its('count') { should be <= 1000 }
+end
+```
### Test that there are no more than a specified number of service accounts for the project
@@ -63,22 +46,21 @@ The following examples show how to use this InSpec audit resource.
end
end
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `service_account_id`; `service_account_display_name` and `service_account_name`. Any of these may be used with `where`, as a block or as a method.
-
## Properties
+Properties that can be accessed from the `google_service_accounts` resource:
-* `service_account_ids` - an array of google_service_account identifier integers
-* `service_account_names` - an array of google_service_account name strings
-* `service_account_display_names` - an array of google_service_account display name strings
-* `service_account_emails` - an array of google_service_account email strings
-
-
+See [google_service_account.md](google_service_account.md) for more detailed information
+ * `service_account_names`: an array of `google_service_account` name
+ * `project_ids`: an array of `google_service_account` project_id
+ * `service_account_ids`: an array of `google_service_account` unique_id
+ * `service_account_emails`: an array of `google_service_account` email
+ * `service_account_display_names`: an array of `google_service_account` display_name
+ * `oauth2_client_ids`: an array of `google_service_account` oauth2_client_id
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the project.
\ No newline at end of file
+Ensure the [Identity and Access Management (IAM) API](https://console.cloud.google.com/apis/library/iam.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_spanner_instance_iam_binding.md b/docs/resources/google_spanner_instance_iam_binding.md
new file mode 100644
index 000000000..4048ca432
--- /dev/null
+++ b/docs/resources/google_spanner_instance_iam_binding.md
@@ -0,0 +1,28 @@
+---
+title: About the google_spanner_instance_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_spanner_instance_iam_binding` is used to test a Google Instance Iam Bindings
+
+## Examples
+```
+describe google_spanner_instance_iam_binding(project: "project", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+
+## Properties
+Properties that can be accessed from the `google_spanner_instance_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Spanner API](https://console.cloud.google.com/apis/library/spanner.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_spanner_instance_iam_policy.md b/docs/resources/google_spanner_instance_iam_policy.md
index 9d457e54a..a5d37728e 100644
--- a/docs/resources/google_spanner_instance_iam_policy.md
+++ b/docs/resources/google_spanner_instance_iam_policy.md
@@ -23,6 +23,8 @@ end
## Properties
Properties that can be accessed from the `google_spanner_instance_iam_policy` resource:
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
* `bindings`: Associates a list of members to a role.
* `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
diff --git a/docs/resources/google_sql_database_instance.md b/docs/resources/google_sql_database_instance.md
index 1463bca24..f0da5231f 100644
--- a/docs/resources/google_sql_database_instance.md
+++ b/docs/resources/google_sql_database_instance.md
@@ -1,28 +1,21 @@
---
-title: About the google_sql_database_instance Resource
+title: About the google_sql_database_instance resource
platform: gcp
---
-# google\_sql\_database\_instance
-
-Use the `google_sql_database_instance` InSpec audit resource to test properties of a single GCP Cloud SQL Database instance.
-
-
-
## Syntax
-
-A `google_sql_database_instance` resource block declares the tests for a single CP Cloud SQL Database instance by project and name.
-
- describe google_sql_database_instance(project: 'chef-inspec-gcp', database: 'my-database') do
- it { should exist }
- end
-
-
+A `google_sql_database_instance` is used to test a Google DatabaseInstance resource
## Examples
+```
-The following examples show how to use this InSpec audit resource.
-
+describe google_sql_database_instance(project: 'chef-gcp-inspec', database: 'my-database') do
+ it { should exist }
+ its('state') { should eq 'RUNNABLE' }
+ its('backend_type') { should eq 'SECOND_GEN' }
+ its('database_version') { should eq 'MYSQL_5_7' }
+end
+```
### Test that a GCP Cloud SQL Database instance is in the expected state
@@ -55,15 +48,113 @@ The following examples show how to use this InSpec audit resource.
its('region') { should eq "europe-west2" }
end
-
-
## Properties
+Properties that can be accessed from the `google_sql_database_instance` resource:
+
+
+ * `backend_type`: * FIRST_GEN: First Generation instance. MySQL only. * SECOND_GEN: Second Generation instance or PostgreSQL instance. * EXTERNAL: A database server that is not managed by Google.
+
+ * `connection_name`: Connection name of the Cloud SQL instance used in connection strings.
+
+ * `database_version`: The database engine type and version. For First Generation instances, can be MYSQL_5_5, or MYSQL_5_6. For Second Generation instances, can be MYSQL_5_6 or MYSQL_5_7. Defaults to MYSQL_5_6. PostgreSQL instances: POSTGRES_9_6 The databaseVersion property can not be changed after instance creation.
+
+ * `failover_replica`: The name and status of the failover replica. This property is applicable only to Second Generation instances.
+
+ * `available`: The availability status of the failover replica. A false status indicates that the failover replica is out of sync. The master can only failover to the failover replica when the status is true.
+
+ * `name`: The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. The name doesn't include the project ID. This property is applicable only to Second Generation instances.
+
+ * `instance_type`: The instance type. This can be one of the following. * CLOUD_SQL_INSTANCE: A Cloud SQL instance that is not replicating from a master. * ON_PREMISES_INSTANCE: An instance running on the customer's premises. * READ_REPLICA_INSTANCE: A Cloud SQL instance configured as a read-replica.
+
+ * `ip_addresses`: The assigned IP addresses for the instance.
+
+ * `ip_address`: The IP address assigned.
+
+ * `time_to_retire`: The due time for this IP to be retired in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. This field is only available when the IP is scheduled to be retired.
+
+ * `type`: The type of this IP address. A PRIMARY address is an address that can accept incoming connections. An OUTGOING address is the source address of connections originating from the instance, if supported.
+
+ * `ipv6_address`: The IPv6 address assigned to the instance. This property is applicable only to First Generation instances.
+
+ * `master_instance_name`: The name of the instance which will act as master in the replication setup.
+
+ * `max_disk_size`: The maximum disk size of the instance in bytes.
+
+ * `name`: Name of the Cloud SQL instance. This does not include the project ID.
+
+ * `region`: The geographical region. Defaults to us-central or us-central1 depending on the instance type (First Generation or Second Generation/PostgreSQL).
+
+ * `replica_configuration`: Configuration specific to failover replicas and read replicas.
+
+ * `failover_target`: Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. In case the master instance fails, the replica instance will be promoted as the new master instance. Only one replica can be specified as failover target, and the replica has to be in different zone with the master instance.
+
+ * `mysql_replica_configuration`: MySQL specific configuration when replicating from a MySQL on-premises master. Replication configuration information such as the username, password, certificates, and keys are not stored in the instance metadata. The configuration information is used only to set up the replication connection and is stored by MySQL in a file named master.info in the data directory.
+
+ * `ca_certificate`: PEM representation of the trusted CA's x509 certificate.
+
+ * `client_certificate`: PEM representation of the slave's x509 certificate
+
+ * `client_key`: PEM representation of the slave's private key. The corresponding public key is encoded in the client's certificate.
+
+ * `connect_retry_interval`: Seconds to wait between connect retries. MySQL's default is 60 seconds.
+
+ * `dump_file_path`: Path to a SQL dump file in Google Cloud Storage from which the slave instance is to be created. The URI is in the form gs://bucketName/fileName. Compressed gzip files (.gz) are also supported. Dumps should have the binlog coordinates from which replication should begin. This can be accomplished by setting --master-data to 1 when using mysqldump.
+
+ * `master_heartbeat_period`: Interval in milliseconds between replication heartbeats.
+
+ * `password`: The password for the replication connection.
+
+ * `ssl_cipher`: A list of permissible ciphers to use for SSL encryption.
+
+ * `username`: The username for the replication connection.
+
+ * `verify_server_certificate`: Whether or not to check the master's Common Name value in the certificate that it sends during the SSL handshake.
+
+ * `replica_names`: The replicas of the instance.
+
+ * `service_account_email_address`: The service account email address assigned to the instance. This property is applicable only to Second Generation instances.
+
+ * `settings`: The user settings.
+
+ * `database_flags`: The database flags passed to the instance at startup
+
+ * `name`: The name of the flag. These flags are passed at instance startup, so include both server options and system variables for MySQL. Flags should be specified with underscores, not hyphens.
+
+ * `value`: The value of the flag. Booleans should be set to on for true and off for false. This field must be omitted if the flag doesn't take a value.
+
+ * `ip_configuration`: The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled for Second Generation instances.
+
+ * `ipv4_enabled`: Whether the instance should be assigned an IP address or not.
+
+ * `authorized_networks`: The list of external networks that are allowed to connect to the instance using the IP. In CIDR notation, also known as 'slash' notation (e.g. 192.168.100.0/24).
+
+ * `expiration_time`: The time when this access control entry expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
+
+ * `name`: An optional label to identify this entry.
+
+ * `value`: The whitelisted value for the access control list. For example, to grant access to a client from an external IP (IPv4 or IPv6) address or subnet, use that address or subnet here.
+
+ * `require_ssl`: Whether the mysqld should default to 'REQUIRE X509' for users connecting over IP.
+
+ * `tier`: The tier or machine type for this instance, for example db-n1-standard-1. For MySQL instances, this field determines whether the instance is Second Generation (recommended) or First Generation.
+
+ * `availability_type`: The availabilityType define if your postgres instance is run zonal or regional.
+
+ * `backup_configuration`: The daily backup configuration for the instance.
+
+ * `enabled`: Enable Autobackup for your instance.
+
+ * `binary_log_enabled`: Whether binary log is enabled. If backup configuration is disabled, binary log must be disabled as well. MySQL only.
+
+ * `start_time`: Define the backup start time in UTC (HH:MM)
+
+ * `settings_version`: The version of instance settings. This is a required field for update method to make sure concurrent updates are handled properly. During update, use the most recent settingsVersion value for this instance and do not try to update this value.
-* `backend_type`, `connection_name`, `database_version`, `etag`, `gce_zone`, `instance_type`, `ip_addresses`, `kind`, `name`, `project`, `region`, `server_ca_cert`, `service_account_email_address`, `settings`, `state`
+ * `gce_zone`: The Compute Engine zone that the instance is currently serving from. This value could be different from the zone that was specified when the instance was created if the instance has failed over to its secondary zone.
-
+ * `state`: The current serving state of the database instance.
## GCP Permissions
-Ensure the [Cloud SQL API](https://console.cloud.google.com/projectselector/apis/api/sqladmin.googleapis.com/overview) is enabled for the project.
\ No newline at end of file
+Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_sql_database_instances.md b/docs/resources/google_sql_database_instances.md
index 4df9c1f81..7ce2498ae 100644
--- a/docs/resources/google_sql_database_instances.md
+++ b/docs/resources/google_sql_database_instances.md
@@ -1,36 +1,19 @@
---
-title: About the google_sql_database_instances Resource
+title: About the google_sql_database_instances resource
platform: gcp
---
-# google\_sql\_database\_instances
-
-Use the `google_sql_database_instances` InSpec audit resource to test properties of GCP Cloud SQL Database instances.
-
-
-
## Syntax
-
-A `google_sql_database_instances` resource block collects GCP zones by project then tests that group.
-
- describe google_sql_database_instances(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_sql_database_instance`.
-
- google_sql_database_instances(project: 'chef-inspec-gcp').instance_names.each do |instance_name|
- describe google_sql_database_instance(project: 'chef-inspec-gcp', database: instance_name) do
- it { should exist }
- its('backend_type') { should eq "SECOND_GEN" }
- end
- end
-
-
+A `google_sql_database_instances` is used to test a Google DatabaseInstance resource
## Examples
+```
-The following examples show how to use this InSpec audit resource.
+describe google_sql_database_instances(project: 'chef-gcp-inspec') do
+ its('instance_states') { should include 'RUNNABLE' }
+ its('instance_names') { should include 'my-database' }
+end
+```
### Test that there are no more than a specified number of zones available for the project
@@ -66,24 +49,31 @@ The following examples show how to use this InSpec audit resource.
its('database_version') { should eq "MYSQL_5_7" }
end
end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `instance_name`; `instance_version`; `instance_region`; `instance_zone` and `instance_state`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_sql_database_instances` resource:
+
+See [google_sql_database_instance.md](google_sql_database_instance.md) for more detailed information
+ * `backend_types`: an array of `google_sql_database_instance` backend_type
+ * `connection_names`: an array of `google_sql_database_instance` connection_name
+ * `instance_versions`: an array of `google_sql_database_instance` database_version
+ * `failover_replicas`: an array of `google_sql_database_instance` failover_replica
+ * `instance_types`: an array of `google_sql_database_instance` instance_type
+ * `ip_addresses`: an array of `google_sql_database_instance` ip_addresses
+ * `ipv6_addresses`: an array of `google_sql_database_instance` ipv6_address
+ * `master_instance_names`: an array of `google_sql_database_instance` master_instance_name
+ * `max_disk_sizes`: an array of `google_sql_database_instance` max_disk_size
+ * `instance_names`: an array of `google_sql_database_instance` name
+ * `instance_regions`: an array of `google_sql_database_instance` region
+ * `replica_configurations`: an array of `google_sql_database_instance` replica_configuration
+ * `settings`: an array of `google_sql_database_instance` settings
+ * `instance_zones`: an array of `google_sql_database_instance` gce_zone
+ * `instance_states`: an array of `google_sql_database_instance` state
-* `instance_names` - an array of google_sql_database_instance name strings
-* `instance_versions` - an array of google_sql_database_instance version strings
-* `instance_regions`- an array of google_compute_region name strings
-* `instance_zones`- an array of google_sql_database_instance name strings
-* `instance_states`- an array of google_sql_database_instance state strings
-
-
-
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Cloud SQL API](https://console.cloud.google.com/projectselector/apis/api/sqladmin.googleapis.com/overview) is enabled for the project.
\ No newline at end of file
+Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_sql_user.md b/docs/resources/google_sql_user.md
new file mode 100644
index 000000000..cdd04643e
--- /dev/null
+++ b/docs/resources/google_sql_user.md
@@ -0,0 +1,38 @@
+---
+title: About the google_sql_user resource
+platform: gcp
+---
+
+## Syntax
+A `google_sql_user` is used to test a Google User resource
+
+## Examples
+```
+
+describe google_sql_user(project: 'chef-gcp-inspec', database: 'my-database', name: 'user-name', host: "example.com") do
+ it { should exist }
+ its('name') { should cmp 'user-name' }
+ its('instance') { should cmp 'my-database' }
+end
+
+describe google_sql_user(project: 'chef-gcp-inspec', database: 'my-database', name: "nonexistent", host: "example.com") do
+ it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_sql_user` resource:
+
+
+ * `host`: The host name from which the user can connect. For insert operations, host defaults to an empty string. For update operations, host is specified as part of the request URL. The host name cannot be updated after insertion.
+
+ * `name`: The name of the user in the Cloud SQL instance.
+
+ * `instance`: The name of the Cloud SQL instance. This does not include the project ID.
+
+ * `password`: The password for the user.
+
+
+## GCP Permissions
+
+Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_sql_users.md b/docs/resources/google_sql_users.md
index 139d0f863..841a1f708 100644
--- a/docs/resources/google_sql_users.md
+++ b/docs/resources/google_sql_users.md
@@ -1,27 +1,18 @@
---
-title: About the google_sql_users Resource
+title: About the google_sql_users resource
platform: gcp
---
-# google\_sql\_users
-
-Use the `google_sql_users` InSpec audit resource to test properties of all, or a filtered group of, GCP sql users for a project database instance.
-
-
-
## Syntax
-
-A `google_sql_users` resource block collects GCP users by project then tests that group.
-
- describe google_sql_users(project: 'chef-inspec-gcp', database: 'database-instance') do
- it { should exist }
- end
-
-
+A `google_sql_users` is used to test a Google User resource
## Examples
+```
-The following examples show how to use this InSpec audit resource.
+describe google_sql_users(project: 'chef-gcp-inspec', database: 'my-database') do
+ its('user_names') { should include 'user-name' }
+end
+```
### Test that there are no more than a specified number of users available for the project
@@ -49,21 +40,19 @@ The following examples show how to use this InSpec audit resource.
end
end
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `user_id`; `user_name` and `user_status`. Any of these may be used with `where`, as a block or as a method.
-
## Properties
+Properties that can be accessed from the `google_sql_users` resource:
-* `user_names` - an array of google sql user name strings
-* `user_instances`- an array of google_sql_database_instance name strings
-* `user_hosts`- an array of google sql user host strings
-
-
+See [google_sql_user.md](google_sql_user.md) for more detailed information
+ * `user_hosts`: an array of `google_sql_user` host
+ * `user_names`: an array of `google_sql_user` name
+ * `user_instances`: an array of `google_sql_user` instance
+ * `passwords`: an array of `google_sql_user` password
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
## GCP Permissions
-Ensure the [Cloud SQL API](https://console.cloud.google.com/projectselector/apis/api/sqladmin.googleapis.com/overview) is enabled for the project.
+Ensure the [Cloud SQL Admin API](https://console.cloud.google.com/apis/library/sqladmin.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket.md b/docs/resources/google_storage_bucket.md
index 9489e5a0f..88bd586fb 100644
--- a/docs/resources/google_storage_bucket.md
+++ b/docs/resources/google_storage_bucket.md
@@ -1,28 +1,24 @@
---
-title: About the google_storage_bucket Resource
+title: About the google_storage_bucket resource
platform: gcp
---
-# google\_storage\_bucket
-
-Use the `google_storage_bucket` InSpec audit resource to test properties of a GCP storage bucket.
-
-
s
-
## Syntax
-
-A `google_storage_bucket` resource block declares the tests for a single GCP storage bucket by name.
-
- describe google_storage_bucket(name: 'chef-inspec-gcp-storage-bucket-abcd') do
- it { should exist }
- its('name') { should eq 'chef-inspec-gcp-storage-bucket-abcd' }
- end
-
-
+A `google_storage_bucket` is used to test a Google Bucket resource
## Examples
+```
+describe google_storage_bucket(name: bucket-name) do
+ it { should exist }
+ its('location') { should cmp 'europe-west2'.upcase }
+
+ its('storage_class') { should eq "STANDARD" }
+end
-The following examples show how to use this InSpec audit resource.
+describe google_storage_bucket(name: "nonexistent") do
+ it { should_not exist }
+end
+```
### Test that a GCP storage bucket is in the expected location
@@ -42,15 +38,135 @@ The following examples show how to use this InSpec audit resource.
its('storage_class') { should eq 'STANDARD' }
end
-
-
## Properties
+Properties that can be accessed from the `google_storage_bucket` resource:
+
+
+ * `acl`: Access controls on the bucket.
+
+ * `bucket`: The name of the bucket.
+
+ * `domain`: The domain associated with the entity.
+
+ * `email`: The email address associated with the entity.
+
+ * `entity`: The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
+
+ * `entity_id`: The ID for the entity
+
+ * `id`: The ID of the access-control entry.
+
+ * `project_team`: The project team associated with the entity
+
+ * `project_number`: The project team associated with the entity
+
+ * `team`: The team.
+
+ * `role`: The access permission for the entity.
+
+ * `cors`: The bucket's Cross-Origin Resource Sharing (CORS) configuration.
+
+ * `max_age_seconds`: The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.
+
+ * `method`: The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".
+
+ * `origin`: The list of Origins eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin".
+
+ * `response_header`: The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.
+
+ * `default_event_based_hold`: Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.
+
+ * `default_object_acl`: Default access controls to apply to new objects when no ACL is provided.
+
+ * `bucket`: The name of the bucket.
+
+ * `domain`: The domain associated with the entity.
+
+ * `email`: The email address associated with the entity.
+
+ * `entity`: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as "user-liz@example.com") * group-{{groupId}} * group-{{email}} (such as "group-example@googlegroups.com") * domain-{{domain}} (such as "domain-example.com") * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
+
+ * `entity_id`: The ID for the entity
+
+ * `generation`: The content generation of the object, if applied to an object.
+
+ * `id`: The ID of the access-control entry.
+
+ * `object`: The name of the object, if applied to an object.
+
+ * `project_team`: The project team associated with the entity
+
+ * `project_number`: The project team associated with the entity
+
+ * `team`: The team.
+
+ * `role`: The access permission for the entity.
+
+ * `id`: The ID of the bucket. For buckets, the id and name properities are the same.
+
+ * `lifecycle`: The bucket's lifecycle configuration. See https://developers.google.com/storage/docs/lifecycle for more information.
+
+ * `rule`: A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.
+
+ * `action`: The action to take.
+
+ * `storage_class`: Target storage class. Required iff the type of the action is SetStorageClass.
+
+ * `type`: Type of the action. Currently, only Delete and SetStorageClass are supported.
+
+ * `condition`: The condition(s) under which the action will be taken.
+
+ * `age_days`: Age of an object (in days). This condition is satisfied when an object reaches the specified age.
+
+ * `created_before`: A date in RFC 3339 format with only the date part (for instance, "2013-01-15"). This condition is satisfied when an object is created before midnight of the specified date in UTC.
+
+ * `is_live`: Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects.
+
+ * `matches_storage_class`: Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.
+
+ * `num_newer_versions`: Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.
+
+ * `location`: The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list.
+
+ * `logging`: The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.
+
+ * `log_bucket`: The destination bucket where the current bucket's logs should be placed.
+
+ * `log_object_prefix`: A prefix for log object names.
+
+ * `metageneration`: The metadata generation of this bucket.
+
+ * `name`: The name of the bucket
+
+ * `owner`: The owner of the bucket. This is always the project team's owner group.
+
+ * `entity`: The entity, in the form project-owner-projectId.
+
+ * `entity_id`: The ID for the entity.
+
+ * `project_number`: The project number of the project the bucket belongs to.
+
+ * `storage_class`: The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes.
+
+ * `time_created`: The creation time of the bucket in RFC 3339 format.
+
+ * `updated`: The modification time of the bucket in RFC 3339 format.
+
+ * `versioning`: The bucket's versioning configuration.
+
+ * `enabled`: While set to true, versioning is fully enabled for this bucket.
+
+ * `website`: The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.
+
+ * `main_page_suffix`: If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.
+
+ * `not_found_page`: If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.
-* `etag`, `id`, `kind`, `location`, `metageneration`, `name`, `project_number`, `storage_class`, `time_created`, `updated`
+ * `project`: A valid API project identifier.
-
+ * `predefined_default_object_acl`: Apply a predefined set of default object access controls to this bucket. Acceptable values are: - "authenticatedRead": Object owner gets OWNER access, and allAuthenticatedUsers get READER access. - "bucketOwnerFullControl": Object owner gets OWNER access, and project team owners get OWNER access. - "bucketOwnerRead": Object owner gets OWNER access, and project team owners get READER access. - "private": Object owner gets OWNER access. - "projectPrivate": Object owner gets OWNER access, and project team members get access according to their roles. - "publicRead": Object owner gets OWNER access, and allUsers get READER access.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket_acl.md b/docs/resources/google_storage_bucket_acl.md
index 36845f5bc..2ef003d7b 100644
--- a/docs/resources/google_storage_bucket_acl.md
+++ b/docs/resources/google_storage_bucket_acl.md
@@ -1,27 +1,25 @@
---
-title: About the google_storage_bucket_acl Resource
+title: About the google_storage_bucket_acl resource
platform: gcp
---
-# google\_storage\_bucket\_acl
-
-Use the `google_storage_bucket_acl` InSpec audit resource to test properties of a single GCP storage bucket ACL. The 'entity' property below is as described in the [Google documentation here](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls).
-
-
-
## Syntax
-
-A `google_storage_bucket_acl` resource block declares the tests for a single GCP storage bucket ACL by bucket name and entity.
-
- describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
-
-
+A `google_storage_bucket_acl` is used to test a Google BucketACL resource
## Examples
+```
+describe google_storage_bucket_acl(bucket: 'storage-bucket-name', entity: user-email) do
+ it { should exist }
+ its('role') { should cmp "OWNER" }
+
+ its('bucket') { should eq 'storage-bucket-name' }
+ its('email') { should include entity-email.com }
+end
-The following examples show how to use this InSpec audit resource.
+describe google_storage_bucket_acl(bucket: 'storage-bucket-name', entity: "allUsers") do
+ it { should_not exist }
+end
+```
### Test that a GCP storage bucket ACL exists
@@ -35,15 +33,29 @@ The following examples show how to use this InSpec audit resource.
its('role') { should eq 'OWNER' }
end
-
-
## Properties
+Properties that can be accessed from the `google_storage_bucket_acl` resource:
+
+
+ * `domain`: The domain associated with the entity.
+
+ * `email`: The email address associated with the entity.
+
+ * `entity`: The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
+
+ * `entity_id`: The ID for the entity
+
+ * `id`: The ID of the access-control entry.
+
+ * `project_team`: The project team associated with the entity
+
+ * `project_number`: The project team associated with the entity
-* `bucket`, `email`, `entity`, `etag`, `id`, `kind`, `role`
+ * `team`: The team.
-
+ * `role`: The access permission for the entity.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket_iam_binding.md b/docs/resources/google_storage_bucket_iam_binding.md
index 40364b4d6..0fef2e886 100644
--- a/docs/resources/google_storage_bucket_iam_binding.md
+++ b/docs/resources/google_storage_bucket_iam_binding.md
@@ -1,50 +1,28 @@
---
-title: About the google_storage_bucket_iam_binding Resource
+title: About the google_storage_bucket_iam_binding resource
platform: gcp
---
-# google\_storage\_bucket\_iam\_binding
-
-Use the `google_storage_bucket_iam_binding` InSpec audit resource to test properties of a single GCP storage bucket IAM binding.
-
-
-
## Syntax
-
-A `google_storage_bucket_iam_binding` resource block declares the tests for a single GCP storage bucket IAM binding by bucket name and role.
-
- describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz', role: 'roles/storage.objectViewer') do
- it { should exist }
- end
-
-
+A `google_storage_bucket_iam_binding` is used to test a Google Bucket Iam Bindings
## Examples
+```
+describe google_storage_bucket_iam_binding(bucket: "bucket", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
-The following examples show how to use this InSpec audit resource.
-
-### Test that a GCP storage bucket IAM binding exists
-
- describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz', role: 'roles/storage.admin') do
- it { should exist }
- end
-
-### Test that a GCP storage bucket IAM binding role has the desired user or service account included
-
- describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz', role: 'roles/storage.admin') do
- its('members') {should include 'user:someuser@domain.com' }
- its('members') {should include 'serviceAccount:someserviceaccount@domain.com' }
- end
-
-
## Properties
+Properties that can be accessed from the `google_storage_bucket_iam_binding` resource:
-* `members`
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
-
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket_iam_bindings.md b/docs/resources/google_storage_bucket_iam_bindings.md
index 49c1c2850..ac0ff4db0 100644
--- a/docs/resources/google_storage_bucket_iam_bindings.md
+++ b/docs/resources/google_storage_bucket_iam_bindings.md
@@ -5,6 +5,8 @@ platform: gcp
# google\_storage\_bucket\_iam\_bindings
+**This resource is deprecated. Please use `google_storage_bucket_iam_policy` instead**
+
Use the `google_storage_bucket_iam_bindings` InSpec audit resource to test properties of all, or a filtered group of, GCP storage bucket IAM bindings.
diff --git a/docs/resources/google_storage_bucket_iam_policy.md b/docs/resources/google_storage_bucket_iam_policy.md
new file mode 100644
index 000000000..98019d33b
--- /dev/null
+++ b/docs/resources/google_storage_bucket_iam_policy.md
@@ -0,0 +1,48 @@
+---
+title: About the google_storage_bucket_iam_policy resource
+platform: gcp
+---
+
+## Syntax
+A `google_storage_bucket_iam_policy` is used to test a Google Bucket Iam Policy resource
+
+## Examples
+```
+describe google_storage_bucket_iam_policy(bucket: "bucket") do
+ it { should exist }
+end
+
+google_storage_bucket_iam_policy(bucket: "bucket").bindings.each do |binding|
+ describe binding do
+ its('role') { should eq 'roles/editor'}
+ its('members') { should include 'user:testuser@example.com'}
+ end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_storage_bucket_iam_policy` resource:
+
+ * `iam_binding_roles`: The list of roles that exist on the policy.
+
+ * `bindings`: Associates a list of members to a role.
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+ * `audit_configs`: Specifies cloud audit logging configuration for this policy.
+
+ * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
+
+ * `audit_log_configs`: The configuration for logging of each type of permission.
+
+ * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
+
+ * `exempted_members`: Specifies the identities that do not cause logging for this type of permission.
+
+
+
+## GCP Permissions
+
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket_object.md b/docs/resources/google_storage_bucket_object.md
index 999eb68d8..3d1e647fe 100644
--- a/docs/resources/google_storage_bucket_object.md
+++ b/docs/resources/google_storage_bucket_object.md
@@ -1,27 +1,25 @@
---
-title: About the google_storage_bucket_object Resource
+title: About the google_storage_bucket_object resource
platform: gcp
---
-# google\_storage\_bucket\_object
-
-Use the `google_storage_bucket_object` InSpec audit resource to test properties of a single GCP storage bucket object.
-
-
-
## Syntax
-
-A `google_storage_bucket_object` resource block declares the tests for a single GCP storage bucket object by bucket name and object name:
-
- describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
- it { should exist }
- end
-
-
+A `google_storage_bucket_object` is used to test a Google BucketObject resource
## Examples
+```
+describe google_storage_bucket_object(bucket: 'bucket-with-object', object: 'image1') do
+ it { should exist }
+ its('size.to_i') { should be > 0 }
-The following examples show how to use this InSpec audit resource.
+ its('time_created') { should be > Time.now - 60*60*24*10 }
+ its('time_updated') { should be > Time.now - 60*60*24*10 }
+end
+
+describe google_storage_bucket_object(bucket: 'bucket-with-object', object: "nonexistent") do
+ it { should_not exist }
+end
+```
### Test that a GCP compute zone exists
@@ -54,17 +52,46 @@ The following examples show how to use this InSpec audit resource.
describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
its('updated_date') { should be > Time.now - 365*60*60*24*10 }
end
-
-
-
## Properties
+Properties that can be accessed from the `google_storage_bucket_object` resource:
+
+
+ * `bucket`: The name of the bucket.
+
+ * `object`: The name of the object.
+
+ * `content_type`: The Content-Type of the object data. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types for more information on possible Content-Types
+
+ * `crc32c`: CRC32c checksum.
+
+ * `etag`: The object entity tag.
+
+ * `generation`: The content generation of this object. Used for object versioning.
+
+ * `id`: The ID of the object, including the bucket name, object name, and generation number.
+
+ * `md5_hash`: MD5 hash of the data; encoded using base64.
+
+ * `media_link`: Media download link.
+
+ * `metageneration`: The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
+
+ * `name`: The name of the object.
+
+ * `size`: Content-Length of the data in bytes.
+
+ * `storage_class`: Storage class of the object.
+
+ * `time_created`: The time this object was created.
+
+ * `time_deleted`: The time this object was deleted. Returned if and only if this version of the object is no longer a live version, but remains in the bucket as a noncurrent version.
-* `bucket`, `content_type`, `crc32c`, `etag`, `generation`, `id`, `kind`, `md5_hash`, `media_link`, `metageneration`, `name`, `size`, `storage_class`, `time_created_date`, `time_storage_class_updated_date`, `updated_date`
+ * `time_storage_class_updated`: The time at which the object's storage class was last changed.
-
+ * `time_updated`: The modification time of the object metadata.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket_objects.md b/docs/resources/google_storage_bucket_objects.md
index 3a24fa197..a92d6d7df 100644
--- a/docs/resources/google_storage_bucket_objects.md
+++ b/docs/resources/google_storage_bucket_objects.md
@@ -1,35 +1,18 @@
---
-title: About the google_storage_bucket_objects Resource
+title: About the google_storage_bucket_objects resource
platform: gcp
---
-# google\_storage\_bucket\_objects
-
-Use the `google_storage_bucket_objects` InSpec audit resource to test properties of a GCP storage bucket objects.
-
-
-
## Syntax
-
-A `google_storage_bucket_objects` resource block collects GCP bucket objects by project then tests that group.
-
- describe google_storage_bucket_objects(bucket: 'bucket-name') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_storage_bucket_object`.
-
- google_storage_bucket_objects(bucket: 'bucket-name').object_names.each do |object_name|
- describe google_storage_bucket_object(bucket: bucket_name, object: object_name) do
- it { should exist }
- end
- end
-
-
+A `google_storage_bucket_objects` is used to test a Google BucketObject resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_storage_bucket_objects(bucket: 'bucket-with-object') do
+ its('object_names') { should include 'image1' }
+ its('count') { should be <= 10 }
+end
+```
### Test that there are no more than a specified number of storage buckets for the project
@@ -55,21 +38,33 @@ The following examples show how to use this InSpec audit resource.
describe google_storage_bucket_objects(bucket: 'bucket-name').where(object_created_time > Time.now - 60*60*24) do
it { should exist }
end
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `object_bucket`; `object_name` and `object_created_time`. Any of these may be used with `where`, as a block or as a method.
## Properties
+Properties that can be accessed from the `google_storage_bucket_objects` resource:
+
+See [google_storage_bucket_object.md](google_storage_bucket_object.md) for more detailed information
+ * `object_buckets`: an array of `google_storage_bucket_object` bucket
+ * `objects`: an array of `google_storage_bucket_object` object
+ * `content_types`: an array of `google_storage_bucket_object` content_type
+ * `crc32cs`: an array of `google_storage_bucket_object` crc32c
+ * `etags`: an array of `google_storage_bucket_object` etag
+ * `generations`: an array of `google_storage_bucket_object` generation
+ * `ids`: an array of `google_storage_bucket_object` id
+ * `md5_hashes`: an array of `google_storage_bucket_object` md5_hash
+ * `media_links`: an array of `google_storage_bucket_object` media_link
+ * `metagenerations`: an array of `google_storage_bucket_object` metageneration
+ * `object_names`: an array of `google_storage_bucket_object` name
+ * `sizes`: an array of `google_storage_bucket_object` size
+ * `storage_classes`: an array of `google_storage_bucket_object` storage_class
+ * `object_created_times`: an array of `google_storage_bucket_object` time_created
+ * `time_deleteds`: an array of `google_storage_bucket_object` time_deleted
+ * `time_storage_class_updateds`: an array of `google_storage_bucket_object` time_storage_class_updated
+ * `time_updateds`: an array of `google_storage_bucket_object` time_updated
-* `object_buckets` - an array of google_storage_bucket identifier strings
-* `object_names` - an array of google_storage_bucket_object name strings
-* `object_created_times` - an array of time created Time objects
-
-
-
## Syntax
-
-A `google_storage_buckets` resource block collects GCP buckets by project then tests that group.
-
- describe google_storage_buckets(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_storage_bucket`.
-
- google_storage_buckets(project: 'chef-inspec-gcp').bucket_names.each do |bucket_name|
- describe google_storage_bucket(name: bucket_name) do
- it { should exist }
- its('storage_class') { should eq 'STANDARD' }
- end
- end
-
-
+A `google_storage_buckets` is used to test a Google Bucket resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
+```
+describe google_storage_buckets(project: 'chef-gcp-inspec') do
+ its('bucket_names') { should include bucket-name }
+end
+```
### Test that there are no more than a specified number of storage buckets for the project
@@ -54,22 +35,34 @@ The following examples show how to use this InSpec audit resource.
end
end
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `bucket_id`; `bucket_name`; `bucket_project_number` and `bucket_location`. Any of these may be used with `where`, as a block or as a method.
-
## Properties
+Properties that can be accessed from the `google_storage_buckets` resource:
+
+See [google_storage_bucket.md](google_storage_bucket.md) for more detailed information
+ * `acls`: an array of `google_storage_bucket` acl
+ * `cors`: an array of `google_storage_bucket` cors
+ * `default_event_based_holds`: an array of `google_storage_bucket` default_event_based_hold
+ * `default_object_acls`: an array of `google_storage_bucket` default_object_acl
+ * `bucket_ids`: an array of `google_storage_bucket` id
+ * `lifecycles`: an array of `google_storage_bucket` lifecycle
+ * `bucket_locations`: an array of `google_storage_bucket` location
+ * `loggings`: an array of `google_storage_bucket` logging
+ * `metagenerations`: an array of `google_storage_bucket` metageneration
+ * `bucket_names`: an array of `google_storage_bucket` name
+ * `owners`: an array of `google_storage_bucket` owner
+ * `bucket_project_numbers`: an array of `google_storage_bucket` project_number
+ * `storage_classes`: an array of `google_storage_bucket` storage_class
+ * `time_createds`: an array of `google_storage_bucket` time_created
+ * `updateds`: an array of `google_storage_bucket` updated
+ * `versionings`: an array of `google_storage_bucket` versioning
+ * `websites`: an array of `google_storage_bucket` website
+ * `projects`: an array of `google_storage_bucket` project
+ * `predefined_default_object_acls`: an array of `google_storage_bucket` predefined_default_object_acl
-* `bucket_ids` - an array of google_storage_bucket identifier strings
-* `bucket_names` - an array of google_storage_bucket name strings
-* `bucket_project_numbers`- an array of google_storage_bucket identifier integers
-* `bucket_locations`- an array of google_storage_bucket location strings
-
-
-
## Syntax
-
-A `google_storage_default_object_acl` resource block declares the tests for a single GCP storage default object ACL by bucket name and entity.
-
- describe google_storage_default_object_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
-
-
+A `google_storage_default_object_acl` is used to test a Google DefaultObjectACL resource
## Examples
+```
+describe google_storage_default_object_acl(bucket: 'gcp-inspec-storage-bucket', entity: user-email) do
+ it { should exist }
+ its('role') { should cmp "OWNER" }
-The following examples show how to use this InSpec audit resource.
+ its('bucket') { should eq 'gcp-inspec-storage-bucket' }
+ its('email') { should include entity-email.com }
+end
+
+describe google_storage_default_object_acl(bucket: 'gcp-inspec-storage-bucket', entity: "allUsers") do
+ it { should_not exist }
+end
+```
### Test that a GCP storage bucket ACL exists
@@ -35,15 +33,33 @@ The following examples show how to use this InSpec audit resource.
its('role') { should eq 'OWNER' }
end
-
-
## Properties
+Properties that can be accessed from the `google_storage_default_object_acl` resource:
+
+
+ * `domain`: The domain associated with the entity.
+
+ * `email`: The email address associated with the entity.
+
+ * `entity`: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as "user-liz@example.com") * group-{{groupId}} * group-{{email}} (such as "group-example@googlegroups.com") * domain-{{domain}} (such as "domain-example.com") * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
+
+ * `entity_id`: The ID for the entity
+
+ * `generation`: The content generation of the object, if applied to an object.
+
+ * `id`: The ID of the access-control entry.
+
+ * `object`: The name of the object, if applied to an object.
+
+ * `project_team`: The project team associated with the entity
+
+ * `project_number`: The project team associated with the entity
-* `email`, `entity`, `etag`, `kind`, `role`
+ * `team`: The team.
-
+ * `role`: The access permission for the entity.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_object_acl.md b/docs/resources/google_storage_object_acl.md
index 1d9c5486f..918b9aa9f 100644
--- a/docs/resources/google_storage_object_acl.md
+++ b/docs/resources/google_storage_object_acl.md
@@ -1,27 +1,25 @@
---
-title: About the google_storage_object_acl Resource
+title: About the google_storage_object_acl resource
platform: gcp
---
-# google\_storage\_object\_acl
-
-Use the `google_storage_object_acl` InSpec audit resource to test properties of a single GCP storage object ACL. See the [Google documentation for this here](https://cloud.google.com/storage/docs/access-control/lists) covering the possible values for 'entity' argument below.
-
-
-
## Syntax
-
-A `google_storage_object_acl` resource block declares the tests for a single GCP storage object ACL by bucket name, object name and entity.
-
- describe google_storage_object_acl(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
-
-
+A `google_storage_object_acl` is used to test a Google ObjectACL resource
## Examples
+```
+describe google_storage_object_acl(bucket: 'bucket-with-object', object: 'image1', entity: user-email) do
+ it { should exist }
+ its('role') { should cmp "OWNER" }
-The following examples show how to use this InSpec audit resource.
+ its('bucket') { should eq 'bucket-with-object' }
+ its('email') { should include entity-email.com }
+end
+
+describe google_storage_object_acl(bucket: 'bucket-with-object', object: 'image1', entity: "allUsers") do
+ it { should_not exist }
+end
+```
### Test that a GCP storage bucket ACL exists
@@ -35,15 +33,33 @@ The following examples show how to use this InSpec audit resource.
its('role') { should eq 'OWNER' }
end
-
-
## Properties
+Properties that can be accessed from the `google_storage_object_acl` resource:
+
+
+ * `domain`: The domain associated with the entity.
+
+ * `email`: The email address associated with the entity.
+
+ * `entity`: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as "user-liz@example.com") * group-{{groupId}} * group-{{email}} (such as "group-example@googlegroups.com") * domain-{{domain}} (such as "domain-example.com") * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
+
+ * `entity_id`: The ID for the entity
+
+ * `generation`: The content generation of the object, if applied to an object.
+
+ * `id`: The ID of the access-control entry.
+
+ * `object`: The name of the object, if applied to an object.
+
+ * `project_team`: The project team associated with the entity
+
+ * `project_number`: The project team associated with the entity
-* `bucket`, `email`, `entity`, `etag`, `generation`, `id`, `kind`, `object`, `role`
+ * `team`: The team.
-
+ * `role`: The access permission for the entity.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/version_1_upgrade.md b/docs/version_1_upgrade.md
new file mode 100644
index 000000000..8a21d3d8f
--- /dev/null
+++ b/docs/version_1_upgrade.md
@@ -0,0 +1,77 @@
+## Upgrading from 0.x to 1.0
+
+This guide is meant to help upgrade InSpec controls for the 1.0 version. There were several breaking changes that happened during this upgrade in the pursuit of a more unified experience across the inspec-gcp resources.
+
+## Changes to undefined methods
+
+Many resources in 0.x had methods dynamically defined based on the API response retrieved by that resource. This resulted in methods being undefined if the response did not contain that field, particularly in the case of optional fields on resources. Undefined method errors are tricky to handle from within an InSpec control, causing difficulty in writing tests against optional fields.
+
+By migrating resources to be generated via [Magic Modules](https://github.com/GoogleCloudPlatform/magic-modules) they now have the schema of the underlying object, making it unnecessary to dynamically define methods.
+
+What this means for you:
+
+* If you depended on checking if methods were defined in inspec-gcp 0.x, you will need to rewrite controls. Checks for `.nil?` in 1.0 should function similarly to how checking if a method was defined in 0.x
+
+* You can now safely check if an optional field is `nil` on resources
+
+* Better documentation of the fields supported by a resource
+
+* Much improved nested object traversal using the safe navigation operator (`&.`)
+
+## IAM resource changes
+
+### IAM bindings resources removed
+
+All `*_iam_bindings` resources have been replaced with `*_iam_policy` resources that function in a similar fashion. `iam_policy` resources have the `bindings` field on them which functions in the same way as `iam_bindings` resources did in the past.
+
+A control using the 0.x `storage_bucket_iam_bindings` resource similar to this:
+
+```
+ describe google_storage_bucket_iam_bindings(bucket: 'bucket-name') do
+ it { should exist }
+ its('iam_binding_roles') { should include "roles/storage.objectViewer" }
+ end
+```
+
+Could be converted to a `storage_bucket_iam_policy` resource similar to:
+```
+ describe google_storage_bucket_iam_policy(bucket: 'bucket-name') do
+ it { should exist }
+ its('iam_binding_roles') { should include "roles/storage.objectViewer" }
+ end
+```
+
+## Resource identifiers changes
+
+### Long names -> individual identifiers
+
+Several resources in 0.x were identified by a single string that combined multiple different identifiers into a single URL-like format. An example of this is in the `google_kms_crypto_key_iam_binding` resource that would take a single string as the identifier:
+
+```
+google_kms_crypto_key_iam_binding(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name', role: 'roles/owner') do
+```
+
+This creates a difficult situation where the user is required to know the format of the string and create it based on several different variables. In 1.0+ many of the constructor parameters have changed to simplify the use of these resources. For example, `google_kms_crypto_key_iam_binding` will take the following parameters in the future:
+
+```
+google_kms_crypto_key_iam_binding(project: "project", location: "location", key_ring_name: "key_ring_name", crypto_key_name: "name", role: "roles/editor") do
+```
+
+## Time field changes
+
+Several resources (`google_storage_*` resources in particular) had methods ending in `_date` that would return the field parsed as a Ruby Time object. These have been simplified to always return as a Time object and renamed to remove the `_date` suffix to better match the API.
+
+Example:
+`google_storage_bucket_object.time_storage_class_updated_date` Renamed to `google_storage_bucket_object.time_storage_class_updated`
+
+## Removed fields
+
+* `google_container_cluster.zone`, a replacement can be found as `google_container_cluster.location`
+
+## Container resources
+
+* `google_container_regional_cluster` is removed, use `google_container_cluster`
+
+* `google_container_regional_node_pool` is removed, use `google_container_node_pool`
+
+* `google_container_cluster` and `google_container_node_pool` now use the the `location` field as an identifier rather than `zone`. They accept zones or regions as the `location`
\ No newline at end of file
diff --git a/libraries/gcp_backend.rb b/libraries/gcp_backend.rb
index 389f2b650..20f06a8e2 100644
--- a/libraries/gcp_backend.rb
+++ b/libraries/gcp_backend.rb
@@ -207,11 +207,12 @@ def fetch_auth
Network::Authorization.new.from_application_default!
end
- def fetch(base_url, template, var_data, request_type = 'Get')
+ def fetch(base_url, template, var_data, request_type = 'Get', body = nil)
get_request = Network::Base.new(
build_uri(base_url, template, var_data),
fetch_auth,
request_type,
+ body,
)
return_if_object get_request.send
end
@@ -262,8 +263,7 @@ def raise_error(errors, msg_field)
def build_uri(base_url, template, var_data)
URI.join(
- base_url,
- expand_variables(template, var_data),
+ "#{base_url}#{expand_variables(template, var_data)}",
)
end
@@ -285,7 +285,11 @@ def extract_variables(template)
def expand_variables(template, var_data)
extract_variables(template).each do |v|
unless var_data.key?(v)
- raise "Missing variable :#{v} in #{var_data} on #{caller.join("\n")}}"
+ # Magic Modules uses % as an indicator that the param needs to be URL escaped
+ v = v.to_s.gsub('%', '').to_sym
+ raise "Missing variable :#{v} in #{var_data} on #{caller.join("\n")}}" unless var_data.key?(v)
+
+ template.gsub!("{{%#{v}}}", CGI.escape(var_data[v].to_s))
end
template.gsub!(/{{#{v}}}/, var_data[v].to_s)
end
@@ -296,10 +300,11 @@ def expand_variables(template, var_data)
# A handler for authenticated network request
module Network
class Base
- def initialize(link, cred, request_type)
+ def initialize(link, cred, request_type, body = nil)
@link = link
@cred = cred
@request_type = request_type
+ @body = body
end
def builder
@@ -309,6 +314,10 @@ def builder
def send
request = @cred.authorize(builder.new(@link))
request['User-Agent'] = generate_user_agent
+ if @body
+ request['Content-Type'] = 'application/json'
+ request.body = @body
+ end
response = transport(request).request(request)
unless ENV['GOOGLE_HTTP_VERBOSE'].nil?
puts ["network(#{request}: [#{response.code}]",
diff --git a/libraries/google/accesscontextmanager/property/serviceperimeter_status.rb b/libraries/google/accesscontextmanager/property/serviceperimeter_status.rb
index 0b964b0b9..68f156de7 100644
--- a/libraries/google/accesscontextmanager/property/serviceperimeter_status.rb
+++ b/libraries/google/accesscontextmanager/property/serviceperimeter_status.rb
@@ -13,6 +13,7 @@
# CONTRIBUTING.md located at the root of this package.
#
# ----------------------------------------------------------------------------
+require 'google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services'
module GoogleInSpec
module AccessContextManager
module Property
@@ -23,12 +24,15 @@ class ServicePerimeterStatus
attr_reader :restricted_services
+ attr_reader :vpc_accessible_services
+
def initialize(args = nil, parent_identifier = nil)
return if args.nil?
@parent_identifier = parent_identifier
@resources = args['resources']
@access_levels = args['accessLevels']
@restricted_services = args['restrictedServices']
+ @vpc_accessible_services = GoogleInSpec::AccessContextManager::Property::ServicePerimeterStatusVPCAccessibleServices.new(args['vpcAccessibleServices'], to_s)
end
def to_s
diff --git a/libraries/google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services.rb b/libraries/google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services.rb
new file mode 100644
index 000000000..739ea306b
--- /dev/null
+++ b/libraries/google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module AccessContextManager
+ module Property
+ class ServicePerimeterStatusVPCAccessibleServices
+ attr_reader :enable_restriction
+
+ attr_reader :allowed_services
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enable_restriction = args['enableRestriction']
+ @allowed_services = args['allowedServices']
+ end
+
+ def to_s
+ "#{@parent_identifier} ServicePerimeterStatusVPCAccessibleServices"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/cloudbuild/property/trigger_github.rb b/libraries/google/cloudbuild/property/trigger_github.rb
new file mode 100644
index 000000000..90ab25dda
--- /dev/null
+++ b/libraries/google/cloudbuild/property/trigger_github.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/cloudbuild/property/trigger_github_pull_request'
+require 'google/cloudbuild/property/trigger_github_push'
+module GoogleInSpec
+ module CloudBuild
+ module Property
+ class TriggerGithub
+ attr_reader :owner
+
+ attr_reader :name
+
+ attr_reader :pull_request
+
+ attr_reader :push
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @owner = args['owner']
+ @name = args['name']
+ @pull_request = GoogleInSpec::CloudBuild::Property::TriggerGithubPullRequest.new(args['pullRequest'], to_s)
+ @push = GoogleInSpec::CloudBuild::Property::TriggerGithubPush.new(args['push'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} TriggerGithub"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/cloudbuild/property/trigger_github_pull_request.rb b/libraries/google/cloudbuild/property/trigger_github_pull_request.rb
new file mode 100644
index 000000000..d7fab6564
--- /dev/null
+++ b/libraries/google/cloudbuild/property/trigger_github_pull_request.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module CloudBuild
+ module Property
+ class TriggerGithubPullRequest
+ attr_reader :branch
+
+ attr_reader :comment_control
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @branch = args['branch']
+ @comment_control = args['commentControl']
+ end
+
+ def to_s
+ "#{@parent_identifier} TriggerGithubPullRequest"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/cloudbuild/property/trigger_github_push.rb b/libraries/google/cloudbuild/property/trigger_github_push.rb
new file mode 100644
index 000000000..a9e5c94ae
--- /dev/null
+++ b/libraries/google/cloudbuild/property/trigger_github_push.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module CloudBuild
+ module Property
+ class TriggerGithubPush
+ attr_reader :branch
+
+ attr_reader :tag
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @branch = args['branch']
+ @tag = args['tag']
+ end
+
+ def to_s
+ "#{@parent_identifier} TriggerGithubPush"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/autoscaler_autoscaling_policy_custom_metric_utilizations.rb b/libraries/google/compute/property/autoscaler_autoscaling_policy_custom_metric_utilizations.rb
index a9b176c5d..0d222e199 100644
--- a/libraries/google/compute/property/autoscaler_autoscaling_policy_custom_metric_utilizations.rb
+++ b/libraries/google/compute/property/autoscaler_autoscaling_policy_custom_metric_utilizations.rb
@@ -19,16 +19,22 @@ module Property
class AutoscalerAutoscalingPolicyCustomMetricUtilizations
attr_reader :metric
+ attr_reader :single_instance_assignment
+
attr_reader :utilization_target
attr_reader :utilization_target_type
+ attr_reader :filter
+
def initialize(args = nil, parent_identifier = nil)
return if args.nil?
@parent_identifier = parent_identifier
@metric = args['metric']
+ @single_instance_assignment = args['singleInstanceAssignment']
@utilization_target = args['utilizationTarget']
@utilization_target_type = args['utilizationTargetType']
+ @filter = args['filter']
end
def to_s
diff --git a/libraries/google/compute/property/backendservice_circuit_breakers.rb b/libraries/google/compute/property/backendservice_circuit_breakers.rb
new file mode 100644
index 000000000..6bfbe795d
--- /dev/null
+++ b/libraries/google/compute/property/backendservice_circuit_breakers.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/backendservice_circuit_breakers_connect_timeout'
+module GoogleInSpec
+ module Compute
+ module Property
+ class BackendServiceCircuitBreakers
+ attr_reader :connect_timeout
+
+ attr_reader :max_requests_per_connection
+
+ attr_reader :max_connections
+
+ attr_reader :max_pending_requests
+
+ attr_reader :max_requests
+
+ attr_reader :max_retries
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @connect_timeout = GoogleInSpec::Compute::Property::BackendServiceCircuitBreakersConnectTimeout.new(args['connectTimeout'], to_s)
+ @max_requests_per_connection = args['maxRequestsPerConnection']
+ @max_connections = args['maxConnections']
+ @max_pending_requests = args['maxPendingRequests']
+ @max_requests = args['maxRequests']
+ @max_retries = args['maxRetries']
+ end
+
+ def to_s
+ "#{@parent_identifier} BackendServiceCircuitBreakers"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/backendservice_circuit_breakers_connect_timeout.rb b/libraries/google/compute/property/backendservice_circuit_breakers_connect_timeout.rb
new file mode 100644
index 000000000..e9c2a0682
--- /dev/null
+++ b/libraries/google/compute/property/backendservice_circuit_breakers_connect_timeout.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class BackendServiceCircuitBreakersConnectTimeout
+ attr_reader :seconds
+
+ attr_reader :nanos
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @seconds = args['seconds']
+ @nanos = args['nanos']
+ end
+
+ def to_s
+ "#{@parent_identifier} BackendServiceCircuitBreakersConnectTimeout"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/backendservice_consistent_hash.rb b/libraries/google/compute/property/backendservice_consistent_hash.rb
new file mode 100644
index 000000000..817fb02b7
--- /dev/null
+++ b/libraries/google/compute/property/backendservice_consistent_hash.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/backendservice_consistent_hash_http_cookie'
+require 'google/compute/property/backendservice_consistent_hash_http_cookie_ttl'
+module GoogleInSpec
+ module Compute
+ module Property
+ class BackendServiceConsistentHash
+ attr_reader :http_cookie
+
+ attr_reader :http_header_name
+
+ attr_reader :minimum_ring_size
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @http_cookie = GoogleInSpec::Compute::Property::BackendServiceConsistentHashHttpCookie.new(args['httpCookie'], to_s)
+ @http_header_name = args['httpHeaderName']
+ @minimum_ring_size = args['minimumRingSize']
+ end
+
+ def to_s
+ "#{@parent_identifier} BackendServiceConsistentHash"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/backendservice_consistent_hash_http_cookie.rb b/libraries/google/compute/property/backendservice_consistent_hash_http_cookie.rb
new file mode 100644
index 000000000..1bb7e11a4
--- /dev/null
+++ b/libraries/google/compute/property/backendservice_consistent_hash_http_cookie.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/backendservice_consistent_hash_http_cookie_ttl'
+module GoogleInSpec
+ module Compute
+ module Property
+ class BackendServiceConsistentHashHttpCookie
+ attr_reader :ttl
+
+ attr_reader :name
+
+ attr_reader :path
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @ttl = GoogleInSpec::Compute::Property::BackendServiceConsistentHashHttpCookieTtl.new(args['ttl'], to_s)
+ @name = args['name']
+ @path = args['path']
+ end
+
+ def to_s
+ "#{@parent_identifier} BackendServiceConsistentHashHttpCookie"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/backendservice_consistent_hash_http_cookie_ttl.rb b/libraries/google/compute/property/backendservice_consistent_hash_http_cookie_ttl.rb
new file mode 100644
index 000000000..d7021d39d
--- /dev/null
+++ b/libraries/google/compute/property/backendservice_consistent_hash_http_cookie_ttl.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class BackendServiceConsistentHashHttpCookieTtl
+ attr_reader :seconds
+
+ attr_reader :nanos
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @seconds = args['seconds']
+ @nanos = args['nanos']
+ end
+
+ def to_s
+ "#{@parent_identifier} BackendServiceConsistentHashHttpCookieTtl"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/backendservice_log_config.rb b/libraries/google/compute/property/backendservice_log_config.rb
new file mode 100644
index 000000000..0c126fbd5
--- /dev/null
+++ b/libraries/google/compute/property/backendservice_log_config.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class BackendServiceLogConfig
+ attr_reader :enable
+
+ attr_reader :sample_rate
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enable = args['enable']
+ @sample_rate = args['sampleRate']
+ end
+
+ def to_s
+ "#{@parent_identifier} BackendServiceLogConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/backendservice_outlier_detection.rb b/libraries/google/compute/property/backendservice_outlier_detection.rb
new file mode 100644
index 000000000..a448ca293
--- /dev/null
+++ b/libraries/google/compute/property/backendservice_outlier_detection.rb
@@ -0,0 +1,66 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/backendservice_outlier_detection_base_ejection_time'
+require 'google/compute/property/backendservice_outlier_detection_interval'
+module GoogleInSpec
+ module Compute
+ module Property
+ class BackendServiceOutlierDetection
+ attr_reader :base_ejection_time
+
+ attr_reader :consecutive_errors
+
+ attr_reader :consecutive_gateway_failure
+
+ attr_reader :enforcing_consecutive_errors
+
+ attr_reader :enforcing_consecutive_gateway_failure
+
+ attr_reader :enforcing_success_rate
+
+ attr_reader :interval
+
+ attr_reader :max_ejection_percent
+
+ attr_reader :success_rate_minimum_hosts
+
+ attr_reader :success_rate_request_volume
+
+ attr_reader :success_rate_stdev_factor
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @base_ejection_time = GoogleInSpec::Compute::Property::BackendServiceOutlierDetectionBaseEjectionTime.new(args['baseEjectionTime'], to_s)
+ @consecutive_errors = args['consecutiveErrors']
+ @consecutive_gateway_failure = args['consecutiveGatewayFailure']
+ @enforcing_consecutive_errors = args['enforcingConsecutiveErrors']
+ @enforcing_consecutive_gateway_failure = args['enforcingConsecutiveGatewayFailure']
+ @enforcing_success_rate = args['enforcingSuccessRate']
+ @interval = GoogleInSpec::Compute::Property::BackendServiceOutlierDetectionInterval.new(args['interval'], to_s)
+ @max_ejection_percent = args['maxEjectionPercent']
+ @success_rate_minimum_hosts = args['successRateMinimumHosts']
+ @success_rate_request_volume = args['successRateRequestVolume']
+ @success_rate_stdev_factor = args['successRateStdevFactor']
+ end
+
+ def to_s
+ "#{@parent_identifier} BackendServiceOutlierDetection"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/backendservice_outlier_detection_base_ejection_time.rb b/libraries/google/compute/property/backendservice_outlier_detection_base_ejection_time.rb
new file mode 100644
index 000000000..bb8f62693
--- /dev/null
+++ b/libraries/google/compute/property/backendservice_outlier_detection_base_ejection_time.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class BackendServiceOutlierDetectionBaseEjectionTime
+ attr_reader :seconds
+
+ attr_reader :nanos
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @seconds = args['seconds']
+ @nanos = args['nanos']
+ end
+
+ def to_s
+ "#{@parent_identifier} BackendServiceOutlierDetectionBaseEjectionTime"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/backendservice_outlier_detection_interval.rb b/libraries/google/compute/property/backendservice_outlier_detection_interval.rb
new file mode 100644
index 000000000..6fa8478d7
--- /dev/null
+++ b/libraries/google/compute/property/backendservice_outlier_detection_interval.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class BackendServiceOutlierDetectionInterval
+ attr_reader :seconds
+
+ attr_reader :nanos
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @seconds = args['seconds']
+ @nanos = args['nanos']
+ end
+
+ def to_s
+ "#{@parent_identifier} BackendServiceOutlierDetectionInterval"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/firewall_allowed.rb b/libraries/google/compute/property/firewall_allowed.rb
new file mode 100644
index 000000000..c6066e0ee
--- /dev/null
+++ b/libraries/google/compute/property/firewall_allowed.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class FirewallAllowed
+ attr_reader :ip_protocol
+
+ attr_reader :ports
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @ip_protocol = args['IPProtocol']
+ @ports = args['ports']
+ end
+
+ def to_s
+ "#{@parent_identifier} FirewallAllowed"
+ end
+ end
+
+ class FirewallAllowedArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return FirewallAllowed.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| FirewallAllowed.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/firewall_denied.rb b/libraries/google/compute/property/firewall_denied.rb
new file mode 100644
index 000000000..71fcf3dc0
--- /dev/null
+++ b/libraries/google/compute/property/firewall_denied.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class FirewallDenied
+ attr_reader :ip_protocol
+
+ attr_reader :ports
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @ip_protocol = args['IPProtocol']
+ @ports = args['ports']
+ end
+
+ def to_s
+ "#{@parent_identifier} FirewallDenied"
+ end
+ end
+
+ class FirewallDeniedArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return FirewallDenied.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| FirewallDenied.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/firewall_log_config.rb b/libraries/google/compute/property/firewall_log_config.rb
new file mode 100644
index 000000000..51224d308
--- /dev/null
+++ b/libraries/google/compute/property/firewall_log_config.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class FirewallLogConfig
+ attr_reader :enable_logging
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enable_logging = args['enable']
+ end
+
+ def to_s
+ "#{@parent_identifier} FirewallLogConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/image_deprecated.rb b/libraries/google/compute/property/image_deprecated.rb
new file mode 100644
index 000000000..d1142499c
--- /dev/null
+++ b/libraries/google/compute/property/image_deprecated.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class ImageDeprecated
+ attr_reader :deleted
+
+ attr_reader :deprecated
+
+ attr_reader :obsolete
+
+ attr_reader :replacement
+
+ attr_reader :state
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @deleted = parse_time_string(args['deleted'])
+ @deprecated = parse_time_string(args['deprecated'])
+ @obsolete = parse_time_string(args['obsolete'])
+ @replacement = args['replacement']
+ @state = args['state']
+ end
+
+ def to_s
+ "#{@parent_identifier} ImageDeprecated"
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/image_guest_os_features.rb b/libraries/google/compute/property/image_guest_os_features.rb
new file mode 100644
index 000000000..addb3cd29
--- /dev/null
+++ b/libraries/google/compute/property/image_guest_os_features.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class ImageGuestOsFeatures
+ attr_reader :type
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @type = args['type']
+ end
+
+ def to_s
+ "#{@parent_identifier} ImageGuestOsFeatures"
+ end
+ end
+
+ class ImageGuestOsFeaturesArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return ImageGuestOsFeatures.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ImageGuestOsFeatures.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/image_image_encryption_key.rb b/libraries/google/compute/property/image_image_encryption_key.rb
new file mode 100644
index 000000000..b83ed01ab
--- /dev/null
+++ b/libraries/google/compute/property/image_image_encryption_key.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class ImageImageEncryptionKey
+ attr_reader :raw_key
+
+ attr_reader :sha256
+
+ attr_reader :kms_key_name
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @raw_key = args['rawKey']
+ @sha256 = args['sha256']
+ @kms_key_name = args['kmsKeyName']
+ end
+
+ def to_s
+ "#{@parent_identifier} ImageImageEncryptionKey"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/image_raw_disk.rb b/libraries/google/compute/property/image_raw_disk.rb
new file mode 100644
index 000000000..dd03fd93d
--- /dev/null
+++ b/libraries/google/compute/property/image_raw_disk.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class ImageRawDisk
+ attr_reader :container_type
+
+ attr_reader :sha1_checksum
+
+ attr_reader :source
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @container_type = args['containerType']
+ @sha1_checksum = args['sha1Checksum']
+ @source = args['source']
+ end
+
+ def to_s
+ "#{@parent_identifier} ImageRawDisk"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/image_source_disk_encryption_key.rb b/libraries/google/compute/property/image_source_disk_encryption_key.rb
new file mode 100644
index 000000000..c93af7d7e
--- /dev/null
+++ b/libraries/google/compute/property/image_source_disk_encryption_key.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class ImageSourceDiskEncryptionKey
+ attr_reader :raw_key
+
+ attr_reader :sha256
+
+ attr_reader :kms_key_name
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @raw_key = args['rawKey']
+ @sha256 = args['sha256']
+ @kms_key_name = args['kmsKeyName']
+ end
+
+ def to_s
+ "#{@parent_identifier} ImageSourceDiskEncryptionKey"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_disks.rb b/libraries/google/compute/property/instance_disks.rb
new file mode 100644
index 000000000..b1c5e159e
--- /dev/null
+++ b/libraries/google/compute/property/instance_disks.rb
@@ -0,0 +1,75 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/instance_disks_disk_encryption_key'
+require 'google/compute/property/instance_disks_initialize_params'
+require 'google/compute/property/instance_disks_initialize_params_source_image_encryption_key'
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceDisks
+ attr_reader :auto_delete
+
+ attr_reader :boot
+
+ attr_reader :device_name
+
+ attr_reader :disk_encryption_key
+
+ attr_reader :index
+
+ attr_reader :initialize_params
+
+ attr_reader :interface
+
+ attr_reader :mode
+
+ attr_reader :source
+
+ attr_reader :type
+
+ attr_reader :licenses
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @auto_delete = args['autoDelete']
+ @boot = args['boot']
+ @device_name = args['deviceName']
+ @disk_encryption_key = GoogleInSpec::Compute::Property::InstanceDisksDiskEncryptionKey.new(args['diskEncryptionKey'], to_s)
+ @index = args['index']
+ @initialize_params = GoogleInSpec::Compute::Property::InstanceDisksInitializeParams.new(args['initializeParams'], to_s)
+ @interface = args['interface']
+ @mode = args['mode']
+ @source = args['source']
+ @type = args['type']
+ @licenses = args['licenses']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceDisks"
+ end
+ end
+
+ class InstanceDisksArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return InstanceDisks.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| InstanceDisks.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_disks_disk_encryption_key.rb b/libraries/google/compute/property/instance_disks_disk_encryption_key.rb
new file mode 100644
index 000000000..86021f08a
--- /dev/null
+++ b/libraries/google/compute/property/instance_disks_disk_encryption_key.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceDisksDiskEncryptionKey
+ attr_reader :raw_key
+
+ attr_reader :rsa_encrypted_key
+
+ attr_reader :sha256
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @raw_key = args['rawKey']
+ @rsa_encrypted_key = args['rsaEncryptedKey']
+ @sha256 = args['sha256']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceDisksDiskEncryptionKey"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_disks_initialize_params.rb b/libraries/google/compute/property/instance_disks_initialize_params.rb
new file mode 100644
index 000000000..5e0063a3b
--- /dev/null
+++ b/libraries/google/compute/property/instance_disks_initialize_params.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/instance_disks_initialize_params_source_image_encryption_key'
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceDisksInitializeParams
+ attr_reader :disk_name
+
+ attr_reader :disk_size_gb
+
+ attr_reader :disk_type
+
+ attr_reader :source_image
+
+ attr_reader :source_image_encryption_key
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @disk_name = args['diskName']
+ @disk_size_gb = args['diskSizeGb']
+ @disk_type = args['diskType']
+ @source_image = args['sourceImage']
+ @source_image_encryption_key = GoogleInSpec::Compute::Property::InstanceDisksInitializeParamsSourceImageEncryptionKey.new(args['sourceImageEncryptionKey'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceDisksInitializeParams"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/resourcemanager/property/organizationpolicy_list_policy.rb b/libraries/google/compute/property/instance_disks_initialize_params_source_image_encryption_key.rb
similarity index 74%
rename from libraries/google/resourcemanager/property/organizationpolicy_list_policy.rb
rename to libraries/google/compute/property/instance_disks_initialize_params_source_image_encryption_key.rb
index e2fda9a89..29d930a69 100644
--- a/libraries/google/resourcemanager/property/organizationpolicy_list_policy.rb
+++ b/libraries/google/compute/property/instance_disks_initialize_params_source_image_encryption_key.rb
@@ -14,22 +14,22 @@
#
# ----------------------------------------------------------------------------
module GoogleInSpec
- module ResourceManager
+ module Compute
module Property
- class OrganizationPolicyListPolicy
- attr_reader :allowed_values
+ class InstanceDisksInitializeParamsSourceImageEncryptionKey
+ attr_reader :raw_key
- attr_reader :denied_values
+ attr_reader :sha256
def initialize(args = nil, parent_identifier = nil)
return if args.nil?
@parent_identifier = parent_identifier
- @allowed_values = args['allowedValues']
- @denied_values = args['deniedValues']
+ @raw_key = args['rawKey']
+ @sha256 = args['sha256']
end
def to_s
- "#{@parent_identifier} OrganizationPolicyListPolicy"
+ "#{@parent_identifier} InstanceDisksInitializeParamsSourceImageEncryptionKey"
end
end
end
diff --git a/libraries/google/compute/property/instance_guest_accelerators.rb b/libraries/google/compute/property/instance_guest_accelerators.rb
new file mode 100644
index 000000000..c63aea6d4
--- /dev/null
+++ b/libraries/google/compute/property/instance_guest_accelerators.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceGuestAccelerators
+ attr_reader :accelerator_count
+
+ attr_reader :accelerator_type
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @accelerator_count = args['acceleratorCount']
+ @accelerator_type = args['acceleratorType']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceGuestAccelerators"
+ end
+ end
+
+ class InstanceGuestAcceleratorsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return InstanceGuestAccelerators.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| InstanceGuestAccelerators.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_network_interfaces.rb b/libraries/google/compute/property/instance_network_interfaces.rb
new file mode 100644
index 000000000..3c1e369af
--- /dev/null
+++ b/libraries/google/compute/property/instance_network_interfaces.rb
@@ -0,0 +1,59 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/instance_network_interfaces_access_configs'
+require 'google/compute/property/instance_network_interfaces_alias_ip_ranges'
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceNetworkInterfaces
+ attr_reader :access_configs
+
+ attr_reader :alias_ip_ranges
+
+ attr_reader :name
+
+ attr_reader :network
+
+ attr_reader :network_ip
+
+ attr_reader :subnetwork
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @access_configs = GoogleInSpec::Compute::Property::InstanceNetworkInterfacesAccessConfigsArray.parse(args['accessConfigs'], to_s)
+ @alias_ip_ranges = GoogleInSpec::Compute::Property::InstanceNetworkInterfacesAliasIpRangesArray.parse(args['aliasIpRanges'], to_s)
+ @name = args['name']
+ @network = args['network']
+ @network_ip = args['networkIP']
+ @subnetwork = args['subnetwork']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceNetworkInterfaces"
+ end
+ end
+
+ class InstanceNetworkInterfacesArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return InstanceNetworkInterfaces.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| InstanceNetworkInterfaces.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_network_interfaces_access_configs.rb b/libraries/google/compute/property/instance_network_interfaces_access_configs.rb
new file mode 100644
index 000000000..e96d335ef
--- /dev/null
+++ b/libraries/google/compute/property/instance_network_interfaces_access_configs.rb
@@ -0,0 +1,57 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceNetworkInterfacesAccessConfigs
+ attr_reader :name
+
+ attr_reader :nat_ip
+
+ attr_reader :type
+
+ attr_reader :set_public_ptr
+
+ attr_reader :public_ptr_domain_name
+
+ attr_reader :network_tier
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @name = args['name']
+ @nat_ip = args['natIP']
+ @type = args['type']
+ @set_public_ptr = args['setPublicPtr']
+ @public_ptr_domain_name = args['publicPtrDomainName']
+ @network_tier = args['networkTier']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceNetworkInterfacesAccessConfigs"
+ end
+ end
+
+ class InstanceNetworkInterfacesAccessConfigsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return InstanceNetworkInterfacesAccessConfigs.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| InstanceNetworkInterfacesAccessConfigs.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_network_interfaces_alias_ip_ranges.rb b/libraries/google/compute/property/instance_network_interfaces_alias_ip_ranges.rb
new file mode 100644
index 000000000..c01437d10
--- /dev/null
+++ b/libraries/google/compute/property/instance_network_interfaces_alias_ip_ranges.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceNetworkInterfacesAliasIpRanges
+ attr_reader :ip_cidr_range
+
+ attr_reader :subnetwork_range_name
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @ip_cidr_range = args['ipCidrRange']
+ @subnetwork_range_name = args['subnetworkRangeName']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceNetworkInterfacesAliasIpRanges"
+ end
+ end
+
+ class InstanceNetworkInterfacesAliasIpRangesArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return InstanceNetworkInterfacesAliasIpRanges.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| InstanceNetworkInterfacesAliasIpRanges.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_scheduling.rb b/libraries/google/compute/property/instance_scheduling.rb
new file mode 100644
index 000000000..8526447cd
--- /dev/null
+++ b/libraries/google/compute/property/instance_scheduling.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceScheduling
+ attr_reader :automatic_restart
+
+ attr_reader :on_host_maintenance
+
+ attr_reader :preemptible
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @automatic_restart = args['automaticRestart']
+ @on_host_maintenance = args['onHostMaintenance']
+ @preemptible = args['preemptible']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceScheduling"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_service_accounts.rb b/libraries/google/compute/property/instance_service_accounts.rb
new file mode 100644
index 000000000..65b209e0a
--- /dev/null
+++ b/libraries/google/compute/property/instance_service_accounts.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceServiceAccounts
+ attr_reader :email
+
+ attr_reader :scopes
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @email = args['email']
+ @scopes = args['scopes']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceServiceAccounts"
+ end
+ end
+
+ class InstanceServiceAccountsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return InstanceServiceAccounts.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| InstanceServiceAccounts.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_shielded_instance_config.rb b/libraries/google/compute/property/instance_shielded_instance_config.rb
new file mode 100644
index 000000000..1bb36fbcf
--- /dev/null
+++ b/libraries/google/compute/property/instance_shielded_instance_config.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceShieldedInstanceConfig
+ attr_reader :enable_secure_boot
+
+ attr_reader :enable_vtpm
+
+ attr_reader :enable_integrity_monitoring
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enable_secure_boot = args['enableSecureBoot']
+ @enable_vtpm = args['enableVtpm']
+ @enable_integrity_monitoring = args['enableIntegrityMonitoring']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceShieldedInstanceConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instance_tags.rb b/libraries/google/compute/property/instance_tags.rb
new file mode 100644
index 000000000..19707eab9
--- /dev/null
+++ b/libraries/google/compute/property/instance_tags.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceTags
+ attr_reader :fingerprint
+
+ attr_reader :items
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @fingerprint = args['fingerprint']
+ @items = args['items']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceTags"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instancegroup_named_ports.rb b/libraries/google/compute/property/instancegroup_named_ports.rb
new file mode 100644
index 000000000..35ca95554
--- /dev/null
+++ b/libraries/google/compute/property/instancegroup_named_ports.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class InstanceGroupNamedPorts
+ attr_reader :name
+
+ attr_reader :port
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @name = args['name']
+ @port = args['port']
+ end
+
+ def to_s
+ "#{@parent_identifier} InstanceGroupNamedPorts"
+ end
+ end
+
+ class InstanceGroupNamedPortsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return InstanceGroupNamedPorts.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| InstanceGroupNamedPorts.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/instancetemplate_properties_disks.rb b/libraries/google/compute/property/instancetemplate_properties_disks.rb
index 4d7782229..8e71e0512 100644
--- a/libraries/google/compute/property/instancetemplate_properties_disks.rb
+++ b/libraries/google/compute/property/instancetemplate_properties_disks.rb
@@ -20,6 +20,8 @@ module GoogleInSpec
module Compute
module Property
class InstanceTemplatePropertiesDisks
+ attr_reader :licenses
+
attr_reader :auto_delete
attr_reader :boot
@@ -43,6 +45,7 @@ class InstanceTemplatePropertiesDisks
def initialize(args = nil, parent_identifier = nil)
return if args.nil?
@parent_identifier = parent_identifier
+ @licenses = args['licenses']
@auto_delete = args['autoDelete']
@boot = args['boot']
@device_name = args['deviceName']
diff --git a/libraries/google/compute/property/network_routing_config.rb b/libraries/google/compute/property/network_routing_config.rb
new file mode 100644
index 000000000..92d60fe73
--- /dev/null
+++ b/libraries/google/compute/property/network_routing_config.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class NetworkRoutingConfig
+ attr_reader :routing_mode
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @routing_mode = args['routingMode']
+ end
+
+ def to_s
+ "#{@parent_identifier} NetworkRoutingConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/nodegroup_autoscaling_policy.rb b/libraries/google/compute/property/nodegroup_autoscaling_policy.rb
new file mode 100644
index 000000000..c4f18d046
--- /dev/null
+++ b/libraries/google/compute/property/nodegroup_autoscaling_policy.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class NodeGroupAutoscalingPolicy
+ attr_reader :mode
+
+ attr_reader :min_nodes
+
+ attr_reader :max_nodes
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @mode = args['mode']
+ @min_nodes = args['minNodes']
+ @max_nodes = args['maxNodes']
+ end
+
+ def to_s
+ "#{@parent_identifier} NodeGroupAutoscalingPolicy"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/nodetemplate_server_binding.rb b/libraries/google/compute/property/nodetemplate_server_binding.rb
new file mode 100644
index 000000000..f60d5870e
--- /dev/null
+++ b/libraries/google/compute/property/nodetemplate_server_binding.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class NodeTemplateServerBinding
+ attr_reader :type
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @type = args['type']
+ end
+
+ def to_s
+ "#{@parent_identifier} NodeTemplateServerBinding"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/projectinfo_common_instance_metadata.rb b/libraries/google/compute/property/projectinfo_common_instance_metadata.rb
new file mode 100644
index 000000000..bcd1ad1ed
--- /dev/null
+++ b/libraries/google/compute/property/projectinfo_common_instance_metadata.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/projectinfo_common_instance_metadata_items'
+module GoogleInSpec
+ module Compute
+ module Property
+ class ProjectInfoCommonInstanceMetadata
+ attr_reader :items
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @items = GoogleInSpec::Compute::Property::ProjectInfoCommonInstanceMetadataItemsArray.parse(args['items'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} ProjectInfoCommonInstanceMetadata"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/projectinfo_common_instance_metadata_items.rb b/libraries/google/compute/property/projectinfo_common_instance_metadata_items.rb
new file mode 100644
index 000000000..22ab9f6d1
--- /dev/null
+++ b/libraries/google/compute/property/projectinfo_common_instance_metadata_items.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class ProjectInfoCommonInstanceMetadataItems
+ attr_reader :key
+
+ attr_reader :value
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @key = args['key']
+ @value = args['value']
+ end
+
+ def to_s
+ "#{@parent_identifier} ProjectInfoCommonInstanceMetadataItems"
+ end
+ end
+
+ class ProjectInfoCommonInstanceMetadataItemsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return ProjectInfoCommonInstanceMetadataItems.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ProjectInfoCommonInstanceMetadataItems.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/projectinfo_quotas.rb b/libraries/google/compute/property/projectinfo_quotas.rb
new file mode 100644
index 000000000..c6c7b8b47
--- /dev/null
+++ b/libraries/google/compute/property/projectinfo_quotas.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class ProjectInfoQuotas
+ attr_reader :metric
+
+ attr_reader :limit
+
+ attr_reader :usage
+
+ attr_reader :owner
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @metric = args['metric']
+ @limit = args['limit']
+ @usage = args['usage']
+ @owner = args['owner']
+ end
+
+ def to_s
+ "#{@parent_identifier} ProjectInfoQuotas"
+ end
+ end
+
+ class ProjectInfoQuotasArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return ProjectInfoQuotas.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ProjectInfoQuotas.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/region_deprecated.rb b/libraries/google/compute/property/region_deprecated.rb
index d0add67c0..9f473738b 100644
--- a/libraries/google/compute/property/region_deprecated.rb
+++ b/libraries/google/compute/property/region_deprecated.rb
@@ -40,6 +40,11 @@ def initialize(args = nil, parent_identifier = nil)
def to_s
"#{@parent_identifier} RegionDeprecated"
end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
end
end
end
diff --git a/libraries/google/compute/property/regionbackendservice_backends.rb b/libraries/google/compute/property/regionbackendservice_backends.rb
index 13d14ef8f..813305a27 100644
--- a/libraries/google/compute/property/regionbackendservice_backends.rb
+++ b/libraries/google/compute/property/regionbackendservice_backends.rb
@@ -23,6 +23,8 @@ class RegionBackendServiceBackends
attr_reader :description
+ attr_reader :failover
+
attr_reader :group
attr_reader :max_connections
@@ -45,6 +47,7 @@ def initialize(args = nil, parent_identifier = nil)
@balancing_mode = args['balancingMode']
@capacity_scaler = args['capacityScaler']
@description = args['description']
+ @failover = args['failover']
@group = args['group']
@max_connections = args['maxConnections']
@max_connections_per_instance = args['maxConnectionsPerInstance']
diff --git a/libraries/google/compute/property/regionbackendservice_circuit_breakers.rb b/libraries/google/compute/property/regionbackendservice_circuit_breakers.rb
new file mode 100644
index 000000000..d7317ad03
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_circuit_breakers.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/regionbackendservice_circuit_breakers_connect_timeout'
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceCircuitBreakers
+ attr_reader :connect_timeout
+
+ attr_reader :max_requests_per_connection
+
+ attr_reader :max_connections
+
+ attr_reader :max_pending_requests
+
+ attr_reader :max_requests
+
+ attr_reader :max_retries
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @connect_timeout = GoogleInSpec::Compute::Property::RegionBackendServiceCircuitBreakersConnectTimeout.new(args['connectTimeout'], to_s)
+ @max_requests_per_connection = args['maxRequestsPerConnection']
+ @max_connections = args['maxConnections']
+ @max_pending_requests = args['maxPendingRequests']
+ @max_requests = args['maxRequests']
+ @max_retries = args['maxRetries']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceCircuitBreakers"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regionbackendservice_circuit_breakers_connect_timeout.rb b/libraries/google/compute/property/regionbackendservice_circuit_breakers_connect_timeout.rb
new file mode 100644
index 000000000..cdbbc90f6
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_circuit_breakers_connect_timeout.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceCircuitBreakersConnectTimeout
+ attr_reader :seconds
+
+ attr_reader :nanos
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @seconds = args['seconds']
+ @nanos = args['nanos']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceCircuitBreakersConnectTimeout"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regionbackendservice_consistent_hash.rb b/libraries/google/compute/property/regionbackendservice_consistent_hash.rb
new file mode 100644
index 000000000..7fc5af4c8
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_consistent_hash.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/regionbackendservice_consistent_hash_http_cookie'
+require 'google/compute/property/regionbackendservice_consistent_hash_http_cookie_ttl'
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceConsistentHash
+ attr_reader :http_cookie
+
+ attr_reader :http_header_name
+
+ attr_reader :minimum_ring_size
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @http_cookie = GoogleInSpec::Compute::Property::RegionBackendServiceConsistentHashHttpCookie.new(args['httpCookie'], to_s)
+ @http_header_name = args['httpHeaderName']
+ @minimum_ring_size = args['minimumRingSize']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceConsistentHash"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regionbackendservice_consistent_hash_http_cookie.rb b/libraries/google/compute/property/regionbackendservice_consistent_hash_http_cookie.rb
new file mode 100644
index 000000000..b89dd8554
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_consistent_hash_http_cookie.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/regionbackendservice_consistent_hash_http_cookie_ttl'
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceConsistentHashHttpCookie
+ attr_reader :ttl
+
+ attr_reader :name
+
+ attr_reader :path
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @ttl = GoogleInSpec::Compute::Property::RegionBackendServiceConsistentHashHttpCookieTtl.new(args['ttl'], to_s)
+ @name = args['name']
+ @path = args['path']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceConsistentHashHttpCookie"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regionbackendservice_consistent_hash_http_cookie_ttl.rb b/libraries/google/compute/property/regionbackendservice_consistent_hash_http_cookie_ttl.rb
new file mode 100644
index 000000000..81fde2d61
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_consistent_hash_http_cookie_ttl.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceConsistentHashHttpCookieTtl
+ attr_reader :seconds
+
+ attr_reader :nanos
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @seconds = args['seconds']
+ @nanos = args['nanos']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceConsistentHashHttpCookieTtl"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regionbackendservice_failover_policy.rb b/libraries/google/compute/property/regionbackendservice_failover_policy.rb
new file mode 100644
index 000000000..6cd2bee39
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_failover_policy.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceFailoverPolicy
+ attr_reader :disable_connection_drain_on_failover
+
+ attr_reader :drop_traffic_if_unhealthy
+
+ attr_reader :failover_ratio
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @disable_connection_drain_on_failover = args['disableConnectionDrainOnFailover']
+ @drop_traffic_if_unhealthy = args['dropTrafficIfUnhealthy']
+ @failover_ratio = args['failoverRatio']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceFailoverPolicy"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regionbackendservice_log_config.rb b/libraries/google/compute/property/regionbackendservice_log_config.rb
new file mode 100644
index 000000000..0d9369cba
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_log_config.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceLogConfig
+ attr_reader :enable
+
+ attr_reader :sample_rate
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enable = args['enable']
+ @sample_rate = args['sampleRate']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceLogConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regionbackendservice_outlier_detection.rb b/libraries/google/compute/property/regionbackendservice_outlier_detection.rb
new file mode 100644
index 000000000..5b0e2f374
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_outlier_detection.rb
@@ -0,0 +1,66 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/compute/property/regionbackendservice_outlier_detection_base_ejection_time'
+require 'google/compute/property/regionbackendservice_outlier_detection_interval'
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceOutlierDetection
+ attr_reader :base_ejection_time
+
+ attr_reader :consecutive_errors
+
+ attr_reader :consecutive_gateway_failure
+
+ attr_reader :enforcing_consecutive_errors
+
+ attr_reader :enforcing_consecutive_gateway_failure
+
+ attr_reader :enforcing_success_rate
+
+ attr_reader :interval
+
+ attr_reader :max_ejection_percent
+
+ attr_reader :success_rate_minimum_hosts
+
+ attr_reader :success_rate_request_volume
+
+ attr_reader :success_rate_stdev_factor
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @base_ejection_time = GoogleInSpec::Compute::Property::RegionBackendServiceOutlierDetectionBaseEjectionTime.new(args['baseEjectionTime'], to_s)
+ @consecutive_errors = args['consecutiveErrors']
+ @consecutive_gateway_failure = args['consecutiveGatewayFailure']
+ @enforcing_consecutive_errors = args['enforcingConsecutiveErrors']
+ @enforcing_consecutive_gateway_failure = args['enforcingConsecutiveGatewayFailure']
+ @enforcing_success_rate = args['enforcingSuccessRate']
+ @interval = GoogleInSpec::Compute::Property::RegionBackendServiceOutlierDetectionInterval.new(args['interval'], to_s)
+ @max_ejection_percent = args['maxEjectionPercent']
+ @success_rate_minimum_hosts = args['successRateMinimumHosts']
+ @success_rate_request_volume = args['successRateRequestVolume']
+ @success_rate_stdev_factor = args['successRateStdevFactor']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceOutlierDetection"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regionbackendservice_outlier_detection_base_ejection_time.rb b/libraries/google/compute/property/regionbackendservice_outlier_detection_base_ejection_time.rb
new file mode 100644
index 000000000..133cb360d
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_outlier_detection_base_ejection_time.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceOutlierDetectionBaseEjectionTime
+ attr_reader :seconds
+
+ attr_reader :nanos
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @seconds = args['seconds']
+ @nanos = args['nanos']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceOutlierDetectionBaseEjectionTime"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regionbackendservice_outlier_detection_interval.rb b/libraries/google/compute/property/regionbackendservice_outlier_detection_interval.rb
new file mode 100644
index 000000000..3d181f2a2
--- /dev/null
+++ b/libraries/google/compute/property/regionbackendservice_outlier_detection_interval.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionBackendServiceOutlierDetectionInterval
+ attr_reader :seconds
+
+ attr_reader :nanos
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @seconds = args['seconds']
+ @nanos = args['nanos']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionBackendServiceOutlierDetectionInterval"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regioninstancegroupmanager_auto_healing_policies.rb b/libraries/google/compute/property/regioninstancegroupmanager_auto_healing_policies.rb
new file mode 100644
index 000000000..c58e2e993
--- /dev/null
+++ b/libraries/google/compute/property/regioninstancegroupmanager_auto_healing_policies.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionInstanceGroupManagerAutoHealingPolicies
+ attr_reader :health_check
+
+ attr_reader :initial_delay_sec
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @health_check = args['healthCheck']
+ @initial_delay_sec = args['initialDelaySec']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionInstanceGroupManagerAutoHealingPolicies"
+ end
+ end
+
+ class RegionInstanceGroupManagerAutoHealingPoliciesArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return RegionInstanceGroupManagerAutoHealingPolicies.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| RegionInstanceGroupManagerAutoHealingPolicies.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regioninstancegroupmanager_current_actions.rb b/libraries/google/compute/property/regioninstancegroupmanager_current_actions.rb
new file mode 100644
index 000000000..d924fff5a
--- /dev/null
+++ b/libraries/google/compute/property/regioninstancegroupmanager_current_actions.rb
@@ -0,0 +1,55 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionInstanceGroupManagerCurrentActions
+ attr_reader :abandoning
+
+ attr_reader :creating
+
+ attr_reader :creating_without_retries
+
+ attr_reader :deleting
+
+ attr_reader :none
+
+ attr_reader :recreating
+
+ attr_reader :refreshing
+
+ attr_reader :restarting
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @abandoning = args['abandoning']
+ @creating = args['creating']
+ @creating_without_retries = args['creatingWithoutRetries']
+ @deleting = args['deleting']
+ @none = args['none']
+ @recreating = args['recreating']
+ @refreshing = args['refreshing']
+ @restarting = args['restarting']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionInstanceGroupManagerCurrentActions"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/regioninstancegroupmanager_named_ports.rb b/libraries/google/compute/property/regioninstancegroupmanager_named_ports.rb
new file mode 100644
index 000000000..8cf716676
--- /dev/null
+++ b/libraries/google/compute/property/regioninstancegroupmanager_named_ports.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class RegionInstanceGroupManagerNamedPorts
+ attr_reader :name
+
+ attr_reader :port
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @name = args['name']
+ @port = args['port']
+ end
+
+ def to_s
+ "#{@parent_identifier} RegionInstanceGroupManagerNamedPorts"
+ end
+ end
+
+ class RegionInstanceGroupManagerNamedPortsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return RegionInstanceGroupManagerNamedPorts.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| RegionInstanceGroupManagerNamedPorts.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/subnetwork_log_config.rb b/libraries/google/compute/property/subnetwork_log_config.rb
new file mode 100644
index 000000000..fd9b75de4
--- /dev/null
+++ b/libraries/google/compute/property/subnetwork_log_config.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class SubnetworkLogConfig
+ attr_reader :enable
+
+ attr_reader :aggregation_interval
+
+ attr_reader :flow_sampling
+
+ attr_reader :metadata
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enable = args['enable']
+ @aggregation_interval = args['aggregationInterval']
+ @flow_sampling = args['flowSampling']
+ @metadata = args['metadata']
+ end
+
+ def to_s
+ "#{@parent_identifier} SubnetworkLogConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/subnetwork_secondary_ip_ranges.rb b/libraries/google/compute/property/subnetwork_secondary_ip_ranges.rb
new file mode 100644
index 000000000..1d887119a
--- /dev/null
+++ b/libraries/google/compute/property/subnetwork_secondary_ip_ranges.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class SubnetworkSecondaryIpRanges
+ attr_reader :range_name
+
+ attr_reader :ip_cidr_range
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @range_name = args['rangeName']
+ @ip_cidr_range = args['ipCidrRange']
+ end
+
+ def to_s
+ "#{@parent_identifier} SubnetworkSecondaryIpRanges"
+ end
+ end
+
+ class SubnetworkSecondaryIpRangesArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return SubnetworkSecondaryIpRanges.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| SubnetworkSecondaryIpRanges.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/compute/property/zone_deprecated.rb b/libraries/google/compute/property/zone_deprecated.rb
new file mode 100644
index 000000000..263636681
--- /dev/null
+++ b/libraries/google/compute/property/zone_deprecated.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Compute
+ module Property
+ class ZoneDeprecated
+ attr_reader :deleted
+
+ attr_reader :deprecated
+
+ attr_reader :obsolete
+
+ attr_reader :replacement
+
+ attr_reader :state
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @deleted = parse_time_string(args['deleted'])
+ @deprecated = parse_time_string(args['deprecated'])
+ @obsolete = parse_time_string(args['obsolete'])
+ @replacement = args['replacement']
+ @state = args['state']
+ end
+
+ def to_s
+ "#{@parent_identifier} ZoneDeprecated"
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/container/property/regionalcluster_addons_config.rb b/libraries/google/container/property/cluster_addons_config.rb
similarity index 61%
rename from libraries/google/container/property/regionalcluster_addons_config.rb
rename to libraries/google/container/property/cluster_addons_config.rb
index 19f72e94b..0dd4c2c21 100644
--- a/libraries/google/container/property/regionalcluster_addons_config.rb
+++ b/libraries/google/container/property/cluster_addons_config.rb
@@ -13,14 +13,14 @@
# CONTRIBUTING.md located at the root of this package.
#
# ----------------------------------------------------------------------------
-require 'google/container/property/regionalcluster_addons_config_horizontal_pod_autoscaling'
-require 'google/container/property/regionalcluster_addons_config_http_load_balancing'
-require 'google/container/property/regionalcluster_addons_config_kubernetes_dashboard'
-require 'google/container/property/regionalcluster_addons_config_network_policy_config'
+require 'google/container/property/cluster_addons_config_horizontal_pod_autoscaling'
+require 'google/container/property/cluster_addons_config_http_load_balancing'
+require 'google/container/property/cluster_addons_config_kubernetes_dashboard'
+require 'google/container/property/cluster_addons_config_network_policy_config'
module GoogleInSpec
module Container
module Property
- class RegionalClusterAddonsConfig
+ class ClusterAddonsConfig
attr_reader :http_load_balancing
attr_reader :horizontal_pod_autoscaling
@@ -32,14 +32,14 @@ class RegionalClusterAddonsConfig
def initialize(args = nil, parent_identifier = nil)
return if args.nil?
@parent_identifier = parent_identifier
- @http_load_balancing = GoogleInSpec::Container::Property::RegionalClusterAddonsConfigHttpLoadBalancing.new(args['httpLoadBalancing'], to_s)
- @horizontal_pod_autoscaling = GoogleInSpec::Container::Property::RegionalClusterAddonsConfigHorizontalPodAutoscaling.new(args['horizontalPodAutoscaling'], to_s)
- @kubernetes_dashboard = GoogleInSpec::Container::Property::RegionalClusterAddonsConfigKubernetesDashboard.new(args['kubernetesDashboard'], to_s)
- @network_policy_config = GoogleInSpec::Container::Property::RegionalClusterAddonsConfigNetworkPolicyConfig.new(args['networkPolicyConfig'], to_s)
+ @http_load_balancing = GoogleInSpec::Container::Property::ClusterAddonsConfigHttpLoadBalancing.new(args['httpLoadBalancing'], to_s)
+ @horizontal_pod_autoscaling = GoogleInSpec::Container::Property::ClusterAddonsConfigHorizontalPodAutoscaling.new(args['horizontalPodAutoscaling'], to_s)
+ @kubernetes_dashboard = GoogleInSpec::Container::Property::ClusterAddonsConfigKubernetesDashboard.new(args['kubernetesDashboard'], to_s)
+ @network_policy_config = GoogleInSpec::Container::Property::ClusterAddonsConfigNetworkPolicyConfig.new(args['networkPolicyConfig'], to_s)
end
def to_s
- "#{@parent_identifier} RegionalClusterAddonsConfig"
+ "#{@parent_identifier} ClusterAddonsConfig"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_addons_config_http_load_balancing.rb b/libraries/google/container/property/cluster_addons_config_horizontal_pod_autoscaling.rb
similarity index 87%
rename from libraries/google/container/property/regionalcluster_addons_config_http_load_balancing.rb
rename to libraries/google/container/property/cluster_addons_config_horizontal_pod_autoscaling.rb
index 35c6ed2b0..b7180f9bb 100644
--- a/libraries/google/container/property/regionalcluster_addons_config_http_load_balancing.rb
+++ b/libraries/google/container/property/cluster_addons_config_horizontal_pod_autoscaling.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterAddonsConfigHttpLoadBalancing
+ class ClusterAddonsConfigHorizontalPodAutoscaling
attr_reader :disabled
def initialize(args = nil, parent_identifier = nil)
@@ -26,7 +26,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterAddonsConfigHttpLoadBalancing"
+ "#{@parent_identifier} ClusterAddonsConfigHorizontalPodAutoscaling"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_addons_config_network_policy_config.rb b/libraries/google/container/property/cluster_addons_config_http_load_balancing.rb
similarity index 87%
rename from libraries/google/container/property/regionalcluster_addons_config_network_policy_config.rb
rename to libraries/google/container/property/cluster_addons_config_http_load_balancing.rb
index f1c764d4c..a4c68c5cc 100644
--- a/libraries/google/container/property/regionalcluster_addons_config_network_policy_config.rb
+++ b/libraries/google/container/property/cluster_addons_config_http_load_balancing.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterAddonsConfigNetworkPolicyConfig
+ class ClusterAddonsConfigHttpLoadBalancing
attr_reader :disabled
def initialize(args = nil, parent_identifier = nil)
@@ -26,7 +26,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterAddonsConfigNetworkPolicyConfig"
+ "#{@parent_identifier} ClusterAddonsConfigHttpLoadBalancing"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_addons_config_kubernetes_dashboard.rb b/libraries/google/container/property/cluster_addons_config_kubernetes_dashboard.rb
similarity index 87%
rename from libraries/google/container/property/regionalcluster_addons_config_kubernetes_dashboard.rb
rename to libraries/google/container/property/cluster_addons_config_kubernetes_dashboard.rb
index af2ccd01c..7a4ebe5df 100644
--- a/libraries/google/container/property/regionalcluster_addons_config_kubernetes_dashboard.rb
+++ b/libraries/google/container/property/cluster_addons_config_kubernetes_dashboard.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterAddonsConfigKubernetesDashboard
+ class ClusterAddonsConfigKubernetesDashboard
attr_reader :disabled
def initialize(args = nil, parent_identifier = nil)
@@ -26,7 +26,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterAddonsConfigKubernetesDashboard"
+ "#{@parent_identifier} ClusterAddonsConfigKubernetesDashboard"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_addons_config_horizontal_pod_autoscaling.rb b/libraries/google/container/property/cluster_addons_config_network_policy_config.rb
similarity index 86%
rename from libraries/google/container/property/regionalcluster_addons_config_horizontal_pod_autoscaling.rb
rename to libraries/google/container/property/cluster_addons_config_network_policy_config.rb
index 1feff5e48..2b173c1d4 100644
--- a/libraries/google/container/property/regionalcluster_addons_config_horizontal_pod_autoscaling.rb
+++ b/libraries/google/container/property/cluster_addons_config_network_policy_config.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterAddonsConfigHorizontalPodAutoscaling
+ class ClusterAddonsConfigNetworkPolicyConfig
attr_reader :disabled
def initialize(args = nil, parent_identifier = nil)
@@ -26,7 +26,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterAddonsConfigHorizontalPodAutoscaling"
+ "#{@parent_identifier} ClusterAddonsConfigNetworkPolicyConfig"
end
end
end
diff --git a/libraries/google/container/property/cluster_binary_authorization.rb b/libraries/google/container/property/cluster_binary_authorization.rb
new file mode 100644
index 000000000..5822105e1
--- /dev/null
+++ b/libraries/google/container/property/cluster_binary_authorization.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Container
+ module Property
+ class ClusterBinaryAuthorization
+ attr_reader :enabled
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enabled = args['enabled']
+ end
+
+ def to_s
+ "#{@parent_identifier} ClusterBinaryAuthorization"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/container/property/regionalcluster_conditions.rb b/libraries/google/container/property/cluster_conditions.rb
similarity index 77%
rename from libraries/google/container/property/regionalcluster_conditions.rb
rename to libraries/google/container/property/cluster_conditions.rb
index e434b6d07..df9a1d026 100644
--- a/libraries/google/container/property/regionalcluster_conditions.rb
+++ b/libraries/google/container/property/cluster_conditions.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterConditions
+ class ClusterConditions
attr_reader :code
attr_reader :message
@@ -29,15 +29,15 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterConditions"
+ "#{@parent_identifier} ClusterConditions"
end
end
- class RegionalClusterConditionsArray
+ class ClusterConditionsArray
def self.parse(value, parent_identifier)
return if value.nil?
- return RegionalClusterConditions.new(value, parent_identifier) unless value.is_a?(::Array)
- value.map { |v| RegionalClusterConditions.new(v, parent_identifier) }
+ return ClusterConditions.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ClusterConditions.new(v, parent_identifier) }
end
end
end
diff --git a/libraries/google/container/property/regionalnodepool_max_pods_constraint.rb b/libraries/google/container/property/cluster_default_max_pods_constraint.rb
similarity index 89%
rename from libraries/google/container/property/regionalnodepool_max_pods_constraint.rb
rename to libraries/google/container/property/cluster_default_max_pods_constraint.rb
index 1aa36aa24..e0ae070fa 100644
--- a/libraries/google/container/property/regionalnodepool_max_pods_constraint.rb
+++ b/libraries/google/container/property/cluster_default_max_pods_constraint.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalNodePoolMaxPodsConstraint
+ class ClusterDefaultMaxPodsConstraint
attr_reader :max_pods_per_node
def initialize(args = nil, parent_identifier = nil)
@@ -26,7 +26,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalNodePoolMaxPodsConstraint"
+ "#{@parent_identifier} ClusterDefaultMaxPodsConstraint"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_ip_allocation_policy.rb b/libraries/google/container/property/cluster_ip_allocation_policy.rb
similarity index 94%
rename from libraries/google/container/property/regionalcluster_ip_allocation_policy.rb
rename to libraries/google/container/property/cluster_ip_allocation_policy.rb
index ca890adc2..52a5321aa 100644
--- a/libraries/google/container/property/regionalcluster_ip_allocation_policy.rb
+++ b/libraries/google/container/property/cluster_ip_allocation_policy.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterIpAllocationPolicy
+ class ClusterIpAllocationPolicy
attr_reader :use_ip_aliases
attr_reader :create_subnetwork
@@ -50,7 +50,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterIpAllocationPolicy"
+ "#{@parent_identifier} ClusterIpAllocationPolicy"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_legacy_abac.rb b/libraries/google/container/property/cluster_legacy_abac.rb
similarity index 90%
rename from libraries/google/container/property/regionalcluster_legacy_abac.rb
rename to libraries/google/container/property/cluster_legacy_abac.rb
index e4dcc7a07..bd1f1a7de 100644
--- a/libraries/google/container/property/regionalcluster_legacy_abac.rb
+++ b/libraries/google/container/property/cluster_legacy_abac.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterLegacyAbac
+ class ClusterLegacyAbac
attr_reader :enabled
def initialize(args = nil, parent_identifier = nil)
@@ -26,7 +26,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterLegacyAbac"
+ "#{@parent_identifier} ClusterLegacyAbac"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_master_auth.rb b/libraries/google/container/property/cluster_master_auth.rb
similarity index 83%
rename from libraries/google/container/property/regionalcluster_master_auth.rb
rename to libraries/google/container/property/cluster_master_auth.rb
index fd42fe7d9..0237f232d 100644
--- a/libraries/google/container/property/regionalcluster_master_auth.rb
+++ b/libraries/google/container/property/cluster_master_auth.rb
@@ -13,11 +13,11 @@
# CONTRIBUTING.md located at the root of this package.
#
# ----------------------------------------------------------------------------
-require 'google/container/property/regionalcluster_master_auth_client_certificate_config'
+require 'google/container/property/cluster_master_auth_client_certificate_config'
module GoogleInSpec
module Container
module Property
- class RegionalClusterMasterAuth
+ class ClusterMasterAuth
attr_reader :username
attr_reader :password
@@ -35,14 +35,14 @@ def initialize(args = nil, parent_identifier = nil)
@parent_identifier = parent_identifier
@username = args['username']
@password = args['password']
- @client_certificate_config = GoogleInSpec::Container::Property::RegionalClusterMasterAuthClientCertificateConfig.new(args['clientCertificateConfig'], to_s)
+ @client_certificate_config = GoogleInSpec::Container::Property::ClusterMasterAuthClientCertificateConfig.new(args['clientCertificateConfig'], to_s)
@cluster_ca_certificate = args['clusterCaCertificate']
@client_certificate = args['clientCertificate']
@client_key = args['clientKey']
end
def to_s
- "#{@parent_identifier} RegionalClusterMasterAuth"
+ "#{@parent_identifier} ClusterMasterAuth"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_master_auth_client_certificate_config.rb b/libraries/google/container/property/cluster_master_auth_client_certificate_config.rb
similarity index 87%
rename from libraries/google/container/property/regionalcluster_master_auth_client_certificate_config.rb
rename to libraries/google/container/property/cluster_master_auth_client_certificate_config.rb
index 12b0f074e..f5935aa95 100644
--- a/libraries/google/container/property/regionalcluster_master_auth_client_certificate_config.rb
+++ b/libraries/google/container/property/cluster_master_auth_client_certificate_config.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterMasterAuthClientCertificateConfig
+ class ClusterMasterAuthClientCertificateConfig
attr_reader :issue_client_certificate
def initialize(args = nil, parent_identifier = nil)
@@ -26,7 +26,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterMasterAuthClientCertificateConfig"
+ "#{@parent_identifier} ClusterMasterAuthClientCertificateConfig"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_master_authorized_networks_config.rb b/libraries/google/container/property/cluster_master_authorized_networks_config.rb
similarity index 71%
rename from libraries/google/container/property/regionalcluster_master_authorized_networks_config.rb
rename to libraries/google/container/property/cluster_master_authorized_networks_config.rb
index a84d0f462..41011262c 100644
--- a/libraries/google/container/property/regionalcluster_master_authorized_networks_config.rb
+++ b/libraries/google/container/property/cluster_master_authorized_networks_config.rb
@@ -13,11 +13,11 @@
# CONTRIBUTING.md located at the root of this package.
#
# ----------------------------------------------------------------------------
-require 'google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks'
+require 'google/container/property/cluster_master_authorized_networks_config_cidr_blocks'
module GoogleInSpec
module Container
module Property
- class RegionalClusterMasterAuthorizedNetworksConfig
+ class ClusterMasterAuthorizedNetworksConfig
attr_reader :enabled
attr_reader :cidr_blocks
@@ -26,11 +26,11 @@ def initialize(args = nil, parent_identifier = nil)
return if args.nil?
@parent_identifier = parent_identifier
@enabled = args['enabled']
- @cidr_blocks = GoogleInSpec::Container::Property::RegionalClusterMasterAuthorizedNetworksConfigCidrBlocksArray.parse(args['cidrBlocks'], to_s)
+ @cidr_blocks = GoogleInSpec::Container::Property::ClusterMasterAuthorizedNetworksConfigCidrBlocksArray.parse(args['cidrBlocks'], to_s)
end
def to_s
- "#{@parent_identifier} RegionalClusterMasterAuthorizedNetworksConfig"
+ "#{@parent_identifier} ClusterMasterAuthorizedNetworksConfig"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks.rb b/libraries/google/container/property/cluster_master_authorized_networks_config_cidr_blocks.rb
similarity index 70%
rename from libraries/google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks.rb
rename to libraries/google/container/property/cluster_master_authorized_networks_config_cidr_blocks.rb
index 56152446d..2add5b8f0 100644
--- a/libraries/google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks.rb
+++ b/libraries/google/container/property/cluster_master_authorized_networks_config_cidr_blocks.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterMasterAuthorizedNetworksConfigCidrBlocks
+ class ClusterMasterAuthorizedNetworksConfigCidrBlocks
attr_reader :display_name
attr_reader :cidr_block
@@ -29,15 +29,15 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterMasterAuthorizedNetworksConfigCidrBlocks"
+ "#{@parent_identifier} ClusterMasterAuthorizedNetworksConfigCidrBlocks"
end
end
- class RegionalClusterMasterAuthorizedNetworksConfigCidrBlocksArray
+ class ClusterMasterAuthorizedNetworksConfigCidrBlocksArray
def self.parse(value, parent_identifier)
return if value.nil?
- return RegionalClusterMasterAuthorizedNetworksConfigCidrBlocks.new(value, parent_identifier) unless value.is_a?(::Array)
- value.map { |v| RegionalClusterMasterAuthorizedNetworksConfigCidrBlocks.new(v, parent_identifier) }
+ return ClusterMasterAuthorizedNetworksConfigCidrBlocks.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ClusterMasterAuthorizedNetworksConfigCidrBlocks.new(v, parent_identifier) }
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_network_policy.rb b/libraries/google/container/property/cluster_network_policy.rb
similarity index 90%
rename from libraries/google/container/property/regionalcluster_network_policy.rb
rename to libraries/google/container/property/cluster_network_policy.rb
index c9b632348..632158c00 100644
--- a/libraries/google/container/property/regionalcluster_network_policy.rb
+++ b/libraries/google/container/property/cluster_network_policy.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterNetworkPolicy
+ class ClusterNetworkPolicy
attr_reader :provider
attr_reader :enabled
@@ -29,7 +29,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterNetworkPolicy"
+ "#{@parent_identifier} ClusterNetworkPolicy"
end
end
end
diff --git a/libraries/google/container/property/regionalnodepool_config.rb b/libraries/google/container/property/cluster_node_config.rb
similarity index 79%
rename from libraries/google/container/property/regionalnodepool_config.rb
rename to libraries/google/container/property/cluster_node_config.rb
index cfb550777..674e292e4 100644
--- a/libraries/google/container/property/regionalnodepool_config.rb
+++ b/libraries/google/container/property/cluster_node_config.rb
@@ -13,12 +13,12 @@
# CONTRIBUTING.md located at the root of this package.
#
# ----------------------------------------------------------------------------
-require 'google/container/property/regionalnodepool_config_accelerators'
-require 'google/container/property/regionalnodepool_config_taints'
+require 'google/container/property/cluster_node_config_accelerators'
+require 'google/container/property/cluster_node_config_taints'
module GoogleInSpec
module Container
module Property
- class RegionalNodePoolConfig
+ class ClusterNodeConfig
attr_reader :machine_type
attr_reader :disk_size_gb
@@ -60,14 +60,14 @@ def initialize(args = nil, parent_identifier = nil)
@local_ssd_count = args['localSsdCount']
@tags = args['tags']
@preemptible = args['preemptible']
- @accelerators = GoogleInSpec::Container::Property::RegionalNodePoolConfigAcceleratorsArray.parse(args['accelerators'], to_s)
+ @accelerators = GoogleInSpec::Container::Property::ClusterNodeConfigAcceleratorsArray.parse(args['accelerators'], to_s)
@disk_type = args['diskType']
@min_cpu_platform = args['minCpuPlatform']
- @taints = GoogleInSpec::Container::Property::RegionalNodePoolConfigTaintsArray.parse(args['taints'], to_s)
+ @taints = GoogleInSpec::Container::Property::ClusterNodeConfigTaintsArray.parse(args['taints'], to_s)
end
def to_s
- "#{@parent_identifier} RegionalNodePoolConfig"
+ "#{@parent_identifier} ClusterNodeConfig"
end
end
end
diff --git a/libraries/google/container/property/regionalnodepool_config_accelerators.rb b/libraries/google/container/property/cluster_node_config_accelerators.rb
similarity index 76%
rename from libraries/google/container/property/regionalnodepool_config_accelerators.rb
rename to libraries/google/container/property/cluster_node_config_accelerators.rb
index f0a167fa2..05b310a34 100644
--- a/libraries/google/container/property/regionalnodepool_config_accelerators.rb
+++ b/libraries/google/container/property/cluster_node_config_accelerators.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalNodePoolConfigAccelerators
+ class ClusterNodeConfigAccelerators
attr_reader :accelerator_count
attr_reader :accelerator_type
@@ -29,15 +29,15 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalNodePoolConfigAccelerators"
+ "#{@parent_identifier} ClusterNodeConfigAccelerators"
end
end
- class RegionalNodePoolConfigAcceleratorsArray
+ class ClusterNodeConfigAcceleratorsArray
def self.parse(value, parent_identifier)
return if value.nil?
- return RegionalNodePoolConfigAccelerators.new(value, parent_identifier) unless value.is_a?(::Array)
- value.map { |v| RegionalNodePoolConfigAccelerators.new(v, parent_identifier) }
+ return ClusterNodeConfigAccelerators.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ClusterNodeConfigAccelerators.new(v, parent_identifier) }
end
end
end
diff --git a/libraries/google/container/property/regionalnodepool_config_taints.rb b/libraries/google/container/property/cluster_node_config_taints.rb
similarity index 77%
rename from libraries/google/container/property/regionalnodepool_config_taints.rb
rename to libraries/google/container/property/cluster_node_config_taints.rb
index 5614cc833..83e06931f 100644
--- a/libraries/google/container/property/regionalnodepool_config_taints.rb
+++ b/libraries/google/container/property/cluster_node_config_taints.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalNodePoolConfigTaints
+ class ClusterNodeConfigTaints
attr_reader :key
attr_reader :value
@@ -32,15 +32,15 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalNodePoolConfigTaints"
+ "#{@parent_identifier} ClusterNodeConfigTaints"
end
end
- class RegionalNodePoolConfigTaintsArray
+ class ClusterNodeConfigTaintsArray
def self.parse(value, parent_identifier)
return if value.nil?
- return RegionalNodePoolConfigTaints.new(value, parent_identifier) unless value.is_a?(::Array)
- value.map { |v| RegionalNodePoolConfigTaints.new(v, parent_identifier) }
+ return ClusterNodeConfigTaints.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ClusterNodeConfigTaints.new(v, parent_identifier) }
end
end
end
diff --git a/libraries/google/container/property/cluster_node_pools.rb b/libraries/google/container/property/cluster_node_pools.rb
new file mode 100644
index 000000000..4c7e70446
--- /dev/null
+++ b/libraries/google/container/property/cluster_node_pools.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Container
+ module Property
+ class ClusterNodePools
+ attr_reader :name
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @name = args['name']
+ end
+
+ def to_s
+ "#{@parent_identifier} ClusterNodePools"
+ end
+ end
+
+ class ClusterNodePoolsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return ClusterNodePools.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ClusterNodePools.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/container/property/cluster_pod_security_policy_config.rb b/libraries/google/container/property/cluster_pod_security_policy_config.rb
new file mode 100644
index 000000000..d706956f1
--- /dev/null
+++ b/libraries/google/container/property/cluster_pod_security_policy_config.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Container
+ module Property
+ class ClusterPodSecurityPolicyConfig
+ attr_reader :enabled
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enabled = args['enabled']
+ end
+
+ def to_s
+ "#{@parent_identifier} ClusterPodSecurityPolicyConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/container/property/regionalcluster_private_cluster_config.rb b/libraries/google/container/property/cluster_private_cluster_config.rb
similarity index 92%
rename from libraries/google/container/property/regionalcluster_private_cluster_config.rb
rename to libraries/google/container/property/cluster_private_cluster_config.rb
index 39c96bc51..cc6483cc8 100644
--- a/libraries/google/container/property/regionalcluster_private_cluster_config.rb
+++ b/libraries/google/container/property/cluster_private_cluster_config.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterPrivateClusterConfig
+ class ClusterPrivateClusterConfig
attr_reader :enable_private_nodes
attr_reader :enable_private_endpoint
@@ -38,7 +38,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterPrivateClusterConfig"
+ "#{@parent_identifier} ClusterPrivateClusterConfig"
end
end
end
diff --git a/libraries/google/container/property/regionalnodepool_autoscaling.rb b/libraries/google/container/property/nodepool_autoscaling.rb
similarity index 91%
rename from libraries/google/container/property/regionalnodepool_autoscaling.rb
rename to libraries/google/container/property/nodepool_autoscaling.rb
index 78a74bf97..274b9cbf2 100644
--- a/libraries/google/container/property/regionalnodepool_autoscaling.rb
+++ b/libraries/google/container/property/nodepool_autoscaling.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalNodePoolAutoscaling
+ class NodePoolAutoscaling
attr_reader :enabled
attr_reader :min_node_count
@@ -32,7 +32,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalNodePoolAutoscaling"
+ "#{@parent_identifier} NodePoolAutoscaling"
end
end
end
diff --git a/libraries/google/container/property/regionalnodepool_conditions.rb b/libraries/google/container/property/nodepool_conditions.rb
similarity index 76%
rename from libraries/google/container/property/regionalnodepool_conditions.rb
rename to libraries/google/container/property/nodepool_conditions.rb
index dfdbac2d2..0d5bc28c6 100644
--- a/libraries/google/container/property/regionalnodepool_conditions.rb
+++ b/libraries/google/container/property/nodepool_conditions.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalNodePoolConditions
+ class NodePoolConditions
attr_reader :code
def initialize(args = nil, parent_identifier = nil)
@@ -26,15 +26,15 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalNodePoolConditions"
+ "#{@parent_identifier} NodePoolConditions"
end
end
- class RegionalNodePoolConditionsArray
+ class NodePoolConditionsArray
def self.parse(value, parent_identifier)
return if value.nil?
- return RegionalNodePoolConditions.new(value, parent_identifier) unless value.is_a?(::Array)
- value.map { |v| RegionalNodePoolConditions.new(v, parent_identifier) }
+ return NodePoolConditions.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| NodePoolConditions.new(v, parent_identifier) }
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_node_config.rb b/libraries/google/container/property/nodepool_config.rb
similarity index 78%
rename from libraries/google/container/property/regionalcluster_node_config.rb
rename to libraries/google/container/property/nodepool_config.rb
index 0d357543a..f2f00dd8f 100644
--- a/libraries/google/container/property/regionalcluster_node_config.rb
+++ b/libraries/google/container/property/nodepool_config.rb
@@ -13,12 +13,12 @@
# CONTRIBUTING.md located at the root of this package.
#
# ----------------------------------------------------------------------------
-require 'google/container/property/regionalcluster_node_config_accelerators'
-require 'google/container/property/regionalcluster_node_config_taints'
+require 'google/container/property/nodepool_config_accelerators'
+require 'google/container/property/nodepool_config_taints'
module GoogleInSpec
module Container
module Property
- class RegionalClusterNodeConfig
+ class NodePoolConfig
attr_reader :machine_type
attr_reader :disk_size_gb
@@ -60,14 +60,14 @@ def initialize(args = nil, parent_identifier = nil)
@local_ssd_count = args['localSsdCount']
@tags = args['tags']
@preemptible = args['preemptible']
- @accelerators = GoogleInSpec::Container::Property::RegionalClusterNodeConfigAcceleratorsArray.parse(args['accelerators'], to_s)
+ @accelerators = GoogleInSpec::Container::Property::NodePoolConfigAcceleratorsArray.parse(args['accelerators'], to_s)
@disk_type = args['diskType']
@min_cpu_platform = args['minCpuPlatform']
- @taints = GoogleInSpec::Container::Property::RegionalClusterNodeConfigTaintsArray.parse(args['taints'], to_s)
+ @taints = GoogleInSpec::Container::Property::NodePoolConfigTaintsArray.parse(args['taints'], to_s)
end
def to_s
- "#{@parent_identifier} RegionalClusterNodeConfig"
+ "#{@parent_identifier} NodePoolConfig"
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_node_config_accelerators.rb b/libraries/google/container/property/nodepool_config_accelerators.rb
similarity index 75%
rename from libraries/google/container/property/regionalcluster_node_config_accelerators.rb
rename to libraries/google/container/property/nodepool_config_accelerators.rb
index 66f3f6841..fc2ca1f25 100644
--- a/libraries/google/container/property/regionalcluster_node_config_accelerators.rb
+++ b/libraries/google/container/property/nodepool_config_accelerators.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterNodeConfigAccelerators
+ class NodePoolConfigAccelerators
attr_reader :accelerator_count
attr_reader :accelerator_type
@@ -29,15 +29,15 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterNodeConfigAccelerators"
+ "#{@parent_identifier} NodePoolConfigAccelerators"
end
end
- class RegionalClusterNodeConfigAcceleratorsArray
+ class NodePoolConfigAcceleratorsArray
def self.parse(value, parent_identifier)
return if value.nil?
- return RegionalClusterNodeConfigAccelerators.new(value, parent_identifier) unless value.is_a?(::Array)
- value.map { |v| RegionalClusterNodeConfigAccelerators.new(v, parent_identifier) }
+ return NodePoolConfigAccelerators.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| NodePoolConfigAccelerators.new(v, parent_identifier) }
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_node_config_taints.rb b/libraries/google/container/property/nodepool_config_taints.rb
similarity index 76%
rename from libraries/google/container/property/regionalcluster_node_config_taints.rb
rename to libraries/google/container/property/nodepool_config_taints.rb
index bf4807c42..beca04ce6 100644
--- a/libraries/google/container/property/regionalcluster_node_config_taints.rb
+++ b/libraries/google/container/property/nodepool_config_taints.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterNodeConfigTaints
+ class NodePoolConfigTaints
attr_reader :key
attr_reader :value
@@ -32,15 +32,15 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterNodeConfigTaints"
+ "#{@parent_identifier} NodePoolConfigTaints"
end
end
- class RegionalClusterNodeConfigTaintsArray
+ class NodePoolConfigTaintsArray
def self.parse(value, parent_identifier)
return if value.nil?
- return RegionalClusterNodeConfigTaints.new(value, parent_identifier) unless value.is_a?(::Array)
- value.map { |v| RegionalClusterNodeConfigTaints.new(v, parent_identifier) }
+ return NodePoolConfigTaints.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| NodePoolConfigTaints.new(v, parent_identifier) }
end
end
end
diff --git a/libraries/google/container/property/regionalnodepool_management.rb b/libraries/google/container/property/nodepool_management.rb
similarity index 81%
rename from libraries/google/container/property/regionalnodepool_management.rb
rename to libraries/google/container/property/nodepool_management.rb
index 790674859..dd3387b3e 100644
--- a/libraries/google/container/property/regionalnodepool_management.rb
+++ b/libraries/google/container/property/nodepool_management.rb
@@ -13,11 +13,11 @@
# CONTRIBUTING.md located at the root of this package.
#
# ----------------------------------------------------------------------------
-require 'google/container/property/regionalnodepool_management_upgrade_options'
+require 'google/container/property/nodepool_management_upgrade_options'
module GoogleInSpec
module Container
module Property
- class RegionalNodePoolManagement
+ class NodePoolManagement
attr_reader :auto_upgrade
attr_reader :auto_repair
@@ -29,11 +29,11 @@ def initialize(args = nil, parent_identifier = nil)
@parent_identifier = parent_identifier
@auto_upgrade = args['autoUpgrade']
@auto_repair = args['autoRepair']
- @upgrade_options = GoogleInSpec::Container::Property::RegionalNodePoolManagementUpgradeOptions.new(args['upgradeOptions'], to_s)
+ @upgrade_options = GoogleInSpec::Container::Property::NodePoolManagementUpgradeOptions.new(args['upgradeOptions'], to_s)
end
def to_s
- "#{@parent_identifier} RegionalNodePoolManagement"
+ "#{@parent_identifier} NodePoolManagement"
end
end
end
diff --git a/libraries/google/container/property/regionalnodepool_management_upgrade_options.rb b/libraries/google/container/property/nodepool_management_upgrade_options.rb
similarity index 80%
rename from libraries/google/container/property/regionalnodepool_management_upgrade_options.rb
rename to libraries/google/container/property/nodepool_management_upgrade_options.rb
index 9628a3dbe..4b0ca9894 100644
--- a/libraries/google/container/property/regionalnodepool_management_upgrade_options.rb
+++ b/libraries/google/container/property/nodepool_management_upgrade_options.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalNodePoolManagementUpgradeOptions
+ class NodePoolManagementUpgradeOptions
attr_reader :auto_upgrade_start_time
attr_reader :description
@@ -29,7 +29,12 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalNodePoolManagementUpgradeOptions"
+ "#{@parent_identifier} NodePoolManagementUpgradeOptions"
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
end
end
end
diff --git a/libraries/google/container/property/regionalcluster_default_max_pods_constraint.rb b/libraries/google/container/property/nodepool_max_pods_constraint.rb
similarity index 88%
rename from libraries/google/container/property/regionalcluster_default_max_pods_constraint.rb
rename to libraries/google/container/property/nodepool_max_pods_constraint.rb
index 8fd052f39..67019818d 100644
--- a/libraries/google/container/property/regionalcluster_default_max_pods_constraint.rb
+++ b/libraries/google/container/property/nodepool_max_pods_constraint.rb
@@ -16,7 +16,7 @@
module GoogleInSpec
module Container
module Property
- class RegionalClusterDefaultMaxPodsConstraint
+ class NodePoolMaxPodsConstraint
attr_reader :max_pods_per_node
def initialize(args = nil, parent_identifier = nil)
@@ -26,7 +26,7 @@ def initialize(args = nil, parent_identifier = nil)
end
def to_s
- "#{@parent_identifier} RegionalClusterDefaultMaxPodsConstraint"
+ "#{@parent_identifier} NodePoolMaxPodsConstraint"
end
end
end
diff --git a/libraries/google/dns/property/managedzone_dnssec_config.rb b/libraries/google/dns/property/managedzone_dnssec_config.rb
new file mode 100644
index 000000000..9d07e94ea
--- /dev/null
+++ b/libraries/google/dns/property/managedzone_dnssec_config.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/dns/property/managedzone_dnssec_config_default_key_specs'
+module GoogleInSpec
+ module DNS
+ module Property
+ class ManagedZoneDnssecConfig
+ attr_reader :kind
+
+ attr_reader :non_existence
+
+ attr_reader :state
+
+ attr_reader :default_key_specs
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @kind = args['kind']
+ @non_existence = args['nonExistence']
+ @state = args['state']
+ @default_key_specs = GoogleInSpec::DNS::Property::ManagedZoneDnssecConfigDefaultKeySpecsArray.parse(args['defaultKeySpecs'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} ManagedZoneDnssecConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/dns/property/managedzone_dnssec_config_default_key_specs.rb b/libraries/google/dns/property/managedzone_dnssec_config_default_key_specs.rb
new file mode 100644
index 000000000..ff636d8da
--- /dev/null
+++ b/libraries/google/dns/property/managedzone_dnssec_config_default_key_specs.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module DNS
+ module Property
+ class ManagedZoneDnssecConfigDefaultKeySpecs
+ attr_reader :algorithm
+
+ attr_reader :key_length
+
+ attr_reader :key_type
+
+ attr_reader :kind
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @algorithm = args['algorithm']
+ @key_length = args['keyLength']
+ @key_type = args['keyType']
+ @kind = args['kind']
+ end
+
+ def to_s
+ "#{@parent_identifier} ManagedZoneDnssecConfigDefaultKeySpecs"
+ end
+ end
+
+ class ManagedZoneDnssecConfigDefaultKeySpecsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return ManagedZoneDnssecConfigDefaultKeySpecs.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ManagedZoneDnssecConfigDefaultKeySpecs.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/dns/property/managedzone_forwarding_config.rb b/libraries/google/dns/property/managedzone_forwarding_config.rb
new file mode 100644
index 000000000..f2227b929
--- /dev/null
+++ b/libraries/google/dns/property/managedzone_forwarding_config.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/dns/property/managedzone_forwarding_config_target_name_servers'
+module GoogleInSpec
+ module DNS
+ module Property
+ class ManagedZoneForwardingConfig
+ attr_reader :target_name_servers
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @target_name_servers = GoogleInSpec::DNS::Property::ManagedZoneForwardingConfigTargetNameServersArray.parse(args['targetNameServers'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} ManagedZoneForwardingConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/dns/property/managedzone_forwarding_config_target_name_servers.rb b/libraries/google/dns/property/managedzone_forwarding_config_target_name_servers.rb
new file mode 100644
index 000000000..9fbef9a80
--- /dev/null
+++ b/libraries/google/dns/property/managedzone_forwarding_config_target_name_servers.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module DNS
+ module Property
+ class ManagedZoneForwardingConfigTargetNameServers
+ attr_reader :ipv4_address
+
+ attr_reader :forwarding_path
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @ipv4_address = args['ipv4Address']
+ @forwarding_path = args['forwardingPath']
+ end
+
+ def to_s
+ "#{@parent_identifier} ManagedZoneForwardingConfigTargetNameServers"
+ end
+ end
+
+ class ManagedZoneForwardingConfigTargetNameServersArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return ManagedZoneForwardingConfigTargetNameServers.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ManagedZoneForwardingConfigTargetNameServers.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/dns/property/managedzone_peering_config.rb b/libraries/google/dns/property/managedzone_peering_config.rb
new file mode 100644
index 000000000..44e432e0a
--- /dev/null
+++ b/libraries/google/dns/property/managedzone_peering_config.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/dns/property/managedzone_peering_config_target_network'
+module GoogleInSpec
+ module DNS
+ module Property
+ class ManagedZonePeeringConfig
+ attr_reader :target_network
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @target_network = GoogleInSpec::DNS::Property::ManagedZonePeeringConfigTargetNetwork.new(args['targetNetwork'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} ManagedZonePeeringConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/dns/property/managedzone_peering_config_target_network.rb b/libraries/google/dns/property/managedzone_peering_config_target_network.rb
new file mode 100644
index 000000000..82e92cfc8
--- /dev/null
+++ b/libraries/google/dns/property/managedzone_peering_config_target_network.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module DNS
+ module Property
+ class ManagedZonePeeringConfigTargetNetwork
+ attr_reader :network_url
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @network_url = args['networkUrl']
+ end
+
+ def to_s
+ "#{@parent_identifier} ManagedZonePeeringConfigTargetNetwork"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/dns/property/managedzone_private_visibility_config.rb b/libraries/google/dns/property/managedzone_private_visibility_config.rb
new file mode 100644
index 000000000..c75070185
--- /dev/null
+++ b/libraries/google/dns/property/managedzone_private_visibility_config.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/dns/property/managedzone_private_visibility_config_networks'
+module GoogleInSpec
+ module DNS
+ module Property
+ class ManagedZonePrivateVisibilityConfig
+ attr_reader :networks
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @networks = GoogleInSpec::DNS::Property::ManagedZonePrivateVisibilityConfigNetworksArray.parse(args['networks'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} ManagedZonePrivateVisibilityConfig"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/dns/property/managedzone_private_visibility_config_networks.rb b/libraries/google/dns/property/managedzone_private_visibility_config_networks.rb
new file mode 100644
index 000000000..d82907f13
--- /dev/null
+++ b/libraries/google/dns/property/managedzone_private_visibility_config_networks.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module DNS
+ module Property
+ class ManagedZonePrivateVisibilityConfigNetworks
+ attr_reader :network_url
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @network_url = args['networkUrl']
+ end
+
+ def to_s
+ "#{@parent_identifier} ManagedZonePrivateVisibilityConfigNetworks"
+ end
+ end
+
+ class ManagedZonePrivateVisibilityConfigNetworksArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return ManagedZonePrivateVisibilityConfigNetworks.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| ManagedZonePrivateVisibilityConfigNetworks.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/iam/property/iam_binding_condition.rb b/libraries/google/iam/property/iam_binding_condition.rb
new file mode 100644
index 000000000..fcabcbe7a
--- /dev/null
+++ b/libraries/google/iam/property/iam_binding_condition.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# Copyright 2017 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module GoogleInSpec
+ module Iam
+ module Property
+ class IamBindingCondition
+ attr_reader :title
+
+ attr_reader :description
+
+ attr_reader :expression
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @title = args['title']
+ @description = args['description']
+ @expression = args['expression']
+ end
+
+ def to_s
+ "#{@parent_identifier} IamBindingCondition"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/iam/property/iam_policy_bindings.rb b/libraries/google/iam/property/iam_policy_bindings.rb
index c2dc42449..7277ae4cb 100644
--- a/libraries/google/iam/property/iam_policy_bindings.rb
+++ b/libraries/google/iam/property/iam_policy_bindings.rb
@@ -13,6 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+require 'google/iam/property/iam_binding_condition'
module GoogleInSpec
module Iam
module Property
@@ -21,11 +22,14 @@ class IamPolicyBindings
attr_reader :members
+ attr_reader :condition
+
def initialize(args = nil, parent_identifier = nil)
return if args.nil?
@parent_identifier = parent_identifier
@role = args['role']
@members = args['members']
+ @condition = GoogleInSpec::Iam::Property::IamBindingCondition.new(args['condition'], to_s)
end
def to_s
diff --git a/libraries/google/kms/property/cryptokey_version_template.rb b/libraries/google/kms/property/cryptokey_version_template.rb
new file mode 100644
index 000000000..0f7227e09
--- /dev/null
+++ b/libraries/google/kms/property/cryptokey_version_template.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module KMS
+ module Property
+ class CryptoKeyVersionTemplate
+ attr_reader :algorithm
+
+ attr_reader :protection_level
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @algorithm = args['algorithm']
+ @protection_level = args['protectionLevel']
+ end
+
+ def to_s
+ "#{@parent_identifier} CryptoKeyVersionTemplate"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/logging/property/metric_bucket_options.rb b/libraries/google/logging/property/metric_bucket_options.rb
new file mode 100644
index 000000000..61e19bf86
--- /dev/null
+++ b/libraries/google/logging/property/metric_bucket_options.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/logging/property/metric_bucket_options_explicit_buckets'
+require 'google/logging/property/metric_bucket_options_exponential_buckets'
+require 'google/logging/property/metric_bucket_options_linear_buckets'
+module GoogleInSpec
+ module Logging
+ module Property
+ class MetricBucketOptions
+ attr_reader :linear_buckets
+
+ attr_reader :exponential_buckets
+
+ attr_reader :explicit_buckets
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @linear_buckets = GoogleInSpec::Logging::Property::MetricBucketOptionsLinearBuckets.new(args['linearBuckets'], to_s)
+ @exponential_buckets = GoogleInSpec::Logging::Property::MetricBucketOptionsExponentialBuckets.new(args['exponentialBuckets'], to_s)
+ @explicit_buckets = GoogleInSpec::Logging::Property::MetricBucketOptionsExplicitBuckets.new(args['explicitBuckets'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} MetricBucketOptions"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/logging/property/metric_bucket_options_explicit_buckets.rb b/libraries/google/logging/property/metric_bucket_options_explicit_buckets.rb
new file mode 100644
index 000000000..18add270c
--- /dev/null
+++ b/libraries/google/logging/property/metric_bucket_options_explicit_buckets.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Logging
+ module Property
+ class MetricBucketOptionsExplicitBuckets
+ attr_reader :bounds
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @bounds = args['bounds']
+ end
+
+ def to_s
+ "#{@parent_identifier} MetricBucketOptionsExplicitBuckets"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/logging/property/metric_bucket_options_exponential_buckets.rb b/libraries/google/logging/property/metric_bucket_options_exponential_buckets.rb
new file mode 100644
index 000000000..70e4f2280
--- /dev/null
+++ b/libraries/google/logging/property/metric_bucket_options_exponential_buckets.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Logging
+ module Property
+ class MetricBucketOptionsExponentialBuckets
+ attr_reader :num_finite_buckets
+
+ attr_reader :growth_factor
+
+ attr_reader :scale
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @num_finite_buckets = args['numFiniteBuckets']
+ @growth_factor = args['growthFactor']
+ @scale = args['scale']
+ end
+
+ def to_s
+ "#{@parent_identifier} MetricBucketOptionsExponentialBuckets"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/logging/property/metric_bucket_options_linear_buckets.rb b/libraries/google/logging/property/metric_bucket_options_linear_buckets.rb
new file mode 100644
index 000000000..f127e7b87
--- /dev/null
+++ b/libraries/google/logging/property/metric_bucket_options_linear_buckets.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Logging
+ module Property
+ class MetricBucketOptionsLinearBuckets
+ attr_reader :num_finite_buckets
+
+ attr_reader :width
+
+ attr_reader :offset
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @num_finite_buckets = args['numFiniteBuckets']
+ @width = args['width']
+ @offset = args['offset']
+ end
+
+ def to_s
+ "#{@parent_identifier} MetricBucketOptionsLinearBuckets"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/logging/property/metric_metric_descriptor.rb b/libraries/google/logging/property/metric_metric_descriptor.rb
new file mode 100644
index 000000000..d16f1d38a
--- /dev/null
+++ b/libraries/google/logging/property/metric_metric_descriptor.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/logging/property/metric_metric_descriptor_labels'
+module GoogleInSpec
+ module Logging
+ module Property
+ class MetricMetricDescriptor
+ attr_reader :unit
+
+ attr_reader :value_type
+
+ attr_reader :metric_kind
+
+ attr_reader :labels
+
+ attr_reader :display_name
+
+ attr_reader :type
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @unit = args['unit']
+ @value_type = args['valueType']
+ @metric_kind = args['metricKind']
+ @labels = GoogleInSpec::Logging::Property::MetricMetricDescriptorLabelsArray.parse(args['labels'], to_s)
+ @display_name = args['displayName']
+ @type = args['type']
+ end
+
+ def to_s
+ "#{@parent_identifier} MetricMetricDescriptor"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/logging/property/metric_metric_descriptor_labels.rb b/libraries/google/logging/property/metric_metric_descriptor_labels.rb
new file mode 100644
index 000000000..50b874450
--- /dev/null
+++ b/libraries/google/logging/property/metric_metric_descriptor_labels.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Logging
+ module Property
+ class MetricMetricDescriptorLabels
+ attr_reader :key
+
+ attr_reader :description
+
+ attr_reader :value_type
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @key = args['key']
+ @description = args['description']
+ @value_type = args['valueType']
+ end
+
+ def to_s
+ "#{@parent_identifier} MetricMetricDescriptorLabels"
+ end
+ end
+
+ class MetricMetricDescriptorLabelsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return MetricMetricDescriptorLabels.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| MetricMetricDescriptorLabels.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_conditions.rb b/libraries/google/monitoring/property/alertpolicy_conditions.rb
new file mode 100644
index 000000000..55b00ed0a
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_conditions.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/monitoring/property/alertpolicy_conditions_condition_absent'
+require 'google/monitoring/property/alertpolicy_conditions_condition_absent_aggregations'
+require 'google/monitoring/property/alertpolicy_conditions_condition_absent_trigger'
+require 'google/monitoring/property/alertpolicy_conditions_condition_threshold'
+require 'google/monitoring/property/alertpolicy_conditions_condition_threshold_aggregations'
+require 'google/monitoring/property/alertpolicy_conditions_condition_threshold_denominator_aggregations'
+require 'google/monitoring/property/alertpolicy_conditions_condition_threshold_trigger'
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyConditions
+ attr_reader :condition_absent
+
+ attr_reader :name
+
+ attr_reader :condition_threshold
+
+ attr_reader :display_name
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @condition_absent = GoogleInSpec::Monitoring::Property::AlertPolicyConditionsConditionAbsent.new(args['conditionAbsent'], to_s)
+ @name = args['name']
+ @condition_threshold = GoogleInSpec::Monitoring::Property::AlertPolicyConditionsConditionThreshold.new(args['conditionThreshold'], to_s)
+ @display_name = args['displayName']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyConditions"
+ end
+ end
+
+ class AlertPolicyConditionsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return AlertPolicyConditions.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| AlertPolicyConditions.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_conditions_condition_absent.rb b/libraries/google/monitoring/property/alertpolicy_conditions_condition_absent.rb
new file mode 100644
index 000000000..1b6c47409
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_conditions_condition_absent.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/monitoring/property/alertpolicy_conditions_condition_absent_aggregations'
+require 'google/monitoring/property/alertpolicy_conditions_condition_absent_trigger'
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyConditionsConditionAbsent
+ attr_reader :aggregations
+
+ attr_reader :trigger
+
+ attr_reader :duration
+
+ attr_reader :filter
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @aggregations = GoogleInSpec::Monitoring::Property::AlertPolicyConditionsConditionAbsentAggregationsArray.parse(args['aggregations'], to_s)
+ @trigger = GoogleInSpec::Monitoring::Property::AlertPolicyConditionsConditionAbsentTrigger.new(args['trigger'], to_s)
+ @duration = args['duration']
+ @filter = args['filter']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyConditionsConditionAbsent"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_conditions_condition_absent_aggregations.rb b/libraries/google/monitoring/property/alertpolicy_conditions_condition_absent_aggregations.rb
new file mode 100644
index 000000000..367a8ec8b
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_conditions_condition_absent_aggregations.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyConditionsConditionAbsentAggregations
+ attr_reader :per_series_aligner
+
+ attr_reader :group_by_fields
+
+ attr_reader :alignment_period
+
+ attr_reader :cross_series_reducer
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @per_series_aligner = args['perSeriesAligner']
+ @group_by_fields = args['groupByFields']
+ @alignment_period = args['alignmentPeriod']
+ @cross_series_reducer = args['crossSeriesReducer']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyConditionsConditionAbsentAggregations"
+ end
+ end
+
+ class AlertPolicyConditionsConditionAbsentAggregationsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return AlertPolicyConditionsConditionAbsentAggregations.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| AlertPolicyConditionsConditionAbsentAggregations.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_conditions_condition_absent_trigger.rb b/libraries/google/monitoring/property/alertpolicy_conditions_condition_absent_trigger.rb
new file mode 100644
index 000000000..5f98caac3
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_conditions_condition_absent_trigger.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyConditionsConditionAbsentTrigger
+ attr_reader :percent
+
+ attr_reader :count
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @percent = args['percent']
+ @count = args['count']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyConditionsConditionAbsentTrigger"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold.rb b/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold.rb
new file mode 100644
index 000000000..4d2d50cdd
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/monitoring/property/alertpolicy_conditions_condition_threshold_aggregations'
+require 'google/monitoring/property/alertpolicy_conditions_condition_threshold_denominator_aggregations'
+require 'google/monitoring/property/alertpolicy_conditions_condition_threshold_trigger'
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyConditionsConditionThreshold
+ attr_reader :threshold_value
+
+ attr_reader :denominator_filter
+
+ attr_reader :denominator_aggregations
+
+ attr_reader :duration
+
+ attr_reader :comparison
+
+ attr_reader :trigger
+
+ attr_reader :aggregations
+
+ attr_reader :filter
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @threshold_value = args['thresholdValue']
+ @denominator_filter = args['denominatorFilter']
+ @denominator_aggregations = GoogleInSpec::Monitoring::Property::AlertPolicyConditionsConditionThresholdDenominatorAggregationsArray.parse(args['denominatorAggregations'], to_s)
+ @duration = args['duration']
+ @comparison = args['comparison']
+ @trigger = GoogleInSpec::Monitoring::Property::AlertPolicyConditionsConditionThresholdTrigger.new(args['trigger'], to_s)
+ @aggregations = GoogleInSpec::Monitoring::Property::AlertPolicyConditionsConditionThresholdAggregationsArray.parse(args['aggregations'], to_s)
+ @filter = args['filter']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyConditionsConditionThreshold"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold_aggregations.rb b/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold_aggregations.rb
new file mode 100644
index 000000000..36e68d817
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold_aggregations.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyConditionsConditionThresholdAggregations
+ attr_reader :per_series_aligner
+
+ attr_reader :group_by_fields
+
+ attr_reader :alignment_period
+
+ attr_reader :cross_series_reducer
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @per_series_aligner = args['perSeriesAligner']
+ @group_by_fields = args['groupByFields']
+ @alignment_period = args['alignmentPeriod']
+ @cross_series_reducer = args['crossSeriesReducer']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyConditionsConditionThresholdAggregations"
+ end
+ end
+
+ class AlertPolicyConditionsConditionThresholdAggregationsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return AlertPolicyConditionsConditionThresholdAggregations.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| AlertPolicyConditionsConditionThresholdAggregations.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold_denominator_aggregations.rb b/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold_denominator_aggregations.rb
new file mode 100644
index 000000000..79912e304
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold_denominator_aggregations.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyConditionsConditionThresholdDenominatorAggregations
+ attr_reader :per_series_aligner
+
+ attr_reader :group_by_fields
+
+ attr_reader :alignment_period
+
+ attr_reader :cross_series_reducer
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @per_series_aligner = args['perSeriesAligner']
+ @group_by_fields = args['groupByFields']
+ @alignment_period = args['alignmentPeriod']
+ @cross_series_reducer = args['crossSeriesReducer']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyConditionsConditionThresholdDenominatorAggregations"
+ end
+ end
+
+ class AlertPolicyConditionsConditionThresholdDenominatorAggregationsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return AlertPolicyConditionsConditionThresholdDenominatorAggregations.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| AlertPolicyConditionsConditionThresholdDenominatorAggregations.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold_trigger.rb b/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold_trigger.rb
new file mode 100644
index 000000000..28cbbd187
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_conditions_condition_threshold_trigger.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyConditionsConditionThresholdTrigger
+ attr_reader :percent
+
+ attr_reader :count
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @percent = args['percent']
+ @count = args['count']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyConditionsConditionThresholdTrigger"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_creation_record.rb b/libraries/google/monitoring/property/alertpolicy_creation_record.rb
new file mode 100644
index 000000000..ca8408288
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_creation_record.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyCreationRecord
+ attr_reader :mutate_time
+
+ attr_reader :mutated_by
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @mutate_time = args['mutateTime']
+ @mutated_by = args['mutatedBy']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyCreationRecord"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/monitoring/property/alertpolicy_documentation.rb b/libraries/google/monitoring/property/alertpolicy_documentation.rb
new file mode 100644
index 000000000..e746c9df8
--- /dev/null
+++ b/libraries/google/monitoring/property/alertpolicy_documentation.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Monitoring
+ module Property
+ class AlertPolicyDocumentation
+ attr_reader :content
+
+ attr_reader :mime_type
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @content = args['content']
+ @mime_type = args['mimeType']
+ end
+
+ def to_s
+ "#{@parent_identifier} AlertPolicyDocumentation"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/pubsub/property/subscription_dead_letter_policy.rb b/libraries/google/pubsub/property/subscription_dead_letter_policy.rb
new file mode 100644
index 000000000..23fd1820e
--- /dev/null
+++ b/libraries/google/pubsub/property/subscription_dead_letter_policy.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Pubsub
+ module Property
+ class SubscriptionDeadLetterPolicy
+ attr_reader :dead_letter_topic
+
+ attr_reader :max_delivery_attempts
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @dead_letter_topic = args['deadLetterTopic']
+ @max_delivery_attempts = args['maxDeliveryAttempts']
+ end
+
+ def to_s
+ "#{@parent_identifier} SubscriptionDeadLetterPolicy"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/resourcemanager/property/organization_owner.rb b/libraries/google/resourcemanager/property/organization_owner.rb
new file mode 100644
index 000000000..5005311d3
--- /dev/null
+++ b/libraries/google/resourcemanager/property/organization_owner.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module ResourceManager
+ module Property
+ class OrganizationOwner
+ attr_reader :directory_customer_id
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @directory_customer_id = args['directoryCustomerId']
+ end
+
+ def to_s
+ "#{@parent_identifier} OrganizationOwner"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/resourcemanager/property/organizationpolicy_boolean_policy.rb b/libraries/google/resourcemanager/property/project_parent.rb
similarity index 82%
rename from libraries/google/resourcemanager/property/organizationpolicy_boolean_policy.rb
rename to libraries/google/resourcemanager/property/project_parent.rb
index b7ac9f105..444ffa75b 100644
--- a/libraries/google/resourcemanager/property/organizationpolicy_boolean_policy.rb
+++ b/libraries/google/resourcemanager/property/project_parent.rb
@@ -16,17 +16,20 @@
module GoogleInSpec
module ResourceManager
module Property
- class OrganizationPolicyBooleanPolicy
- attr_reader :enforced
+ class ProjectParent
+ attr_reader :type
+
+ attr_reader :id
def initialize(args = nil, parent_identifier = nil)
return if args.nil?
@parent_identifier = parent_identifier
- @enforced = args['enforced']
+ @type = args['type']
+ @id = args['id']
end
def to_s
- "#{@parent_identifier} OrganizationPolicyBooleanPolicy"
+ "#{@parent_identifier} ProjectParent"
end
end
end
diff --git a/libraries/google/sql/property/databaseinstance_failover_replica.rb b/libraries/google/sql/property/databaseinstance_failover_replica.rb
new file mode 100644
index 000000000..20b0c92f3
--- /dev/null
+++ b/libraries/google/sql/property/databaseinstance_failover_replica.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module SQL
+ module Property
+ class DatabaseInstanceFailoverReplica
+ attr_reader :available
+
+ attr_reader :name
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @available = args['available']
+ @name = args['name']
+ end
+
+ def to_s
+ "#{@parent_identifier} DatabaseInstanceFailoverReplica"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/sql/property/databaseinstance_ip_addresses.rb b/libraries/google/sql/property/databaseinstance_ip_addresses.rb
new file mode 100644
index 000000000..19b31ae94
--- /dev/null
+++ b/libraries/google/sql/property/databaseinstance_ip_addresses.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module SQL
+ module Property
+ class DatabaseInstanceIpAddresses
+ attr_reader :ip_address
+
+ attr_reader :time_to_retire
+
+ attr_reader :type
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @ip_address = args['ipAddress']
+ @time_to_retire = parse_time_string(args['timeToRetire'])
+ @type = args['type']
+ end
+
+ def to_s
+ "#{@parent_identifier} DatabaseInstanceIpAddresses"
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+ end
+
+ class DatabaseInstanceIpAddressesArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return DatabaseInstanceIpAddresses.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| DatabaseInstanceIpAddresses.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/sql/property/databaseinstance_replica_configuration.rb b/libraries/google/sql/property/databaseinstance_replica_configuration.rb
new file mode 100644
index 000000000..35fa42d2a
--- /dev/null
+++ b/libraries/google/sql/property/databaseinstance_replica_configuration.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/sql/property/databaseinstance_replica_configuration_mysql_replica_configuration'
+module GoogleInSpec
+ module SQL
+ module Property
+ class DatabaseInstanceReplicaConfiguration
+ attr_reader :failover_target
+
+ attr_reader :mysql_replica_configuration
+
+ attr_reader :replica_names
+
+ attr_reader :service_account_email_address
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @failover_target = args['failoverTarget']
+ @mysql_replica_configuration = GoogleInSpec::SQL::Property::DatabaseInstanceReplicaConfigurationMysqlReplicaConfiguration.new(args['mysqlReplicaConfiguration'], to_s)
+ @replica_names = args['replicaNames']
+ @service_account_email_address = args['serviceAccountEmailAddress']
+ end
+
+ def to_s
+ "#{@parent_identifier} DatabaseInstanceReplicaConfiguration"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/sql/property/databaseinstance_replica_configuration_mysql_replica_configuration.rb b/libraries/google/sql/property/databaseinstance_replica_configuration_mysql_replica_configuration.rb
new file mode 100644
index 000000000..f07f3e962
--- /dev/null
+++ b/libraries/google/sql/property/databaseinstance_replica_configuration_mysql_replica_configuration.rb
@@ -0,0 +1,61 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module SQL
+ module Property
+ class DatabaseInstanceReplicaConfigurationMysqlReplicaConfiguration
+ attr_reader :ca_certificate
+
+ attr_reader :client_certificate
+
+ attr_reader :client_key
+
+ attr_reader :connect_retry_interval
+
+ attr_reader :dump_file_path
+
+ attr_reader :master_heartbeat_period
+
+ attr_reader :password
+
+ attr_reader :ssl_cipher
+
+ attr_reader :username
+
+ attr_reader :verify_server_certificate
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @ca_certificate = args['caCertificate']
+ @client_certificate = args['clientCertificate']
+ @client_key = args['clientKey']
+ @connect_retry_interval = args['connectRetryInterval']
+ @dump_file_path = args['dumpFilePath']
+ @master_heartbeat_period = args['masterHeartbeatPeriod']
+ @password = args['password']
+ @ssl_cipher = args['sslCipher']
+ @username = args['username']
+ @verify_server_certificate = args['verifyServerCertificate']
+ end
+
+ def to_s
+ "#{@parent_identifier} DatabaseInstanceReplicaConfigurationMysqlReplicaConfiguration"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/sql/property/databaseinstance_settings.rb b/libraries/google/sql/property/databaseinstance_settings.rb
new file mode 100644
index 000000000..c5be8856e
--- /dev/null
+++ b/libraries/google/sql/property/databaseinstance_settings.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/sql/property/databaseinstance_settings_backup_configuration'
+require 'google/sql/property/databaseinstance_settings_database_flags'
+require 'google/sql/property/databaseinstance_settings_ip_configuration'
+require 'google/sql/property/databaseinstance_settings_ip_configuration_authorized_networks'
+module GoogleInSpec
+ module SQL
+ module Property
+ class DatabaseInstanceSettings
+ attr_reader :database_flags
+
+ attr_reader :ip_configuration
+
+ attr_reader :tier
+
+ attr_reader :availability_type
+
+ attr_reader :backup_configuration
+
+ attr_reader :settings_version
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @database_flags = GoogleInSpec::SQL::Property::DatabaseInstanceSettingsDatabaseFlagsArray.parse(args['databaseFlags'], to_s)
+ @ip_configuration = GoogleInSpec::SQL::Property::DatabaseInstanceSettingsIpConfiguration.new(args['ipConfiguration'], to_s)
+ @tier = args['tier']
+ @availability_type = args['availabilityType']
+ @backup_configuration = GoogleInSpec::SQL::Property::DatabaseInstanceSettingsBackupConfiguration.new(args['backupConfiguration'], to_s)
+ @settings_version = args['settingsVersion']
+ end
+
+ def to_s
+ "#{@parent_identifier} DatabaseInstanceSettings"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/sql/property/databaseinstance_settings_backup_configuration.rb b/libraries/google/sql/property/databaseinstance_settings_backup_configuration.rb
new file mode 100644
index 000000000..62d3069bb
--- /dev/null
+++ b/libraries/google/sql/property/databaseinstance_settings_backup_configuration.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module SQL
+ module Property
+ class DatabaseInstanceSettingsBackupConfiguration
+ attr_reader :enabled
+
+ attr_reader :binary_log_enabled
+
+ attr_reader :start_time
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enabled = args['enabled']
+ @binary_log_enabled = args['binaryLogEnabled']
+ @start_time = args['startTime']
+ end
+
+ def to_s
+ "#{@parent_identifier} DatabaseInstanceSettingsBackupConfiguration"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/sql/property/databaseinstance_settings_database_flags.rb b/libraries/google/sql/property/databaseinstance_settings_database_flags.rb
new file mode 100644
index 000000000..e8fa394ae
--- /dev/null
+++ b/libraries/google/sql/property/databaseinstance_settings_database_flags.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module SQL
+ module Property
+ class DatabaseInstanceSettingsDatabaseFlags
+ attr_reader :name
+
+ attr_reader :value
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @name = args['name']
+ @value = args['value']
+ end
+
+ def to_s
+ "#{@parent_identifier} DatabaseInstanceSettingsDatabaseFlags"
+ end
+ end
+
+ class DatabaseInstanceSettingsDatabaseFlagsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return DatabaseInstanceSettingsDatabaseFlags.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| DatabaseInstanceSettingsDatabaseFlags.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/sql/property/databaseinstance_settings_ip_configuration.rb b/libraries/google/sql/property/databaseinstance_settings_ip_configuration.rb
new file mode 100644
index 000000000..e07668db0
--- /dev/null
+++ b/libraries/google/sql/property/databaseinstance_settings_ip_configuration.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/sql/property/databaseinstance_settings_ip_configuration_authorized_networks'
+module GoogleInSpec
+ module SQL
+ module Property
+ class DatabaseInstanceSettingsIpConfiguration
+ attr_reader :ipv4_enabled
+
+ attr_reader :authorized_networks
+
+ attr_reader :require_ssl
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @ipv4_enabled = args['ipv4Enabled']
+ @authorized_networks = GoogleInSpec::SQL::Property::DatabaseInstanceSettingsIpConfigurationAuthorizedNetworksArray.parse(args['authorizedNetworks'], to_s)
+ @require_ssl = args['requireSsl']
+ end
+
+ def to_s
+ "#{@parent_identifier} DatabaseInstanceSettingsIpConfiguration"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/sql/property/databaseinstance_settings_ip_configuration_authorized_networks.rb b/libraries/google/sql/property/databaseinstance_settings_ip_configuration_authorized_networks.rb
new file mode 100644
index 000000000..d0c76d110
--- /dev/null
+++ b/libraries/google/sql/property/databaseinstance_settings_ip_configuration_authorized_networks.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module SQL
+ module Property
+ class DatabaseInstanceSettingsIpConfigurationAuthorizedNetworks
+ attr_reader :expiration_time
+
+ attr_reader :name
+
+ attr_reader :value
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @expiration_time = parse_time_string(args['expirationTime'])
+ @name = args['name']
+ @value = args['value']
+ end
+
+ def to_s
+ "#{@parent_identifier} DatabaseInstanceSettingsIpConfigurationAuthorizedNetworks"
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+ end
+
+ class DatabaseInstanceSettingsIpConfigurationAuthorizedNetworksArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return DatabaseInstanceSettingsIpConfigurationAuthorizedNetworks.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| DatabaseInstanceSettingsIpConfigurationAuthorizedNetworks.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_acl.rb b/libraries/google/storage/property/bucket_acl.rb
new file mode 100644
index 000000000..ec2cfa7d8
--- /dev/null
+++ b/libraries/google/storage/property/bucket_acl.rb
@@ -0,0 +1,64 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/storage/property/bucket_acl_project_team'
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketAcl
+ attr_reader :bucket
+
+ attr_reader :domain
+
+ attr_reader :email
+
+ attr_reader :entity
+
+ attr_reader :entity_id
+
+ attr_reader :id
+
+ attr_reader :project_team
+
+ attr_reader :role
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @bucket = args['bucket']
+ @domain = args['domain']
+ @email = args['email']
+ @entity = args['entity']
+ @entity_id = args['entityId']
+ @id = args['id']
+ @project_team = GoogleInSpec::Storage::Property::BucketAclProjectTeam.new(args['projectTeam'], to_s)
+ @role = args['role']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketAcl"
+ end
+ end
+
+ class BucketAclArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return BucketAcl.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| BucketAcl.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_acl_project_team.rb b/libraries/google/storage/property/bucket_acl_project_team.rb
new file mode 100644
index 000000000..3657f7901
--- /dev/null
+++ b/libraries/google/storage/property/bucket_acl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketAclProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketAclProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_cors.rb b/libraries/google/storage/property/bucket_cors.rb
new file mode 100644
index 000000000..0f1cc3cdc
--- /dev/null
+++ b/libraries/google/storage/property/bucket_cors.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketCors
+ attr_reader :max_age_seconds
+
+ attr_reader :method
+
+ attr_reader :origin
+
+ attr_reader :response_header
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @max_age_seconds = args['maxAgeSeconds']
+ @method = args['method']
+ @origin = args['origin']
+ @response_header = args['responseHeader']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketCors"
+ end
+ end
+
+ class BucketCorsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return BucketCors.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| BucketCors.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_default_object_acl.rb b/libraries/google/storage/property/bucket_default_object_acl.rb
new file mode 100644
index 000000000..582a22709
--- /dev/null
+++ b/libraries/google/storage/property/bucket_default_object_acl.rb
@@ -0,0 +1,70 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/storage/property/bucket_default_object_acl_project_team'
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketDefaultObjectAcl
+ attr_reader :bucket
+
+ attr_reader :domain
+
+ attr_reader :email
+
+ attr_reader :entity
+
+ attr_reader :entity_id
+
+ attr_reader :generation
+
+ attr_reader :id
+
+ attr_reader :object
+
+ attr_reader :project_team
+
+ attr_reader :role
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @bucket = args['bucket']
+ @domain = args['domain']
+ @email = args['email']
+ @entity = args['entity']
+ @entity_id = args['entityId']
+ @generation = args['generation']
+ @id = args['id']
+ @object = args['object']
+ @project_team = GoogleInSpec::Storage::Property::BucketDefaultObjectAclProjectTeam.new(args['projectTeam'], to_s)
+ @role = args['role']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketDefaultObjectAcl"
+ end
+ end
+
+ class BucketDefaultObjectAclArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return BucketDefaultObjectAcl.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| BucketDefaultObjectAcl.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_default_object_acl_project_team.rb b/libraries/google/storage/property/bucket_default_object_acl_project_team.rb
new file mode 100644
index 000000000..25659cc5e
--- /dev/null
+++ b/libraries/google/storage/property/bucket_default_object_acl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketDefaultObjectAclProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketDefaultObjectAclProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_lifecycle.rb b/libraries/google/storage/property/bucket_lifecycle.rb
new file mode 100644
index 000000000..4042b6355
--- /dev/null
+++ b/libraries/google/storage/property/bucket_lifecycle.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/storage/property/bucket_lifecycle_rule'
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLifecycle
+ attr_reader :rule
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @rule = GoogleInSpec::Storage::Property::BucketLifecycleRuleArray.parse(args['rule'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLifecycle"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_lifecycle_rule.rb b/libraries/google/storage/property/bucket_lifecycle_rule.rb
new file mode 100644
index 000000000..364d541ad
--- /dev/null
+++ b/libraries/google/storage/property/bucket_lifecycle_rule.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/storage/property/bucket_lifecycle_rule_action'
+require 'google/storage/property/bucket_lifecycle_rule_condition'
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLifecycleRule
+ attr_reader :action
+
+ attr_reader :condition
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @action = GoogleInSpec::Storage::Property::BucketLifecycleRuleAction.new(args['action'], to_s)
+ @condition = GoogleInSpec::Storage::Property::BucketLifecycleRuleCondition.new(args['condition'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLifecycleRule"
+ end
+ end
+
+ class BucketLifecycleRuleArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return BucketLifecycleRule.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| BucketLifecycleRule.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_lifecycle_rule_action.rb b/libraries/google/storage/property/bucket_lifecycle_rule_action.rb
new file mode 100644
index 000000000..36173d301
--- /dev/null
+++ b/libraries/google/storage/property/bucket_lifecycle_rule_action.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLifecycleRuleAction
+ attr_reader :storage_class
+
+ attr_reader :type
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @storage_class = args['storageClass']
+ @type = args['type']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLifecycleRuleAction"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_lifecycle_rule_condition.rb b/libraries/google/storage/property/bucket_lifecycle_rule_condition.rb
new file mode 100644
index 000000000..519ba0641
--- /dev/null
+++ b/libraries/google/storage/property/bucket_lifecycle_rule_condition.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLifecycleRuleCondition
+ attr_reader :age_days
+
+ attr_reader :created_before
+
+ attr_reader :is_live
+
+ attr_reader :matches_storage_class
+
+ attr_reader :num_newer_versions
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @age_days = args['age']
+ @created_before = parse_time_string(args['createdBefore'])
+ @is_live = args['isLive']
+ @matches_storage_class = args['matchesStorageClass']
+ @num_newer_versions = args['numNewerVersions']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLifecycleRuleCondition"
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_logging.rb b/libraries/google/storage/property/bucket_logging.rb
new file mode 100644
index 000000000..4625b7ea3
--- /dev/null
+++ b/libraries/google/storage/property/bucket_logging.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLogging
+ attr_reader :log_bucket
+
+ attr_reader :log_object_prefix
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @log_bucket = args['logBucket']
+ @log_object_prefix = args['logObjectPrefix']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLogging"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_owner.rb b/libraries/google/storage/property/bucket_owner.rb
new file mode 100644
index 000000000..06b76ac89
--- /dev/null
+++ b/libraries/google/storage/property/bucket_owner.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketOwner
+ attr_reader :entity
+
+ attr_reader :entity_id
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @entity = args['entity']
+ @entity_id = args['entityId']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketOwner"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_versioning.rb b/libraries/google/storage/property/bucket_versioning.rb
new file mode 100644
index 000000000..747b99878
--- /dev/null
+++ b/libraries/google/storage/property/bucket_versioning.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketVersioning
+ attr_reader :enabled
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enabled = args['enabled']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketVersioning"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_website.rb b/libraries/google/storage/property/bucket_website.rb
new file mode 100644
index 000000000..096b53f67
--- /dev/null
+++ b/libraries/google/storage/property/bucket_website.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketWebsite
+ attr_reader :main_page_suffix
+
+ attr_reader :not_found_page
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @main_page_suffix = args['mainPageSuffix']
+ @not_found_page = args['notFoundPage']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketWebsite"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucketacl_project_team.rb b/libraries/google/storage/property/bucketacl_project_team.rb
new file mode 100644
index 000000000..02370f3df
--- /dev/null
+++ b/libraries/google/storage/property/bucketacl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketACLProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketACLProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/defaultobjectacl_project_team.rb b/libraries/google/storage/property/defaultobjectacl_project_team.rb
new file mode 100644
index 000000000..19df5674e
--- /dev/null
+++ b/libraries/google/storage/property/defaultobjectacl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class DefaultObjectACLProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} DefaultObjectACLProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/objectacl_project_team.rb b/libraries/google/storage/property/objectacl_project_team.rb
new file mode 100644
index 000000000..481835bc8
--- /dev/null
+++ b/libraries/google/storage/property/objectacl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class ObjectACLProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} ObjectACLProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google_access_context_manager_access_policies.rb b/libraries/google_access_context_manager_access_policies.rb
index 16d91f6dc..bfa1bf877 100644
--- a/libraries/google_access_context_manager_access_policies.rb
+++ b/libraries/google_access_context_manager_access_policies.rb
@@ -82,7 +82,7 @@ def parse_time_string(time_string)
private
- def product_url
+ def product_url(_ = nil)
'https://accesscontextmanager.googleapis.com/v1/'
end
diff --git a/libraries/google_access_context_manager_access_policy.rb b/libraries/google_access_context_manager_access_policy.rb
index 53fc3a271..e6822cf9c 100644
--- a/libraries/google_access_context_manager_access_policy.rb
+++ b/libraries/google_access_context_manager_access_policy.rb
@@ -31,7 +31,7 @@ class AccessContextManagerAccessPolicy < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -58,7 +58,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://accesscontextmanager.googleapis.com/v1/'
end
diff --git a/libraries/google_access_context_manager_service_perimeter.rb b/libraries/google_access_context_manager_service_perimeter.rb
index 839ce7f07..5b5d8b43c 100644
--- a/libraries/google_access_context_manager_service_perimeter.rb
+++ b/libraries/google_access_context_manager_service_perimeter.rb
@@ -15,6 +15,7 @@
# ----------------------------------------------------------------------------
require 'gcp_backend'
require 'google/accesscontextmanager/property/serviceperimeter_status'
+require 'google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services'
# A provider to manage Access Context Manager resources.
class AccessContextManagerServicePerimeter < GcpResourceBase
@@ -35,7 +36,7 @@ class AccessContextManagerServicePerimeter < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -65,7 +66,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://accesscontextmanager.googleapis.com/v1/'
end
diff --git a/libraries/google_access_context_manager_service_perimeters.rb b/libraries/google_access_context_manager_service_perimeters.rb
index 885226b28..d1d846e15 100644
--- a/libraries/google_access_context_manager_service_perimeters.rb
+++ b/libraries/google_access_context_manager_service_perimeters.rb
@@ -88,7 +88,7 @@ def parse_time_string(time_string)
private
- def product_url
+ def product_url(_ = nil)
'https://accesscontextmanager.googleapis.com/v1/'
end
diff --git a/libraries/google_appengine_standard_app_version.rb b/libraries/google_appengine_standard_app_version.rb
index ca353ea86..4f1b4001f 100644
--- a/libraries/google_appengine_standard_app_version.rb
+++ b/libraries/google_appengine_standard_app_version.rb
@@ -31,7 +31,7 @@ class AppEngineStandardAppVersion < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -43,11 +43,6 @@ def parse
@instance_class = @fetched['instanceClass']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -58,7 +53,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://appengine.googleapis.com/v1/'
end
diff --git a/libraries/google_appengine_standard_app_versions.rb b/libraries/google_appengine_standard_app_versions.rb
index 8967e3e16..397f7ba5e 100644
--- a/libraries/google_appengine_standard_app_versions.rb
+++ b/libraries/google_appengine_standard_app_versions.rb
@@ -75,14 +75,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://appengine.googleapis.com/v1/'
end
diff --git a/libraries/google_bigquery_dataset.rb b/libraries/google_bigquery_dataset.rb
index fa8114698..7d34fd879 100644
--- a/libraries/google_bigquery_dataset.rb
+++ b/libraries/google_bigquery_dataset.rb
@@ -42,7 +42,7 @@ class BigQueryDataset < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -62,11 +62,6 @@ def parse
@default_encryption_configuration = GoogleInSpec::BigQuery::Property::DatasetDefaultEncryptionConfiguration.new(@fetched['defaultEncryptionConfiguration'], to_s)
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -81,7 +76,7 @@ def name
private
- def product_url
+ def product_url(_ = nil)
'https://www.googleapis.com/bigquery/v2/'
end
diff --git a/libraries/google_bigquery_datasets.rb b/libraries/google_bigquery_datasets.rb
index 77c592957..29bbeb810 100644
--- a/libraries/google_bigquery_datasets.rb
+++ b/libraries/google_bigquery_datasets.rb
@@ -81,14 +81,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://www.googleapis.com/bigquery/v2/'
end
diff --git a/libraries/google_bigquery_table.rb b/libraries/google_bigquery_table.rb
index 2d7683550..1a4b2cbfe 100644
--- a/libraries/google_bigquery_table.rb
+++ b/libraries/google_bigquery_table.rb
@@ -64,7 +64,7 @@ class BigQueryTable < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -94,11 +94,6 @@ def parse
@dataset = @fetched['dataset']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -109,7 +104,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://www.googleapis.com/bigquery/v2/'
end
diff --git a/libraries/google_bigquery_tables.rb b/libraries/google_bigquery_tables.rb
index a8db2ff4f..e2702d11f 100644
--- a/libraries/google_bigquery_tables.rb
+++ b/libraries/google_bigquery_tables.rb
@@ -107,14 +107,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://www.googleapis.com/bigquery/v2/'
end
diff --git a/libraries/google_billing_project_billing_info.rb b/libraries/google_billing_project_billing_info.rb
index d755b4608..1fa539644 100644
--- a/libraries/google_billing_project_billing_info.rb
+++ b/libraries/google_billing_project_billing_info.rb
@@ -29,7 +29,7 @@ class BillingProjectBillingInfo < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -39,11 +39,6 @@ def parse
@billing_enabled = @fetched['billingEnabled']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -54,7 +49,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://cloudbilling.googleapis.com/v1/'
end
diff --git a/libraries/google_cloud_scheduler_job.rb b/libraries/google_cloud_scheduler_job.rb
index 710aff7bd..61b127ad2 100644
--- a/libraries/google_cloud_scheduler_job.rb
+++ b/libraries/google_cloud_scheduler_job.rb
@@ -33,6 +33,7 @@ class CloudSchedulerJob < GcpResourceBase
attr_reader :description
attr_reader :schedule
attr_reader :time_zone
+ attr_reader :attempt_deadline
attr_reader :retry_config
attr_reader :pubsub_target
attr_reader :app_engine_http_target
@@ -42,7 +43,7 @@ class CloudSchedulerJob < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -51,6 +52,7 @@ def parse
@description = @fetched['description']
@schedule = @fetched['schedule']
@time_zone = @fetched['timeZone']
+ @attempt_deadline = @fetched['attemptDeadline']
@retry_config = GoogleInSpec::CloudScheduler::Property::JobRetryConfig.new(@fetched['retryConfig'], to_s)
@pubsub_target = GoogleInSpec::CloudScheduler::Property::JobPubsubTarget.new(@fetched['pubsubTarget'], to_s)
@app_engine_http_target = GoogleInSpec::CloudScheduler::Property::JobAppEngineHttpTarget.new(@fetched['appEngineHttpTarget'], to_s)
@@ -58,11 +60,6 @@ def parse
@region = @fetched['region']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -73,7 +70,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://cloudscheduler.googleapis.com/v1/'
end
diff --git a/libraries/google_cloud_scheduler_jobs.rb b/libraries/google_cloud_scheduler_jobs.rb
index 5d9e28946..66272be4f 100644
--- a/libraries/google_cloud_scheduler_jobs.rb
+++ b/libraries/google_cloud_scheduler_jobs.rb
@@ -27,6 +27,7 @@ class CloudSchedulerJobs < GcpResourceBase
filter_table_config.add(:descriptions, field: :description)
filter_table_config.add(:schedules, field: :schedule)
filter_table_config.add(:time_zones, field: :time_zone)
+ filter_table_config.add(:attempt_deadlines, field: :attempt_deadline)
filter_table_config.add(:retry_configs, field: :retry_config)
filter_table_config.add(:pubsub_targets, field: :pubsub_target)
filter_table_config.add(:app_engine_http_targets, field: :app_engine_http_target)
@@ -75,6 +76,7 @@ def transformers
'description' => ->(obj) { return :description, obj['description'] },
'schedule' => ->(obj) { return :schedule, obj['schedule'] },
'timeZone' => ->(obj) { return :time_zone, obj['timeZone'] },
+ 'attemptDeadline' => ->(obj) { return :attempt_deadline, obj['attemptDeadline'] },
'retryConfig' => ->(obj) { return :retry_config, GoogleInSpec::CloudScheduler::Property::JobRetryConfig.new(obj['retryConfig'], to_s) },
'pubsubTarget' => ->(obj) { return :pubsub_target, GoogleInSpec::CloudScheduler::Property::JobPubsubTarget.new(obj['pubsubTarget'], to_s) },
'appEngineHttpTarget' => ->(obj) { return :app_engine_http_target, GoogleInSpec::CloudScheduler::Property::JobAppEngineHttpTarget.new(obj['appEngineHttpTarget'], to_s) },
@@ -83,14 +85,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://cloudscheduler.googleapis.com/v1/'
end
diff --git a/libraries/google_cloudbuild_trigger.rb b/libraries/google_cloudbuild_trigger.rb
index bf011b7e9..bfaaa0bdb 100644
--- a/libraries/google_cloudbuild_trigger.rb
+++ b/libraries/google_cloudbuild_trigger.rb
@@ -16,6 +16,9 @@
require 'gcp_backend'
require 'google/cloudbuild/property/trigger_build'
require 'google/cloudbuild/property/trigger_build_steps'
+require 'google/cloudbuild/property/trigger_github'
+require 'google/cloudbuild/property/trigger_github_pull_request'
+require 'google/cloudbuild/property/trigger_github_push'
require 'google/cloudbuild/property/trigger_trigger_template'
# A provider to manage Cloud Build resources.
@@ -35,12 +38,13 @@ class CloudBuildTrigger < GcpResourceBase
attr_reader :ignored_files
attr_reader :included_files
attr_reader :trigger_template
+ attr_reader :github
attr_reader :build
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -55,6 +59,7 @@ def parse
@ignored_files = @fetched['ignoredFiles']
@included_files = @fetched['includedFiles']
@trigger_template = GoogleInSpec::CloudBuild::Property::TriggerTriggerTemplate.new(@fetched['triggerTemplate'], to_s)
+ @github = GoogleInSpec::CloudBuild::Property::TriggerGithub.new(@fetched['github'], to_s)
@build = GoogleInSpec::CloudBuild::Property::TriggerBuild.new(@fetched['build'], to_s)
end
@@ -73,7 +78,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://cloudbuild.googleapis.com/v1/'
end
diff --git a/libraries/google_cloudbuild_triggers.rb b/libraries/google_cloudbuild_triggers.rb
index ba47280a4..cf37649dd 100644
--- a/libraries/google_cloudbuild_triggers.rb
+++ b/libraries/google_cloudbuild_triggers.rb
@@ -33,6 +33,7 @@ class CloudBuildTriggers < GcpResourceBase
filter_table_config.add(:ignored_files, field: :ignored_files)
filter_table_config.add(:included_files, field: :included_files)
filter_table_config.add(:trigger_templates, field: :trigger_template)
+ filter_table_config.add(:githubs, field: :github)
filter_table_config.add(:builds, field: :build)
filter_table_config.connect(self, :table)
@@ -83,6 +84,7 @@ def transformers
'ignoredFiles' => ->(obj) { return :ignored_files, obj['ignoredFiles'] },
'includedFiles' => ->(obj) { return :included_files, obj['includedFiles'] },
'triggerTemplate' => ->(obj) { return :trigger_template, GoogleInSpec::CloudBuild::Property::TriggerTriggerTemplate.new(obj['triggerTemplate'], to_s) },
+ 'github' => ->(obj) { return :github, GoogleInSpec::CloudBuild::Property::TriggerGithub.new(obj['github'], to_s) },
'build' => ->(obj) { return :build, GoogleInSpec::CloudBuild::Property::TriggerBuild.new(obj['build'], to_s) },
}
end
@@ -94,7 +96,7 @@ def parse_time_string(time_string)
private
- def product_url
+ def product_url(_ = nil)
'https://cloudbuild.googleapis.com/v1/'
end
diff --git a/libraries/google_cloudfunctions_cloud_function.rb b/libraries/google_cloudfunctions_cloud_function.rb
index d455fd6fd..2048426b8 100644
--- a/libraries/google_cloudfunctions_cloud_function.rb
+++ b/libraries/google_cloudfunctions_cloud_function.rb
@@ -47,7 +47,7 @@ class CloudFunctionsCloudFunction < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -72,11 +72,6 @@ def parse
@location = @fetched['location']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -87,7 +82,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://cloudfunctions.googleapis.com/v1/'
end
diff --git a/libraries/google_cloudfunctions_cloud_functions.rb b/libraries/google_cloudfunctions_cloud_functions.rb
index 1591bf5bf..0212fdf65 100644
--- a/libraries/google_cloudfunctions_cloud_functions.rb
+++ b/libraries/google_cloudfunctions_cloud_functions.rb
@@ -101,14 +101,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://cloudfunctions.googleapis.com/v1/'
end
diff --git a/libraries/google_compute_address.rb b/libraries/google_compute_address.rb
index 8648eee96..fe1562dd9 100644
--- a/libraries/google_compute_address.rb
+++ b/libraries/google_compute_address.rb
@@ -1,53 +1,105 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-module Inspec::Resources
- class GoogleComputeAddress < GcpResourceBase
- name 'google_compute_address'
- desc 'Verifies settings for a compute address'
-
- example "
- describe google_compute_address(project: 'chef-inspec-gcp', location: 'us-west2', name: 'gcp-inspec-test') do
- it { should exist }
- its('name') { should eq 'inspec-test' }
- its('status') { should eq 'in_use' }
- ...
- end
- "
-
- supports platform: 'gcp'
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @address = @gcp.gcp_compute_client.get_address(opts[:project], opts[:location], opts[:name])
- create_resource_methods(@address)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeAddress < GcpResourceBase
+ name 'google_compute_address'
+ desc 'Address'
+ supports platform: 'gcp'
- def address_ip_exists
- !address.nil?
- end
+ attr_reader :params
+ attr_reader :address
+ attr_reader :address_type
+ attr_reader :creation_timestamp
+ attr_reader :description
+ attr_reader :id
+ attr_reader :name
+ attr_reader :purpose
+ attr_reader :network_tier
+ attr_reader :subnetwork
+ attr_reader :users
+ attr_reader :labels
+ attr_reader :label_fingerprint
+ attr_reader :status
+ attr_reader :region
- def exists?
- !address.nil?
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- # How many users are there for the address
- def user_count
- users.count
- end
+ def parse
+ @address = @fetched['address']
+ @address_type = @fetched['addressType']
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @description = @fetched['description']
+ @id = @fetched['id']
+ @name = @fetched['name']
+ @purpose = @fetched['purpose']
+ @network_tier = @fetched['networkTier']
+ @subnetwork = @fetched['subnetwork']
+ @users = @fetched['users']
+ @labels = @fetched['labels']
+ @label_fingerprint = @fetched['labelFingerprint']
+ @status = @fetched['status']
+ @region = @fetched['region']
+ end
- # Return the first user resource base name
- def user_resource_name
- users.first.split('/').last
- end
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
- def to_s
- "Address #{@display_name}"
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Address #{@params[:name]}"
+ end
+
+ def address_ip_exists
+ !@address.nil?
+ end
+
+ # How many users are there for the address
+ def user_count
+ return 0 if @users.nil?
+ @users.count
+ end
+
+ # Return the first user resource base name
+ def user_resource_name
+ @users.first.split('/').last
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{location}}/addresses/{{name}}'
+ end
end
diff --git a/libraries/google_compute_addresses.rb b/libraries/google_compute_addresses.rb
new file mode 100644
index 000000000..311d5fb3f
--- /dev/null
+++ b/libraries/google_compute_addresses.rb
@@ -0,0 +1,114 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+class ComputeAddresss < GcpResourceBase
+ name 'google_compute_addresses'
+ desc 'Address plural resource'
+ supports platform: 'gcp'
+
+ attr_reader :table
+
+ filter_table_config = FilterTable.create
+
+ filter_table_config.add(:addresses, field: :address)
+ filter_table_config.add(:address_types, field: :address_type)
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:ids, field: :id)
+ filter_table_config.add(:names, field: :name)
+ filter_table_config.add(:purposes, field: :purpose)
+ filter_table_config.add(:network_tiers, field: :network_tier)
+ filter_table_config.add(:subnetworks, field: :subnetwork)
+ filter_table_config.add(:users, field: :users)
+ filter_table_config.add(:labels, field: :labels)
+ filter_table_config.add(:label_fingerprints, field: :label_fingerprint)
+ filter_table_config.add(:statuses, field: :status)
+ filter_table_config.add(:regions, field: :region)
+
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
+ end
+ end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'address' => ->(obj) { return :address, obj['address'] },
+ 'addressType' => ->(obj) { return :address_type, obj['addressType'] },
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'id' => ->(obj) { return :id, obj['id'] },
+ 'name' => ->(obj) { return :name, obj['name'] },
+ 'purpose' => ->(obj) { return :purpose, obj['purpose'] },
+ 'networkTier' => ->(obj) { return :network_tier, obj['networkTier'] },
+ 'subnetwork' => ->(obj) { return :subnetwork, obj['subnetwork'] },
+ 'users' => ->(obj) { return :users, obj['users'] },
+ 'labels' => ->(obj) { return :labels, obj['labels'] },
+ 'labelFingerprint' => ->(obj) { return :label_fingerprint, obj['labelFingerprint'] },
+ 'status' => ->(obj) { return :status, obj['status'] },
+ 'region' => ->(obj) { return :region, obj['region'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{location}}/addresses'
+ end
+end
diff --git a/libraries/google_compute_autoscaler.rb b/libraries/google_compute_autoscaler.rb
index 1977c257a..93c75b59c 100644
--- a/libraries/google_compute_autoscaler.rb
+++ b/libraries/google_compute_autoscaler.rb
@@ -37,7 +37,7 @@ class ComputeAutoscaler < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -66,8 +66,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_autoscalers.rb b/libraries/google_compute_autoscalers.rb
index ac30f5c5f..5e6095d11 100644
--- a/libraries/google_compute_autoscalers.rb
+++ b/libraries/google_compute_autoscalers.rb
@@ -86,8 +86,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_backend_bucket.rb b/libraries/google_compute_backend_bucket.rb
index 7f7193356..e61fb5100 100644
--- a/libraries/google_compute_backend_bucket.rb
+++ b/libraries/google_compute_backend_bucket.rb
@@ -34,7 +34,7 @@ class ComputeBackendBucket < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -63,8 +63,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_backend_buckets.rb b/libraries/google_compute_backend_buckets.rb
index 43169d390..6e6ef8d00 100644
--- a/libraries/google_compute_backend_buckets.rb
+++ b/libraries/google_compute_backend_buckets.rb
@@ -86,8 +86,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_backend_service.rb b/libraries/google_compute_backend_service.rb
index c8bd5bf6f..e6eaea9bf 100644
--- a/libraries/google_compute_backend_service.rb
+++ b/libraries/google_compute_backend_service.rb
@@ -17,8 +17,17 @@
require 'google/compute/property/backendservice_backends'
require 'google/compute/property/backendservice_cdn_policy'
require 'google/compute/property/backendservice_cdn_policy_cache_key_policy'
+require 'google/compute/property/backendservice_circuit_breakers'
+require 'google/compute/property/backendservice_circuit_breakers_connect_timeout'
require 'google/compute/property/backendservice_connection_draining'
+require 'google/compute/property/backendservice_consistent_hash'
+require 'google/compute/property/backendservice_consistent_hash_http_cookie'
+require 'google/compute/property/backendservice_consistent_hash_http_cookie_ttl'
require 'google/compute/property/backendservice_iap'
+require 'google/compute/property/backendservice_log_config'
+require 'google/compute/property/backendservice_outlier_detection'
+require 'google/compute/property/backendservice_outlier_detection_base_ejection_time'
+require 'google/compute/property/backendservice_outlier_detection_interval'
# A provider to manage Compute Engine resources.
class ComputeBackendService < GcpResourceBase
@@ -29,9 +38,12 @@ class ComputeBackendService < GcpResourceBase
attr_reader :params
attr_reader :affinity_cookie_ttl_sec
attr_reader :backends
+ attr_reader :circuit_breakers
+ attr_reader :consistent_hash
attr_reader :cdn_policy
attr_reader :connection_draining
attr_reader :creation_timestamp
+ attr_reader :custom_request_headers
attr_reader :fingerprint
attr_reader :description
attr_reader :enable_cdn
@@ -39,26 +51,32 @@ class ComputeBackendService < GcpResourceBase
attr_reader :id
attr_reader :iap
attr_reader :load_balancing_scheme
+ attr_reader :locality_lb_policy
attr_reader :name
+ attr_reader :outlier_detection
attr_reader :port_name
attr_reader :protocol
attr_reader :security_policy
attr_reader :session_affinity
attr_reader :timeout_sec
+ attr_reader :log_config
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
def parse
@affinity_cookie_ttl_sec = @fetched['affinityCookieTtlSec']
@backends = GoogleInSpec::Compute::Property::BackendServiceBackendsArray.parse(@fetched['backends'], to_s)
+ @circuit_breakers = GoogleInSpec::Compute::Property::BackendServiceCircuitBreakers.new(@fetched['circuitBreakers'], to_s)
+ @consistent_hash = GoogleInSpec::Compute::Property::BackendServiceConsistentHash.new(@fetched['consistentHash'], to_s)
@cdn_policy = GoogleInSpec::Compute::Property::BackendServiceCdnPolicy.new(@fetched['cdnPolicy'], to_s)
@connection_draining = GoogleInSpec::Compute::Property::BackendServiceConnectionDraining.new(@fetched['connectionDraining'], to_s)
@creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @custom_request_headers = @fetched['customRequestHeaders']
@fingerprint = @fetched['fingerprint']
@description = @fetched['description']
@enable_cdn = @fetched['enableCDN']
@@ -66,12 +84,15 @@ def parse
@id = @fetched['id']
@iap = GoogleInSpec::Compute::Property::BackendServiceIap.new(@fetched['iap'], to_s)
@load_balancing_scheme = @fetched['loadBalancingScheme']
+ @locality_lb_policy = @fetched['localityLbPolicy']
@name = @fetched['name']
+ @outlier_detection = GoogleInSpec::Compute::Property::BackendServiceOutlierDetection.new(@fetched['outlierDetection'], to_s)
@port_name = @fetched['portName']
@protocol = @fetched['protocol']
@security_policy = @fetched['securityPolicy']
@session_affinity = @fetched['sessionAffinity']
@timeout_sec = @fetched['timeoutSec']
+ @log_config = GoogleInSpec::Compute::Property::BackendServiceLogConfig.new(@fetched['logConfig'], to_s)
end
# Handles parsing RFC3339 time string
@@ -89,8 +110,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_backend_services.rb b/libraries/google_compute_backend_services.rb
index 70f3cc29c..552c0cf91 100644
--- a/libraries/google_compute_backend_services.rb
+++ b/libraries/google_compute_backend_services.rb
@@ -25,9 +25,12 @@ class ComputeBackendServices < GcpResourceBase
filter_table_config.add(:affinity_cookie_ttl_secs, field: :affinity_cookie_ttl_sec)
filter_table_config.add(:backends, field: :backends)
+ filter_table_config.add(:circuit_breakers, field: :circuit_breakers)
+ filter_table_config.add(:consistent_hashes, field: :consistent_hash)
filter_table_config.add(:cdn_policies, field: :cdn_policy)
filter_table_config.add(:connection_drainings, field: :connection_draining)
filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:custom_request_headers, field: :custom_request_headers)
filter_table_config.add(:fingerprints, field: :fingerprint)
filter_table_config.add(:descriptions, field: :description)
filter_table_config.add(:enable_cdns, field: :enable_cdn)
@@ -35,12 +38,15 @@ class ComputeBackendServices < GcpResourceBase
filter_table_config.add(:ids, field: :id)
filter_table_config.add(:iaps, field: :iap)
filter_table_config.add(:load_balancing_schemes, field: :load_balancing_scheme)
+ filter_table_config.add(:locality_lb_policies, field: :locality_lb_policy)
filter_table_config.add(:names, field: :name)
+ filter_table_config.add(:outlier_detections, field: :outlier_detection)
filter_table_config.add(:port_names, field: :port_name)
filter_table_config.add(:protocols, field: :protocol)
filter_table_config.add(:security_policies, field: :security_policy)
filter_table_config.add(:session_affinities, field: :session_affinity)
filter_table_config.add(:timeout_secs, field: :timeout_sec)
+ filter_table_config.add(:log_configs, field: :log_config)
filter_table_config.connect(self, :table)
@@ -82,9 +88,12 @@ def transformers
{
'affinityCookieTtlSec' => ->(obj) { return :affinity_cookie_ttl_sec, obj['affinityCookieTtlSec'] },
'backends' => ->(obj) { return :backends, GoogleInSpec::Compute::Property::BackendServiceBackendsArray.parse(obj['backends'], to_s) },
+ 'circuitBreakers' => ->(obj) { return :circuit_breakers, GoogleInSpec::Compute::Property::BackendServiceCircuitBreakers.new(obj['circuitBreakers'], to_s) },
+ 'consistentHash' => ->(obj) { return :consistent_hash, GoogleInSpec::Compute::Property::BackendServiceConsistentHash.new(obj['consistentHash'], to_s) },
'cdnPolicy' => ->(obj) { return :cdn_policy, GoogleInSpec::Compute::Property::BackendServiceCdnPolicy.new(obj['cdnPolicy'], to_s) },
'connectionDraining' => ->(obj) { return :connection_draining, GoogleInSpec::Compute::Property::BackendServiceConnectionDraining.new(obj['connectionDraining'], to_s) },
'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'customRequestHeaders' => ->(obj) { return :custom_request_headers, obj['customRequestHeaders'] },
'fingerprint' => ->(obj) { return :fingerprint, obj['fingerprint'] },
'description' => ->(obj) { return :description, obj['description'] },
'enableCDN' => ->(obj) { return :enable_cdn, obj['enableCDN'] },
@@ -92,12 +101,15 @@ def transformers
'id' => ->(obj) { return :id, obj['id'] },
'iap' => ->(obj) { return :iap, GoogleInSpec::Compute::Property::BackendServiceIap.new(obj['iap'], to_s) },
'loadBalancingScheme' => ->(obj) { return :load_balancing_scheme, obj['loadBalancingScheme'] },
+ 'localityLbPolicy' => ->(obj) { return :locality_lb_policy, obj['localityLbPolicy'] },
'name' => ->(obj) { return :name, obj['name'] },
+ 'outlierDetection' => ->(obj) { return :outlier_detection, GoogleInSpec::Compute::Property::BackendServiceOutlierDetection.new(obj['outlierDetection'], to_s) },
'portName' => ->(obj) { return :port_name, obj['portName'] },
'protocol' => ->(obj) { return :protocol, obj['protocol'] },
'securityPolicy' => ->(obj) { return :security_policy, obj['securityPolicy'] },
'sessionAffinity' => ->(obj) { return :session_affinity, obj['sessionAffinity'] },
'timeoutSec' => ->(obj) { return :timeout_sec, obj['timeoutSec'] },
+ 'logConfig' => ->(obj) { return :log_config, GoogleInSpec::Compute::Property::BackendServiceLogConfig.new(obj['logConfig'], to_s) },
}
end
@@ -108,8 +120,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_disk.rb b/libraries/google_compute_disk.rb
index 6ce699662..ae3adea53 100644
--- a/libraries/google_compute_disk.rb
+++ b/libraries/google_compute_disk.rb
@@ -39,6 +39,7 @@ class ComputeDisk < GcpResourceBase
attr_reader :physical_block_size_bytes
attr_reader :type
attr_reader :source_image
+ attr_reader :resource_policies
attr_reader :zone
attr_reader :source_image_encryption_key
attr_reader :source_image_id
@@ -50,7 +51,7 @@ class ComputeDisk < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -69,6 +70,7 @@ def parse
@physical_block_size_bytes = @fetched['physicalBlockSizeBytes']
@type = @fetched['type']
@source_image = @fetched['sourceImage']
+ @resource_policies = @fetched['resourcePolicies']
@zone = @fetched['zone']
@source_image_encryption_key = GoogleInSpec::Compute::Property::DiskSourceImageEncryptionKey.new(@fetched['sourceImageEncryptionKey'], to_s)
@source_image_id = @fetched['sourceImageId']
@@ -93,8 +95,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_disks.rb b/libraries/google_compute_disks.rb
index 6b40d3baa..2bc9ec29d 100644
--- a/libraries/google_compute_disks.rb
+++ b/libraries/google_compute_disks.rb
@@ -37,6 +37,7 @@ class ComputeDisks < GcpResourceBase
filter_table_config.add(:physical_block_size_bytes, field: :physical_block_size_bytes)
filter_table_config.add(:types, field: :type)
filter_table_config.add(:source_images, field: :source_image)
+ filter_table_config.add(:resource_policies, field: :resource_policies)
filter_table_config.add(:zones, field: :zone)
filter_table_config.add(:source_image_encryption_keys, field: :source_image_encryption_key)
filter_table_config.add(:source_image_ids, field: :source_image_id)
@@ -97,6 +98,7 @@ def transformers
'physicalBlockSizeBytes' => ->(obj) { return :physical_block_size_bytes, obj['physicalBlockSizeBytes'] },
'type' => ->(obj) { return :type, obj['type'] },
'sourceImage' => ->(obj) { return :source_image, obj['sourceImage'] },
+ 'resourcePolicies' => ->(obj) { return :resource_policies, obj['resourcePolicies'] },
'zone' => ->(obj) { return :zone, obj['zone'] },
'sourceImageEncryptionKey' => ->(obj) { return :source_image_encryption_key, GoogleInSpec::Compute::Property::DiskSourceImageEncryptionKey.new(obj['sourceImageEncryptionKey'], to_s) },
'sourceImageId' => ->(obj) { return :source_image_id, obj['sourceImageId'] },
@@ -114,8 +116,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_firewall.rb b/libraries/google_compute_firewall.rb
index c9876f0ca..ef6df952a 100644
--- a/libraries/google_compute_firewall.rb
+++ b/libraries/google_compute_firewall.rb
@@ -1,202 +1,269 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/firewall_allowed'
+require 'google/compute/property/firewall_denied'
+require 'google/compute/property/firewall_log_config'
-module Inspec::Resources
- class GoogleComputeFirewall < GcpResourceBase
- name 'google_compute_firewall'
- desc 'Verifies settings for a compute firewall rule'
-
- example "
- describe google_compute_firewall(project: 'chef-inspec-gcp', name: 'gcp-inspec-test') do
- it { should exist }
- its('name') { should eq 'inspec-test' }
- its('status') { should eq 'in_use' }
- ...
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @firewall = @gcp.gcp_compute_client.get_firewall(opts[:project], opts[:name])
- create_resource_methods(@firewall)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeFirewall < GcpResourceBase
+ name 'google_compute_firewall'
+ desc 'Firewall'
+ supports platform: 'gcp'
- # Check whether the firewall rule allows HTTP access (tcp ingress on port 80)
- def allowed_http?
- port_protocol_allowed('80')
- end
+ attr_reader :params
+ attr_reader :allowed
+ attr_reader :creation_timestamp
+ attr_reader :denied
+ attr_reader :description
+ attr_reader :destination_ranges
+ attr_reader :direction
+ attr_reader :disabled
+ attr_reader :log_config
+ attr_reader :id
+ attr_reader :name
+ attr_reader :network
+ attr_reader :priority
+ attr_reader :source_ranges
+ attr_reader :source_service_accounts
+ attr_reader :source_tags
+ attr_reader :target_service_accounts
+ attr_reader :target_tags
- # Check whether the firewall rule allows SSH access (tcp ingress on port 22)
- def allowed_ssh?
- port_protocol_allowed('22')
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- def allowed_https?
- port_protocol_allowed('443')
- end
+ def parse
+ @allowed = GoogleInSpec::Compute::Property::FirewallAllowedArray.parse(@fetched['allowed'], to_s)
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @denied = GoogleInSpec::Compute::Property::FirewallDeniedArray.parse(@fetched['denied'], to_s)
+ @description = @fetched['description']
+ @destination_ranges = @fetched['destinationRanges']
+ @direction = @fetched['direction']
+ @disabled = @fetched['disabled']
+ @log_config = GoogleInSpec::Compute::Property::FirewallLogConfig.new(@fetched['logConfig'], to_s)
+ @id = @fetched['id']
+ @name = @fetched['name']
+ @network = @fetched['network']
+ @priority = @fetched['priority']
+ @source_ranges = @fetched['sourceRanges']
+ @source_service_accounts = @fetched['sourceServiceAccounts']
+ @source_tags = @fetched['sourceTags']
+ @target_service_accounts = @fetched['targetServiceAccounts']
+ @target_tags = @fetched['targetTags']
+ end
- def allowed_rdp?
- port_protocol_allowed('3389')
- end
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
- def allow_port_protocol?(port, protocol)
- port_protocol_allowed(port, protocol)
- end
+ def exists?
+ !@fetched.nil?
+ end
- RSpec::Matchers.alias_matcher :allow_port_protocol, :be_allow_port_protocol
+ def to_s
+ "Firewall #{@params[:name]}"
+ end
- # initial implementation allows to search for target source and destination tags - can
- # filter plural firewalls based on direction to pin down the desired rules and choose the appropriate method
- # see similar below example for ip_range_list
- def allow_source_tags?(tag_list)
- return false if !defined?(source_tags) || source_tags.nil?
- match_list_helper(source_tags, tag_list)
- end
+ # Check whether the firewall rule allows HTTP access (tcp ingress on port 80)
+ def allowed_http?
+ port_protocol_allowed('80')
+ end
- RSpec::Matchers.alias_matcher :allow_source_tags, :be_allow_source_tags
+ # Check whether the firewall rule allows SSH access (tcp ingress on port 22)
+ def allowed_ssh?
+ port_protocol_allowed('22')
+ end
- def allow_target_tags?(tag_list)
- return false if !defined?(target_tags) || target_tags.nil?
- match_list_helper(target_tags, tag_list)
- end
+ def allowed_https?
+ port_protocol_allowed('443')
+ end
- RSpec::Matchers.alias_matcher :allow_target_tags, :be_allow_target_tags
+ def allowed_rdp?
+ port_protocol_allowed('3389')
+ end
- def allow_source_tags_only?(tag_list)
- return false if !defined?(source_tags) || source_tags.nil?
- match_list_helper(source_tags, tag_list, true)
- end
+ def allow_port_protocol?(port, protocol)
+ port_protocol_allowed(port, protocol)
+ end
- RSpec::Matchers.alias_matcher :allow_source_tags_only, :be_allow_source_tags_only
+ RSpec::Matchers.alias_matcher :allow_port_protocol, :be_allow_port_protocol
- def allow_target_tags_only?(tag_list)
- return false if !defined?(target_tags) || target_tags.nil?
- match_list_helper(target_tags, tag_list, true)
- end
+ # initial implementation allows to search for target source and destination tags - can
+ # filter plural firewalls based on direction to pin down the desired rules and choose the appropriate method
+ # see similar below example for ip_range_list
+ def allow_source_tags?(tag_list)
+ return false if !defined?(source_tags) || source_tags.nil?
+ match_list_helper(source_tags, tag_list)
+ end
- RSpec::Matchers.alias_matcher :allow_target_tags_only, :be_allow_target_tags_only
+ RSpec::Matchers.alias_matcher :allow_source_tags, :be_allow_source_tags
- def match_list_helper(source_list, target_list, only = false)
- # helps streamline matching exact equality versus inclusion of target and source lists
- return source_list.sort == target_list.sort if only # i.e. exact equality
- # check the source list includes at least all specified target list elements
- target_list.each do |must_be_present|
- return false if !source_list.include? must_be_present
- end
- true
- end
+ def allow_target_tags?(tag_list)
+ return false if !defined?(target_tags) || target_tags.nil?
+ match_list_helper(target_tags, tag_list)
+ end
- # initial implementation is direction agnostic and treats IP ranges separately
- # Can revisit in the future to include AWS style matchers such as allow_in/out with multiple criteria
- # including protocols/ports for example
- def allow_ip_ranges_only?(ip_range_list)
- allow_ip_range_list(ip_range_list, true)
- end
+ RSpec::Matchers.alias_matcher :allow_target_tags, :be_allow_target_tags
- RSpec::Matchers.alias_matcher :allow_ip_ranges_only, :be_allow_ip_ranges_only
+ def allow_source_tags_only?(tag_list)
+ return false if !defined?(source_tags) || source_tags.nil?
+ match_list_helper(source_tags, tag_list, true)
+ end
- def allow_ip_ranges?(ip_range_list)
- allow_ip_range_list(ip_range_list)
- end
+ RSpec::Matchers.alias_matcher :allow_source_tags_only, :be_allow_source_tags_only
- RSpec::Matchers.alias_matcher :allow_ip_ranges, :be_allow_ip_ranges
-
- def allow_ip_range_list(ip_range_list, only = false)
- raise Inspec::Exceptions::ResourceFailed, "google_compute_firewall is missing expected property 'direction'" if !defined?(direction) || direction.nil?
- # the intention here is for firewall rules plural to be filtered based on direction, then tested for particular IP ranges
- # e.g. describe google_compute_firewalls(project: 'chef-inspec-gcp').where(firewall_direction: 'INGRESS').firewall_names.each do |firewall_name| do
- # describe google_compute_firewall(project: 'chef-inspec-gcp', name: firewall_name) do
- # it { should_not allow_ip_ranges ["0.0.0.0/0"] }
- # end
- # end
- # direction affects what the property is e.g. INGRESS->source_ranges, EGRESS->destination_ranges
- ranges = nil
- if direction == 'INGRESS'
- return false if !defined?(source_ranges) || source_ranges.nil?
- ranges = source_ranges
- else
- return false if !defined?(destination_ranges) || destination_ranges.nil?
- ranges = destination_ranges
- end
- return false if !defined?(ranges) || ranges.nil?
- # so now we have a list of IP addresses to compare
- match_list_helper(ranges, ip_range_list, only)
+ def allow_target_tags_only?(tag_list)
+ return false if !defined?(target_tags) || target_tags.nil?
+ match_list_helper(target_tags, tag_list, true)
+ end
+
+ RSpec::Matchers.alias_matcher :allow_target_tags_only, :be_allow_target_tags_only
+
+ def match_list_helper(source_list, target_list, only = false)
+ # helps streamline matching exact equality versus inclusion of target and source lists
+ return source_list.sort == target_list.sort if only # i.e. exact equality
+ # check the source list includes at least all specified target list elements
+ target_list.each do |must_be_present|
+ return false if !source_list.include? must_be_present
end
+ true
+ end
- def match_rule_protocol(property, single_port, protocol, allowed_flag)
- # this covers both property 'allowed' and 'denied' as they have the same structure
- # however in the case of 'denied' the logic of allowed is inverted
- # first consider the special case of 'all' where no ports/protocols are listed explicitly
- # and applies to all protocols
- if property.count == 1 and property[0].ip_protocol == 'all'
- return true if allowed_flag # an allowed rule that will match all ports/protocols
- return false # i.e. this is a deny all rule and will block all ports/protocols
- end
+ # initial implementation is direction agnostic and treats IP ranges separately
+ # Can revisit in the future to include AWS style matchers such as allow_in/out with multiple criteria
+ # including protocols/ports for example
+ def allow_ip_ranges_only?(ip_range_list)
+ allow_ip_range_list(ip_range_list, true)
+ end
- # "allowed"/"denied" can have several port/protocol pairing entries e.g. tcp:80 or udp:4000-5000
- # first, let's find the matching protocol indexes to compare against
- protocol_match_indexes = []
- property.each_with_index do |rule, index|
- next if !defined?(rule.ip_protocol)
- protocol_match_indexes << index if rule.ip_protocol == protocol
- end
- # Now we know the list of matching protocol entries to check against.
- # Note the syntax for protocol port definitions versus what we see here is:
- # "tcp:80" -> "tcp" ["80"]
- # "tcp:90,91" -> "tcp:90", "tcp:91" -> "tcp" ["90","91"]
- # "udp:3000-4000" -> "udp" ["3000-4000"] # can also potentially include single port combinations in the list for a single rule here
- # We now check for a match based on each of the above cases
- protocol_match_indexes.each do |protocol_index|
- # there can be multiple protocol rules for different ports etc. ["22"] or ["123-126"]
- ports_in_rule = property[protocol_index].ports
- next if ports_in_rule.nil?
- ports_in_rule.each do |rule_port|
- matched_result = single_port_matches(rule_port, single_port)
- return true if matched_result and allowed_flag
- return false if matched_result and !allowed_flag
- end
- end
- return true if !allowed_flag # i.e. here we matched no port/protocol rules for a deny rule and therefore result in allowing
- false
+ RSpec::Matchers.alias_matcher :allow_ip_ranges_only, :be_allow_ip_ranges_only
+
+ def allow_ip_ranges?(ip_range_list)
+ allow_ip_range_list(ip_range_list)
+ end
+
+ RSpec::Matchers.alias_matcher :allow_ip_ranges, :be_allow_ip_ranges
+
+ def allow_ip_range_list(ip_range_list, only = false)
+ raise Inspec::Exceptions::ResourceFailed, "google_compute_firewall is missing expected property 'direction'" if !defined?(direction) || direction.nil?
+ # the intention here is for firewall rules plural to be filtered based on direction, then tested for particular IP ranges
+ # e.g. describe google_compute_firewalls(project: 'chef-inspec-gcp').where(firewall_direction: 'INGRESS').firewall_names.each do |firewall_name| do
+ # describe google_compute_firewall(project: 'chef-inspec-gcp', name: firewall_name) do
+ # it { should_not allow_ip_ranges ["0.0.0.0/0"] }
+ # end
+ # end
+ # direction affects what the property is e.g. INGRESS->source_ranges, EGRESS->destination_ranges
+ ranges = nil
+ if direction == 'INGRESS'
+ return false if !defined?(source_ranges) || source_ranges.nil?
+ ranges = source_ranges
+ else
+ return false if !defined?(destination_ranges) || destination_ranges.nil?
+ ranges = destination_ranges
end
+ return false if !defined?(ranges) || ranges.nil?
+ # so now we have a list of IP addresses to compare
+ match_list_helper(ranges, ip_range_list, only)
+ end
- # note that port_list only accepts individual ports to match, not ranges
- def port_protocol_allowed(single_port, protocol = 'tcp')
- raise Inspec::Exceptions::ResourceFailed, "google_compute_firewall is missing expected property 'allowed' or 'denied'" if !defined?(@firewall.allowed) || !defined?(@firewall.denied)
- raise Inspec::Exceptions::ResourceFailed, "google_compute_firewall 'allowed' and 'denied' cannot both be nil" if @firewall.allowed.nil? && @firewall.denied.nil?
- allowed_flag = @firewall.denied.nil?
- return match_rule_protocol(@firewall.allowed, single_port, protocol, allowed_flag) if allowed_flag
- match_rule_protocol(@firewall.denied, single_port, protocol, allowed_flag)
+ def match_rule_protocol(property, single_port, protocol, allowed_flag)
+ # this covers both property 'allowed' and 'denied' as they have the same structure
+ # however in the case of 'denied' the logic of allowed is inverted
+ # first consider the special case of 'all' where no ports/protocols are listed explicitly
+ # and applies to all protocols
+ if property.count == 1 and property[0].ip_protocol == 'all'
+ return true if allowed_flag # an allowed rule that will match all ports/protocols
+ return false # i.e. this is a deny all rule and will block all ports/protocols
end
- def single_port_matches(rule_port, single_port)
- # if '-' in there it means we should check each provided port for existence in a range
- if !rule_port.include? '-'
- # simplest case, only one port string specified
- return true if rule_port == single_port
- # if not, no match
- else
- # the rule_port here is a range such as "4000-5000", protect against any non-integer input by checking for nil values
- upper_limit = rule_port.split('-')[1].to_i
- lower_limit = rule_port.split('-')[0].to_i
- raise Inspec::Exceptions::ResourceFailed, "google_compute_firewall unexpected port range specified: '#{rule_port}'" if upper_limit.nil? || lower_limit.nil?
- return true if single_port.to_i.between?(lower_limit, upper_limit)
- # if not, no match
+ # "allowed"/"denied" can have several port/protocol pairing entries e.g. tcp:80 or udp:4000-5000
+ # first, let's find the matching protocol indexes to compare against
+ protocol_match_indexes = []
+ property.each_with_index do |rule, index|
+ next if !defined?(rule.ip_protocol)
+ protocol_match_indexes << index if rule.ip_protocol == protocol
+ end
+ # Now we know the list of matching protocol entries to check against.
+ # Note the syntax for protocol port definitions versus what we see here is:
+ # "tcp:80" -> "tcp" ["80"]
+ # "tcp:90,91" -> "tcp:90", "tcp:91" -> "tcp" ["90","91"]
+ # "udp:3000-4000" -> "udp" ["3000-4000"] # can also potentially include single port combinations in the list for a single rule here
+ # We now check for a match based on each of the above cases
+ protocol_match_indexes.each do |protocol_index|
+ # there can be multiple protocol rules for different ports etc. ["22"] or ["123-126"]
+ ports_in_rule = property[protocol_index].ports
+ next if ports_in_rule.nil?
+ ports_in_rule.each do |rule_port|
+ matched_result = single_port_matches(rule_port, single_port)
+ return true if matched_result and allowed_flag
+ return false if matched_result and !allowed_flag
end
- false
end
+ return true if !allowed_flag # i.e. here we matched no port/protocol rules for a deny rule and therefore result in allowing
+ false
+ end
+
+ # note that port_list only accepts individual ports to match, not ranges
+ def port_protocol_allowed(single_port, protocol = 'tcp')
+ raise Inspec::Exceptions::ResourceFailed, "google_compute_firewall is missing expected property 'allowed' or 'denied'" if !defined?(allowed) || !defined?(denied)
+ raise Inspec::Exceptions::ResourceFailed, "google_compute_firewall 'allowed' and 'denied' cannot both be nil" if allowed.nil? && denied.nil?
+ allowed_flag = denied.nil?
+ return match_rule_protocol(allowed, single_port, protocol, allowed_flag) if allowed_flag
+ match_rule_protocol(denied, single_port, protocol, allowed_flag)
+ end
- def exists?
- !@firewall.nil?
+ def single_port_matches(rule_port, single_port)
+ # if '-' in there it means we should check each provided port for existence in a range
+ if !rule_port.include? '-'
+ # simplest case, only one port string specified
+ return true if rule_port == single_port
+ # if not, no match
+ else
+ # the rule_port here is a range such as "4000-5000", protect against any non-integer input by checking for nil values
+ upper_limit = rule_port.split('-')[1].to_i
+ lower_limit = rule_port.split('-')[0].to_i
+ raise Inspec::Exceptions::ResourceFailed, "google_compute_firewall unexpected port range specified: '#{rule_port}'" if upper_limit.nil? || lower_limit.nil?
+ return true if single_port.to_i.between?(lower_limit, upper_limit)
+ # if not, no match
end
+ false
+ end
+
+ def log_config_enabled?
+ return false if !defined?(log_config) || !defined?(log_config.enable_logging)
+ log_config.enable_logging
+ end
- def to_s
- "Firewall Rule #{@display_name}"
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/global/firewalls/{{name}}'
+ end
end
diff --git a/libraries/google_compute_firewalls.rb b/libraries/google_compute_firewalls.rb
index ae2b1873b..5d09207bf 100644
--- a/libraries/google_compute_firewalls.rb
+++ b/libraries/google_compute_firewalls.rb
@@ -1,50 +1,120 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ComputeFirewalls < GcpResourceBase
+ name 'google_compute_firewalls'
+ desc 'Firewall plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeFirewalls < GcpResourceBase
- name 'google_compute_firewalls'
- desc 'Verifies settings for GCP compute firewalls in bulk'
+ attr_reader :table
- example "
- describe google_compute_firewalls(project: 'chef-inspec-gcp') do
- it { should exist }
- ...
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- @project = opts[:project]
- end
+ filter_table_config.add(:alloweds, field: :allowed)
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:denieds, field: :denied)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:destination_ranges, field: :destination_ranges)
+ filter_table_config.add(:firewall_directions, field: :firewall_direction)
+ filter_table_config.add(:disableds, field: :disabled)
+ filter_table_config.add(:log_configs, field: :log_config)
+ filter_table_config.add(:firewall_ids, field: :firewall_id)
+ filter_table_config.add(:firewall_names, field: :firewall_name)
+ filter_table_config.add(:networks, field: :network)
+ filter_table_config.add(:priorities, field: :priority)
+ filter_table_config.add(:source_ranges, field: :source_ranges)
+ filter_table_config.add(:source_service_accounts, field: :source_service_accounts)
+ filter_table_config.add(:source_tags, field: :source_tags)
+ filter_table_config.add(:target_service_accounts, field: :target_service_accounts)
+ filter_table_config.add(:target_tags, field: :target_tags)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:firewall_ids, field: :firewall_id)
- filter_table_config.add(:firewall_names, field: :firewall_name)
- filter_table_config.add(:firewall_directions, field: :firewall_direction)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- firewall_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @firewalls = @gcp.gcp_compute_client.list_firewalls(@project, page_token: next_page)
- end
- return [] if !@firewalls || !@firewalls.items
- @firewalls.items.map do |firewall|
- firewall_rows+=[{ firewall_id: firewall.id,
- firewall_name: firewall.name,
- firewall_direction: firewall.direction }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @firewalls.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = firewall_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'allowed' => ->(obj) { return :allowed, GoogleInSpec::Compute::Property::FirewallAllowedArray.parse(obj['allowed'], to_s) },
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'denied' => ->(obj) { return :denied, GoogleInSpec::Compute::Property::FirewallDeniedArray.parse(obj['denied'], to_s) },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'destinationRanges' => ->(obj) { return :destination_ranges, obj['destinationRanges'] },
+ 'direction' => ->(obj) { return :firewall_direction, obj['direction'] },
+ 'disabled' => ->(obj) { return :disabled, obj['disabled'] },
+ 'logConfig' => ->(obj) { return :log_config, GoogleInSpec::Compute::Property::FirewallLogConfig.new(obj['logConfig'], to_s) },
+ 'id' => ->(obj) { return :firewall_id, obj['id'] },
+ 'name' => ->(obj) { return :firewall_name, obj['name'] },
+ 'network' => ->(obj) { return :network, obj['network'] },
+ 'priority' => ->(obj) { return :priority, obj['priority'] },
+ 'sourceRanges' => ->(obj) { return :source_ranges, obj['sourceRanges'] },
+ 'sourceServiceAccounts' => ->(obj) { return :source_service_accounts, obj['sourceServiceAccounts'] },
+ 'sourceTags' => ->(obj) { return :source_tags, obj['sourceTags'] },
+ 'targetServiceAccounts' => ->(obj) { return :target_service_accounts, obj['targetServiceAccounts'] },
+ 'targetTags' => ->(obj) { return :target_tags, obj['targetTags'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/global/firewalls'
end
end
diff --git a/libraries/google_compute_forwarding_rule.rb b/libraries/google_compute_forwarding_rule.rb
index 08d432f81..b113e6d31 100644
--- a/libraries/google_compute_forwarding_rule.rb
+++ b/libraries/google_compute_forwarding_rule.rb
@@ -1,39 +1,106 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-module Inspec::Resources
- class GoogleComputeForwardingRule < GcpResourceBase
- name 'google_compute_forwarding_rule'
- desc 'Verifies settings for a compute forwarding_rule'
-
- example "
- describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding-rule') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @forwarding_rule = @gcp.gcp_compute_client.get_forwarding_rule(opts[:project], opts[:region], opts[:name])
- create_resource_methods(@forwarding_rule)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeForwardingRule < GcpResourceBase
+ name 'google_compute_forwarding_rule'
+ desc 'ForwardingRule'
+ supports platform: 'gcp'
- def creation_timestamp_date
- return false if !defined?(creation_timestamp) || creation_timestamp.nil?
- Time.parse(creation_timestamp.to_s)
- end
+ attr_reader :params
+ attr_reader :creation_timestamp
+ attr_reader :is_mirroring_collector
+ attr_reader :description
+ attr_reader :id
+ attr_reader :ip_address
+ attr_reader :ip_protocol
+ attr_reader :backend_service
+ attr_reader :load_balancing_scheme
+ attr_reader :name
+ attr_reader :network
+ attr_reader :port_range
+ attr_reader :ports
+ attr_reader :subnetwork
+ attr_reader :target
+ attr_reader :allow_global_access
+ attr_reader :labels
+ attr_reader :label_fingerprint
+ attr_reader :all_ports
+ attr_reader :network_tier
+ attr_reader :service_label
+ attr_reader :service_name
+ attr_reader :region
- def exists?
- !@forwarding_rule.nil?
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @is_mirroring_collector = @fetched['isMirroringCollector']
+ @description = @fetched['description']
+ @id = @fetched['id']
+ @ip_address = @fetched['IPAddress']
+ @ip_protocol = @fetched['IPProtocol']
+ @backend_service = @fetched['backendService']
+ @load_balancing_scheme = @fetched['loadBalancingScheme']
+ @name = @fetched['name']
+ @network = name_from_self_link(@fetched['network'])
+ @port_range = @fetched['portRange']
+ @ports = @fetched['ports']
+ @subnetwork = @fetched['subnetwork']
+ @target = @fetched['target']
+ @allow_global_access = @fetched['allowGlobalAccess']
+ @labels = @fetched['labels']
+ @label_fingerprint = @fetched['labelFingerprint']
+ @all_ports = @fetched['allPorts']
+ @network_tier = @fetched['networkTier']
+ @service_label = @fetched['serviceLabel']
+ @service_name = @fetched['serviceName']
+ @region = @fetched['region']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
- def to_s
- "ForwardingRule #{@display_name}"
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "ForwardingRule #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}'
+ end
end
diff --git a/libraries/google_compute_forwarding_rules.rb b/libraries/google_compute_forwarding_rules.rb
index 4ffad14c2..2d2c7ad44 100644
--- a/libraries/google_compute_forwarding_rules.rb
+++ b/libraries/google_compute_forwarding_rules.rb
@@ -1,54 +1,130 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ComputeForwardingRules < GcpResourceBase
+ name 'google_compute_forwarding_rules'
+ desc 'ForwardingRule plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeForwardingRules < GcpResourceBase
- name 'google_compute_forwarding_rules'
- desc 'Verifies settings for GCP compute forwarding_rules in bulk'
+ attr_reader :table
- example "
- describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west1') do
- it { should exist }
- ...
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- @project = opts[:project]
- @region = opts[:region]
- end
+ filter_table_config = FilterTable.create
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:forwarding_rule_ids, field: :forwarding_rule_id)
- filter_table_config.add(:forwarding_rule_names, field: :forwarding_rule_name)
- filter_table_config.add(:forwarding_rule_networks, field: :forwarding_rule_network)
- filter_table_config.add(:forwarding_rule_load_balancing_schemes, field: :forwarding_rule_load_balancing_scheme)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- forwarding_rule_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @forwarding_rules = @gcp.gcp_compute_client.list_forwarding_rules(@project, @region, page_token: next_page)
- end
- return [] if !@forwarding_rules || !@forwarding_rules.items
- @forwarding_rules.items.map do |forwarding_rule|
- forwarding_rule_network = forwarding_rule.network.split('/').last if !forwarding_rule.network.nil?
- forwarding_rule_rows+=[{ forwarding_rule_id: forwarding_rule.id,
- forwarding_rule_name: forwarding_rule.name,
- forwarding_rule_network: forwarding_rule_network,
- forwarding_rule_load_balancing_scheme: forwarding_rule.load_balancing_scheme }]
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:is_mirroring_collectors, field: :is_mirroring_collector)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:forwarding_rule_ids, field: :forwarding_rule_id)
+ filter_table_config.add(:ip_addresses, field: :ip_address)
+ filter_table_config.add(:ip_protocols, field: :ip_protocol)
+ filter_table_config.add(:backend_services, field: :backend_service)
+ filter_table_config.add(:forwarding_rule_load_balancing_schemes, field: :forwarding_rule_load_balancing_scheme)
+ filter_table_config.add(:forwarding_rule_names, field: :forwarding_rule_name)
+ filter_table_config.add(:forwarding_rule_networks, field: :forwarding_rule_network)
+ filter_table_config.add(:port_ranges, field: :port_range)
+ filter_table_config.add(:ports, field: :ports)
+ filter_table_config.add(:subnetworks, field: :subnetwork)
+ filter_table_config.add(:targets, field: :target)
+ filter_table_config.add(:allow_global_accesses, field: :allow_global_access)
+ filter_table_config.add(:labels, field: :labels)
+ filter_table_config.add(:label_fingerprints, field: :label_fingerprint)
+ filter_table_config.add(:all_ports, field: :all_ports)
+ filter_table_config.add(:network_tiers, field: :network_tier)
+ filter_table_config.add(:service_labels, field: :service_label)
+ filter_table_config.add(:service_names, field: :service_name)
+ filter_table_config.add(:regions, field: :region)
+
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @forwarding_rules.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = forwarding_rule_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'isMirroringCollector' => ->(obj) { return :is_mirroring_collector, obj['isMirroringCollector'] },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'id' => ->(obj) { return :forwarding_rule_id, obj['id'] },
+ 'IPAddress' => ->(obj) { return :ip_address, obj['IPAddress'] },
+ 'IPProtocol' => ->(obj) { return :ip_protocol, obj['IPProtocol'] },
+ 'backendService' => ->(obj) { return :backend_service, obj['backendService'] },
+ 'loadBalancingScheme' => ->(obj) { return :forwarding_rule_load_balancing_scheme, obj['loadBalancingScheme'] },
+ 'name' => ->(obj) { return :forwarding_rule_name, obj['name'] },
+ 'network' => ->(obj) { return :forwarding_rule_network, name_from_self_link(obj['network']) },
+ 'portRange' => ->(obj) { return :port_range, obj['portRange'] },
+ 'ports' => ->(obj) { return :ports, obj['ports'] },
+ 'subnetwork' => ->(obj) { return :subnetwork, obj['subnetwork'] },
+ 'target' => ->(obj) { return :target, obj['target'] },
+ 'allowGlobalAccess' => ->(obj) { return :allow_global_access, obj['allowGlobalAccess'] },
+ 'labels' => ->(obj) { return :labels, obj['labels'] },
+ 'labelFingerprint' => ->(obj) { return :label_fingerprint, obj['labelFingerprint'] },
+ 'allPorts' => ->(obj) { return :all_ports, obj['allPorts'] },
+ 'networkTier' => ->(obj) { return :network_tier, obj['networkTier'] },
+ 'serviceLabel' => ->(obj) { return :service_label, obj['serviceLabel'] },
+ 'serviceName' => ->(obj) { return :service_name, obj['serviceName'] },
+ 'region' => ->(obj) { return :region, obj['region'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/forwardingRules'
end
end
diff --git a/libraries/google_compute_global_address.rb b/libraries/google_compute_global_address.rb
index a442fca3f..d3b385bf5 100644
--- a/libraries/google_compute_global_address.rb
+++ b/libraries/google_compute_global_address.rb
@@ -27,6 +27,8 @@ class ComputeGlobalAddress < GcpResourceBase
attr_reader :description
attr_reader :id
attr_reader :name
+ attr_reader :labels
+ attr_reader :label_fingerprint
attr_reader :ip_version
attr_reader :region
attr_reader :prefix_length
@@ -37,7 +39,7 @@ class ComputeGlobalAddress < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -47,6 +49,8 @@ def parse
@description = @fetched['description']
@id = @fetched['id']
@name = @fetched['name']
+ @labels = @fetched['labels']
+ @label_fingerprint = @fetched['labelFingerprint']
@ip_version = @fetched['ipVersion']
@region = @fetched['region']
@prefix_length = @fetched['prefixLength']
@@ -70,8 +74,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_global_addresses.rb b/libraries/google_compute_global_addresses.rb
index 2c8d93fa6..3ebc0d9a8 100644
--- a/libraries/google_compute_global_addresses.rb
+++ b/libraries/google_compute_global_addresses.rb
@@ -28,6 +28,8 @@ class ComputeGlobalAddresss < GcpResourceBase
filter_table_config.add(:descriptions, field: :description)
filter_table_config.add(:ids, field: :id)
filter_table_config.add(:names, field: :name)
+ filter_table_config.add(:labels, field: :labels)
+ filter_table_config.add(:label_fingerprints, field: :label_fingerprint)
filter_table_config.add(:ip_versions, field: :ip_version)
filter_table_config.add(:regions, field: :region)
filter_table_config.add(:prefix_lengths, field: :prefix_length)
@@ -78,6 +80,8 @@ def transformers
'description' => ->(obj) { return :description, obj['description'] },
'id' => ->(obj) { return :id, obj['id'] },
'name' => ->(obj) { return :name, obj['name'] },
+ 'labels' => ->(obj) { return :labels, obj['labels'] },
+ 'labelFingerprint' => ->(obj) { return :label_fingerprint, obj['labelFingerprint'] },
'ipVersion' => ->(obj) { return :ip_version, obj['ipVersion'] },
'region' => ->(obj) { return :region, obj['region'] },
'prefixLength' => ->(obj) { return :prefix_length, obj['prefixLength'] },
@@ -94,8 +98,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_global_forwarding_rule.rb b/libraries/google_compute_global_forwarding_rule.rb
index 1725dd468..5468e22bc 100644
--- a/libraries/google_compute_global_forwarding_rule.rb
+++ b/libraries/google_compute_global_forwarding_rule.rb
@@ -29,6 +29,8 @@ class ComputeGlobalForwardingRule < GcpResourceBase
attr_reader :ip_address
attr_reader :ip_protocol
attr_reader :ip_version
+ attr_reader :labels
+ attr_reader :label_fingerprint
attr_reader :load_balancing_scheme
attr_reader :metadata_filters
attr_reader :name
@@ -39,7 +41,7 @@ class ComputeGlobalForwardingRule < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -50,6 +52,8 @@ def parse
@ip_address = @fetched['IPAddress']
@ip_protocol = @fetched['IPProtocol']
@ip_version = @fetched['ipVersion']
+ @labels = @fetched['labels']
+ @label_fingerprint = @fetched['labelFingerprint']
@load_balancing_scheme = @fetched['loadBalancingScheme']
@metadata_filters = GoogleInSpec::Compute::Property::GlobalForwardingRuleMetadataFiltersArray.parse(@fetched['metadataFilters'], to_s)
@name = @fetched['name']
@@ -73,8 +77,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_global_forwarding_rules.rb b/libraries/google_compute_global_forwarding_rules.rb
index 0799d7af9..29f293a46 100644
--- a/libraries/google_compute_global_forwarding_rules.rb
+++ b/libraries/google_compute_global_forwarding_rules.rb
@@ -29,6 +29,8 @@ class ComputeGlobalForwardingRules < GcpResourceBase
filter_table_config.add(:ip_addresses, field: :ip_address)
filter_table_config.add(:ip_protocols, field: :ip_protocol)
filter_table_config.add(:ip_versions, field: :ip_version)
+ filter_table_config.add(:labels, field: :labels)
+ filter_table_config.add(:label_fingerprints, field: :label_fingerprint)
filter_table_config.add(:load_balancing_schemes, field: :load_balancing_scheme)
filter_table_config.add(:metadata_filters, field: :metadata_filters)
filter_table_config.add(:names, field: :name)
@@ -80,6 +82,8 @@ def transformers
'IPAddress' => ->(obj) { return :ip_address, obj['IPAddress'] },
'IPProtocol' => ->(obj) { return :ip_protocol, obj['IPProtocol'] },
'ipVersion' => ->(obj) { return :ip_version, obj['ipVersion'] },
+ 'labels' => ->(obj) { return :labels, obj['labels'] },
+ 'labelFingerprint' => ->(obj) { return :label_fingerprint, obj['labelFingerprint'] },
'loadBalancingScheme' => ->(obj) { return :load_balancing_scheme, obj['loadBalancingScheme'] },
'metadataFilters' => ->(obj) { return :metadata_filters, GoogleInSpec::Compute::Property::GlobalForwardingRuleMetadataFiltersArray.parse(obj['metadataFilters'], to_s) },
'name' => ->(obj) { return :name, obj['name'] },
@@ -96,8 +100,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_health_check.rb b/libraries/google_compute_health_check.rb
index 320ba0d7d..90943cc3f 100644
--- a/libraries/google_compute_health_check.rb
+++ b/libraries/google_compute_health_check.rb
@@ -45,7 +45,7 @@ class ComputeHealthCheck < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -81,8 +81,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_health_checks.rb b/libraries/google_compute_health_checks.rb
index e7deeed63..f98609a17 100644
--- a/libraries/google_compute_health_checks.rb
+++ b/libraries/google_compute_health_checks.rb
@@ -100,8 +100,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_http_health_check.rb b/libraries/google_compute_http_health_check.rb
index 29e45023d..b38386ce6 100644
--- a/libraries/google_compute_http_health_check.rb
+++ b/libraries/google_compute_http_health_check.rb
@@ -37,7 +37,7 @@ class ComputeHttpHealthCheck < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -70,8 +70,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_http_health_checks.rb b/libraries/google_compute_http_health_checks.rb
index 989b57a44..a92141eb8 100644
--- a/libraries/google_compute_http_health_checks.rb
+++ b/libraries/google_compute_http_health_checks.rb
@@ -94,8 +94,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_https_health_check.rb b/libraries/google_compute_https_health_check.rb
index 5f07d6198..f9a9e44d1 100644
--- a/libraries/google_compute_https_health_check.rb
+++ b/libraries/google_compute_https_health_check.rb
@@ -37,7 +37,7 @@ class ComputeHttpsHealthCheck < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -70,8 +70,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_https_health_checks.rb b/libraries/google_compute_https_health_checks.rb
index 3d7d75435..f9d33e5cf 100644
--- a/libraries/google_compute_https_health_checks.rb
+++ b/libraries/google_compute_https_health_checks.rb
@@ -94,8 +94,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_image.rb b/libraries/google_compute_image.rb
index 06c6e9bdb..fe8983ae7 100644
--- a/libraries/google_compute_image.rb
+++ b/libraries/google_compute_image.rb
@@ -1,47 +1,110 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/image_deprecated'
+require 'google/compute/property/image_guest_os_features'
+require 'google/compute/property/image_image_encryption_key'
+require 'google/compute/property/image_raw_disk'
+require 'google/compute/property/image_source_disk_encryption_key'
-module Inspec::Resources
- class GoogleComputeImage < GcpResourceBase
- name 'google_compute_image'
- desc 'Verifies settings for an image'
-
- example "
- describe google_compute_image(project: 'chef-inspec-gcp', name: 'image-1') do
- it { should exist }
- its('name') { should eq 'image-1' }
- its('source_type') { should eq 'RAW' }
- its('family') { should eq 'inspec-test-family' }
- its('status') { should eq 'ready' }
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- # there's a little extra complication here because we might want to retrieve a project custom image, or
- # the latest image that is part of an image family
- begin
- @image = @gcp.gcp_compute_client.get_image(opts[:project], opts[:name])
- create_resource_methods(@image)
- rescue Google::Apis::ClientError
- # if the above is not successful try to get the image from an image family before giving up
- # Note: this will swallow the previous exception but allows to preserve parity with the single
- # google_compute_image tf resource
- catch_gcp_errors do
- @image = @gcp.gcp_compute_client.get_image_from_family(opts[:project], opts[:name])
- create_resource_methods(@image)
- end
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeImage < GcpResourceBase
+ name 'google_compute_image'
+ desc 'Image'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :archive_size_bytes
+ attr_reader :creation_timestamp
+ attr_reader :deprecated
+ attr_reader :description
+ attr_reader :disk_size_gb
+ attr_reader :family
+ attr_reader :guest_os_features
+ attr_reader :id
+ attr_reader :image_encryption_key
+ attr_reader :labels
+ attr_reader :label_fingerprint
+ attr_reader :licenses
+ attr_reader :name
+ attr_reader :raw_disk
+ attr_reader :source_disk
+ attr_reader :source_disk_encryption_key
+ attr_reader :source_disk_id
+ attr_reader :source_type
+ attr_reader :self_link
+ attr_reader :status
- def exists?
- !@image.nil?
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ if @fetched.nil?
+ @fetched = @connection.fetch(product_url(params[:beta]), 'projects/{{project}}/global/images/family/{{name}}', params, 'Get')
end
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @archive_size_bytes = @fetched['archiveSizeBytes']
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @deprecated = GoogleInSpec::Compute::Property::ImageDeprecated.new(@fetched['deprecated'], to_s)
+ @description = @fetched['description']
+ @disk_size_gb = @fetched['diskSizeGb']
+ @family = @fetched['family']
+ @guest_os_features = GoogleInSpec::Compute::Property::ImageGuestOsFeaturesArray.parse(@fetched['guestOsFeatures'], to_s)
+ @id = @fetched['id']
+ @image_encryption_key = GoogleInSpec::Compute::Property::ImageImageEncryptionKey.new(@fetched['imageEncryptionKey'], to_s)
+ @labels = @fetched['labels']
+ @label_fingerprint = @fetched['labelFingerprint']
+ @licenses = @fetched['licenses']
+ @name = @fetched['name']
+ @raw_disk = GoogleInSpec::Compute::Property::ImageRawDisk.new(@fetched['rawDisk'], to_s)
+ @source_disk = @fetched['sourceDisk']
+ @source_disk_encryption_key = GoogleInSpec::Compute::Property::ImageSourceDiskEncryptionKey.new(@fetched['sourceDiskEncryptionKey'], to_s)
+ @source_disk_id = @fetched['sourceDiskId']
+ @source_type = @fetched['sourceType']
+ @self_link = @fetched['selfLink']
+ @status = @fetched['status']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
- def to_s
- "Image #{@display_name}"
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Image #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/global/images/{{name}}'
+ end
end
diff --git a/libraries/google_compute_instance.rb b/libraries/google_compute_instance.rb
index 933ac8ea2..9132484f7 100644
--- a/libraries/google_compute_instance.rb
+++ b/libraries/google_compute_instance.rb
@@ -1,181 +1,245 @@
-# frozen_string_literal: true
-
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/instance_disks'
+require 'google/compute/property/instance_guest_accelerators'
+require 'google/compute/property/instance_network_interfaces'
+require 'google/compute/property/instance_scheduling'
+require 'google/compute/property/instance_service_accounts'
+require 'google/compute/property/instance_shielded_instance_config'
+require 'google/compute/property/instance_tags'
+
+# A provider to manage Compute Engine resources.
+class ComputeInstance < GcpResourceBase
+ name 'google_compute_instance'
+ desc 'Instance'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :can_ip_forward
+ attr_reader :cpu_platform
+ attr_reader :creation_timestamp
+ attr_reader :deletion_protection
+ attr_reader :disks
+ attr_reader :guest_accelerators
+ attr_reader :hostname
+ attr_reader :id
+ attr_reader :label_fingerprint
+ attr_reader :labels
+ attr_reader :metadata
+ attr_reader :machine_type
+ attr_reader :min_cpu_platform
+ attr_reader :name
+ attr_reader :network_interfaces
+ attr_reader :scheduling
+ attr_reader :service_accounts
+ attr_reader :shielded_instance_config
+ attr_reader :status
+ attr_reader :status_message
+ attr_reader :tags
+ attr_reader :zone
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
-module Inspec::Resources
- class GoogleComputeInstance < GcpResourceBase
- name 'google_compute_instance'
- desc 'Verifies settings for an instance'
-
- example "
- describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test') do
- it { should exist }
- its('name') { should eq 'inspec-test' }
- its('machine_size') { should eq 'f1-micro' }
- its('cpu_platform') { should match 'Intel' }
- its('status') { should eq 'RUNNING' }
- ...
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @instance = @gcp.gcp_compute_client.get_instance(opts[:project], opts[:zone], opts[:name])
- create_resource_methods(@instance)
- end
- end
+ def parse
+ @can_ip_forward = @fetched['canIpForward']
+ @cpu_platform = @fetched['cpuPlatform']
+ @creation_timestamp = @fetched['creationTimestamp']
+ @deletion_protection = @fetched['deletionProtection']
+ @disks = GoogleInSpec::Compute::Property::InstanceDisksArray.parse(@fetched['disks'], to_s)
+ @guest_accelerators = GoogleInSpec::Compute::Property::InstanceGuestAcceleratorsArray.parse(@fetched['guestAccelerators'], to_s)
+ @hostname = @fetched['hostname']
+ @id = @fetched['id']
+ @label_fingerprint = @fetched['labelFingerprint']
+ @labels = @fetched['labels']
+ @metadata = @fetched['metadata']
+ @machine_type = @fetched['machineType']
+ @min_cpu_platform = @fetched['minCpuPlatform']
+ @name = @fetched['name']
+ @network_interfaces = GoogleInSpec::Compute::Property::InstanceNetworkInterfacesArray.parse(@fetched['networkInterfaces'], to_s)
+ @scheduling = GoogleInSpec::Compute::Property::InstanceScheduling.new(@fetched['scheduling'], to_s)
+ @service_accounts = GoogleInSpec::Compute::Property::InstanceServiceAccountsArray.parse(@fetched['serviceAccounts'], to_s)
+ @shielded_instance_config = GoogleInSpec::Compute::Property::InstanceShieldedInstanceConfig.new(@fetched['shieldedInstanceConfig'], to_s)
+ @status = @fetched['status']
+ @status_message = @fetched['statusMessage']
+ @tags = GoogleInSpec::Compute::Property::InstanceTags.new(@fetched['tags'], to_s)
+ @zone = @fetched['zone']
+ end
- def disk_count
- disks.count
- end
+ def exists?
+ !@fetched.nil?
+ end
- def tag_count
- tags.count
- end
+ def to_s
+ "Instance #{@params[:name]}"
+ end
- def network_interfaces_count
- network_interfaces.count
- end
+ def disk_count
+ @disks&.count || 0
+ end
- # TBD: Below few methods are present to make the tests simpler e.g. avoid looping over arrays etc.
- # but passing index arguments from the inspec test would be better
+ def tag_count
+ @tags&.items&.count || 0
+ end
- def first_network_interface_nat_ip_exists
- !network_interfaces[0].access_configs[0].nat_ip.nil?
- end
+ def network_interfaces_count
+ @network_interfaces&.count || 0
+ end
- def first_network_interface_name
- network_interfaces[0].access_configs[0].name
- end
+ # TBD: Below few methods are present to make the tests simpler e.g. avoid looping over arrays etc.
+ # but passing index arguments from the inspec test would be better
- def first_network_interface_type
- network_interfaces[0].access_configs[0].type.downcase
- end
+ def first_network_interface_nat_ip_exists
+ !@network_interfaces[0].access_configs[0].nat_ip.nil?
+ end
- def first_disks_source_name
- disks_source_name(0)
- end
+ def first_network_interface_name
+ @network_interfaces[0].access_configs[0].name
+ end
- def first_disks_first_license
- disks_license(0, 0)
- end
+ def first_network_interface_type
+ @network_interfaces[0].access_configs[0].type.downcase
+ end
- def second_disks_device_name
- return '' if disks[1].nil? || !defined?(disks[1].device_name) || disks[1].device_name.nil?
- disks[1].device_name
- end
+ def first_disks_source_name
+ disks_source_name(0)
+ end
- def second_disks_kind
- return '' if disks[1].nil? || !defined?(disks[1].kind) || disks[1].kind.nil?
- disks[1].kind
- end
+ def first_disks_first_license
+ disks_license(0, 0)
+ end
- def second_disks_source_name
- disks_source_name(1)
- end
+ def second_disks_device_name
+ return '' if @disks[1].nil? || !defined?(@disks[1].device_name) || @disks[1].device_name.nil?
+ disks[1].device_name
+ end
- def second_disks_first_license
- disks_license(1, 0)
- end
+ def second_disks_source_name
+ disks_source_name(1)
+ end
- # helper method for retrieving a disk source basename
- def disks_source_name(index = 0)
- return '' if disks[index].nil? || !defined?(disks[index].source) || disks[index].source.nil?
- disks[index].source.split('/').last
- end
+ def second_disks_first_license
+ disks_license(1, 0)
+ end
- # helper method for retrieving a disk license string
- def disks_license(disk_index = 0, license_index = 0)
- return '' if disks[disk_index].nil? || !defined?(disks[disk_index].licenses[license_index]) || disks[disk_index].licenses[license_index].nil?
- disks[disk_index].licenses[license_index].downcase
- end
+ # helper method for retrieving a disk source basename
+ def disks_source_name(index = 0)
+ return '' if @disks[index].nil? || !defined?(@disks[index].source) || @disks[index].source.nil?
+ @disks[index].source.split('/').last
+ end
- def machine_size
- return '' if !defined?(machine_type) || machine_type.nil?
- machine_type.split('/').last
- end
+ # helper method for retrieving a disk license string
+ def disks_license(disk_index = 0, license_index = 0)
+ return '' if @disks[disk_index].nil? || !defined?(@disks[disk_index].licenses[license_index]) || @disks[disk_index].licenses[license_index].nil?
+ @disks[disk_index].licenses[license_index].downcase
+ end
- # helper for returning label keys to perform checks
- def labels_keys
- return [] if !defined?(labels) || labels.nil?
- labels.item.keys
- end
+ def machine_size
+ return '' if !defined?(@machine_type) || @machine_type.nil?
+ @machine_type.split('/').last
+ end
- # helper for returning label values to perform checks
- def labels_values
- return [] if !defined?(labels) || labels.nil?
- labels.item.values
- end
+ # helper for returning label keys to perform checks
+ def labels_keys
+ return [] if !defined?(@labels) || @labels.nil?
+ @labels.keys
+ end
- def label_value_by_key(label_key)
- return [] if !defined?(labels) || labels.nil?
- labels.item[label_key]
- end
+ # helper for returning label values to perform checks
+ def labels_values
+ return [] if !defined?(@labels) || @labels.nil?
+ @labels.values
+ end
- def metadata_keys
- return [] if !defined?(metadata) || metadata.nil?
- metadata.item[:items].map { |m| m[:key] }
- end
+ def label_value_by_key(label_key)
+ return [] if !defined?(@labels) || @labels.nil?
+ @labels[label_key]
+ end
- def metadata_values
- return [] if !defined?(metadata) || metadata.nil?
- metadata.item[:items].map { |m| m[:value] }
- end
+ def metadata_keys
+ return [] if !defined?(@metadata) || @metadata.nil?
+ @metadata.item[:items].map { |m| m[:key] }
+ end
+
+ def metadata_values
+ return [] if !defined?(@metadata) || @metadata.nil?
+ @metadata.item[:items].map { |m| m[:value] }
+ end
- def metadata_value_by_key(metadata_key)
- return [] if !defined?(metadata) || metadata.nil?
- metadata.item[:items].each do |item|
- if item[:key] == metadata_key
- return item[:value]
- end
+ def metadata_value_by_key(metadata_key)
+ return [] if !defined?(@metadata) || @metadata.nil?
+ @metadata.item[:items].each do |item|
+ if item[:key] == metadata_key
+ return item[:value]
end
- []
end
+ []
+ end
- def service_account_scopes
- # note instances can have only one service account defined
- return [] if @instance.service_accounts.nil? || @instance.service_accounts[0].nil? || !defined?(@instance.service_accounts[0].scopes) || @instance.service_accounts[0].scopes.nil?
- @instance.service_accounts[0].scopes
- end
+ def service_account_scopes
+ # note instances can have only one service account defined
+ return [] if @service_accounts[0].nil? || !defined?(@service_accounts[0].scopes) || @service_accounts[0].scopes.nil?
+ @service_accounts[0].scopes
+ end
- def block_project_ssh_keys
- return false if !defined?(@instance.metadata.items) || @instance.metadata.items.nil?
- @instance.metadata.items.each do |element|
- return true if element.key=='block-project-ssh-keys' and element.value.casecmp('true').zero?
- return true if element.key=='block-project-ssh-keys' and element.value=='1'
- end
- false
+ def block_project_ssh_keys
+ return false if !defined?(@metadata.items) || @metadata.items.nil?
+ @metadata.items.each do |element|
+ return true if element.key=='block-project-ssh-keys' and element.value.casecmp('true').zero?
+ return true if element.key=='block-project-ssh-keys' and element.value=='1'
end
+ false
+ end
- def has_serial_port_disabled?
- return false if !defined?(@instance.metadata.items) || @instance.metadata.items.nil?
- @instance.metadata.items.each do |element|
- return true if element.key=='serial-port-enable' and element.value.casecmp('false').zero?
- return true if element.key=='serial-port-enable' and element.value=='0'
- end
- false
+ def has_serial_port_disabled?
+ return false if !defined?(@metadata.items) || @metadata.items.nil?
+ @metadata.items.each do |element|
+ return true if element.key=='serial-port-enable' and element.value.casecmp('false').zero?
+ return true if element.key=='serial-port-enable' and element.value=='0'
end
+ false
+ end
- def has_disks_encrypted_with_csek?
- return false if !defined?(@instance.disks) || @instance.disks.nil?
- @instance.disks.each do |disk|
- return false if !defined?(disk.disk_encryption_key)
- return false if disk.disk_encryption_key.nil?
- return false if !defined?(disk.disk_encryption_key.sha256)
- return false if disk.disk_encryption_key.sha256.nil?
- end
- true
+ def has_disks_encrypted_with_csek?
+ return false if !defined?(@disks) || @disks.nil?
+ @disks.each do |disk|
+ return false if !defined?(disk.disk_encryption_key)
+ return false if disk.disk_encryption_key.nil?
+ return false if !defined?(disk.disk_encryption_key.sha256)
+ return false if disk.disk_encryption_key.sha256.nil?
end
+ true
+ end
- def exists?
- !@instance.nil?
- end
+ private
- def to_s
- "Instance #{@display_name}"
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/zones/{{zone}}/instances/{{name}}'
+ end
end
diff --git a/libraries/google_compute_instance_group.rb b/libraries/google_compute_instance_group.rb
index 49eb2d757..1559996dc 100644
--- a/libraries/google_compute_instance_group.rb
+++ b/libraries/google_compute_instance_group.rb
@@ -1,56 +1,100 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/instancegroup_named_ports'
-module Inspec::Resources
- class GoogleComputeInstanceGroup < GcpResourceBase
- name 'google_compute_instance_group'
- desc 'Verifies settings for a compute instance group'
-
- example "
- describe google_compute_instance_group(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'gcp-inspec-test') do
- it { should exist }
- its('name') { should eq 'inspec-test' }
- its('status') { should eq 'in_use' }
- ...
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @instance_group = @gcp.gcp_compute_client.get_instance_group(opts[:project], opts[:zone], opts[:name])
- create_resource_methods(@instance_group)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeInstanceGroup < GcpResourceBase
+ name 'google_compute_instance_group'
+ desc 'InstanceGroup'
+ supports platform: 'gcp'
- def port_name
- find_named_ports(:name)
- end
- RSpec::Matchers.alias_matcher :has_port_name, :be_allow_port_name
+ attr_reader :params
+ attr_reader :creation_timestamp
+ attr_reader :description
+ attr_reader :id
+ attr_reader :name
+ attr_reader :named_ports
+ attr_reader :network
+ attr_reader :region
+ attr_reader :subnetwork
+ attr_reader :zone
- def port_value
- find_named_ports(:port)
- end
- RSpec::Matchers.alias_matcher :has_port_value, :be_allow_port_value
-
- def find_named_ports(key = :name)
- # check all name/port values for a match
- return false if !defined?(named_ports) || named_ports.nil?
- named_ports.each do |named_port|
- next if !defined?(named_port.item[key]) || named_port.item[key].nil?
- return named_port.item[key]
- end
- false
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @description = @fetched['description']
+ @id = @fetched['id']
+ @name = @fetched['name']
+ @named_ports = GoogleInSpec::Compute::Property::InstanceGroupNamedPortsArray.parse(@fetched['namedPorts'], to_s)
+ @network = @fetched['network']
+ @region = @fetched['region']
+ @subnetwork = @fetched['subnetwork']
+ @zone = @fetched['zone']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
- def exists?
- !@instance_group.nil?
+ def to_s
+ "InstanceGroup #{@params[:name]}"
+ end
+
+ def port_name
+ find_named_ports(:name)
+ end
+ RSpec::Matchers.alias_matcher :has_port_name, :be_allow_port_name
+
+ def port_value
+ find_named_ports(:port)
+ end
+ RSpec::Matchers.alias_matcher :has_port_value, :be_allow_port_value
+
+ def find_named_ports(key = :name)
+ # check all name/port values for a match
+ @named_ports.each do |named_port|
+ next if !defined?(named_port.item[key]) || named_port.item[key].nil?
+ return named_port.item[key]
end
+ false
+ end
+
+ private
- def to_s
- "Instance Group #{@display_name}"
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/zones/{{zone}}/instanceGroups/{{name}}'
+ end
end
diff --git a/libraries/google_compute_instance_group_manager.rb b/libraries/google_compute_instance_group_manager.rb
index 5734ad18b..5624341ad 100644
--- a/libraries/google_compute_instance_group_manager.rb
+++ b/libraries/google_compute_instance_group_manager.rb
@@ -41,7 +41,7 @@ class ComputeInstanceGroupManager < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -76,8 +76,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_instance_group_managers.rb b/libraries/google_compute_instance_group_managers.rb
index 38fc8d08f..9f629754e 100644
--- a/libraries/google_compute_instance_group_managers.rb
+++ b/libraries/google_compute_instance_group_managers.rb
@@ -98,8 +98,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_instance_groups.rb b/libraries/google_compute_instance_groups.rb
index bd97e07fa..49a5583a3 100644
--- a/libraries/google_compute_instance_groups.rb
+++ b/libraries/google_compute_instance_groups.rb
@@ -1,43 +1,104 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ComputeInstanceGroups < GcpResourceBase
+ name 'google_compute_instance_groups'
+ desc 'InstanceGroup plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeInstanceGroups < GcpResourceBase
- name 'google_compute_instance_groups'
- desc 'Verifies settings for GCP compute instance_groups in bulk'
+ attr_reader :table
- example "
- describe google_compute_instance_groups(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do
- it { should exist }
- ...
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @zone = opts[:zone]
- end
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:instance_group_ids, field: :instance_group_id)
+ filter_table_config.add(:instance_group_names, field: :instance_group_name)
+ filter_table_config.add(:named_ports, field: :named_ports)
+ filter_table_config.add(:networks, field: :network)
+ filter_table_config.add(:regions, field: :region)
+ filter_table_config.add(:subnetworks, field: :subnetwork)
+ filter_table_config.add(:zones, field: :zone)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:instance_group_ids, field: :instance_group_id)
- filter_table_config.add(:instance_group_names, field: :instance_group_name)
- filter_table_config.connect(self, :fetch_data)
+ filter_table_config.connect(self, :table)
- def fetch_data
- instance_group_rows = []
- catch_gcp_errors do
- @instance_groups = @gcp.gcp_compute_client.list_instance_groups(@project, @zone)
- end
- return [] if !@instance_groups || !@instance_groups.items
- @instance_groups.items.map do |instance_group|
- instance_group_rows+=[{ instance_group_id: instance_group.id,
- instance_group_name: instance_group.name }]
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
end
- @table = instance_group_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'id' => ->(obj) { return :instance_group_id, obj['id'] },
+ 'name' => ->(obj) { return :instance_group_name, obj['name'] },
+ 'namedPorts' => ->(obj) { return :named_ports, GoogleInSpec::Compute::Property::InstanceGroupNamedPortsArray.parse(obj['namedPorts'], to_s) },
+ 'network' => ->(obj) { return :network, obj['network'] },
+ 'region' => ->(obj) { return :region, obj['region'] },
+ 'subnetwork' => ->(obj) { return :subnetwork, obj['subnetwork'] },
+ 'zone' => ->(obj) { return :zone, obj['zone'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/zones/{{zone}}/instanceGroups'
end
end
diff --git a/libraries/google_compute_instance_template.rb b/libraries/google_compute_instance_template.rb
index 5a43e583a..a4524ab20 100644
--- a/libraries/google_compute_instance_template.rb
+++ b/libraries/google_compute_instance_template.rb
@@ -38,7 +38,7 @@ class ComputeInstanceTemplate < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -65,8 +65,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_instance_templates.rb b/libraries/google_compute_instance_templates.rb
index ff7f3e915..b7f54f037 100644
--- a/libraries/google_compute_instance_templates.rb
+++ b/libraries/google_compute_instance_templates.rb
@@ -82,8 +82,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_instances.rb b/libraries/google_compute_instances.rb
index 4113e766b..f09959734 100644
--- a/libraries/google_compute_instances.rb
+++ b/libraries/google_compute_instances.rb
@@ -1,49 +1,125 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ComputeInstances < GcpResourceBase
+ name 'google_compute_instances'
+ desc 'Instance plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeInstances < GcpResourceBase
- name 'google_compute_instances'
- desc 'Verifies settings for GCP compute instances in bulk'
+ attr_reader :table
- example "
- describe google_compute_instances(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do
- it { should exist }
- ...
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- @zone = opts[:zone]
- @project = opts[:project]
- end
+ filter_table_config = FilterTable.create
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:instance_ids, field: :instance_id)
- filter_table_config.add(:instance_names, field: :instance_name)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- instance_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @instances = @gcp.gcp_compute_client.list_instances(@project, @zone, page_token: next_page)
- end
- return [] if !@instances || !@instances.items
- @instances.items.map do |instance|
- instance_rows+=[{ instance_id: instance.id,
- instance_name: instance.name }]
+ filter_table_config.add(:can_ip_forwards, field: :can_ip_forward)
+ filter_table_config.add(:cpu_platforms, field: :cpu_platform)
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:deletion_protections, field: :deletion_protection)
+ filter_table_config.add(:disks, field: :disks)
+ filter_table_config.add(:guest_accelerators, field: :guest_accelerators)
+ filter_table_config.add(:hostnames, field: :hostname)
+ filter_table_config.add(:instance_ids, field: :instance_id)
+ filter_table_config.add(:label_fingerprints, field: :label_fingerprint)
+ filter_table_config.add(:labels, field: :labels)
+ filter_table_config.add(:metadata, field: :metadata)
+ filter_table_config.add(:machine_types, field: :machine_type)
+ filter_table_config.add(:min_cpu_platforms, field: :min_cpu_platform)
+ filter_table_config.add(:instance_names, field: :instance_name)
+ filter_table_config.add(:network_interfaces, field: :network_interfaces)
+ filter_table_config.add(:schedulings, field: :scheduling)
+ filter_table_config.add(:service_accounts, field: :service_accounts)
+ filter_table_config.add(:shielded_instance_configs, field: :shielded_instance_config)
+ filter_table_config.add(:statuses, field: :status)
+ filter_table_config.add(:status_messages, field: :status_message)
+ filter_table_config.add(:tags, field: :tags)
+ filter_table_config.add(:zones, field: :zone)
+
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @instances.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = instance_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'canIpForward' => ->(obj) { return :can_ip_forward, obj['canIpForward'] },
+ 'cpuPlatform' => ->(obj) { return :cpu_platform, obj['cpuPlatform'] },
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, obj['creationTimestamp'] },
+ 'deletionProtection' => ->(obj) { return :deletion_protection, obj['deletionProtection'] },
+ 'disks' => ->(obj) { return :disks, GoogleInSpec::Compute::Property::InstanceDisksArray.parse(obj['disks'], to_s) },
+ 'guestAccelerators' => ->(obj) { return :guest_accelerators, GoogleInSpec::Compute::Property::InstanceGuestAcceleratorsArray.parse(obj['guestAccelerators'], to_s) },
+ 'hostname' => ->(obj) { return :hostname, obj['hostname'] },
+ 'id' => ->(obj) { return :instance_id, obj['id'] },
+ 'labelFingerprint' => ->(obj) { return :label_fingerprint, obj['labelFingerprint'] },
+ 'labels' => ->(obj) { return :labels, obj['labels'] },
+ 'metadata' => ->(obj) { return :metadata, obj['metadata'] },
+ 'machineType' => ->(obj) { return :machine_type, obj['machineType'] },
+ 'minCpuPlatform' => ->(obj) { return :min_cpu_platform, obj['minCpuPlatform'] },
+ 'name' => ->(obj) { return :instance_name, obj['name'] },
+ 'networkInterfaces' => ->(obj) { return :network_interfaces, GoogleInSpec::Compute::Property::InstanceNetworkInterfacesArray.parse(obj['networkInterfaces'], to_s) },
+ 'scheduling' => ->(obj) { return :scheduling, GoogleInSpec::Compute::Property::InstanceScheduling.new(obj['scheduling'], to_s) },
+ 'serviceAccounts' => ->(obj) { return :service_accounts, GoogleInSpec::Compute::Property::InstanceServiceAccountsArray.parse(obj['serviceAccounts'], to_s) },
+ 'shieldedInstanceConfig' => ->(obj) { return :shielded_instance_config, GoogleInSpec::Compute::Property::InstanceShieldedInstanceConfig.new(obj['shieldedInstanceConfig'], to_s) },
+ 'status' => ->(obj) { return :status, obj['status'] },
+ 'statusMessage' => ->(obj) { return :status_message, obj['statusMessage'] },
+ 'tags' => ->(obj) { return :tags, GoogleInSpec::Compute::Property::InstanceTags.new(obj['tags'], to_s) },
+ 'zone' => ->(obj) { return :zone, obj['zone'] },
+ }
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/zones/{{zone}}/instances'
end
end
diff --git a/libraries/google_compute_network.rb b/libraries/google_compute_network.rb
index 112f6a3a2..5f10b9229 100644
--- a/libraries/google_compute_network.rb
+++ b/libraries/google_compute_network.rb
@@ -1,48 +1,92 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/network_routing_config'
-module Inspec::Resources
- class GoogleComputeNetwork < GcpResourceBase
- name 'google_compute_network'
- desc 'Verifies settings for a compute network'
-
- example "
- describe google_compute_network(project: 'chef-inspec-gcp', name: 'gcp-inspec-network') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @network = @gcp.gcp_compute_client.get_network(opts[:project], opts[:name])
- create_resource_methods(@network)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeNetwork < GcpResourceBase
+ name 'google_compute_network'
+ desc 'Network'
+ supports platform: 'gcp'
- def exists?
- !@network.nil?
- end
+ attr_reader :params
+ attr_reader :description
+ attr_reader :gateway_ipv4
+ attr_reader :id
+ attr_reader :name
+ attr_reader :subnetworks
+ attr_reader :auto_create_subnetworks
+ attr_reader :creation_timestamp
+ attr_reader :routing_config
- def legacy?
- return false if @network.auto_create_subnetworks
- return false if !defined?(@network.gateway_i_pv4)
- return false if !defined?(@network.i_pv4_range)
- return false if @network.i_pv4_range.nil?
- return false if @network.gateway_i_pv4.nil?
- true
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- def creation_timestamp_date
- return false if !defined?(creation_timestamp) || creation_timestamp.nil?
- Time.parse(creation_timestamp.to_s)
- end
+ def parse
+ @description = @fetched['description']
+ @gateway_ipv4 = @fetched['gatewayIPv4']
+ @id = @fetched['id']
+ @name = @fetched['name']
+ @subnetworks = @fetched['subnetworks']
+ @auto_create_subnetworks = @fetched['autoCreateSubnetworks']
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @routing_config = GoogleInSpec::Compute::Property::NetworkRoutingConfig.new(@fetched['routingConfig'], to_s)
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
- def to_s
- "Network #{@display_name}"
+ def to_s
+ "Network #{@params[:name]}"
+ end
+
+ def legacy?
+ return false if @auto_create_subnetworks
+ return false if !defined?(@gateway_ipv4)
+ return false if !defined?(@network.ipv4_range)
+ return false if @ipv4_range.nil?
+ return false if @gateway_i_pv4.nil?
+ true
+ end
+
+ def creation_timestamp_date
+ @creation_timestamp
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/global/networks/{{name}}'
+ end
end
diff --git a/libraries/google_compute_network_endpoint_group.rb b/libraries/google_compute_network_endpoint_group.rb
index b57859c16..d2bb29e13 100644
--- a/libraries/google_compute_network_endpoint_group.rb
+++ b/libraries/google_compute_network_endpoint_group.rb
@@ -35,7 +35,7 @@ class ComputeNetworkEndpointGroup < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -51,11 +51,6 @@ def parse
@zone = @fetched['zone']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -66,8 +61,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_network_endpoint_groups.rb b/libraries/google_compute_network_endpoint_groups.rb
index 52afb78b9..6b253f46b 100644
--- a/libraries/google_compute_network_endpoint_groups.rb
+++ b/libraries/google_compute_network_endpoint_groups.rb
@@ -83,15 +83,14 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_networks.rb b/libraries/google_compute_networks.rb
index 3b074f42f..6deddb727 100644
--- a/libraries/google_compute_networks.rb
+++ b/libraries/google_compute_networks.rb
@@ -1,46 +1,102 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ComputeNetworks < GcpResourceBase
+ name 'google_compute_networks'
+ desc 'Network plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeNetworks < GcpResourceBase
- name 'google_compute_networks'
- desc 'Verifies settings for GCP compute networks in bulk'
+ attr_reader :table
- example "
- describe google_compute_networks(project: 'chef-inspec-gcp') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- end
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:gateway_ipv4s, field: :gateway_ipv4)
+ filter_table_config.add(:network_ids, field: :network_id)
+ filter_table_config.add(:network_names, field: :network_name)
+ filter_table_config.add(:subnetworks, field: :subnetworks)
+ filter_table_config.add(:auto_create_subnetworks, field: :auto_create_subnetworks)
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:routing_configs, field: :routing_config)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:network_ids, field: :network_id)
- filter_table_config.add(:network_names, field: :network_name)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- network_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @networks = @gcp.gcp_compute_client.list_networks(@project, page_token: next_page)
- end
- return [] if !@networks || !@networks.items
- @networks.items.map do |network|
- network_rows+=[{ network_id: network.id,
- network_name: network.name }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @networks.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = network_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'gatewayIPv4' => ->(obj) { return :gateway_ipv4, obj['gatewayIPv4'] },
+ 'id' => ->(obj) { return :network_id, obj['id'] },
+ 'name' => ->(obj) { return :network_name, obj['name'] },
+ 'subnetworks' => ->(obj) { return :subnetworks, obj['subnetworks'] },
+ 'autoCreateSubnetworks' => ->(obj) { return :auto_create_subnetworks, obj['autoCreateSubnetworks'] },
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'routingConfig' => ->(obj) { return :routing_config, GoogleInSpec::Compute::Property::NetworkRoutingConfig.new(obj['routingConfig'], to_s) },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/global/networks'
end
end
diff --git a/libraries/google_compute_node_group.rb b/libraries/google_compute_node_group.rb
index 2249ae76f..c04f5d5d0 100644
--- a/libraries/google_compute_node_group.rb
+++ b/libraries/google_compute_node_group.rb
@@ -14,6 +14,7 @@
#
# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/nodegroup_autoscaling_policy'
# A provider to manage Compute Engine resources.
class ComputeNodeGroup < GcpResourceBase
@@ -27,12 +28,13 @@ class ComputeNodeGroup < GcpResourceBase
attr_reader :name
attr_reader :node_template
attr_reader :size
+ attr_reader :autoscaling_policy
attr_reader :zone
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -42,6 +44,7 @@ def parse
@name = @fetched['name']
@node_template = @fetched['nodeTemplate']
@size = @fetched['size']
+ @autoscaling_policy = GoogleInSpec::Compute::Property::NodeGroupAutoscalingPolicy.new(@fetched['autoscalingPolicy'], to_s)
@zone = @fetched['zone']
end
@@ -60,8 +63,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_node_groups.rb b/libraries/google_compute_node_groups.rb
index 46bdd4be2..4ac298e78 100644
--- a/libraries/google_compute_node_groups.rb
+++ b/libraries/google_compute_node_groups.rb
@@ -28,6 +28,7 @@ class ComputeNodeGroups < GcpResourceBase
filter_table_config.add(:names, field: :name)
filter_table_config.add(:node_templates, field: :node_template)
filter_table_config.add(:sizes, field: :size)
+ filter_table_config.add(:autoscaling_policies, field: :autoscaling_policy)
filter_table_config.add(:zones, field: :zone)
filter_table_config.connect(self, :table)
@@ -73,6 +74,7 @@ def transformers
'name' => ->(obj) { return :name, obj['name'] },
'nodeTemplate' => ->(obj) { return :node_template, obj['nodeTemplate'] },
'size' => ->(obj) { return :size, obj['size'] },
+ 'autoscalingPolicy' => ->(obj) { return :autoscaling_policy, GoogleInSpec::Compute::Property::NodeGroupAutoscalingPolicy.new(obj['autoscalingPolicy'], to_s) },
'zone' => ->(obj) { return :zone, obj['zone'] },
}
end
@@ -84,8 +86,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_node_template.rb b/libraries/google_compute_node_template.rb
index 10c341bab..a4db32fd3 100644
--- a/libraries/google_compute_node_template.rb
+++ b/libraries/google_compute_node_template.rb
@@ -15,6 +15,7 @@
# ----------------------------------------------------------------------------
require 'gcp_backend'
require 'google/compute/property/nodetemplate_node_type_flexibility'
+require 'google/compute/property/nodetemplate_server_binding'
# A provider to manage Compute Engine resources.
class ComputeNodeTemplate < GcpResourceBase
@@ -29,12 +30,13 @@ class ComputeNodeTemplate < GcpResourceBase
attr_reader :node_affinity_labels
attr_reader :node_type
attr_reader :node_type_flexibility
+ attr_reader :server_binding
attr_reader :region
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -45,6 +47,7 @@ def parse
@node_affinity_labels = @fetched['nodeAffinityLabels']
@node_type = @fetched['nodeType']
@node_type_flexibility = GoogleInSpec::Compute::Property::NodeTemplateNodeTypeFlexibility.new(@fetched['nodeTypeFlexibility'], to_s)
+ @server_binding = GoogleInSpec::Compute::Property::NodeTemplateServerBinding.new(@fetched['serverBinding'], to_s)
@region = @fetched['region']
end
@@ -63,8 +66,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_node_templates.rb b/libraries/google_compute_node_templates.rb
index daa4a6e28..867dbaaa2 100644
--- a/libraries/google_compute_node_templates.rb
+++ b/libraries/google_compute_node_templates.rb
@@ -29,6 +29,7 @@ class ComputeNodeTemplates < GcpResourceBase
filter_table_config.add(:node_affinity_labels, field: :node_affinity_labels)
filter_table_config.add(:node_types, field: :node_type)
filter_table_config.add(:node_type_flexibilities, field: :node_type_flexibility)
+ filter_table_config.add(:server_bindings, field: :server_binding)
filter_table_config.add(:regions, field: :region)
filter_table_config.connect(self, :table)
@@ -75,6 +76,7 @@ def transformers
'nodeAffinityLabels' => ->(obj) { return :node_affinity_labels, obj['nodeAffinityLabels'] },
'nodeType' => ->(obj) { return :node_type, obj['nodeType'] },
'nodeTypeFlexibility' => ->(obj) { return :node_type_flexibility, GoogleInSpec::Compute::Property::NodeTemplateNodeTypeFlexibility.new(obj['nodeTypeFlexibility'], to_s) },
+ 'serverBinding' => ->(obj) { return :server_binding, GoogleInSpec::Compute::Property::NodeTemplateServerBinding.new(obj['serverBinding'], to_s) },
'region' => ->(obj) { return :region, obj['region'] },
}
end
@@ -86,8 +88,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_project_info.rb b/libraries/google_compute_project_info.rb
index 98fb6e1bd..b1206d5e3 100644
--- a/libraries/google_compute_project_info.rb
+++ b/libraries/google_compute_project_info.rb
@@ -1,47 +1,88 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/projectinfo_common_instance_metadata'
+require 'google/compute/property/projectinfo_common_instance_metadata_items'
+require 'google/compute/property/projectinfo_quotas'
-module Inspec::Resources
- class GoogleComputeProjectInfo < GcpResourceBase
- name 'google_compute_project_info'
- desc 'Verifies settings for GCP Compute Project Info'
-
- example "
- describe google_compute_project_info(project: 'chef-inspec-gcp') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:project]
- catch_gcp_errors do
- @project_info = @gcp.gcp_compute_client.get_project(opts[:project])
- create_resource_methods(@project_info)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeProjectInfo < GcpResourceBase
+ name 'google_compute_project_info'
+ desc 'ProjectInfo'
+ supports platform: 'gcp'
- def has_enabled_oslogin?
- return false if !defined?(@project_info.common_instance_metadata.items) || @project_info.common_instance_metadata.items.nil?
- @project_info.common_instance_metadata.items.each do |element|
- return true if element.key=='enable-oslogin' and element.value.casecmp('true').zero?
- end
- false
- end
+ attr_reader :params
+ attr_reader :name
+ attr_reader :common_instance_metadata
+ attr_reader :enabled_features
+ attr_reader :default_service_account
+ attr_reader :xpn_project_status
+ attr_reader :default_network_tier
+ attr_reader :quotas
+ attr_reader :creation_timestamp
- def creation_timestamp_date
- return false if !defined?(creation_timestamp) || creation_timestamp.nil?
- Time.parse(creation_timestamp.to_s)
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @name = @fetched['name']
+ @common_instance_metadata = GoogleInSpec::Compute::Property::ProjectInfoCommonInstanceMetadata.new(@fetched['commonInstanceMetadata'], to_s)
+ @enabled_features = @fetched['enabledFeatures']
+ @default_service_account = @fetched['defaultServiceAccount']
+ @xpn_project_status = @fetched['xpnProjectStatus']
+ @default_network_tier = @fetched['defaultNetworkTier']
+ @quotas = GoogleInSpec::Compute::Property::ProjectInfoQuotasArray.parse(@fetched['quotas'], to_s)
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
- def exists?
- !@project_info.nil?
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "ProjectInfo #{@params[:project]}"
+ end
+
+ def has_enabled_oslogin?
+ @common_instance_metadata&.items&.each do |element|
+ return true if element.key=='enable-oslogin' and element.value.casecmp('true').zero?
end
+ false
+ end
+
+ private
- def to_s
- "Compute Project Info #{@display_name}"
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}'
+ end
end
diff --git a/libraries/google_compute_region.rb b/libraries/google_compute_region.rb
index 2ad9fde38..5828ea44c 100644
--- a/libraries/google_compute_region.rb
+++ b/libraries/google_compute_region.rb
@@ -36,7 +36,7 @@ class ComputeRegion < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -78,8 +78,12 @@ def up?
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_region_backend_service.rb b/libraries/google_compute_region_backend_service.rb
index d1c355f35..5bcdd1b68 100644
--- a/libraries/google_compute_region_backend_service.rb
+++ b/libraries/google_compute_region_backend_service.rb
@@ -15,7 +15,17 @@
# ----------------------------------------------------------------------------
require 'gcp_backend'
require 'google/compute/property/regionbackendservice_backends'
+require 'google/compute/property/regionbackendservice_circuit_breakers'
+require 'google/compute/property/regionbackendservice_circuit_breakers_connect_timeout'
require 'google/compute/property/regionbackendservice_connection_draining'
+require 'google/compute/property/regionbackendservice_consistent_hash'
+require 'google/compute/property/regionbackendservice_consistent_hash_http_cookie'
+require 'google/compute/property/regionbackendservice_consistent_hash_http_cookie_ttl'
+require 'google/compute/property/regionbackendservice_failover_policy'
+require 'google/compute/property/regionbackendservice_log_config'
+require 'google/compute/property/regionbackendservice_outlier_detection'
+require 'google/compute/property/regionbackendservice_outlier_detection_base_ejection_time'
+require 'google/compute/property/regionbackendservice_outlier_detection_interval'
# A provider to manage Compute Engine resources.
class ComputeRegionBackendService < GcpResourceBase
@@ -24,40 +34,56 @@ class ComputeRegionBackendService < GcpResourceBase
supports platform: 'gcp'
attr_reader :params
+ attr_reader :affinity_cookie_ttl_sec
attr_reader :backends
+ attr_reader :circuit_breakers
+ attr_reader :consistent_hash
attr_reader :connection_draining
attr_reader :creation_timestamp
attr_reader :description
+ attr_reader :failover_policy
attr_reader :fingerprint
attr_reader :health_checks
attr_reader :id
attr_reader :load_balancing_scheme
+ attr_reader :locality_lb_policy
attr_reader :name
+ attr_reader :outlier_detection
attr_reader :protocol
attr_reader :session_affinity
attr_reader :timeout_sec
+ attr_reader :log_config
+ attr_reader :network
attr_reader :region
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
def parse
+ @affinity_cookie_ttl_sec = @fetched['affinityCookieTtlSec']
@backends = GoogleInSpec::Compute::Property::RegionBackendServiceBackendsArray.parse(@fetched['backends'], to_s)
+ @circuit_breakers = GoogleInSpec::Compute::Property::RegionBackendServiceCircuitBreakers.new(@fetched['circuitBreakers'], to_s)
+ @consistent_hash = GoogleInSpec::Compute::Property::RegionBackendServiceConsistentHash.new(@fetched['consistentHash'], to_s)
@connection_draining = GoogleInSpec::Compute::Property::RegionBackendServiceConnectionDraining.new(@fetched['connectionDraining'], to_s)
@creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
@description = @fetched['description']
+ @failover_policy = GoogleInSpec::Compute::Property::RegionBackendServiceFailoverPolicy.new(@fetched['failoverPolicy'], to_s)
@fingerprint = @fetched['fingerprint']
@health_checks = @fetched['healthChecks']
@id = @fetched['id']
@load_balancing_scheme = @fetched['loadBalancingScheme']
+ @locality_lb_policy = @fetched['localityLbPolicy']
@name = @fetched['name']
+ @outlier_detection = GoogleInSpec::Compute::Property::RegionBackendServiceOutlierDetection.new(@fetched['outlierDetection'], to_s)
@protocol = @fetched['protocol']
@session_affinity = @fetched['sessionAffinity']
@timeout_sec = @fetched['timeoutSec']
+ @log_config = GoogleInSpec::Compute::Property::RegionBackendServiceLogConfig.new(@fetched['logConfig'], to_s)
+ @network = @fetched['network']
@region = @fetched['region']
end
@@ -76,8 +102,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_region_backend_services.rb b/libraries/google_compute_region_backend_services.rb
index 5d0103c3a..ce67fac95 100644
--- a/libraries/google_compute_region_backend_services.rb
+++ b/libraries/google_compute_region_backend_services.rb
@@ -23,18 +23,26 @@ class ComputeRegionBackendServices < GcpResourceBase
filter_table_config = FilterTable.create
+ filter_table_config.add(:affinity_cookie_ttl_secs, field: :affinity_cookie_ttl_sec)
filter_table_config.add(:backends, field: :backends)
+ filter_table_config.add(:circuit_breakers, field: :circuit_breakers)
+ filter_table_config.add(:consistent_hashes, field: :consistent_hash)
filter_table_config.add(:connection_drainings, field: :connection_draining)
filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:failover_policies, field: :failover_policy)
filter_table_config.add(:fingerprints, field: :fingerprint)
filter_table_config.add(:health_checks, field: :health_checks)
filter_table_config.add(:ids, field: :id)
filter_table_config.add(:load_balancing_schemes, field: :load_balancing_scheme)
+ filter_table_config.add(:locality_lb_policies, field: :locality_lb_policy)
filter_table_config.add(:names, field: :name)
+ filter_table_config.add(:outlier_detections, field: :outlier_detection)
filter_table_config.add(:protocols, field: :protocol)
filter_table_config.add(:session_affinities, field: :session_affinity)
filter_table_config.add(:timeout_secs, field: :timeout_sec)
+ filter_table_config.add(:log_configs, field: :log_config)
+ filter_table_config.add(:networks, field: :network)
filter_table_config.add(:regions, field: :region)
filter_table_config.connect(self, :table)
@@ -75,18 +83,26 @@ def transform(key, value)
def transformers
{
+ 'affinityCookieTtlSec' => ->(obj) { return :affinity_cookie_ttl_sec, obj['affinityCookieTtlSec'] },
'backends' => ->(obj) { return :backends, GoogleInSpec::Compute::Property::RegionBackendServiceBackendsArray.parse(obj['backends'], to_s) },
+ 'circuitBreakers' => ->(obj) { return :circuit_breakers, GoogleInSpec::Compute::Property::RegionBackendServiceCircuitBreakers.new(obj['circuitBreakers'], to_s) },
+ 'consistentHash' => ->(obj) { return :consistent_hash, GoogleInSpec::Compute::Property::RegionBackendServiceConsistentHash.new(obj['consistentHash'], to_s) },
'connectionDraining' => ->(obj) { return :connection_draining, GoogleInSpec::Compute::Property::RegionBackendServiceConnectionDraining.new(obj['connectionDraining'], to_s) },
'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
'description' => ->(obj) { return :description, obj['description'] },
+ 'failoverPolicy' => ->(obj) { return :failover_policy, GoogleInSpec::Compute::Property::RegionBackendServiceFailoverPolicy.new(obj['failoverPolicy'], to_s) },
'fingerprint' => ->(obj) { return :fingerprint, obj['fingerprint'] },
'healthChecks' => ->(obj) { return :health_checks, obj['healthChecks'] },
'id' => ->(obj) { return :id, obj['id'] },
'loadBalancingScheme' => ->(obj) { return :load_balancing_scheme, obj['loadBalancingScheme'] },
+ 'localityLbPolicy' => ->(obj) { return :locality_lb_policy, obj['localityLbPolicy'] },
'name' => ->(obj) { return :name, obj['name'] },
+ 'outlierDetection' => ->(obj) { return :outlier_detection, GoogleInSpec::Compute::Property::RegionBackendServiceOutlierDetection.new(obj['outlierDetection'], to_s) },
'protocol' => ->(obj) { return :protocol, obj['protocol'] },
'sessionAffinity' => ->(obj) { return :session_affinity, obj['sessionAffinity'] },
'timeoutSec' => ->(obj) { return :timeout_sec, obj['timeoutSec'] },
+ 'logConfig' => ->(obj) { return :log_config, GoogleInSpec::Compute::Property::RegionBackendServiceLogConfig.new(obj['logConfig'], to_s) },
+ 'network' => ->(obj) { return :network, obj['network'] },
'region' => ->(obj) { return :region, obj['region'] },
}
end
@@ -98,8 +114,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_region_instance_group_manager.rb b/libraries/google_compute_region_instance_group_manager.rb
index 9ab212861..acda280d7 100644
--- a/libraries/google_compute_region_instance_group_manager.rb
+++ b/libraries/google_compute_region_instance_group_manager.rb
@@ -1,57 +1,111 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/regioninstancegroupmanager_auto_healing_policies'
+require 'google/compute/property/regioninstancegroupmanager_current_actions'
+require 'google/compute/property/regioninstancegroupmanager_named_ports'
-module Inspec::Resources
- class GoogleComputeRegionInstanceGroupManager < GcpResourceBase
- name 'google_compute_region_instance_group_manager'
- desc 'Verifies settings for a compute instance group manager'
-
- example "
- describe google_compute_region_instance_group_manager(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-test') do
- it { should exist }
- its('name') { should eq 'inspec-test' }
- ...
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- @region = opts[:region]
-
- catch_gcp_errors do
- @instance_group_manager = @gcp.gcp_compute_client.get_region_instance_group_manager(opts[:project], @region, @display_name)
- create_resource_methods(@instance_group_manager)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeRegionInstanceGroupManager < GcpResourceBase
+ name 'google_compute_region_instance_group_manager'
+ desc 'RegionInstanceGroupManager'
+ supports platform: 'gcp'
- def port_name
- find_named_ports(:name)
- end
- RSpec::Matchers.alias_matcher :has_port_name, :be_allow_port_name
+ attr_reader :params
+ attr_reader :base_instance_name
+ attr_reader :creation_timestamp
+ attr_reader :current_actions
+ attr_reader :description
+ attr_reader :id
+ attr_reader :instance_group
+ attr_reader :instance_template
+ attr_reader :name
+ attr_reader :named_ports
+ attr_reader :target_pools
+ attr_reader :target_size
+ attr_reader :auto_healing_policies
+ attr_reader :region
- def port_value
- find_named_ports(:port)
- end
- RSpec::Matchers.alias_matcher :has_port_value, :be_allow_port_value
-
- def find_named_ports(key = :name)
- # check all name/port values for a match
- return false if !defined?(named_ports) || named_ports.nil?
- named_ports.each do |named_port|
- next if !defined?(named_port.item[key]) || named_port.item[key].nil?
- return named_port.item[key]
- end
- false
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @base_instance_name = @fetched['baseInstanceName']
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @current_actions = GoogleInSpec::Compute::Property::RegionInstanceGroupManagerCurrentActions.new(@fetched['currentActions'], to_s)
+ @description = @fetched['description']
+ @id = @fetched['id']
+ @instance_group = @fetched['instanceGroup']
+ @instance_template = @fetched['instanceTemplate']
+ @name = @fetched['name']
+ @named_ports = GoogleInSpec::Compute::Property::RegionInstanceGroupManagerNamedPortsArray.parse(@fetched['namedPorts'], to_s)
+ @target_pools = @fetched['targetPools']
+ @target_size = @fetched['targetSize']
+ @auto_healing_policies = GoogleInSpec::Compute::Property::RegionInstanceGroupManagerAutoHealingPoliciesArray.parse(@fetched['autoHealingPolicies'], to_s)
+ @region = @fetched['region']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
- def exists?
- !@instance_group_manager.nil?
+ def to_s
+ "RegionInstanceGroupManager #{@params[:name]}"
+ end
+
+ def port_name
+ find_named_ports(:name)
+ end
+ RSpec::Matchers.alias_matcher :has_port_name, :be_allow_port_name
+
+ def port_value
+ find_named_ports(:port)
+ end
+ RSpec::Matchers.alias_matcher :has_port_value, :be_allow_port_value
+
+ def find_named_ports(key = :name)
+ # check all name/port values for a match
+ return false if !defined?(@named_ports) || @named_ports.nil?
+ @named_ports.each do |named_port|
+ next if !defined?(named_port.item[key]) || named_port.item[key].nil?
+ return named_port.item[key]
end
+ false
+ end
+
+ private
- def to_s
- "Region Instance Group Manager #{@display_name}"
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}}'
+ end
end
diff --git a/libraries/google_compute_region_instance_group_managers.rb b/libraries/google_compute_region_instance_group_managers.rb
index ed2d5687e..13b3ba38b 100644
--- a/libraries/google_compute_region_instance_group_managers.rb
+++ b/libraries/google_compute_region_instance_group_managers.rb
@@ -1,43 +1,112 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ComputeRegionInstanceGroupManagers < GcpResourceBase
+ name 'google_compute_region_instance_group_managers'
+ desc 'RegionInstanceGroupManager plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeRegionInstanceGroupManagers < GcpResourceBase
- name 'google_compute_region_instance_group_managers'
- desc 'Verifies settings for GCP compute region_instance_group_managers in bulk'
+ attr_reader :table
- example "
- describe google_compute_region_instance_group_managers(project: 'chef-inspec-gcp', region: 'europe-west2') do
- it { should exist }
- ...
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @region = opts[:region]
- end
+ filter_table_config.add(:base_instance_names, field: :base_instance_name)
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:current_actions, field: :current_actions)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:instance_group_manager_ids, field: :instance_group_manager_id)
+ filter_table_config.add(:instance_groups, field: :instance_group)
+ filter_table_config.add(:instance_templates, field: :instance_template)
+ filter_table_config.add(:instance_group_manager_names, field: :instance_group_manager_name)
+ filter_table_config.add(:named_ports, field: :named_ports)
+ filter_table_config.add(:target_pools, field: :target_pools)
+ filter_table_config.add(:target_sizes, field: :target_size)
+ filter_table_config.add(:auto_healing_policies, field: :auto_healing_policies)
+ filter_table_config.add(:regions, field: :region)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:instance_group_manager_ids, field: :instance_group_manager_id)
- filter_table_config.add(:instance_group_manager_names, field: :instance_group_manager_name)
- filter_table_config.connect(self, :fetch_data)
+ filter_table_config.connect(self, :table)
- def fetch_data
- instance_group_manager_rows = []
- catch_gcp_errors do
- @instance_group_managers = @gcp.gcp_compute_client.list_region_instance_group_managers(@project, @region)
- end
- return [] if !@instance_group_managers || !@instance_group_managers.items
- @instance_group_managers.items.map do |instance_group|
- instance_group_manager_rows+=[{ instance_group_manager_id: instance_group.id,
- instance_group_manager_name: instance_group.name }]
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
end
- @table = instance_group_manager_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'baseInstanceName' => ->(obj) { return :base_instance_name, obj['baseInstanceName'] },
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'currentActions' => ->(obj) { return :current_actions, GoogleInSpec::Compute::Property::RegionInstanceGroupManagerCurrentActions.new(obj['currentActions'], to_s) },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'id' => ->(obj) { return :instance_group_manager_id, obj['id'] },
+ 'instanceGroup' => ->(obj) { return :instance_group, obj['instanceGroup'] },
+ 'instanceTemplate' => ->(obj) { return :instance_template, obj['instanceTemplate'] },
+ 'name' => ->(obj) { return :instance_group_manager_name, obj['name'] },
+ 'namedPorts' => ->(obj) { return :named_ports, GoogleInSpec::Compute::Property::RegionInstanceGroupManagerNamedPortsArray.parse(obj['namedPorts'], to_s) },
+ 'targetPools' => ->(obj) { return :target_pools, obj['targetPools'] },
+ 'targetSize' => ->(obj) { return :target_size, obj['targetSize'] },
+ 'autoHealingPolicies' => ->(obj) { return :auto_healing_policies, GoogleInSpec::Compute::Property::RegionInstanceGroupManagerAutoHealingPoliciesArray.parse(obj['autoHealingPolicies'], to_s) },
+ 'region' => ->(obj) { return :region, obj['region'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/instanceGroupManagers'
end
end
diff --git a/libraries/google_compute_regions.rb b/libraries/google_compute_regions.rb
index 2346df442..ef3d5b986 100644
--- a/libraries/google_compute_regions.rb
+++ b/libraries/google_compute_regions.rb
@@ -88,8 +88,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_route.rb b/libraries/google_compute_route.rb
index 418a6a64f..4432b64cb 100644
--- a/libraries/google_compute_route.rb
+++ b/libraries/google_compute_route.rb
@@ -33,11 +33,12 @@ class ComputeRoute < GcpResourceBase
attr_reader :next_hop_ip
attr_reader :next_hop_vpn_tunnel
attr_reader :next_hop_network
+ attr_reader :next_hop_ilb
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -53,11 +54,7 @@ def parse
@next_hop_ip = @fetched['nextHopIp']
@next_hop_vpn_tunnel = @fetched['nextHopVpnTunnel']
@next_hop_network = @fetched['nextHopNetwork']
- end
-
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
+ @next_hop_ilb = @fetched['nextHopIlb']
end
def exists?
@@ -70,8 +67,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_router.rb b/libraries/google_compute_router.rb
index 712e8ed72..1736b6de0 100644
--- a/libraries/google_compute_router.rb
+++ b/libraries/google_compute_router.rb
@@ -35,7 +35,7 @@ class ComputeRouter < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -64,8 +64,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_router_nat.rb b/libraries/google_compute_router_nat.rb
index 1396d6cae..1a53fd180 100644
--- a/libraries/google_compute_router_nat.rb
+++ b/libraries/google_compute_router_nat.rb
@@ -27,6 +27,7 @@ class ComputeRouterNat < GcpResourceBase
attr_reader :name
attr_reader :nat_ip_allocate_option
attr_reader :nat_ips
+ attr_reader :drain_nat_ips
attr_reader :source_subnetwork_ip_ranges_to_nat
attr_reader :subnetwork
attr_reader :min_ports_per_vm
@@ -41,7 +42,7 @@ class ComputeRouterNat < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
@fetched = unwrap(fetched, params)
parse unless @fetched.nil?
end
@@ -55,13 +56,14 @@ def collection_item
end
def unwrap(fetched, params)
- fetched[collection_item].find { |result| identity.all? { |id| result[id.to_sym] == params[id] } }
+ fetched[collection_item].find { |result| identity.all? { |id| result[id] == params[id.to_sym] } }
end
def parse
@name = @fetched['name']
@nat_ip_allocate_option = @fetched['natIpAllocateOption']
@nat_ips = @fetched['natIps']
+ @drain_nat_ips = @fetched['drainNatIps']
@source_subnetwork_ip_ranges_to_nat = @fetched['sourceSubnetworkIpRangesToNat']
@subnetwork = GoogleInSpec::Compute::Property::RouterNatSubnetworkArray.parse(@fetched['subnetworks'], to_s)
@min_ports_per_vm = @fetched['minPortsPerVm']
@@ -74,11 +76,6 @@ def parse
@region = @fetched['region']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -89,8 +86,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_router_nats.rb b/libraries/google_compute_router_nats.rb
index c5ad08e36..9be17b109 100644
--- a/libraries/google_compute_router_nats.rb
+++ b/libraries/google_compute_router_nats.rb
@@ -26,6 +26,7 @@ class ComputeRouterNats < GcpResourceBase
filter_table_config.add(:names, field: :name)
filter_table_config.add(:nat_ip_allocate_options, field: :nat_ip_allocate_option)
filter_table_config.add(:nat_ips, field: :nat_ips)
+ filter_table_config.add(:drain_nat_ips, field: :drain_nat_ips)
filter_table_config.add(:source_subnetwork_ip_ranges_to_nats, field: :source_subnetwork_ip_ranges_to_nat)
filter_table_config.add(:subnetworks, field: :subnetwork)
filter_table_config.add(:min_ports_per_vms, field: :min_ports_per_vm)
@@ -78,6 +79,7 @@ def transformers
'name' => ->(obj) { return :name, obj['name'] },
'natIpAllocateOption' => ->(obj) { return :nat_ip_allocate_option, obj['natIpAllocateOption'] },
'natIps' => ->(obj) { return :nat_ips, obj['natIps'] },
+ 'drainNatIps' => ->(obj) { return :drain_nat_ips, obj['drainNatIps'] },
'sourceSubnetworkIpRangesToNat' => ->(obj) { return :source_subnetwork_ip_ranges_to_nat, obj['sourceSubnetworkIpRangesToNat'] },
'subnetworks' => ->(obj) { return :subnetwork, GoogleInSpec::Compute::Property::RouterNatSubnetworkArray.parse(obj['subnetworks'], to_s) },
'minPortsPerVm' => ->(obj) { return :min_ports_per_vm, obj['minPortsPerVm'] },
@@ -91,15 +93,14 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_routers.rb b/libraries/google_compute_routers.rb
index 6cb3691f6..c2acaf8c0 100644
--- a/libraries/google_compute_routers.rb
+++ b/libraries/google_compute_routers.rb
@@ -86,8 +86,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_routes.rb b/libraries/google_compute_routes.rb
index 73fc8570a..8faa53d22 100644
--- a/libraries/google_compute_routes.rb
+++ b/libraries/google_compute_routes.rb
@@ -34,6 +34,7 @@ class ComputeRoutes < GcpResourceBase
filter_table_config.add(:next_hop_ips, field: :next_hop_ip)
filter_table_config.add(:next_hop_vpn_tunnels, field: :next_hop_vpn_tunnel)
filter_table_config.add(:next_hop_networks, field: :next_hop_network)
+ filter_table_config.add(:next_hop_ilbs, field: :next_hop_ilb)
filter_table_config.connect(self, :table)
@@ -84,18 +85,18 @@ def transformers
'nextHopIp' => ->(obj) { return :next_hop_ip, obj['nextHopIp'] },
'nextHopVpnTunnel' => ->(obj) { return :next_hop_vpn_tunnel, obj['nextHopVpnTunnel'] },
'nextHopNetwork' => ->(obj) { return :next_hop_network, obj['nextHopNetwork'] },
+ 'nextHopIlb' => ->(obj) { return :next_hop_ilb, obj['nextHopIlb'] },
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_snapshot.rb b/libraries/google_compute_snapshot.rb
index a803cbfd1..9f53bd829 100644
--- a/libraries/google_compute_snapshot.rb
+++ b/libraries/google_compute_snapshot.rb
@@ -41,7 +41,7 @@ class ComputeSnapshot < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -76,8 +76,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_snapshots.rb b/libraries/google_compute_snapshots.rb
index e030d7727..009524a8f 100644
--- a/libraries/google_compute_snapshots.rb
+++ b/libraries/google_compute_snapshots.rb
@@ -98,8 +98,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_ssl_certificate.rb b/libraries/google_compute_ssl_certificate.rb
index 631e13edc..ef9835d06 100644
--- a/libraries/google_compute_ssl_certificate.rb
+++ b/libraries/google_compute_ssl_certificate.rb
@@ -32,7 +32,7 @@ class ComputeSslCertificate < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -60,8 +60,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_ssl_certificates.rb b/libraries/google_compute_ssl_certificates.rb
index e0afc2b1f..3d4483b46 100644
--- a/libraries/google_compute_ssl_certificates.rb
+++ b/libraries/google_compute_ssl_certificates.rb
@@ -84,8 +84,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_ssl_policies.rb b/libraries/google_compute_ssl_policies.rb
index 9b2f4e0f6..a4f317c10 100644
--- a/libraries/google_compute_ssl_policies.rb
+++ b/libraries/google_compute_ssl_policies.rb
@@ -92,8 +92,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_ssl_policy.rb b/libraries/google_compute_ssl_policy.rb
index 5233049ff..0b9f7529e 100644
--- a/libraries/google_compute_ssl_policy.rb
+++ b/libraries/google_compute_ssl_policy.rb
@@ -37,7 +37,7 @@ class ComputeSslPolicy < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -69,8 +69,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_subnetwork.rb b/libraries/google_compute_subnetwork.rb
index 8819fe6ca..68166f5b3 100644
--- a/libraries/google_compute_subnetwork.rb
+++ b/libraries/google_compute_subnetwork.rb
@@ -1,39 +1,94 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/subnetwork_log_config'
+require 'google/compute/property/subnetwork_secondary_ip_ranges'
-module Inspec::Resources
- class GoogleComputeSubnetwork < GcpResourceBase
- name 'google_compute_subnetwork'
- desc 'Verifies settings for a compute subnetwork'
-
- example "
- describe google_compute_subnetwork(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-subnetwork') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @subnetwork = @gcp.gcp_compute_client.get_subnetwork(opts[:project], opts[:region], opts[:name])
- create_resource_methods(@subnetwork)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeSubnetwork < GcpResourceBase
+ name 'google_compute_subnetwork'
+ desc 'Subnetwork'
+ supports platform: 'gcp'
- def creation_timestamp_date
- return false if !defined?(creation_timestamp) || creation_timestamp.nil?
- Time.parse(creation_timestamp.to_s)
- end
+ attr_reader :params
+ attr_reader :creation_timestamp
+ attr_reader :description
+ attr_reader :gateway_address
+ attr_reader :id
+ attr_reader :ip_cidr_range
+ attr_reader :name
+ attr_reader :network
+ attr_reader :purpose
+ attr_reader :role
+ attr_reader :secondary_ip_ranges
+ attr_reader :private_ip_google_access
+ attr_reader :region
+ attr_reader :log_config
- def exists?
- !@subnetwork.nil?
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- def to_s
- "Subnetwork #{@display_name}"
+ def parse
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @description = @fetched['description']
+ @gateway_address = @fetched['gatewayAddress']
+ @id = @fetched['id']
+ @ip_cidr_range = @fetched['ipCidrRange']
+ @name = @fetched['name']
+ @network = @fetched['network']
+ @purpose = @fetched['purpose']
+ @role = @fetched['role']
+ @secondary_ip_ranges = GoogleInSpec::Compute::Property::SubnetworkSecondaryIpRangesArray.parse(@fetched['secondaryIpRanges'], to_s)
+ @private_ip_google_access = @fetched['privateIpGoogleAccess']
+ @region = @fetched['region']
+ @log_config = GoogleInSpec::Compute::Property::SubnetworkLogConfig.new(@fetched['logConfig'], to_s)
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Subnetwork #{@params[:name]}"
+ end
+
+ def creation_timestamp_date
+ @creation_timestamp
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}'
+ end
end
diff --git a/libraries/google_compute_subnetwork_iam_binding.rb b/libraries/google_compute_subnetwork_iam_binding.rb
new file mode 100644
index 000000000..889e6ceb9
--- /dev/null
+++ b/libraries/google_compute_subnetwork_iam_binding.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Compute Engine IAM Binding resources.
+class SubnetworkIamBinding < GcpResourceBase
+ name 'google_compute_subnetwork_iam_binding'
+ desc 'Subnetwork Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
+ end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
+ end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Subnetwork IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/compute/beta/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}/getIamPolicy'
+ end
+end
diff --git a/libraries/google_compute_subnetwork_iam_policy.rb b/libraries/google_compute_subnetwork_iam_policy.rb
index f5c70fe93..0cc5215dd 100644
--- a/libraries/google_compute_subnetwork_iam_policy.rb
+++ b/libraries/google_compute_subnetwork_iam_policy.rb
@@ -47,10 +47,18 @@ def to_s
"Subnetwork IamPolicy #{@params[:name]}"
end
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
private
def product_url
- 'https://www.googleapis.com/compute/v1/'
+ 'https://www.googleapis.com/compute/beta/'
end
def resource_base_url
diff --git a/libraries/google_compute_subnetworks.rb b/libraries/google_compute_subnetworks.rb
index c5e2af8a7..96145dbbf 100644
--- a/libraries/google_compute_subnetworks.rb
+++ b/libraries/google_compute_subnetworks.rb
@@ -1,54 +1,112 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ComputeSubnetworks < GcpResourceBase
+ name 'google_compute_subnetworks'
+ desc 'Subnetwork plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeSubnetworks < GcpResourceBase
- name 'google_compute_subnetworks'
- desc 'Verifies settings for GCP compute subnetworks in bulk'
+ attr_reader :table
- example "
- describe google_compute_subnetworks(project: 'chef-inspec-gcp', region: 'europe-west2') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @region = opts[:region]
- end
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:gateway_addresses, field: :gateway_address)
+ filter_table_config.add(:subnetwork_ids, field: :subnetwork_id)
+ filter_table_config.add(:ip_cidr_ranges, field: :ip_cidr_range)
+ filter_table_config.add(:subnetwork_names, field: :subnetwork_name)
+ filter_table_config.add(:networks, field: :network)
+ filter_table_config.add(:purposes, field: :purpose)
+ filter_table_config.add(:roles, field: :role)
+ filter_table_config.add(:secondary_ip_ranges, field: :secondary_ip_ranges)
+ filter_table_config.add(:private_ip_google_accesses, field: :private_ip_google_access)
+ filter_table_config.add(:regions, field: :region)
+ filter_table_config.add(:log_configs, field: :log_config)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:subnetwork_ids, field: :subnetwork_id)
- filter_table_config.add(:subnetwork_names, field: :subnetwork_name)
- filter_table_config.add(:subnetwork_networks, field: :subnetwork_network)
- filter_table_config.add(:enable_flow_logs, field: :enable_flow_log)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- subnetwork_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @subnetworks = @gcp.gcp_compute_client.list_subnetworks(@project, @region, page_token: next_page)
- end
- return [] if !@subnetworks || !@subnetworks.items
- @subnetworks.items.map do |subnetwork|
- catch_gcp_errors do
- @flow_logs_enabled = !@gcp.gcp_compute_client.list_subnetworks(@project, @region, filter: "enableFlowLogs=true name=\"#{subnetwork.name}\"").items.nil?
- end
- subnetwork_rows+=[{ subnetwork_id: subnetwork.id,
- subnetwork_name: subnetwork.name,
- subnetwork_network: subnetwork.network.split('/').last,
- enable_flow_log: @flow_logs_enabled }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @subnetworks.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = subnetwork_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'gatewayAddress' => ->(obj) { return :gateway_address, obj['gatewayAddress'] },
+ 'id' => ->(obj) { return :subnetwork_id, obj['id'] },
+ 'ipCidrRange' => ->(obj) { return :ip_cidr_range, obj['ipCidrRange'] },
+ 'name' => ->(obj) { return :subnetwork_name, obj['name'] },
+ 'network' => ->(obj) { return :network, obj['network'] },
+ 'purpose' => ->(obj) { return :purpose, obj['purpose'] },
+ 'role' => ->(obj) { return :role, obj['role'] },
+ 'secondaryIpRanges' => ->(obj) { return :secondary_ip_ranges, GoogleInSpec::Compute::Property::SubnetworkSecondaryIpRangesArray.parse(obj['secondaryIpRanges'], to_s) },
+ 'privateIpGoogleAccess' => ->(obj) { return :private_ip_google_access, obj['privateIpGoogleAccess'] },
+ 'region' => ->(obj) { return :region, obj['region'] },
+ 'logConfig' => ->(obj) { return :log_config, GoogleInSpec::Compute::Property::SubnetworkLogConfig.new(obj['logConfig'], to_s) },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/subnetworks'
end
end
diff --git a/libraries/google_compute_target_http_proxies.rb b/libraries/google_compute_target_http_proxies.rb
index b7ddc45c7..dfb09ffe4 100644
--- a/libraries/google_compute_target_http_proxies.rb
+++ b/libraries/google_compute_target_http_proxies.rb
@@ -82,8 +82,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_target_http_proxy.rb b/libraries/google_compute_target_http_proxy.rb
index 13cc5d1ab..d7c19c653 100644
--- a/libraries/google_compute_target_http_proxy.rb
+++ b/libraries/google_compute_target_http_proxy.rb
@@ -31,7 +31,7 @@ class ComputeTargetHttpProxy < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -58,8 +58,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_target_https_proxies.rb b/libraries/google_compute_target_https_proxies.rb
index d54adad48..1afd3b1eb 100644
--- a/libraries/google_compute_target_https_proxies.rb
+++ b/libraries/google_compute_target_https_proxies.rb
@@ -88,8 +88,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_target_https_proxy.rb b/libraries/google_compute_target_https_proxy.rb
index d7b9a0af5..4cee9c7f5 100644
--- a/libraries/google_compute_target_https_proxy.rb
+++ b/libraries/google_compute_target_https_proxy.rb
@@ -34,7 +34,7 @@ class ComputeTargetHttpsProxy < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -64,8 +64,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_target_pool.rb b/libraries/google_compute_target_pool.rb
index c2fc0bc4a..fb8e6e55b 100644
--- a/libraries/google_compute_target_pool.rb
+++ b/libraries/google_compute_target_pool.rb
@@ -36,7 +36,7 @@ class ComputeTargetPool < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -74,8 +74,12 @@ def has_target_instance?(name, zone)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_target_pools.rb b/libraries/google_compute_target_pools.rb
index 38a7ee20f..04e5815f5 100644
--- a/libraries/google_compute_target_pools.rb
+++ b/libraries/google_compute_target_pools.rb
@@ -92,8 +92,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_target_tcp_proxies.rb b/libraries/google_compute_target_tcp_proxies.rb
index cb1b9e248..04131284a 100644
--- a/libraries/google_compute_target_tcp_proxies.rb
+++ b/libraries/google_compute_target_tcp_proxies.rb
@@ -84,8 +84,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_target_tcp_proxy.rb b/libraries/google_compute_target_tcp_proxy.rb
index ff27bc046..5ba337185 100644
--- a/libraries/google_compute_target_tcp_proxy.rb
+++ b/libraries/google_compute_target_tcp_proxy.rb
@@ -32,7 +32,7 @@ class ComputeTargetTcpProxy < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -60,8 +60,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_url_map.rb b/libraries/google_compute_url_map.rb
index b2a834450..a1bf628b0 100644
--- a/libraries/google_compute_url_map.rb
+++ b/libraries/google_compute_url_map.rb
@@ -42,7 +42,7 @@ class ComputeUrlMap < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -74,8 +74,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_url_maps.rb b/libraries/google_compute_url_maps.rb
index 46cba9eea..8a6505201 100644
--- a/libraries/google_compute_url_maps.rb
+++ b/libraries/google_compute_url_maps.rb
@@ -92,8 +92,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://www.googleapis.com/compute/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_compute_vpn_tunnel.rb b/libraries/google_compute_vpn_tunnel.rb
index a6813d618..0716bb6c2 100644
--- a/libraries/google_compute_vpn_tunnel.rb
+++ b/libraries/google_compute_vpn_tunnel.rb
@@ -1,39 +1,102 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-module Inspec::Resources
- class GoogleComputeVpnTunnel < GcpResourceBase
- name 'google_compute_vpn_tunnel'
- desc 'Verifies settings for a compute vpn_tunnel'
-
- example "
- describe google_compute_vpn_tunnel(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-vpn_tunnel') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @vpn_tunnel = @gcp.gcp_compute_client.get_vpn_tunnel(opts[:project], opts[:region], opts[:name])
- create_resource_methods(@vpn_tunnel)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeVpnTunnel < GcpResourceBase
+ name 'google_compute_vpn_tunnel'
+ desc 'VpnTunnel'
+ supports platform: 'gcp'
- def exists?
- !@vpn_tunnel.nil?
- end
+ attr_reader :params
+ attr_reader :id
+ attr_reader :creation_timestamp
+ attr_reader :name
+ attr_reader :description
+ attr_reader :target_vpn_gateway
+ attr_reader :vpn_gateway
+ attr_reader :vpn_gateway_interface
+ attr_reader :peer_external_gateway
+ attr_reader :peer_external_gateway_interface
+ attr_reader :peer_gcp_gateway
+ attr_reader :router
+ attr_reader :peer_ip
+ attr_reader :shared_secret
+ attr_reader :shared_secret_hash
+ attr_reader :ike_version
+ attr_reader :local_traffic_selector
+ attr_reader :remote_traffic_selector
+ attr_reader :labels
+ attr_reader :label_fingerprint
+ attr_reader :region
- def creation_timestamp_date
- return false if !defined?(creation_timestamp) || creation_timestamp.nil?
- Time.parse(creation_timestamp.to_s)
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @id = @fetched['id']
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @name = @fetched['name']
+ @description = @fetched['description']
+ @target_vpn_gateway = @fetched['targetVpnGateway']
+ @vpn_gateway = @fetched['vpnGateway']
+ @vpn_gateway_interface = @fetched['vpnGatewayInterface']
+ @peer_external_gateway = @fetched['peerExternalGateway']
+ @peer_external_gateway_interface = @fetched['peerExternalGatewayInterface']
+ @peer_gcp_gateway = @fetched['peerGcpGateway']
+ @router = @fetched['router']
+ @peer_ip = @fetched['peerIp']
+ @shared_secret = @fetched['sharedSecret']
+ @shared_secret_hash = @fetched['sharedSecretHash']
+ @ike_version = @fetched['ikeVersion']
+ @local_traffic_selector = @fetched['localTrafficSelector']
+ @remote_traffic_selector = @fetched['remoteTrafficSelector']
+ @labels = @fetched['labels']
+ @label_fingerprint = @fetched['labelFingerprint']
+ @region = @fetched['region']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
- def to_s
- "Tunnel #{@display_name}"
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "VpnTunnel #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/vpnTunnels/{{name}}'
+ end
end
diff --git a/libraries/google_compute_vpn_tunnels.rb b/libraries/google_compute_vpn_tunnels.rb
index 2209f615a..7ab2c50cc 100644
--- a/libraries/google_compute_vpn_tunnels.rb
+++ b/libraries/google_compute_vpn_tunnels.rb
@@ -1,46 +1,126 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ComputeVpnTunnels < GcpResourceBase
+ name 'google_compute_vpn_tunnels'
+ desc 'VpnTunnel plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeVpnTunnels < GcpResourceBase
- name 'google_compute_vpn_tunnels'
- desc 'Verifies settings for GCP compute vpn_tunnels in bulk'
+ attr_reader :table
- example "
- describe google_compute_vpn_tunnels(project: 'chef-inspec-gcp', region: 'europe-west2') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @region = opts[:region]
- end
+ filter_table_config.add(:ids, field: :id)
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:vpn_tunnel_names, field: :vpn_tunnel_name)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:target_vpn_gateways, field: :target_vpn_gateway)
+ filter_table_config.add(:vpn_gateways, field: :vpn_gateway)
+ filter_table_config.add(:vpn_gateway_interfaces, field: :vpn_gateway_interface)
+ filter_table_config.add(:peer_external_gateways, field: :peer_external_gateway)
+ filter_table_config.add(:peer_external_gateway_interfaces, field: :peer_external_gateway_interface)
+ filter_table_config.add(:peer_gcp_gateways, field: :peer_gcp_gateway)
+ filter_table_config.add(:routers, field: :router)
+ filter_table_config.add(:peer_ips, field: :peer_ip)
+ filter_table_config.add(:shared_secrets, field: :shared_secret)
+ filter_table_config.add(:shared_secret_hashes, field: :shared_secret_hash)
+ filter_table_config.add(:ike_versions, field: :ike_version)
+ filter_table_config.add(:local_traffic_selectors, field: :local_traffic_selector)
+ filter_table_config.add(:remote_traffic_selectors, field: :remote_traffic_selector)
+ filter_table_config.add(:labels, field: :labels)
+ filter_table_config.add(:label_fingerprints, field: :label_fingerprint)
+ filter_table_config.add(:regions, field: :region)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:vpn_tunnel_names, field: :vpn_tunnel_name)
- filter_table_config.add(:vpn_tunnel_target_vpn_gateways, field: :vpn_tunnel_target_vpn_gateway)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- tunnel_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @vpn_tunnels = @gcp.gcp_compute_client.list_vpn_tunnels(@project, @region, page_token: next_page)
- end
- return [] if !@vpn_tunnels || !@vpn_tunnels.items
- @vpn_tunnels.items.map do |tunnel|
- tunnel_rows+=[{ vpn_tunnel_name: tunnel.name, vpn_tunnel_target_vpn_gateway: tunnel.target_vpn_gateway }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @vpn_tunnels.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = tunnel_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'id' => ->(obj) { return :id, obj['id'] },
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'name' => ->(obj) { return :vpn_tunnel_name, obj['name'] },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'targetVpnGateway' => ->(obj) { return :target_vpn_gateway, obj['targetVpnGateway'] },
+ 'vpnGateway' => ->(obj) { return :vpn_gateway, obj['vpnGateway'] },
+ 'vpnGatewayInterface' => ->(obj) { return :vpn_gateway_interface, obj['vpnGatewayInterface'] },
+ 'peerExternalGateway' => ->(obj) { return :peer_external_gateway, obj['peerExternalGateway'] },
+ 'peerExternalGatewayInterface' => ->(obj) { return :peer_external_gateway_interface, obj['peerExternalGatewayInterface'] },
+ 'peerGcpGateway' => ->(obj) { return :peer_gcp_gateway, obj['peerGcpGateway'] },
+ 'router' => ->(obj) { return :router, obj['router'] },
+ 'peerIp' => ->(obj) { return :peer_ip, obj['peerIp'] },
+ 'sharedSecret' => ->(obj) { return :shared_secret, obj['sharedSecret'] },
+ 'sharedSecretHash' => ->(obj) { return :shared_secret_hash, obj['sharedSecretHash'] },
+ 'ikeVersion' => ->(obj) { return :ike_version, obj['ikeVersion'] },
+ 'localTrafficSelector' => ->(obj) { return :local_traffic_selector, obj['localTrafficSelector'] },
+ 'remoteTrafficSelector' => ->(obj) { return :remote_traffic_selector, obj['remoteTrafficSelector'] },
+ 'labels' => ->(obj) { return :labels, obj['labels'] },
+ 'labelFingerprint' => ->(obj) { return :label_fingerprint, obj['labelFingerprint'] },
+ 'region' => ->(obj) { return :region, obj['region'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/vpnTunnels'
end
end
diff --git a/libraries/google_compute_zone.rb b/libraries/google_compute_zone.rb
index 171bec85c..eb2d0ab03 100644
--- a/libraries/google_compute_zone.rb
+++ b/libraries/google_compute_zone.rb
@@ -1,46 +1,88 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/compute/property/zone_deprecated'
-module Inspec::Resources
- class GoogleComputeZone < GcpResourceBase
- name 'google_compute_zone'
- desc 'Verifies settings for a zone'
-
- example "
- describe google_compute_zone(project: 'chef-inspec-gcp', zone: 'us-east1-b') do
- it { should exist }
- its('name') { should match 'us-east1-b' }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @zone = @gcp.gcp_compute_client.get_zone(opts[:project], opts[:name])
- create_resource_methods(@zone)
- end
- end
+# A provider to manage Compute Engine resources.
+class ComputeZone < GcpResourceBase
+ name 'google_compute_zone'
+ desc 'Zone'
+ supports platform: 'gcp'
- # helper method for retrieving a region name
- def region_name
- return '' if !defined?(region) || region.nil?
- region.split('/').last
- end
+ attr_reader :params
+ attr_reader :creation_timestamp
+ attr_reader :deprecated
+ attr_reader :description
+ attr_reader :id
+ attr_reader :name
+ attr_reader :region
+ attr_reader :status
+ attr_reader :available_cpu_platforms
- def exists?
- !@zone.nil?
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- def up?
- return false if !defined?(status) || status.nil?
- status == 'UP'
- end
+ def parse
+ @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+ @deprecated = GoogleInSpec::Compute::Property::ZoneDeprecated.new(@fetched['deprecated'], to_s)
+ @description = @fetched['description']
+ @id = @fetched['id']
+ @name = @fetched['name']
+ @region = @fetched['region']
+ @status = @fetched['status']
+ @available_cpu_platforms = @fetched['availableCpuPlatforms']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
- def to_s
- "Zone #{@display_name}"
+ def to_s
+ "Zone #{@params[:name]}"
+ end
+
+ # helper method for retrieving a region name
+ def region_name
+ @region&.split('/')&.last
+ end
+
+ def up?
+ @status == 'UP'
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/zones/{{name}}'
+ end
end
diff --git a/libraries/google_compute_zones.rb b/libraries/google_compute_zones.rb
index 611a8e3b6..d91e9642f 100644
--- a/libraries/google_compute_zones.rb
+++ b/libraries/google_compute_zones.rb
@@ -1,43 +1,102 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ComputeZones < GcpResourceBase
+ name 'google_compute_zones'
+ desc 'Zone plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeZones < GcpResourceBase
- name 'google_compute_zones'
- desc 'Verifies settings for GCP compute zones in bulk'
+ attr_reader :table
- example "
- describe google_compute_zones(project: 'chef-inspec-gcp') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- end
+ filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+ filter_table_config.add(:deprecateds, field: :deprecated)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:zone_ids, field: :zone_id)
+ filter_table_config.add(:zone_names, field: :zone_name)
+ filter_table_config.add(:regions, field: :region)
+ filter_table_config.add(:zone_statuses, field: :zone_status)
+ filter_table_config.add(:available_cpu_platforms, field: :available_cpu_platforms)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:zone_ids, field: :zone_id)
- filter_table_config.add(:zone_names, field: :zone_name)
- filter_table_config.add(:zone_statuses, field: :zone_status)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- zone_rows = []
- catch_gcp_errors do
- @zones = @gcp.gcp_compute_client.list_zones(@project)
- end
- return [] if !@zones || !@zones.items
- @zones.items.map do |zone|
- zone_rows+=[{ zone_id: zone.id,
- zone_name: zone.name,
- zone_status: zone.status }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
end
- @table = zone_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+ 'deprecated' => ->(obj) { return :deprecated, GoogleInSpec::Compute::Property::ZoneDeprecated.new(obj['deprecated'], to_s) },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'id' => ->(obj) { return :zone_id, obj['id'] },
+ 'name' => ->(obj) { return :zone_name, obj['name'] },
+ 'region' => ->(obj) { return :region, obj['region'] },
+ 'status' => ->(obj) { return :zone_status, obj['status'] },
+ 'availableCpuPlatforms' => ->(obj) { return :available_cpu_platforms, obj['availableCpuPlatforms'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/compute/beta/'
+ else
+ 'https://www.googleapis.com/compute/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/zones'
end
end
diff --git a/libraries/google_container_cluster.rb b/libraries/google_container_cluster.rb
index 930eadd06..a2654199c 100644
--- a/libraries/google_container_cluster.rb
+++ b/libraries/google_container_cluster.rb
@@ -1,114 +1,236 @@
-# frozen_string_literal: true
-
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/container_v1beta1'
-
-module Inspec::Resources
- class GoogleContainerCluster < GcpResourceBase
- name 'google_container_cluster'
- desc 'Verifies settings for a google container cluster'
-
- example "
- describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: 'cluster-name') do
- it { should exist }
- its('name') { should eq 'inspec-test' }
- its('status') { should eq 'in_use' }
- ...
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @cluster = @gcp.gcp_client(Google::Apis::ContainerV1beta1::ContainerService).get_zone_cluster(opts[:project], opts[:zone], opts[:name])
- create_resource_methods(@cluster)
- end
- end
+require 'google/container/property/cluster_addons_config'
+require 'google/container/property/cluster_addons_config_horizontal_pod_autoscaling'
+require 'google/container/property/cluster_addons_config_http_load_balancing'
+require 'google/container/property/cluster_addons_config_kubernetes_dashboard'
+require 'google/container/property/cluster_addons_config_network_policy_config'
+require 'google/container/property/cluster_binary_authorization'
+require 'google/container/property/cluster_conditions'
+require 'google/container/property/cluster_default_max_pods_constraint'
+require 'google/container/property/cluster_ip_allocation_policy'
+require 'google/container/property/cluster_legacy_abac'
+require 'google/container/property/cluster_master_auth'
+require 'google/container/property/cluster_master_auth_client_certificate_config'
+require 'google/container/property/cluster_master_authorized_networks_config'
+require 'google/container/property/cluster_master_authorized_networks_config_cidr_blocks'
+require 'google/container/property/cluster_network_policy'
+require 'google/container/property/cluster_node_config'
+require 'google/container/property/cluster_node_config_accelerators'
+require 'google/container/property/cluster_node_config_taints'
+require 'google/container/property/cluster_node_pools'
+require 'google/container/property/cluster_pod_security_policy_config'
+require 'google/container/property/cluster_private_cluster_config'
+
+# A provider to manage Google Kubernetes Engine resources.
+class ContainerCluster < GcpResourceBase
+ name 'google_container_cluster'
+ desc 'Cluster'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :name
+ attr_reader :description
+ attr_reader :initial_node_count
+ attr_reader :node_config
+ attr_reader :master_auth
+ attr_reader :logging_service
+ attr_reader :monitoring_service
+ attr_reader :network
+ attr_reader :private_cluster_config
+ attr_reader :cluster_ipv4_cidr
+ attr_reader :enable_tpu
+ attr_reader :tpu_ipv4_cidr_block
+ attr_reader :addons_config
+ attr_reader :subnetwork
+ attr_reader :locations
+ attr_reader :resource_labels
+ attr_reader :label_fingerprint
+ attr_reader :legacy_abac
+ attr_reader :network_policy
+ attr_reader :default_max_pods_constraint
+ attr_reader :ip_allocation_policy
+ attr_reader :endpoint
+ attr_reader :initial_cluster_version
+ attr_reader :current_master_version
+ attr_reader :current_node_version
+ attr_reader :create_time
+ attr_reader :status
+ attr_reader :status_message
+ attr_reader :node_ipv4_cidr_size
+ attr_reader :services_ipv4_cidr
+ attr_reader :current_node_count
+ attr_reader :expire_time
+ attr_reader :conditions
+ attr_reader :master_authorized_networks_config
+ attr_reader :node_pools
+ attr_reader :pod_security_policy_config
+ attr_reader :binary_authorization
+ attr_reader :location
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- def has_logging_enabled?
- return false if !defined?(@cluster.logging_service)
- return false if @cluster.logging_service.nil?
- return true if /logging\.googleapis\.com/ =~ @cluster.logging_service
- false
- end
+ def parse
+ @name = @fetched['name']
+ @description = @fetched['description']
+ @initial_node_count = @fetched['initialNodeCount']
+ @node_config = GoogleInSpec::Container::Property::ClusterNodeConfig.new(@fetched['nodeConfig'], to_s)
+ @master_auth = GoogleInSpec::Container::Property::ClusterMasterAuth.new(@fetched['masterAuth'], to_s)
+ @logging_service = @fetched['loggingService']
+ @monitoring_service = @fetched['monitoringService']
+ @network = @fetched['network']
+ @private_cluster_config = GoogleInSpec::Container::Property::ClusterPrivateClusterConfig.new(@fetched['privateClusterConfig'], to_s)
+ @cluster_ipv4_cidr = @fetched['clusterIpv4Cidr']
+ @enable_tpu = @fetched['enableTpu']
+ @tpu_ipv4_cidr_block = @fetched['tpuIpv4CidrBlock']
+ @addons_config = GoogleInSpec::Container::Property::ClusterAddonsConfig.new(@fetched['addonsConfig'], to_s)
+ @subnetwork = @fetched['subnetwork']
+ @locations = @fetched['locations']
+ @resource_labels = @fetched['resourceLabels']
+ @label_fingerprint = @fetched['labelFingerprint']
+ @legacy_abac = GoogleInSpec::Container::Property::ClusterLegacyAbac.new(@fetched['legacyAbac'], to_s)
+ @network_policy = GoogleInSpec::Container::Property::ClusterNetworkPolicy.new(@fetched['networkPolicy'], to_s)
+ @default_max_pods_constraint = GoogleInSpec::Container::Property::ClusterDefaultMaxPodsConstraint.new(@fetched['defaultMaxPodsConstraint'], to_s)
+ @ip_allocation_policy = GoogleInSpec::Container::Property::ClusterIpAllocationPolicy.new(@fetched['ipAllocationPolicy'], to_s)
+ @endpoint = @fetched['endpoint']
+ @initial_cluster_version = @fetched['initialClusterVersion']
+ @current_master_version = @fetched['currentMasterVersion']
+ @current_node_version = @fetched['currentNodeVersion']
+ @create_time = parse_time_string(@fetched['createTime'])
+ @status = @fetched['status']
+ @status_message = @fetched['statusMessage']
+ @node_ipv4_cidr_size = @fetched['nodeIpv4CidrSize']
+ @services_ipv4_cidr = @fetched['servicesIpv4Cidr']
+ @current_node_count = @fetched['currentNodeCount']
+ @expire_time = parse_time_string(@fetched['expireTime'])
+ @conditions = GoogleInSpec::Container::Property::ClusterConditionsArray.parse(@fetched['conditions'], to_s)
+ @master_authorized_networks_config = GoogleInSpec::Container::Property::ClusterMasterAuthorizedNetworksConfig.new(@fetched['masterAuthorizedNetworksConfig'], to_s)
+ @node_pools = GoogleInSpec::Container::Property::ClusterNodePoolsArray.parse(@fetched['nodePools'], to_s)
+ @pod_security_policy_config = GoogleInSpec::Container::Property::ClusterPodSecurityPolicyConfig.new(@fetched['podSecurityPolicyConfig'], to_s)
+ @binary_authorization = GoogleInSpec::Container::Property::ClusterBinaryAuthorization.new(@fetched['binaryAuthorization'], to_s)
+ @location = @fetched['location']
+ end
- def has_monitoring_enabled?
- return false if !defined?(@cluster.monitoring_service)
- return false if @cluster.monitoring_service.nil?
- return true if /monitoring\.googleapis\.com/ =~ @cluster.monitoring_service
- false
- end
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
- def has_legacy_abac_disabled?
- return nil if !defined?(@cluster.legacy_abac)
- return true if @cluster.legacy_abac.to_h.empty?
- false
- end
+ def exists?
+ !@fetched.nil?
+ end
- def has_master_authorized_networks_enabled?
- return false if !defined?(@cluster.master_authorized_networks_config)
- return false if @cluster.master_authorized_networks_config.to_h.empty?
- return false if !defined?(@cluster.master_authorized_networks_config.enabled)
- return true if @cluster.master_authorized_networks_config.enabled == true
- false
- end
+ def to_s
+ "Cluster #{@params[:name]}"
+ end
- def has_resource_labels?
- return false if !defined?(@cluster.resource_labels)
- return false if @cluster.resource_labels.to_h.empty?
- true
- end
+ def has_logging_enabled?
+ return false if !defined?(@logging_service)
+ return false if @logging_service.nil?
+ return true if /logging\.googleapis\.com/ =~ @logging_service
+ false
+ end
- def has_kubernetes_dashboard_disabled?
- return false if !defined?(@cluster.addons_config.kubernetes_dashboard)
- return false if @cluster.addons_config.kubernetes_dashboard.to_h.empty?
- return true if @cluster.addons_config.kubernetes_dashboard.to_h=={ 'disabled': true }
- false
- end
+ def has_monitoring_enabled?
+ return false if !defined?(@monitoring_service)
+ return false if @monitoring_service.nil?
+ return true if /monitoring\.googleapis\.com/ =~ @monitoring_service
+ false
+ end
- def has_basic_authorization?
- return false if @cluster.master_auth.username.nil? and @cluster.master_auth.password.nil?
- true
- end
+ def has_legacy_abac_disabled?
+ return nil if !defined?(@legacy_abac)
+ return true if @legacy_abac.to_h.empty?
+ false
+ end
- def has_network_policy_enabled?
- return false if !defined?(@cluster.network_policy.enabled)
- return true if @cluster.network_policy.enabled==true
- false
- end
+ def has_master_authorized_networks_enabled?
+ return false if !defined?(@master_authorized_networks_config)
+ return false if @master_authorized_networks_config.to_h.empty?
+ return false if !defined?(@master_authorized_networks_config.enabled)
+ return true if @master_authorized_networks_config.enabled == true
+ false
+ end
- def has_master_auth_client_key?
- return false if !defined?(@cluster.master_auth.client_key)
- return false if @cluster.master_auth.client_key.nil?
- return false if @cluster.master_auth.client_key==''
- true
- end
+ def has_resource_labels?
+ return false if !defined?(@resource_labels)
+ return false if @resource_labels.to_h.empty?
+ true
+ end
- def has_ip_alias_enabled?
- return false if !defined?(@cluster.ip_allocation_policy.use_ip_aliases)
- return true if @cluster.ip_allocation_policy.use_ip_aliases==true
- false
- end
+ def has_kubernetes_dashboard_disabled?
+ return false if !defined?(@addons_config.kubernetes_dashboard)
+ return false if @addons_config.kubernetes_dashboard.to_h.empty?
+ return true if @addons_config.kubernetes_dashboard.to_h=={ 'disabled': true }
+ false
+ end
- def has_pod_security_policy_config?
- return false if !defined?(@cluster.pod_security_policy_config.enabled)
- return true if @cluster.pod_security_policy_config.enabled==true
- false
- end
+ def has_basic_authorization?
+ return false if @master_auth.username.nil? and @master_auth.password.nil?
+ true
+ end
- def private_cluster?
- return false if !defined?(@cluster.private_cluster)
- return true if @cluster.private_cluster==true
- false
- end
+ def has_network_policy_enabled?
+ return false if !defined?(@network_policy.enabled)
+ return true if @network_policy.enabled==true
+ false
+ end
- def exists?
- !@cluster.nil?
- end
+ def has_master_auth_client_key?
+ return false if !defined?(@master_auth.client_key)
+ return false if @master_auth.client_key.nil?
+ return false if @master_auth.client_key==''
+ true
+ end
- def to_s
- "Cluster #{@display_name}"
+ def has_ip_alias_enabled?
+ return false if !defined?(@ip_allocation_policy.use_ip_aliases)
+ return true if @ip_allocation_policy.use_ip_aliases==true
+ false
+ end
+
+ def has_pod_security_policy_config?
+ return false if !defined?(@pod_security_policy_config.enabled)
+ return true if @pod_security_policy_config.enabled==true
+ false
+ end
+
+ def private_cluster?
+ return false if !defined?(@private_cluster)
+ return true if @private_cluster==true
+ false
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://container.googleapis.com/v1beta1/'
+ else
+ 'https://container.googleapis.com/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/clusters/{{name}}'
+ end
end
diff --git a/libraries/google_container_clusters.rb b/libraries/google_container_clusters.rb
index 0d410fc3c..e15d78027 100644
--- a/libraries/google_container_clusters.rb
+++ b/libraries/google_container_clusters.rb
@@ -1,46 +1,162 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ContainerClusters < GcpResourceBase
+ name 'google_container_clusters'
+ desc 'Cluster plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleContainerClusters < GcpResourceBase
- name 'google_container_clusters'
- desc 'Verifies settings for GCP container clusters in bulk'
+ attr_reader :table
- example "
- describe google_container_clusters(project: 'chef-inspec-gcp', zone: 'europe-west2-a') do
- it { should exist }
- ...
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @zone = opts[:zone]
- end
+ filter_table_config.add(:cluster_names, field: :cluster_name)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:initial_node_counts, field: :initial_node_count)
+ filter_table_config.add(:node_configs, field: :node_config)
+ filter_table_config.add(:master_auths, field: :master_auth)
+ filter_table_config.add(:logging_services, field: :logging_service)
+ filter_table_config.add(:monitoring_services, field: :monitoring_service)
+ filter_table_config.add(:cluster_networks, field: :cluster_network)
+ filter_table_config.add(:private_cluster_configs, field: :private_cluster_config)
+ filter_table_config.add(:cluster_ipv4_cidrs, field: :cluster_ipv4_cidr)
+ filter_table_config.add(:enable_tpus, field: :enable_tpu)
+ filter_table_config.add(:tpu_ipv4_cidr_blocks, field: :tpu_ipv4_cidr_block)
+ filter_table_config.add(:addons_configs, field: :addons_config)
+ filter_table_config.add(:subnetworks, field: :subnetwork)
+ filter_table_config.add(:locations, field: :locations)
+ filter_table_config.add(:resource_labels, field: :resource_labels)
+ filter_table_config.add(:label_fingerprints, field: :label_fingerprint)
+ filter_table_config.add(:legacy_abacs, field: :legacy_abac)
+ filter_table_config.add(:network_policies, field: :network_policy)
+ filter_table_config.add(:default_max_pods_constraints, field: :default_max_pods_constraint)
+ filter_table_config.add(:ip_allocation_policies, field: :ip_allocation_policy)
+ filter_table_config.add(:endpoints, field: :endpoint)
+ filter_table_config.add(:initial_cluster_versions, field: :initial_cluster_version)
+ filter_table_config.add(:current_master_versions, field: :current_master_version)
+ filter_table_config.add(:current_node_versions, field: :current_node_version)
+ filter_table_config.add(:create_times, field: :create_time)
+ filter_table_config.add(:cluster_statuses, field: :cluster_status)
+ filter_table_config.add(:status_messages, field: :status_message)
+ filter_table_config.add(:node_ipv4_cidr_sizes, field: :node_ipv4_cidr_size)
+ filter_table_config.add(:services_ipv4_cidrs, field: :services_ipv4_cidr)
+ filter_table_config.add(:current_node_counts, field: :current_node_count)
+ filter_table_config.add(:expire_times, field: :expire_time)
+ filter_table_config.add(:conditions, field: :conditions)
+ filter_table_config.add(:master_authorized_networks_configs, field: :master_authorized_networks_config)
+ filter_table_config.add(:node_pools, field: :node_pools)
+ filter_table_config.add(:pod_security_policy_configs, field: :pod_security_policy_config)
+ filter_table_config.add(:binary_authorizations, field: :binary_authorization)
+ filter_table_config.add(:locations, field: :location)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:cluster_names, field: :cluster_name)
- filter_table_config.add(:cluster_statuses, field: :cluster_status)
- filter_table_config.add(:cluster_subnetworks, field: :cluster_subnetwork)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- cluster_rows = []
- catch_gcp_errors do
- # below seemingly doesn't provide pagination
- @clusters = @gcp.gcp_client(Google::Apis::ContainerV1::ContainerService).list_zone_clusters(@project, @zone)
- end
- return [] if !@clusters || !@clusters.clusters
- @clusters.clusters.map do |cluster|
- cluster_rows+=[{ cluster_name: cluster.name,
- cluster_status: cluster.status,
- cluster_subnetwork: cluster.subnetwork }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('clusters')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
end
- @table = cluster_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :cluster_name, obj['name'] },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'initialNodeCount' => ->(obj) { return :initial_node_count, obj['initialNodeCount'] },
+ 'nodeConfig' => ->(obj) { return :node_config, GoogleInSpec::Container::Property::ClusterNodeConfig.new(obj['nodeConfig'], to_s) },
+ 'masterAuth' => ->(obj) { return :master_auth, GoogleInSpec::Container::Property::ClusterMasterAuth.new(obj['masterAuth'], to_s) },
+ 'loggingService' => ->(obj) { return :logging_service, obj['loggingService'] },
+ 'monitoringService' => ->(obj) { return :monitoring_service, obj['monitoringService'] },
+ 'network' => ->(obj) { return :cluster_network, obj['network'] },
+ 'privateClusterConfig' => ->(obj) { return :private_cluster_config, GoogleInSpec::Container::Property::ClusterPrivateClusterConfig.new(obj['privateClusterConfig'], to_s) },
+ 'clusterIpv4Cidr' => ->(obj) { return :cluster_ipv4_cidr, obj['clusterIpv4Cidr'] },
+ 'enableTpu' => ->(obj) { return :enable_tpu, obj['enableTpu'] },
+ 'tpuIpv4CidrBlock' => ->(obj) { return :tpu_ipv4_cidr_block, obj['tpuIpv4CidrBlock'] },
+ 'addonsConfig' => ->(obj) { return :addons_config, GoogleInSpec::Container::Property::ClusterAddonsConfig.new(obj['addonsConfig'], to_s) },
+ 'subnetwork' => ->(obj) { return :subnetwork, obj['subnetwork'] },
+ 'locations' => ->(obj) { return :locations, obj['locations'] },
+ 'resourceLabels' => ->(obj) { return :resource_labels, obj['resourceLabels'] },
+ 'labelFingerprint' => ->(obj) { return :label_fingerprint, obj['labelFingerprint'] },
+ 'legacyAbac' => ->(obj) { return :legacy_abac, GoogleInSpec::Container::Property::ClusterLegacyAbac.new(obj['legacyAbac'], to_s) },
+ 'networkPolicy' => ->(obj) { return :network_policy, GoogleInSpec::Container::Property::ClusterNetworkPolicy.new(obj['networkPolicy'], to_s) },
+ 'defaultMaxPodsConstraint' => ->(obj) { return :default_max_pods_constraint, GoogleInSpec::Container::Property::ClusterDefaultMaxPodsConstraint.new(obj['defaultMaxPodsConstraint'], to_s) },
+ 'ipAllocationPolicy' => ->(obj) { return :ip_allocation_policy, GoogleInSpec::Container::Property::ClusterIpAllocationPolicy.new(obj['ipAllocationPolicy'], to_s) },
+ 'endpoint' => ->(obj) { return :endpoint, obj['endpoint'] },
+ 'initialClusterVersion' => ->(obj) { return :initial_cluster_version, obj['initialClusterVersion'] },
+ 'currentMasterVersion' => ->(obj) { return :current_master_version, obj['currentMasterVersion'] },
+ 'currentNodeVersion' => ->(obj) { return :current_node_version, obj['currentNodeVersion'] },
+ 'createTime' => ->(obj) { return :create_time, parse_time_string(obj['createTime']) },
+ 'status' => ->(obj) { return :cluster_status, obj['status'] },
+ 'statusMessage' => ->(obj) { return :status_message, obj['statusMessage'] },
+ 'nodeIpv4CidrSize' => ->(obj) { return :node_ipv4_cidr_size, obj['nodeIpv4CidrSize'] },
+ 'servicesIpv4Cidr' => ->(obj) { return :services_ipv4_cidr, obj['servicesIpv4Cidr'] },
+ 'currentNodeCount' => ->(obj) { return :current_node_count, obj['currentNodeCount'] },
+ 'expireTime' => ->(obj) { return :expire_time, parse_time_string(obj['expireTime']) },
+ 'conditions' => ->(obj) { return :conditions, GoogleInSpec::Container::Property::ClusterConditionsArray.parse(obj['conditions'], to_s) },
+ 'masterAuthorizedNetworksConfig' => ->(obj) { return :master_authorized_networks_config, GoogleInSpec::Container::Property::ClusterMasterAuthorizedNetworksConfig.new(obj['masterAuthorizedNetworksConfig'], to_s) },
+ 'nodePools' => ->(obj) { return :node_pools, GoogleInSpec::Container::Property::ClusterNodePoolsArray.parse(obj['nodePools'], to_s) },
+ 'podSecurityPolicyConfig' => ->(obj) { return :pod_security_policy_config, GoogleInSpec::Container::Property::ClusterPodSecurityPolicyConfig.new(obj['podSecurityPolicyConfig'], to_s) },
+ 'binaryAuthorization' => ->(obj) { return :binary_authorization, GoogleInSpec::Container::Property::ClusterBinaryAuthorization.new(obj['binaryAuthorization'], to_s) },
+ 'location' => ->(obj) { return :location, obj['location'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://container.googleapis.com/v1beta1/'
+ else
+ 'https://container.googleapis.com/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/clusters'
end
end
diff --git a/libraries/google_container_node_pool.rb b/libraries/google_container_node_pool.rb
index 9debefdfa..79fd2c0ee 100644
--- a/libraries/google_container_node_pool.rb
+++ b/libraries/google_container_node_pool.rb
@@ -1,66 +1,91 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/container_v1'
+require 'google/container/property/nodepool_autoscaling'
+require 'google/container/property/nodepool_conditions'
+require 'google/container/property/nodepool_config'
+require 'google/container/property/nodepool_config_accelerators'
+require 'google/container/property/nodepool_config_taints'
+require 'google/container/property/nodepool_management'
+require 'google/container/property/nodepool_management_upgrade_options'
+require 'google/container/property/nodepool_max_pods_constraint'
-module Inspec::Resources
- class GoogleContainerNodePool < GcpResourceBase
- name 'google_container_node_pool'
- desc 'Verifies settings for a container nodepool'
+# A provider to manage Google Kubernetes Engine resources.
+class ContainerNodePool < GcpResourceBase
+ name 'google_container_node_pool'
+ desc 'NodePool'
+ supports platform: 'gcp'
- example "
- describe google_container_node_pool(project: 'chef-inspec-gcp', zone: 'europe-west2-a', cluster_name: 'cluster-name', nodepool_name: 'inspec-test') do
- it { should exist }
- its('name') { should eq 'inspec-test' }
- ...
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:nodepool_name]
- catch_gcp_errors do
- @nodepool = @gcp.gcp_client(Google::Apis::ContainerV1::ContainerService).get_project_zone_cluster_node_pool(opts[:project], opts[:zone], opts[:cluster_name], opts[:nodepool_name])
- create_resource_methods(@nodepool)
- end
- end
+ attr_reader :params
+ attr_reader :name
+ attr_reader :config
+ attr_reader :initial_node_count
+ attr_reader :status
+ attr_reader :status_message
+ attr_reader :version
+ attr_reader :autoscaling
+ attr_reader :management
+ attr_reader :max_pods_constraint
+ attr_reader :conditions
+ attr_reader :pod_ipv4_cidr_size
+ attr_reader :cluster
+ attr_reader :location
- def has_automatic_node_repair?
- return false if !defined?(@nodepool.management.auto_repair)
- return false if @nodepool.management.auto_repair.nil?
- @nodepool.management.auto_repair
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- def has_automatic_node_upgrade?
- return false if !defined?(@nodepool.management.auto_upgrade)
- return false if @nodepool.management.auto_upgrade.nil?
- @nodepool.management.auto_upgrade
- end
+ def parse
+ @name = @fetched['name']
+ @config = GoogleInSpec::Container::Property::NodePoolConfig.new(@fetched['config'], to_s)
+ @initial_node_count = @fetched['initialNodeCount']
+ @status = @fetched['status']
+ @status_message = @fetched['statusMessage']
+ @version = @fetched['version']
+ @autoscaling = GoogleInSpec::Container::Property::NodePoolAutoscaling.new(@fetched['autoscaling'], to_s)
+ @management = GoogleInSpec::Container::Property::NodePoolManagement.new(@fetched['management'], to_s)
+ @max_pods_constraint = GoogleInSpec::Container::Property::NodePoolMaxPodsConstraint.new(@fetched['maxPodsConstraint'], to_s)
+ @conditions = GoogleInSpec::Container::Property::NodePoolConditionsArray.parse(@fetched['conditions'], to_s)
+ @pod_ipv4_cidr_size = @fetched['podIpv4CidrSize']
+ @cluster = @fetched['cluster']
+ @location = @fetched['location']
+ end
- def config_image_type
- return '' if !defined?(@nodepool.config.image_type)
- return '' if @nodepool.config.image_type.nil?
- @nodepool.config.image_type
- end
+ def exists?
+ !@fetched.nil?
+ end
- def config_service_account
- return '' if !defined?(@nodepool.config.service_account)
- return '' if @nodepool.config.service_account.nil?
- @nodepool.config.service_account
- end
+ def to_s
+ "NodePool #{@params[:nodepool_name]}"
+ end
- def config_oauth_scopes
- return false if !defined?(@nodepool.config.oauth_scopes)
- return false if @nodepool.config.oauth_scopes.nil?
- @nodepool.config.oauth_scopes
- end
+ private
- def exists?
- !@nodepool.nil?
+ def product_url(beta = false)
+ if beta
+ 'https://container.googleapis.com/v1beta1/'
+ else
+ 'https://container.googleapis.com/v1/'
end
+ end
- def to_s
- "Nodepool #{@display_name}"
- end
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/clusters/{{cluster_name}}/nodePools/{{nodepool_name}}'
end
end
diff --git a/libraries/google_container_node_pools.rb b/libraries/google_container_node_pools.rb
index f46d1533c..5b8a3cf96 100644
--- a/libraries/google_container_node_pools.rb
+++ b/libraries/google_container_node_pools.rb
@@ -1,45 +1,107 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ContainerNodePools < GcpResourceBase
+ name 'google_container_node_pools'
+ desc 'NodePool plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleContainerNodePools < GcpResourceBase
- name 'google_container_node_pools'
- desc 'Verifies settings for GCP container node pools in bulk'
+ attr_reader :table
- example "
- describe google_container_node_pools(project: 'chef-inspec-gcp', node_pool: 'europe-west2-a', cluster_name: 'inspec-gcp-cluster')
- it { should exist }
- ...
+ filter_table_config = FilterTable.create
+
+ filter_table_config.add(:node_pool_names, field: :node_pool_name)
+ filter_table_config.add(:configs, field: :config)
+ filter_table_config.add(:initial_node_counts, field: :initial_node_count)
+ filter_table_config.add(:node_pool_statuses, field: :node_pool_status)
+ filter_table_config.add(:status_messages, field: :status_message)
+ filter_table_config.add(:versions, field: :version)
+ filter_table_config.add(:autoscalings, field: :autoscaling)
+ filter_table_config.add(:managements, field: :management)
+ filter_table_config.add(:max_pods_constraints, field: :max_pods_constraint)
+ filter_table_config.add(:conditions, field: :conditions)
+ filter_table_config.add(:pod_ipv4_cidr_sizes, field: :pod_ipv4_cidr_size)
+ filter_table_config.add(:clusters, field: :cluster)
+ filter_table_config.add(:locations, field: :location)
+
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('nodePools')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @zone = opts[:zone]
- @cluster_name = opts[:cluster_name]
end
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:node_pool_names, field: :node_pool_name)
- filter_table_config.add(:node_pool_statuses, field: :node_pool_status)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- node_pool_rows = []
- catch_gcp_errors do
- # no pagination
- @node_pools = @gcp.gcp_client(Google::Apis::ContainerV1::ContainerService).list_project_zone_cluster_node_pools(@project, @zone, @cluster_name)
- end
- return [] if !@node_pools || !@node_pools.node_pools
- @node_pools.node_pools.map do |node_pool|
- node_pool_rows+=[{ node_pool_name: node_pool.name,
- node_pool_status: node_pool.status }]
- end
- @table = node_pool_rows
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :node_pool_name, obj['name'] },
+ 'config' => ->(obj) { return :config, GoogleInSpec::Container::Property::NodePoolConfig.new(obj['config'], to_s) },
+ 'initialNodeCount' => ->(obj) { return :initial_node_count, obj['initialNodeCount'] },
+ 'status' => ->(obj) { return :node_pool_status, obj['status'] },
+ 'statusMessage' => ->(obj) { return :status_message, obj['statusMessage'] },
+ 'version' => ->(obj) { return :version, obj['version'] },
+ 'autoscaling' => ->(obj) { return :autoscaling, GoogleInSpec::Container::Property::NodePoolAutoscaling.new(obj['autoscaling'], to_s) },
+ 'management' => ->(obj) { return :management, GoogleInSpec::Container::Property::NodePoolManagement.new(obj['management'], to_s) },
+ 'maxPodsConstraint' => ->(obj) { return :max_pods_constraint, GoogleInSpec::Container::Property::NodePoolMaxPodsConstraint.new(obj['maxPodsConstraint'], to_s) },
+ 'conditions' => ->(obj) { return :conditions, GoogleInSpec::Container::Property::NodePoolConditionsArray.parse(obj['conditions'], to_s) },
+ 'podIpv4CidrSize' => ->(obj) { return :pod_ipv4_cidr_size, obj['podIpv4CidrSize'] },
+ 'cluster' => ->(obj) { return :cluster, obj['cluster'] },
+ 'location' => ->(obj) { return :location, obj['location'] },
+ }
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://container.googleapis.com/v1beta1/'
+ else
+ 'https://container.googleapis.com/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/clusters/{{cluster_name}}/nodePools'
+ end
end
diff --git a/libraries/google_container_regional_cluster.rb b/libraries/google_container_regional_cluster.rb
deleted file mode 100644
index f6edafbd5..000000000
--- a/libraries/google_container_regional_cluster.rb
+++ /dev/null
@@ -1,146 +0,0 @@
-# frozen_string_literal: false
-
-# ----------------------------------------------------------------------------
-#
-# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
-#
-# ----------------------------------------------------------------------------
-#
-# This file is automatically generated by Magic Modules and manual
-# changes will be clobbered when the file is regenerated.
-#
-# Please read more about how to change this file in README.md and
-# CONTRIBUTING.md located at the root of this package.
-#
-# ----------------------------------------------------------------------------
-require 'gcp_backend'
-require 'google/container/property/regionalcluster_addons_config'
-require 'google/container/property/regionalcluster_addons_config_horizontal_pod_autoscaling'
-require 'google/container/property/regionalcluster_addons_config_http_load_balancing'
-require 'google/container/property/regionalcluster_addons_config_kubernetes_dashboard'
-require 'google/container/property/regionalcluster_addons_config_network_policy_config'
-require 'google/container/property/regionalcluster_conditions'
-require 'google/container/property/regionalcluster_default_max_pods_constraint'
-require 'google/container/property/regionalcluster_ip_allocation_policy'
-require 'google/container/property/regionalcluster_legacy_abac'
-require 'google/container/property/regionalcluster_master_auth'
-require 'google/container/property/regionalcluster_master_auth_client_certificate_config'
-require 'google/container/property/regionalcluster_master_authorized_networks_config'
-require 'google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks'
-require 'google/container/property/regionalcluster_network_policy'
-require 'google/container/property/regionalcluster_node_config'
-require 'google/container/property/regionalcluster_node_config_accelerators'
-require 'google/container/property/regionalcluster_node_config_taints'
-require 'google/container/property/regionalcluster_private_cluster_config'
-
-# A provider to manage Google Kubernetes Engine resources.
-class ContainerRegionalCluster < GcpResourceBase
- name 'google_container_regional_cluster'
- desc 'RegionalCluster'
- supports platform: 'gcp'
-
- attr_reader :params
- attr_reader :name
- attr_reader :description
- attr_reader :initial_node_count
- attr_reader :node_config
- attr_reader :master_auth
- attr_reader :logging_service
- attr_reader :monitoring_service
- attr_reader :network
- attr_reader :private_cluster_config
- attr_reader :cluster_ipv4_cidr
- attr_reader :addons_config
- attr_reader :subnetwork
- attr_reader :locations
- attr_reader :resource_labels
- attr_reader :label_fingerprint
- attr_reader :legacy_abac
- attr_reader :network_policy
- attr_reader :default_max_pods_constraint
- attr_reader :ip_allocation_policy
- attr_reader :endpoint
- attr_reader :initial_cluster_version
- attr_reader :current_master_version
- attr_reader :current_node_version
- attr_reader :create_time
- attr_reader :status
- attr_reader :status_message
- attr_reader :node_ipv4_cidr_size
- attr_reader :services_ipv4_cidr
- attr_reader :current_node_count
- attr_reader :expire_time
- attr_reader :enable_tpu
- attr_reader :tpu_ipv4_cidr_block
- attr_reader :conditions
- attr_reader :master_authorized_networks_config
- attr_reader :location
-
- def initialize(params)
- super(params.merge({ use_http_transport: true }))
- @params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
- parse unless @fetched.nil?
- end
-
- def parse
- @name = @fetched['name']
- @description = @fetched['description']
- @initial_node_count = @fetched['initialNodeCount']
- @node_config = GoogleInSpec::Container::Property::RegionalClusterNodeConfig.new(@fetched['nodeConfig'], to_s)
- @master_auth = GoogleInSpec::Container::Property::RegionalClusterMasterAuth.new(@fetched['masterAuth'], to_s)
- @logging_service = @fetched['loggingService']
- @monitoring_service = @fetched['monitoringService']
- @network = @fetched['network']
- @private_cluster_config = GoogleInSpec::Container::Property::RegionalClusterPrivateClusterConfig.new(@fetched['privateClusterConfig'], to_s)
- @cluster_ipv4_cidr = @fetched['clusterIpv4Cidr']
- @addons_config = GoogleInSpec::Container::Property::RegionalClusterAddonsConfig.new(@fetched['addonsConfig'], to_s)
- @subnetwork = @fetched['subnetwork']
- @locations = @fetched['locations']
- @resource_labels = @fetched['resourceLabels']
- @label_fingerprint = @fetched['labelFingerprint']
- @legacy_abac = GoogleInSpec::Container::Property::RegionalClusterLegacyAbac.new(@fetched['legacyAbac'], to_s)
- @network_policy = GoogleInSpec::Container::Property::RegionalClusterNetworkPolicy.new(@fetched['networkPolicy'], to_s)
- @default_max_pods_constraint = GoogleInSpec::Container::Property::RegionalClusterDefaultMaxPodsConstraint.new(@fetched['defaultMaxPodsConstraint'], to_s)
- @ip_allocation_policy = GoogleInSpec::Container::Property::RegionalClusterIpAllocationPolicy.new(@fetched['ipAllocationPolicy'], to_s)
- @endpoint = @fetched['endpoint']
- @initial_cluster_version = @fetched['initialClusterVersion']
- @current_master_version = @fetched['currentMasterVersion']
- @current_node_version = @fetched['currentNodeVersion']
- @create_time = parse_time_string(@fetched['createTime'])
- @status = @fetched['status']
- @status_message = @fetched['statusMessage']
- @node_ipv4_cidr_size = @fetched['nodeIpv4CidrSize']
- @services_ipv4_cidr = @fetched['servicesIpv4Cidr']
- @current_node_count = @fetched['currentNodeCount']
- @expire_time = parse_time_string(@fetched['expireTime'])
- @enable_tpu = @fetched['enableTpu']
- @tpu_ipv4_cidr_block = @fetched['tpuIpv4CidrBlock']
- @conditions = GoogleInSpec::Container::Property::RegionalClusterConditionsArray.parse(@fetched['conditions'], to_s)
- @master_authorized_networks_config = GoogleInSpec::Container::Property::RegionalClusterMasterAuthorizedNetworksConfig.new(@fetched['masterAuthorizedNetworksConfig'], to_s)
- @location = @fetched['location']
- end
-
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
- def exists?
- !@fetched.nil?
- end
-
- def to_s
- "RegionalCluster #{@params[:name]}"
- end
-
- private
-
- def product_url
- 'https://container.googleapis.com/v1/'
- end
-
- def resource_base_url
- 'projects/{{project}}/locations/{{location}}/clusters/{{name}}'
- end
-end
diff --git a/libraries/google_container_regional_clusters.rb b/libraries/google_container_regional_clusters.rb
deleted file mode 100644
index 9aabb0b4c..000000000
--- a/libraries/google_container_regional_clusters.rb
+++ /dev/null
@@ -1,152 +0,0 @@
-# frozen_string_literal: false
-
-# ----------------------------------------------------------------------------
-#
-# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
-#
-# ----------------------------------------------------------------------------
-#
-# This file is automatically generated by Magic Modules and manual
-# changes will be clobbered when the file is regenerated.
-#
-# Please read more about how to change this file in README.md and
-# CONTRIBUTING.md located at the root of this package.
-#
-# ----------------------------------------------------------------------------
-require 'gcp_backend'
-class ContainerRegionalClusters < GcpResourceBase
- name 'google_container_regional_clusters'
- desc 'RegionalCluster plural resource'
- supports platform: 'gcp'
-
- attr_reader :table
-
- filter_table_config = FilterTable.create
-
- filter_table_config.add(:names, field: :name)
- filter_table_config.add(:descriptions, field: :description)
- filter_table_config.add(:initial_node_counts, field: :initial_node_count)
- filter_table_config.add(:node_configs, field: :node_config)
- filter_table_config.add(:master_auths, field: :master_auth)
- filter_table_config.add(:logging_services, field: :logging_service)
- filter_table_config.add(:monitoring_services, field: :monitoring_service)
- filter_table_config.add(:networks, field: :network)
- filter_table_config.add(:private_cluster_configs, field: :private_cluster_config)
- filter_table_config.add(:cluster_ipv4_cidrs, field: :cluster_ipv4_cidr)
- filter_table_config.add(:addons_configs, field: :addons_config)
- filter_table_config.add(:subnetworks, field: :subnetwork)
- filter_table_config.add(:locations, field: :locations)
- filter_table_config.add(:resource_labels, field: :resource_labels)
- filter_table_config.add(:label_fingerprints, field: :label_fingerprint)
- filter_table_config.add(:legacy_abacs, field: :legacy_abac)
- filter_table_config.add(:network_policies, field: :network_policy)
- filter_table_config.add(:default_max_pods_constraints, field: :default_max_pods_constraint)
- filter_table_config.add(:ip_allocation_policies, field: :ip_allocation_policy)
- filter_table_config.add(:endpoints, field: :endpoint)
- filter_table_config.add(:initial_cluster_versions, field: :initial_cluster_version)
- filter_table_config.add(:current_master_versions, field: :current_master_version)
- filter_table_config.add(:current_node_versions, field: :current_node_version)
- filter_table_config.add(:create_times, field: :create_time)
- filter_table_config.add(:statuses, field: :status)
- filter_table_config.add(:status_messages, field: :status_message)
- filter_table_config.add(:node_ipv4_cidr_sizes, field: :node_ipv4_cidr_size)
- filter_table_config.add(:services_ipv4_cidrs, field: :services_ipv4_cidr)
- filter_table_config.add(:current_node_counts, field: :current_node_count)
- filter_table_config.add(:expire_times, field: :expire_time)
- filter_table_config.add(:enable_tpus, field: :enable_tpu)
- filter_table_config.add(:tpu_ipv4_cidr_blocks, field: :tpu_ipv4_cidr_block)
- filter_table_config.add(:conditions, field: :conditions)
- filter_table_config.add(:master_authorized_networks_configs, field: :master_authorized_networks_config)
- filter_table_config.add(:locations, field: :location)
-
- filter_table_config.connect(self, :table)
-
- def initialize(params = {})
- super(params.merge({ use_http_transport: true }))
- @params = params
- @table = fetch_wrapped_resource('clusters')
- end
-
- def fetch_wrapped_resource(wrap_path)
- # fetch_resource returns an array of responses (to handle pagination)
- result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
- return if result.nil?
-
- # Conversion of string -> object hash to symbol -> object hash that InSpec needs
- converted = []
- result.each do |response|
- next if response.nil? || !response.key?(wrap_path)
- response[wrap_path].each do |hash|
- hash_with_symbols = {}
- hash.each_key do |key|
- name, value = transform(key, hash)
- hash_with_symbols[name] = value
- end
- converted.push(hash_with_symbols)
- end
- end
-
- converted
- end
-
- def transform(key, value)
- return transformers[key].call(value) if transformers.key?(key)
-
- [key.to_sym, value]
- end
-
- def transformers
- {
- 'name' => ->(obj) { return :name, obj['name'] },
- 'description' => ->(obj) { return :description, obj['description'] },
- 'initialNodeCount' => ->(obj) { return :initial_node_count, obj['initialNodeCount'] },
- 'nodeConfig' => ->(obj) { return :node_config, GoogleInSpec::Container::Property::RegionalClusterNodeConfig.new(obj['nodeConfig'], to_s) },
- 'masterAuth' => ->(obj) { return :master_auth, GoogleInSpec::Container::Property::RegionalClusterMasterAuth.new(obj['masterAuth'], to_s) },
- 'loggingService' => ->(obj) { return :logging_service, obj['loggingService'] },
- 'monitoringService' => ->(obj) { return :monitoring_service, obj['monitoringService'] },
- 'network' => ->(obj) { return :network, obj['network'] },
- 'privateClusterConfig' => ->(obj) { return :private_cluster_config, GoogleInSpec::Container::Property::RegionalClusterPrivateClusterConfig.new(obj['privateClusterConfig'], to_s) },
- 'clusterIpv4Cidr' => ->(obj) { return :cluster_ipv4_cidr, obj['clusterIpv4Cidr'] },
- 'addonsConfig' => ->(obj) { return :addons_config, GoogleInSpec::Container::Property::RegionalClusterAddonsConfig.new(obj['addonsConfig'], to_s) },
- 'subnetwork' => ->(obj) { return :subnetwork, obj['subnetwork'] },
- 'locations' => ->(obj) { return :locations, obj['locations'] },
- 'resourceLabels' => ->(obj) { return :resource_labels, obj['resourceLabels'] },
- 'labelFingerprint' => ->(obj) { return :label_fingerprint, obj['labelFingerprint'] },
- 'legacyAbac' => ->(obj) { return :legacy_abac, GoogleInSpec::Container::Property::RegionalClusterLegacyAbac.new(obj['legacyAbac'], to_s) },
- 'networkPolicy' => ->(obj) { return :network_policy, GoogleInSpec::Container::Property::RegionalClusterNetworkPolicy.new(obj['networkPolicy'], to_s) },
- 'defaultMaxPodsConstraint' => ->(obj) { return :default_max_pods_constraint, GoogleInSpec::Container::Property::RegionalClusterDefaultMaxPodsConstraint.new(obj['defaultMaxPodsConstraint'], to_s) },
- 'ipAllocationPolicy' => ->(obj) { return :ip_allocation_policy, GoogleInSpec::Container::Property::RegionalClusterIpAllocationPolicy.new(obj['ipAllocationPolicy'], to_s) },
- 'endpoint' => ->(obj) { return :endpoint, obj['endpoint'] },
- 'initialClusterVersion' => ->(obj) { return :initial_cluster_version, obj['initialClusterVersion'] },
- 'currentMasterVersion' => ->(obj) { return :current_master_version, obj['currentMasterVersion'] },
- 'currentNodeVersion' => ->(obj) { return :current_node_version, obj['currentNodeVersion'] },
- 'createTime' => ->(obj) { return :create_time, parse_time_string(obj['createTime']) },
- 'status' => ->(obj) { return :status, obj['status'] },
- 'statusMessage' => ->(obj) { return :status_message, obj['statusMessage'] },
- 'nodeIpv4CidrSize' => ->(obj) { return :node_ipv4_cidr_size, obj['nodeIpv4CidrSize'] },
- 'servicesIpv4Cidr' => ->(obj) { return :services_ipv4_cidr, obj['servicesIpv4Cidr'] },
- 'currentNodeCount' => ->(obj) { return :current_node_count, obj['currentNodeCount'] },
- 'expireTime' => ->(obj) { return :expire_time, parse_time_string(obj['expireTime']) },
- 'enableTpu' => ->(obj) { return :enable_tpu, obj['enableTpu'] },
- 'tpuIpv4CidrBlock' => ->(obj) { return :tpu_ipv4_cidr_block, obj['tpuIpv4CidrBlock'] },
- 'conditions' => ->(obj) { return :conditions, GoogleInSpec::Container::Property::RegionalClusterConditionsArray.parse(obj['conditions'], to_s) },
- 'masterAuthorizedNetworksConfig' => ->(obj) { return :master_authorized_networks_config, GoogleInSpec::Container::Property::RegionalClusterMasterAuthorizedNetworksConfig.new(obj['masterAuthorizedNetworksConfig'], to_s) },
- 'location' => ->(obj) { return :location, obj['location'] },
- }
- end
-
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
- private
-
- def product_url
- 'https://container.googleapis.com/v1/'
- end
-
- def resource_base_url
- 'projects/{{project}}/locations/{{location}}/clusters'
- end
-end
diff --git a/libraries/google_container_regional_node_pool.rb b/libraries/google_container_regional_node_pool.rb
deleted file mode 100644
index 1b0786098..000000000
--- a/libraries/google_container_regional_node_pool.rb
+++ /dev/null
@@ -1,92 +0,0 @@
-# frozen_string_literal: false
-
-# ----------------------------------------------------------------------------
-#
-# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
-#
-# ----------------------------------------------------------------------------
-#
-# This file is automatically generated by Magic Modules and manual
-# changes will be clobbered when the file is regenerated.
-#
-# Please read more about how to change this file in README.md and
-# CONTRIBUTING.md located at the root of this package.
-#
-# ----------------------------------------------------------------------------
-require 'gcp_backend'
-require 'google/container/property/regionalnodepool_autoscaling'
-require 'google/container/property/regionalnodepool_conditions'
-require 'google/container/property/regionalnodepool_config'
-require 'google/container/property/regionalnodepool_config_accelerators'
-require 'google/container/property/regionalnodepool_config_taints'
-require 'google/container/property/regionalnodepool_management'
-require 'google/container/property/regionalnodepool_management_upgrade_options'
-require 'google/container/property/regionalnodepool_max_pods_constraint'
-
-# A provider to manage Google Kubernetes Engine resources.
-class ContainerRegionalNodePool < GcpResourceBase
- name 'google_container_regional_node_pool'
- desc 'RegionalNodePool'
- supports platform: 'gcp'
-
- attr_reader :params
- attr_reader :name
- attr_reader :config
- attr_reader :initial_node_count
- attr_reader :status
- attr_reader :status_message
- attr_reader :version
- attr_reader :autoscaling
- attr_reader :management
- attr_reader :max_pods_constraint
- attr_reader :conditions
- attr_reader :pod_ipv4_cidr_size
- attr_reader :cluster
- attr_reader :location
-
- def initialize(params)
- super(params.merge({ use_http_transport: true }))
- @params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
- parse unless @fetched.nil?
- end
-
- def parse
- @name = @fetched['name']
- @config = GoogleInSpec::Container::Property::RegionalNodePoolConfig.new(@fetched['config'], to_s)
- @initial_node_count = @fetched['initialNodeCount']
- @status = @fetched['status']
- @status_message = @fetched['statusMessage']
- @version = @fetched['version']
- @autoscaling = GoogleInSpec::Container::Property::RegionalNodePoolAutoscaling.new(@fetched['autoscaling'], to_s)
- @management = GoogleInSpec::Container::Property::RegionalNodePoolManagement.new(@fetched['management'], to_s)
- @max_pods_constraint = GoogleInSpec::Container::Property::RegionalNodePoolMaxPodsConstraint.new(@fetched['maxPodsConstraint'], to_s)
- @conditions = GoogleInSpec::Container::Property::RegionalNodePoolConditionsArray.parse(@fetched['conditions'], to_s)
- @pod_ipv4_cidr_size = @fetched['podIpv4CidrSize']
- @cluster = @fetched['cluster']
- @location = @fetched['location']
- end
-
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
- def exists?
- !@fetched.nil?
- end
-
- def to_s
- "RegionalNodePool #{@params[:name]}"
- end
-
- private
-
- def product_url
- 'https://container.googleapis.com/v1/'
- end
-
- def resource_base_url
- 'projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/nodePools/{{name}}'
- end
-end
diff --git a/libraries/google_container_regional_node_pools.rb b/libraries/google_container_regional_node_pools.rb
deleted file mode 100644
index 8297275db..000000000
--- a/libraries/google_container_regional_node_pools.rb
+++ /dev/null
@@ -1,108 +0,0 @@
-# frozen_string_literal: false
-
-# ----------------------------------------------------------------------------
-#
-# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
-#
-# ----------------------------------------------------------------------------
-#
-# This file is automatically generated by Magic Modules and manual
-# changes will be clobbered when the file is regenerated.
-#
-# Please read more about how to change this file in README.md and
-# CONTRIBUTING.md located at the root of this package.
-#
-# ----------------------------------------------------------------------------
-require 'gcp_backend'
-class ContainerRegionalNodePools < GcpResourceBase
- name 'google_container_regional_node_pools'
- desc 'RegionalNodePool plural resource'
- supports platform: 'gcp'
-
- attr_reader :table
-
- filter_table_config = FilterTable.create
-
- filter_table_config.add(:names, field: :name)
- filter_table_config.add(:configs, field: :config)
- filter_table_config.add(:initial_node_counts, field: :initial_node_count)
- filter_table_config.add(:statuses, field: :status)
- filter_table_config.add(:status_messages, field: :status_message)
- filter_table_config.add(:versions, field: :version)
- filter_table_config.add(:autoscalings, field: :autoscaling)
- filter_table_config.add(:managements, field: :management)
- filter_table_config.add(:max_pods_constraints, field: :max_pods_constraint)
- filter_table_config.add(:conditions, field: :conditions)
- filter_table_config.add(:pod_ipv4_cidr_sizes, field: :pod_ipv4_cidr_size)
- filter_table_config.add(:clusters, field: :cluster)
- filter_table_config.add(:locations, field: :location)
-
- filter_table_config.connect(self, :table)
-
- def initialize(params = {})
- super(params.merge({ use_http_transport: true }))
- @params = params
- @table = fetch_wrapped_resource('nodePools')
- end
-
- def fetch_wrapped_resource(wrap_path)
- # fetch_resource returns an array of responses (to handle pagination)
- result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
- return if result.nil?
-
- # Conversion of string -> object hash to symbol -> object hash that InSpec needs
- converted = []
- result.each do |response|
- next if response.nil? || !response.key?(wrap_path)
- response[wrap_path].each do |hash|
- hash_with_symbols = {}
- hash.each_key do |key|
- name, value = transform(key, hash)
- hash_with_symbols[name] = value
- end
- converted.push(hash_with_symbols)
- end
- end
-
- converted
- end
-
- def transform(key, value)
- return transformers[key].call(value) if transformers.key?(key)
-
- [key.to_sym, value]
- end
-
- def transformers
- {
- 'name' => ->(obj) { return :name, obj['name'] },
- 'config' => ->(obj) { return :config, GoogleInSpec::Container::Property::RegionalNodePoolConfig.new(obj['config'], to_s) },
- 'initialNodeCount' => ->(obj) { return :initial_node_count, obj['initialNodeCount'] },
- 'status' => ->(obj) { return :status, obj['status'] },
- 'statusMessage' => ->(obj) { return :status_message, obj['statusMessage'] },
- 'version' => ->(obj) { return :version, obj['version'] },
- 'autoscaling' => ->(obj) { return :autoscaling, GoogleInSpec::Container::Property::RegionalNodePoolAutoscaling.new(obj['autoscaling'], to_s) },
- 'management' => ->(obj) { return :management, GoogleInSpec::Container::Property::RegionalNodePoolManagement.new(obj['management'], to_s) },
- 'maxPodsConstraint' => ->(obj) { return :max_pods_constraint, GoogleInSpec::Container::Property::RegionalNodePoolMaxPodsConstraint.new(obj['maxPodsConstraint'], to_s) },
- 'conditions' => ->(obj) { return :conditions, GoogleInSpec::Container::Property::RegionalNodePoolConditionsArray.parse(obj['conditions'], to_s) },
- 'podIpv4CidrSize' => ->(obj) { return :pod_ipv4_cidr_size, obj['podIpv4CidrSize'] },
- 'cluster' => ->(obj) { return :cluster, obj['cluster'] },
- 'location' => ->(obj) { return :location, obj['location'] },
- }
- end
-
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
- private
-
- def product_url
- 'https://container.googleapis.com/v1/'
- end
-
- def resource_base_url
- 'projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/nodePools'
- end
-end
diff --git a/libraries/google_dataproc_cluster.rb b/libraries/google_dataproc_cluster.rb
index 21cb30ab9..2e1ab6dd4 100644
--- a/libraries/google_dataproc_cluster.rb
+++ b/libraries/google_dataproc_cluster.rb
@@ -46,7 +46,7 @@ class DataprocCluster < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -57,11 +57,6 @@ def parse
@region = @fetched['region']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -72,8 +67,12 @@ def to_s
private
- def product_url
- 'https://dataproc.googleapis.com/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://dataproc.googleapis.com/v1beta2/'
+ else
+ 'https://dataproc.googleapis.com/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_dataproc_clusters.rb b/libraries/google_dataproc_clusters.rb
index 6e5045b8e..338959419 100644
--- a/libraries/google_dataproc_clusters.rb
+++ b/libraries/google_dataproc_clusters.rb
@@ -73,15 +73,14 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
- 'https://dataproc.googleapis.com/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://dataproc.googleapis.com/v1beta2/'
+ else
+ 'https://dataproc.googleapis.com/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_dns_managed_zone.rb b/libraries/google_dns_managed_zone.rb
index 62f191035..4a4c5661c 100644
--- a/libraries/google_dns_managed_zone.rb
+++ b/libraries/google_dns_managed_zone.rb
@@ -1,55 +1,112 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/dns/property/managedzone_dnssec_config'
+require 'google/dns/property/managedzone_dnssec_config_default_key_specs'
+require 'google/dns/property/managedzone_forwarding_config'
+require 'google/dns/property/managedzone_forwarding_config_target_name_servers'
+require 'google/dns/property/managedzone_peering_config'
+require 'google/dns/property/managedzone_peering_config_target_network'
+require 'google/dns/property/managedzone_private_visibility_config'
+require 'google/dns/property/managedzone_private_visibility_config_networks'
-module Inspec::Resources
- class GoogleDnsManagedZone < GcpResourceBase
- name 'google_dns_managed_zone'
- desc 'Verifies settings for a GCP DNS managed zone'
-
- example "
- describe google_dns_managed_zone(project: 'chef-inspec-gcp', zone: 'zone-name') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @managed_zone = @gcp.gcp_client(Google::Apis::DnsV2beta1::DnsService).get_managed_zone(opts[:project], opts[:zone])
- create_resource_methods(@managed_zone)
- @key_specs = {}
- if defined?(@managed_zone.dnssec_config.default_key_specs) && !@managed_zone.dnssec_config.default_key_specs.nil?
- @managed_zone.dnssec_config.default_key_specs.each do |spec|
- @key_specs[spec.key_type] = spec.algorithm
- end
- end
- end
- end
+# A provider to manage Cloud DNS resources.
+class DNSManagedZone < GcpResourceBase
+ name 'google_dns_managed_zone'
+ desc 'ManagedZone'
+ supports platform: 'gcp'
- def exists?
- !@managed_zone.nil?
- end
+ attr_reader :params
+ attr_reader :description
+ attr_reader :dns_name
+ attr_reader :dnssec_config
+ attr_reader :id
+ attr_reader :name
+ attr_reader :name_servers
+ attr_reader :name_server_set
+ attr_reader :creation_time
+ attr_reader :labels
+ attr_reader :visibility
+ attr_reader :private_visibility_config
+ attr_reader :forwarding_config
+ attr_reader :peering_config
+ attr_reader :reverse_lookup
- def creation_time_date
- return false if !defined?(@managed_zone.creation_time) || @managed_zone.creation_time.nil?
- Time.parse(@managed_zone.creation_time)
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- def key_signing_key_algorithm
- raise Inspec::Exceptions::ResourceFailed, "google_dns_managed_zone is missing expected property 'dnssec_config.default_key_specs KEY_SIGNING'" if !@key_specs.key?('KEY_SIGNING')
- @key_specs['KEY_SIGNING']
+ def parse
+ @description = @fetched['description']
+ @dns_name = @fetched['dnsName']
+ @dnssec_config = GoogleInSpec::DNS::Property::ManagedZoneDnssecConfig.new(@fetched['dnssecConfig'], to_s)
+ @id = @fetched['id']
+ @name = @fetched['name']
+ @name_servers = @fetched['nameServers']
+ @name_server_set = @fetched['nameServerSet']
+ @creation_time = parse_time_string(@fetched['creationTime'])
+ @labels = @fetched['labels']
+ @visibility = @fetched['visibility']
+ @private_visibility_config = GoogleInSpec::DNS::Property::ManagedZonePrivateVisibilityConfig.new(@fetched['privateVisibilityConfig'], to_s)
+ @forwarding_config = GoogleInSpec::DNS::Property::ManagedZoneForwardingConfig.new(@fetched['forwardingConfig'], to_s)
+ @peering_config = GoogleInSpec::DNS::Property::ManagedZonePeeringConfig.new(@fetched['peeringConfig'], to_s)
+ @reverse_lookup = @fetched['reverseLookupConfig']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "ManagedZone #{@params[:zone]}"
+ end
+
+ def key_signing_key_algorithm
+ specs = @dnssec_config&.default_key_specs | []
+ specs.each do |spec|
+ return spec.algorithm if spec.key_type == 'keySigning'
end
+ end
- def zone_signing_key_algorithm
- raise Inspec::Exceptions::ResourceFailed, "google_dns_managed_zone is missing expected property 'dnssec_config.default_key_specs ZONE_SIGNING'" if !@key_specs.key?('ZONE_SIGNING')
- @key_specs['ZONE_SIGNING']
+ def zone_signing_key_algorithm
+ specs = @dnssec_config&.default_key_specs | []
+ specs.each do |spec|
+ return spec.algorithm if spec.key_type == 'zoneSigning'
end
+ end
+
+ private
- def to_s
- "DNS Managed Zone #{@display_name}"
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/dns/v1beta2/'
+ else
+ 'https://www.googleapis.com/dns/v1/'
end
end
+
+ def resource_base_url
+ 'projects/{{project}}/managedZones/{{zone}}'
+ end
end
diff --git a/libraries/google_dns_managed_zones.rb b/libraries/google_dns_managed_zones.rb
index 0dcde2701..5d519a67b 100644
--- a/libraries/google_dns_managed_zones.rb
+++ b/libraries/google_dns_managed_zones.rb
@@ -1,55 +1,116 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/dns_v2beta1'
+class DNSManagedZones < GcpResourceBase
+ name 'google_dns_managed_zones'
+ desc 'ManagedZone plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleDnsManagedZones < GcpResourceBase
- name 'google_dns_managed_zones'
- desc 'Verifies settings for GCP DNS managed zones in bulk'
+ attr_reader :table
- example "
- describe google_dns_managed_zones(project: 'chef-inspec-gcp') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- end
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:zone_dns_names, field: :zone_dns_name)
+ filter_table_config.add(:dnssec_configs, field: :dnssec_config)
+ filter_table_config.add(:zone_ids, field: :zone_id)
+ filter_table_config.add(:zone_names, field: :zone_name)
+ filter_table_config.add(:name_servers, field: :name_servers)
+ filter_table_config.add(:name_server_sets, field: :name_server_set)
+ filter_table_config.add(:creation_times, field: :creation_time)
+ filter_table_config.add(:labels, field: :labels)
+ filter_table_config.add(:visibilities, field: :visibility)
+ filter_table_config.add(:private_visibility_configs, field: :private_visibility_config)
+ filter_table_config.add(:forwarding_configs, field: :forwarding_config)
+ filter_table_config.add(:peering_configs, field: :peering_config)
+ filter_table_config.add(:reverse_lookups, field: :reverse_lookup)
+ filter_table_config.add(:dnssec_config_states, field: :dnssec_config_state)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:zone_ids, field: :zone_id)
- filter_table_config.add(:zone_names, field: :zone_name)
- filter_table_config.add(:zone_dns_names, field: :zone_dns_name)
- filter_table_config.add(:dnssec_config_states, field: :dnssec_config_state)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- managed_zones = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @managed_zones = @gcp.gcp_client(Google::Apis::DnsV2beta1::DnsService).list_managed_zones(@project, page_token: next_page)
- end
- return [] if !@managed_zones || !@managed_zones.managed_zones
- @managed_zones.managed_zones.map do |zone|
- dns_enabled=false
- if defined?(zone.dnssec_config.state)
- dns_enabled=true if zone.dnssec_config.state.casecmp('on').zero?
- end
- managed_zones+=[{ zone_id: zone.id,
- zone_name: zone.name,
- zone_dns_name: zone.dns_name,
- dnssec_config_state: dns_enabled }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('managedZones')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @managed_zones.next_page_token
- break unless next_page
+ hash_with_symbols[:dnssec_config_state] = hash.dig('dnssecConfig', 'state')&.downcase == 'on'
+ converted.push(hash_with_symbols)
end
- @table = managed_zones
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'dnsName' => ->(obj) { return :zone_dns_name, obj['dnsName'] },
+ 'dnssecConfig' => ->(obj) { return :dnssec_config, GoogleInSpec::DNS::Property::ManagedZoneDnssecConfig.new(obj['dnssecConfig'], to_s) },
+ 'id' => ->(obj) { return :zone_id, obj['id'] },
+ 'name' => ->(obj) { return :zone_name, obj['name'] },
+ 'nameServers' => ->(obj) { return :name_servers, obj['nameServers'] },
+ 'nameServerSet' => ->(obj) { return :name_server_set, obj['nameServerSet'] },
+ 'creationTime' => ->(obj) { return :creation_time, parse_time_string(obj['creationTime']) },
+ 'labels' => ->(obj) { return :labels, obj['labels'] },
+ 'visibility' => ->(obj) { return :visibility, obj['visibility'] },
+ 'privateVisibilityConfig' => ->(obj) { return :private_visibility_config, GoogleInSpec::DNS::Property::ManagedZonePrivateVisibilityConfig.new(obj['privateVisibilityConfig'], to_s) },
+ 'forwardingConfig' => ->(obj) { return :forwarding_config, GoogleInSpec::DNS::Property::ManagedZoneForwardingConfig.new(obj['forwardingConfig'], to_s) },
+ 'peeringConfig' => ->(obj) { return :peering_config, GoogleInSpec::DNS::Property::ManagedZonePeeringConfig.new(obj['peeringConfig'], to_s) },
+ 'reverseLookupConfig' => ->(obj) { return :reverse_lookup, obj['reverseLookupConfig'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/dns/v1beta2/'
+ else
+ 'https://www.googleapis.com/dns/v1/'
+ end
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/managedZones'
end
end
diff --git a/libraries/google_dns_resource_record_set.rb b/libraries/google_dns_resource_record_set.rb
index 673a45278..2a3a29a28 100644
--- a/libraries/google_dns_resource_record_set.rb
+++ b/libraries/google_dns_resource_record_set.rb
@@ -31,7 +31,7 @@ class DNSResourceRecordSet < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
@fetched = unwrap(fetched, params)
parse unless @fetched.nil?
end
@@ -45,7 +45,7 @@ def collection_item
end
def unwrap(fetched, params)
- fetched[collection_item].find { |result| identity.all? { |id| result[id.to_sym] == params[id] } }
+ fetched[collection_item].find { |result| identity.all? { |id| result[id] == params[id.to_sym] } }
end
def parse
@@ -56,11 +56,6 @@ def parse
@managed_zone = @fetched['managed_zone']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -71,8 +66,12 @@ def to_s
private
- def product_url
- 'https://www.googleapis.com/dns/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/dns/v1beta2/'
+ else
+ 'https://www.googleapis.com/dns/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_dns_resource_record_sets.rb b/libraries/google_dns_resource_record_sets.rb
index 17d2f381b..4f8b68d01 100644
--- a/libraries/google_dns_resource_record_sets.rb
+++ b/libraries/google_dns_resource_record_sets.rb
@@ -75,15 +75,14 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
- 'https://www.googleapis.com/dns/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://www.googleapis.com/dns/v1beta2/'
+ else
+ 'https://www.googleapis.com/dns/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_filestore_instance.rb b/libraries/google_filestore_instance.rb
index 6733fc199..288e8b371 100644
--- a/libraries/google_filestore_instance.rb
+++ b/libraries/google_filestore_instance.rb
@@ -37,7 +37,7 @@ class FilestoreInstance < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -68,7 +68,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://file.googleapis.com/v1/'
end
diff --git a/libraries/google_filestore_instances.rb b/libraries/google_filestore_instances.rb
index c8e6e284b..ae596f3e6 100644
--- a/libraries/google_filestore_instances.rb
+++ b/libraries/google_filestore_instances.rb
@@ -90,7 +90,7 @@ def parse_time_string(time_string)
private
- def product_url
+ def product_url(_ = nil)
'https://file.googleapis.com/v1/'
end
diff --git a/libraries/google_iam_organization_custom_role.rb b/libraries/google_iam_organization_custom_role.rb
new file mode 100644
index 000000000..bcfaa0f59
--- /dev/null
+++ b/libraries/google_iam_organization_custom_role.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+
+# A provider to manage Cloud IAM resources.
+class IAMOrganizationCustomRole < GcpResourceBase
+ name 'google_iam_organization_custom_role'
+ desc 'OrganizationCustomRole'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :name
+ attr_reader :title
+ attr_reader :description
+ attr_reader :included_permissions
+ attr_reader :stage
+ attr_reader :deleted
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @name = @fetched['name']
+ @title = @fetched['title']
+ @description = @fetched['description']
+ @included_permissions = @fetched['includedPermissions']
+ @stage = @fetched['stage']
+ @deleted = @fetched['deleted']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "OrganizationCustomRole #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://iam.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'organizations/{{org_id}}/roles/{{name}}'
+ end
+end
diff --git a/libraries/google_iam_organization_custom_roles.rb b/libraries/google_iam_organization_custom_roles.rb
new file mode 100644
index 000000000..e877af2b1
--- /dev/null
+++ b/libraries/google_iam_organization_custom_roles.rb
@@ -0,0 +1,89 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+class IAMOrganizationCustomRoles < GcpResourceBase
+ name 'google_iam_organization_custom_roles'
+ desc 'OrganizationCustomRole plural resource'
+ supports platform: 'gcp'
+
+ attr_reader :table
+
+ filter_table_config = FilterTable.create
+
+ filter_table_config.add(:names, field: :name)
+ filter_table_config.add(:titles, field: :title)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:included_permissions, field: :included_permissions)
+ filter_table_config.add(:stages, field: :stage)
+ filter_table_config.add(:deleteds, field: :deleted)
+
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('roles')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
+ end
+ end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :name, obj['name'] },
+ 'title' => ->(obj) { return :title, obj['title'] },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'includedPermissions' => ->(obj) { return :included_permissions, obj['includedPermissions'] },
+ 'stage' => ->(obj) { return :stage, obj['stage'] },
+ 'deleted' => ->(obj) { return :deleted, obj['deleted'] },
+ }
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://iam.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'organizations/{{org_id}}/roles?view=FULL'
+ end
+end
diff --git a/libraries/google_kms_crypto_key.rb b/libraries/google_kms_crypto_key.rb
index 7f4b4a857..54edd9cb4 100644
--- a/libraries/google_kms_crypto_key.rb
+++ b/libraries/google_kms_crypto_key.rb
@@ -1,83 +1,79 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'time'
-require 'google/apis/cloudkms_v1'
+require 'google/kms/property/cryptokey_version_template'
-module Inspec::Resources
- class GoogleKMSCryptoKey < GcpResourceBase
- name 'google_kms_crypto_key'
- desc 'Verifies settings for a KMS key ring'
+# A provider to manage Cloud KMS resources.
+class KMSCryptoKey < GcpResourceBase
+ name 'google_kms_crypto_key'
+ desc 'CryptoKey'
+ supports platform: 'gcp'
- example "
- describe google_kms_crypto_key(project: 'chef-inspec-gcp', location: 'us-east1', key_ring_name: 'key-ring', name: 'crypto-key') do
- it { should exist }
- end
- "
+ attr_reader :params
+ attr_reader :crypto_key_name
+ attr_reader :create_time
+ attr_reader :labels
+ attr_reader :purpose
+ attr_reader :rotation_period
+ attr_reader :version_template
+ attr_reader :next_rotation_time
+ attr_reader :key_ring
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @kms_crypto_key = @gcp.gcp_client(Google::Apis::CloudkmsV1::CloudKMSService).get_project_location_key_ring_crypto_key("projects/#{opts[:project]}/locations/#{opts[:location]}/keyRings/#{opts[:key_ring_name]}/cryptoKeys/#{opts[:name]}")
- create_resource_methods(@kms_crypto_key)
- end
- end
-
- def crypto_key_name
- return '' if !defined?(name) || name.nil?
- name.split('/').last
- end
-
- def create_time_date
- return false if !defined?(create_time) || create_time.nil?
- Time.parse(create_time)
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- # this is added for completeness as crypto key IAM bindings use the crypto_key_url as an identifier
- def crypto_key_url
- return '' if !defined?(name) || name.nil?
- name
- end
+ def parse
+ @crypto_key_name = name_from_self_link(@fetched['name'])
+ @create_time = parse_time_string(@fetched['createTime'])
+ @labels = @fetched['labels']
+ @purpose = @fetched['purpose']
+ @rotation_period = @fetched['rotationPeriod']
+ @version_template = GoogleInSpec::KMS::Property::CryptoKeyVersionTemplate.new(@fetched['versionTemplate'], to_s)
+ @next_rotation_time = parse_time_string(@fetched['nextRotationTime'])
+ @key_ring = @fetched['keyRing']
+ end
- def next_rotation_time_date
- return false if !defined?(next_rotation_time) || next_rotation_time.nil?
- Time.parse(next_rotation_time)
- end
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
- def primary_create_time_date
- return false if !defined?(primary.create_time) || primary.create_time.nil?
- Time.parse(primary.create_time)
- end
+ def exists?
+ !@fetched.nil?
+ end
- def rotation_period_seconds
- return 0 if !defined?(rotation_period) || rotation_period.nil?
- result = nil
- conversion = { 's'=>1, 'm'=>60, 'h'=>60*60, 'd'=>24*60*60 }
- conversion.each do |time_unit, multiplier|
- next if /#{time_unit}/.match(rotation_period).nil?
- result=rotation_period.gsub(time_unit, '').to_i*multiplier
- end
- result
- end
+ def to_s
+ "CryptoKey #{@params[:name]}"
+ end
- def primary_name
- return '' if !defined?(primary.name) || primary.name.nil?
- primary.name
- end
+ def primary_state
+ @fetched['primary']['state']
+ end
- def primary_state
- return false if !defined?(primary.state) || primary.state.nil?
- primary.state
- end
+ private
- def exists?
- !@kms_crypto_key.nil?
- end
+ def product_url(_ = nil)
+ 'https://cloudkms.googleapis.com/v1/'
+ end
- def to_s
- "Crytpo Key #{@display_name}"
- end
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring_name}}/cryptoKeys/{{name}}'
end
end
diff --git a/libraries/google_kms_crypto_key_iam_binding.rb b/libraries/google_kms_crypto_key_iam_binding.rb
index 70975004e..b1d73fe49 100644
--- a/libraries/google_kms_crypto_key_iam_binding.rb
+++ b/libraries/google_kms_crypto_key_iam_binding.rb
@@ -1,48 +1,84 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
-module Inspec::Resources
- class GoogleKMSCryptoKeyIAMBinding < GcpResourceBase
- name 'google_kms_crypto_key_iam_binding'
- desc 'Verifies settings for a single KMS Crypto Key IAM binding'
+# A provider to manage Cloud KMS IAM Binding resources.
+class CryptoKeyIamBinding < GcpResourceBase
+ name 'google_kms_crypto_key_iam_binding'
+ desc 'CryptoKey Iam Binding'
+ supports platform: 'gcp'
- example "
- describe google_kms_crypto_key_iam_binding(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name', role: 'roles/owner') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @crypto_key_url = opts[:crypto_key_url]
- @role = opts[:role]
- @iam_binding_exists = false
- @members_list=[]
- catch_gcp_errors do
- # note this is the same call as for the plural iam_bindings resource because there isn't an easy way to pull out a singular binding
- @iam_bindings = @gcp.gcp_client(Google::Apis::CloudkmsV1::CloudKMSService).get_project_location_key_ring_crypto_key_iam_policy(@crypto_key_url)
- raise Inspec::Exceptions::ResourceFailed, "google_kms_crypto_key_iam_binding is missing expected IAM policy 'bindings' property" if !@iam_bindings || !@iam_bindings.bindings
- @iam_bindings.bindings.each do |binding|
- next if binding.role != @role
- @iam_binding_exists=true
- @members_list=binding.members
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
end
+ end
- # return the list of users corresponding to the role
- def members
- @members_list
- end
+ def exists?
+ @iam_binding_exists
+ end
- def exists?
- @iam_binding_exists
- end
+ def members
+ @members_list
+ end
- def to_s
- "Crypto Key IAM Binding #{@role}"
- end
+ def to_s
+ "CryptoKey IamBinding #{@params[:crypto_key_name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://cloudkms.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring_name}}/cryptoKeys/{{crypto_key_name}}:getIamPolicy'
end
end
diff --git a/libraries/google_kms_crypto_key_iam_policy.rb b/libraries/google_kms_crypto_key_iam_policy.rb
new file mode 100644
index 000000000..3aa1e9cdd
--- /dev/null
+++ b/libraries/google_kms_crypto_key_iam_policy.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_audit_configs'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud KMS IAM Policy resources.
+class CryptoKeyIamPolicy < GcpResourceBase
+ name 'google_kms_crypto_key_iam_policy'
+ desc 'CryptoKey Iam Policy'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :bindings
+ attr_reader :audit_configs
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s)
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "CryptoKey IamPolicy #{@params[:crypto_key_name]}"
+ end
+
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
+ private
+
+ def product_url
+ 'https://cloudkms.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring_name}}/cryptoKeys/{{crypto_key_name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_kms_crypto_keys.rb b/libraries/google_kms_crypto_keys.rb
index 3d84b7037..cb80f6c3b 100644
--- a/libraries/google_kms_crypto_keys.rb
+++ b/libraries/google_kms_crypto_keys.rb
@@ -1,48 +1,98 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class KMSCryptoKeys < GcpResourceBase
+ name 'google_kms_crypto_keys'
+ desc 'CryptoKey plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleKMSCryptoKeys < GcpResourceBase
- name 'google_kms_crypto_keys'
- desc 'Verifies settings for GCP KMS crypto keys in bulk'
+ attr_reader :table
- example "
- describe google_kms_crypto_keys(project: 'chef-inspec-gcp', location: 'us-east1', crypto_key_name: 'key-ring') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @location = opts[:location]
- @key_ring_name = opts[:key_ring_name]
- end
+ filter_table_config = FilterTable.create
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:crypto_key_names, field: :crypto_key_name)
- filter_table_config.add(:crypto_key_urls, field: :crypto_key_url)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- crypto_key_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @crypto_keys = @gcp.gcp_client(Google::Apis::CloudkmsV1::CloudKMSService).list_project_location_key_ring_crypto_keys("projects/#{@project}/locations/#{@location}/keyRings/#{@key_ring_name}", page_token: next_page)
- end
- return [] if !@crypto_keys || !@crypto_keys.crypto_keys
- @crypto_keys.crypto_keys.map do |crypto_key|
- crypto_key_rows += [{ crypto_key_name: crypto_key.name.split('/').last,
- crypto_key_url: crypto_key.name }]
+ filter_table_config.add(:crypto_key_names, field: :crypto_key_name)
+ filter_table_config.add(:create_times, field: :create_time)
+ filter_table_config.add(:labels, field: :labels)
+ filter_table_config.add(:purposes, field: :purpose)
+ filter_table_config.add(:rotation_periods, field: :rotation_period)
+ filter_table_config.add(:version_templates, field: :version_template)
+ filter_table_config.add(:next_rotation_times, field: :next_rotation_time)
+ filter_table_config.add(:key_rings, field: :key_ring)
+
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('cryptoKeys')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @crypto_keys.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = crypto_key_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :crypto_key_name, name_from_self_link(obj['name']) },
+ 'createTime' => ->(obj) { return :create_time, parse_time_string(obj['createTime']) },
+ 'labels' => ->(obj) { return :labels, obj['labels'] },
+ 'purpose' => ->(obj) { return :purpose, obj['purpose'] },
+ 'rotationPeriod' => ->(obj) { return :rotation_period, obj['rotationPeriod'] },
+ 'versionTemplate' => ->(obj) { return :version_template, GoogleInSpec::KMS::Property::CryptoKeyVersionTemplate.new(obj['versionTemplate'], to_s) },
+ 'nextRotationTime' => ->(obj) { return :next_rotation_time, parse_time_string(obj['nextRotationTime']) },
+ 'keyRing' => ->(obj) { return :key_ring, obj['keyRing'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://cloudkms.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring_name}}/cryptoKeys'
end
end
diff --git a/libraries/google_kms_key_ring.rb b/libraries/google_kms_key_ring.rb
index 7df1e05b3..928bbeeb8 100644
--- a/libraries/google_kms_key_ring.rb
+++ b/libraries/google_kms_key_ring.rb
@@ -1,52 +1,68 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'time'
-require 'google/apis/cloudkms_v1'
-
-module Inspec::Resources
- class GoogleKMSKeyRing < GcpResourceBase
- name 'google_kms_key_ring'
- desc 'Verifies settings for a KMS key ring'
-
- example "
- describe google_kms_key_ring(project: 'chef-inspec-gcp', location: 'us-east1', name: 'key-ring-name') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @kms_key_ring = @gcp.gcp_client(Google::Apis::CloudkmsV1::CloudKMSService).get_project_location_key_ring("projects/#{opts[:project]}/locations/#{opts[:location]}/keyRings/#{opts[:name]}")
- create_resource_methods(@kms_key_ring)
- end
- end
-
- def key_ring_name
- return '' if !defined?(name) || name.nil?
- name.split('/').last
- end
-
- def create_time_date
- return false if !defined?(create_time) || create_time.nil?
- Time.parse(create_time)
- end
-
- # this is added for completeness as key ring IAM bindings use the key_ring_url as an identifier
- def key_ring_url
- return '' if !defined?(name) || name.nil?
- name
- end
-
- def exists?
- !@kms_key_ring.nil?
- end
-
- def to_s
- "Key Ring #{@display_name}"
- end
+
+# A provider to manage Cloud KMS resources.
+class KMSKeyRing < GcpResourceBase
+ name 'google_kms_key_ring'
+ desc 'KeyRing'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :create_time
+ attr_reader :key_ring_url
+ attr_reader :location
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @create_time = parse_time_string(@fetched['createTime'])
+ @key_ring_url = @fetched['name']
+ @location = @fetched['location']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "KeyRing #{@params[:name]}"
+ end
+
+ def key_ring_name
+ name_from_self_link(@key_ring_url)
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://cloudkms.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/keyRings/{{name}}'
end
end
diff --git a/libraries/google_kms_key_ring_iam_binding.rb b/libraries/google_kms_key_ring_iam_binding.rb
index 931c063fb..a3f74acc1 100644
--- a/libraries/google_kms_key_ring_iam_binding.rb
+++ b/libraries/google_kms_key_ring_iam_binding.rb
@@ -1,49 +1,84 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
-module Inspec::Resources
- class GoogleKMSKeyRingIAMBinding < GcpResourceBase
- name 'google_kms_key_ring_iam_binding'
- desc 'Verifies settings for a single KMS Key Ring IAM binding'
+# A provider to manage Cloud KMS IAM Binding resources.
+class KeyRingIamBinding < GcpResourceBase
+ name 'google_kms_key_ring_iam_binding'
+ desc 'KeyRing Iam Binding'
+ supports platform: 'gcp'
- example "
- describe google_kms_key_ring_iam_binding(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring', role: 'roles/compute.admin') do
- it { should exist }
- its('members') {should include 'user:someuser@domain.com' }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @key_ring_url = opts[:key_ring_url]
- @role = opts[:role]
- @iam_binding_exists = false
- @members_list=[]
- catch_gcp_errors do
- # note this is the same call as for the plural iam_bindings resource because there isn't an easy way to pull out a singular binding
- @iam_bindings = @gcp.gcp_client(Google::Apis::CloudkmsV1::CloudKMSService).get_project_location_key_ring_iam_policy(@key_ring_url)
- raise Inspec::Exceptions::ResourceFailed, "google_kms_key_ring_iam_binding is missing expected IAM policy 'bindings' property" if !@iam_bindings || !@iam_bindings.bindings
- @iam_bindings.bindings.each do |binding|
- next if binding.role != @role
- @iam_binding_exists=true
- @members_list=binding.members
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
end
+ end
- # return the list of users corresponding to the role
- def members
- @members_list
- end
+ def exists?
+ @iam_binding_exists
+ end
- def exists?
- @iam_binding_exists
- end
+ def members
+ @members_list
+ end
- def to_s
- "Key Ring IAM Binding #{@role}"
- end
+ def to_s
+ "KeyRing IamBinding #{@params[:key_ring_name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://cloudkms.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring_name}}:getIamPolicy'
end
end
diff --git a/libraries/google_kms_key_ring_iam_bindings.rb b/libraries/google_kms_key_ring_iam_bindings.rb
index 16a85a676..6cd33244f 100644
--- a/libraries/google_kms_key_ring_iam_bindings.rb
+++ b/libraries/google_kms_key_ring_iam_bindings.rb
@@ -1,6 +1,8 @@
# frozen_string_literal: true
require 'gcp_backend'
+require 'time'
+require 'google/apis/cloudkms_v1'
module Inspec::Resources
class GoogleKMSKeyRingIAMBindings < GcpResourceBase
diff --git a/libraries/google_kms_key_ring_iam_policy.rb b/libraries/google_kms_key_ring_iam_policy.rb
new file mode 100644
index 000000000..292bfab31
--- /dev/null
+++ b/libraries/google_kms_key_ring_iam_policy.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_audit_configs'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud KMS IAM Policy resources.
+class KeyRingIamPolicy < GcpResourceBase
+ name 'google_kms_key_ring_iam_policy'
+ desc 'KeyRing Iam Policy'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :bindings
+ attr_reader :audit_configs
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s)
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "KeyRing IamPolicy #{@params[:key_ring_name]}"
+ end
+
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
+ private
+
+ def product_url
+ 'https://cloudkms.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring_name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_kms_key_rings.rb b/libraries/google_kms_key_rings.rb
index f3e32d870..d79fc10a8 100644
--- a/libraries/google_kms_key_rings.rb
+++ b/libraries/google_kms_key_rings.rb
@@ -1,48 +1,90 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class KMSKeyRings < GcpResourceBase
+ name 'google_kms_key_rings'
+ desc 'KeyRing plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleKMSKeyRings < GcpResourceBase
- name 'google_kms_key_rings'
- desc 'Verifies settings for GCP KMS key rings in bulk'
+ attr_reader :table
- example "
- describe google_kms_key_rings(project: 'chef-inspec-gcp', location: 'us-east1') do
- it { should exist }
- ...
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @location = opts[:location]
- end
+ filter_table_config.add(:create_times, field: :create_time)
+ filter_table_config.add(:key_ring_urls, field: :key_ring_url)
+ filter_table_config.add(:locations, field: :location)
+ filter_table_config.add(:key_ring_names, field: :key_ring_name)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:key_ring_names, field: :key_ring_name)
- filter_table_config.add(:key_ring_urls, field: :key_ring_url)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- key_ring_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @key_rings = @gcp.gcp_client(Google::Apis::CloudkmsV1::CloudKMSService).list_project_location_key_rings("projects/#{@project}/locations/#{@location}", page_token: next_page)
- end
- return [] if !@key_rings || !@key_rings.key_rings
- @key_rings.key_rings.map do |key_ring|
- key_ring_rows += [{ key_ring_name: key_ring.name.split('/').last,
- key_ring_url: key_ring.name }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('keyRings')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @key_rings.next_page_token
- break unless next_page
+ hash_with_symbols[:key_ring_name] = name_from_self_link(hash['name'])
+ converted.push(hash_with_symbols)
end
- @table = key_ring_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'createTime' => ->(obj) { return :create_time, parse_time_string(obj['createTime']) },
+ 'name' => ->(obj) { return :key_ring_url, obj['name'] },
+ 'location' => ->(obj) { return :location, obj['location'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://cloudkms.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/locations/{{location}}/keyRings'
end
end
diff --git a/libraries/google_logging_folder_exclusion.rb b/libraries/google_logging_folder_exclusion.rb
index 4780d604b..fc30f5b05 100644
--- a/libraries/google_logging_folder_exclusion.rb
+++ b/libraries/google_logging_folder_exclusion.rb
@@ -31,7 +31,7 @@ class LoggingFolderExclusion < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -43,11 +43,6 @@ def parse
@disabled = @fetched['disabled']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -58,7 +53,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://logging.googleapis.com/v2/'
end
diff --git a/libraries/google_logging_folder_exclusions.rb b/libraries/google_logging_folder_exclusions.rb
index b8f36e64f..700fce7dd 100644
--- a/libraries/google_logging_folder_exclusions.rb
+++ b/libraries/google_logging_folder_exclusions.rb
@@ -75,14 +75,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://logging.googleapis.com/v2/'
end
diff --git a/libraries/google_logging_folder_log_sink.rb b/libraries/google_logging_folder_log_sink.rb
index 94f9a38af..7720bb8b6 100644
--- a/libraries/google_logging_folder_log_sink.rb
+++ b/libraries/google_logging_folder_log_sink.rb
@@ -32,7 +32,7 @@ class LoggingFolderLogSink < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -45,11 +45,6 @@ def parse
@include_children = @fetched['includeChildren']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -60,7 +55,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://logging.googleapis.com/v2/'
end
diff --git a/libraries/google_logging_folder_log_sinks.rb b/libraries/google_logging_folder_log_sinks.rb
index f6fdee3ca..cf721b4fe 100644
--- a/libraries/google_logging_folder_log_sinks.rb
+++ b/libraries/google_logging_folder_log_sinks.rb
@@ -77,14 +77,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://logging.googleapis.com/v2/'
end
diff --git a/libraries/google_logging_organization_log_sink.rb b/libraries/google_logging_organization_log_sink.rb
index 820c3d562..ef8c659dd 100644
--- a/libraries/google_logging_organization_log_sink.rb
+++ b/libraries/google_logging_organization_log_sink.rb
@@ -32,7 +32,7 @@ class LoggingOrganizationLogSink < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -45,11 +45,6 @@ def parse
@include_children = @fetched['includeChildren']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -60,7 +55,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://logging.googleapis.com/v2/'
end
diff --git a/libraries/google_logging_organization_log_sinks.rb b/libraries/google_logging_organization_log_sinks.rb
index e5993f797..97497779c 100644
--- a/libraries/google_logging_organization_log_sinks.rb
+++ b/libraries/google_logging_organization_log_sinks.rb
@@ -77,14 +77,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://logging.googleapis.com/v2/'
end
diff --git a/libraries/google_logging_project_exclusion.rb b/libraries/google_logging_project_exclusion.rb
index d55d68f74..188eb0dff 100644
--- a/libraries/google_logging_project_exclusion.rb
+++ b/libraries/google_logging_project_exclusion.rb
@@ -1,36 +1,63 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/logging_v2'
-
-module Inspec::Resources
- class GoogleLoggingProjectExclusion < GcpResourceBase
- name 'google_logging_project_exclusion'
- desc 'Verifies settings for a project logging exclusion'
-
- example "
- describe google_logging_project_exclusion(project: 'chef-inspec-gcp', exclusion: 'exclusion-name-abcd') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @exclusion = opts[:exclusion]
- catch_gcp_errors do
- @logging_exclusion = @gcp.gcp_client(Google::Apis::LoggingV2::LoggingService).get_project_exclusion("projects/#{opts[:project]}/exclusions/#{opts[:exclusion]}")
- create_resource_methods(@logging_exclusion)
- end
- end
-
- def exists?
- !@logging_exclusion.nil?
- end
-
- def to_s
- "Logging Project Exclusion #{@exclusion}"
- end
+
+# A provider to manage Stackdriver Logging resources.
+class LoggingProjectExclusion < GcpResourceBase
+ name 'google_logging_project_exclusion'
+ desc 'ProjectExclusion'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :project
+ attr_reader :name
+ attr_reader :description
+ attr_reader :filter
+ attr_reader :disabled
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @project = @fetched['project']
+ @name = @fetched['name']
+ @description = @fetched['description']
+ @filter = @fetched['filter']
+ @disabled = @fetched['disabled']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "ProjectExclusion #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://logging.googleapis.com/v2/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/exclusions/{{name}}'
end
end
diff --git a/libraries/google_logging_project_exclusions.rb b/libraries/google_logging_project_exclusions.rb
new file mode 100644
index 000000000..a6d1aa9ec
--- /dev/null
+++ b/libraries/google_logging_project_exclusions.rb
@@ -0,0 +1,87 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+class LoggingProjectExclusions < GcpResourceBase
+ name 'google_logging_project_exclusions'
+ desc 'ProjectExclusion plural resource'
+ supports platform: 'gcp'
+
+ attr_reader :table
+
+ filter_table_config = FilterTable.create
+
+ filter_table_config.add(:projects, field: :project)
+ filter_table_config.add(:names, field: :name)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:filters, field: :filter)
+ filter_table_config.add(:disableds, field: :disabled)
+
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('exclusions')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
+ end
+ end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'project' => ->(obj) { return :project, obj['project'] },
+ 'name' => ->(obj) { return :name, obj['name'] },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'filter' => ->(obj) { return :filter, obj['filter'] },
+ 'disabled' => ->(obj) { return :disabled, obj['disabled'] },
+ }
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://logging.googleapis.com/v2/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/exclusions'
+ end
+end
diff --git a/libraries/google_logging_project_sink.rb b/libraries/google_logging_project_sink.rb
index 3ff0fd3ee..a65eadb8a 100644
--- a/libraries/google_logging_project_sink.rb
+++ b/libraries/google_logging_project_sink.rb
@@ -1,36 +1,65 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/logging_v2'
-
-module Inspec::Resources
- class GoogleLoggingProjectSink < GcpResourceBase
- name 'google_logging_project_sink'
- desc 'Verifies settings for a project logging sink'
-
- example "
- describe google_logging_project_sink(project: 'chef-inspec-gcp', sink: 'sink-name-abcd') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @sink = opts[:sink]
- catch_gcp_errors do
- @logging_sink = @gcp.gcp_client(Google::Apis::LoggingV2::LoggingService).get_project_sink("projects/#{opts[:project]}/sinks/#{opts[:sink]}")
- create_resource_methods(@logging_sink)
- end
- end
-
- def exists?
- !@logging_sink.nil?
- end
-
- def to_s
- "Logging Project Sink #{@sink}"
- end
+
+# A provider to manage Stackdriver Logging resources.
+class LoggingProjectSink < GcpResourceBase
+ name 'google_logging_project_sink'
+ desc 'ProjectSink'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :project
+ attr_reader :name
+ attr_reader :filter
+ attr_reader :destination
+ attr_reader :writer_identity
+ attr_reader :include_children
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @project = @fetched['project']
+ @name = @fetched['name']
+ @filter = @fetched['filter']
+ @destination = @fetched['destination']
+ @writer_identity = @fetched['writerIdentity']
+ @include_children = @fetched['includeChildren']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "ProjectSink #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://logging.googleapis.com/v2/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/sinks/{{name}}'
end
end
diff --git a/libraries/google_logging_project_sinks.rb b/libraries/google_logging_project_sinks.rb
index 6be98aa60..890e5fde2 100644
--- a/libraries/google_logging_project_sinks.rb
+++ b/libraries/google_logging_project_sinks.rb
@@ -1,48 +1,89 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class LoggingProjectSinks < GcpResourceBase
+ name 'google_logging_project_sinks'
+ desc 'ProjectSink plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleLoggingProjectSinks < GcpResourceBase
- name 'google_logging_project_sinks'
- desc 'Verifies settings for GCP project logging sinks in bulk'
+ attr_reader :table
- example "
- describe google_logging_project_sinks(project: 'chef-inspec-gcp') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- end
+ filter_table_config.add(:projects, field: :project)
+ filter_table_config.add(:names, field: :name)
+ filter_table_config.add(:filters, field: :filter)
+ filter_table_config.add(:destinations, field: :destination)
+ filter_table_config.add(:writer_identities, field: :writer_identity)
+ filter_table_config.add(:include_children, field: :include_children)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:sink_names, field: :sink_name)
- filter_table_config.add(:sink_destinations, field: :sink_destination)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- sink_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @sinks = @gcp.gcp_client(Google::Apis::LoggingV2::LoggingService).list_project_sinks("projects/#{@project}", page_token: next_page)
- end
- return [] if !@sinks || !@sinks.sinks
- @sinks.sinks.map do |sink|
- logging_sink = @gcp.gcp_client(Google::Apis::LoggingV2::LoggingService).get_project_sink("projects/#{@project}/sinks/#{sink.name}")
- sink_rows+=[{ sink_name: sink.name,
- sink_destination: sink.destination,
- sink_filter: logging_sink.filter }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('sinks')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @sinks.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = sink_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'project' => ->(obj) { return :project, obj['project'] },
+ 'name' => ->(obj) { return :name, obj['name'] },
+ 'filter' => ->(obj) { return :filter, obj['filter'] },
+ 'destination' => ->(obj) { return :destination, obj['destination'] },
+ 'writerIdentity' => ->(obj) { return :writer_identity, obj['writerIdentity'] },
+ 'includeChildren' => ->(obj) { return :include_children, obj['includeChildren'] },
+ }
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://logging.googleapis.com/v2/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/sinks'
end
end
diff --git a/libraries/google_ml_engine_model.rb b/libraries/google_ml_engine_model.rb
index ab502d19b..dad5e5882 100644
--- a/libraries/google_ml_engine_model.rb
+++ b/libraries/google_ml_engine_model.rb
@@ -34,7 +34,7 @@ class MLEngineModel < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -48,11 +48,6 @@ def parse
@labels = @fetched['labels']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -63,7 +58,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://ml.googleapis.com/v1/'
end
diff --git a/libraries/google_ml_engine_models.rb b/libraries/google_ml_engine_models.rb
index 93b2341c2..a0c5e4f90 100644
--- a/libraries/google_ml_engine_models.rb
+++ b/libraries/google_ml_engine_models.rb
@@ -79,14 +79,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://ml.googleapis.com/v1/'
end
diff --git a/libraries/google_organization.rb b/libraries/google_organization.rb
index 2bc854630..98ecc760c 100644
--- a/libraries/google_organization.rb
+++ b/libraries/google_organization.rb
@@ -1,40 +1,69 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/resourcemanager/property/organization_owner'
-module Inspec::Resources
- class GoogleOrganization < GcpResourceBase
- name 'google_organization'
- desc 'Verifies settings for an organization'
-
- example "
- describe google_organization(name: 'organizations/1234') do
- it { should exist }
- its('name') { should eq 'organizations/1234' }
- its('display_name') { should eq 'google.com' }
- its('lifecycle_state') { should eq 'ACTIVE' }
- end
- "
- def initialize(opts = {})
- super(opts)
- raise Inspec::Exceptions::ResourceFailed, "google_organization is missing mandatory property 'name'" if opts[:name].nil?
- catch_gcp_errors do
- @organization = @gcp.gcp_project_client.get_organization(opts[:name])
- create_resource_methods(@organization)
- end
- end
-
- def label_value_by_key(label_key)
- return [] if !defined?(labels) || labels.nil?
- labels.item[label_key]
- end
-
- def exists?
- !@organization.nil?
- end
-
- def to_s
- "Organization #{@display_name}"
- end
+# A provider to manage Resource Manager resources.
+class ResourceManagerOrganization < GcpResourceBase
+ name 'google_organization'
+ desc 'Organization'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :name
+ attr_reader :display_name
+ attr_reader :lifecycle_state
+ attr_reader :creation_time
+ attr_reader :owner
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @name = @fetched['name']
+ @display_name = @fetched['displayName']
+ @lifecycle_state = @fetched['lifecycleState']
+ @creation_time = parse_time_string(@fetched['creationTime'])
+ @owner = GoogleInSpec::ResourceManager::Property::OrganizationOwner.new(@fetched['owner'], to_s)
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Organization #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://cloudresourcemanager.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ '{{name}}'
end
end
diff --git a/libraries/google_organization_iam_binding.rb b/libraries/google_organization_iam_binding.rb
new file mode 100644
index 000000000..722c641ae
--- /dev/null
+++ b/libraries/google_organization_iam_binding.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Resource Manager IAM Binding resources.
+class OrganizationIamBinding < GcpResourceBase
+ name 'google_organization_iam_binding'
+ desc 'Organization Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
+ end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
+ end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Organization IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://cloudresourcemanager.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ '{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_organization_iam_policy.rb b/libraries/google_organization_iam_policy.rb
new file mode 100644
index 000000000..8310bb4a0
--- /dev/null
+++ b/libraries/google_organization_iam_policy.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_audit_configs'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Resource Manager IAM Policy resources.
+class OrganizationIamPolicy < GcpResourceBase
+ name 'google_organization_iam_policy'
+ desc 'Organization Iam Policy'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :bindings
+ attr_reader :audit_configs
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s)
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Organization IamPolicy #{@params[:name]}"
+ end
+
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
+ private
+
+ def product_url
+ 'https://cloudresourcemanager.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ '{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_organizations.rb b/libraries/google_organizations.rb
index a0f602135..b85f1c798 100644
--- a/libraries/google_organizations.rb
+++ b/libraries/google_organizations.rb
@@ -1,45 +1,92 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ResourceManagerOrganizations < GcpResourceBase
+ name 'google_organizations'
+ desc 'Organization plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeOrganizations < GcpResourceBase
- name 'google_organizations'
- desc 'Verifies settings for GCP organizations in bulk'
+ attr_reader :table
- example "
- describe google_organizations do
- it { should exist }
- ...
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- super(opts)
- end
+ filter_table_config.add(:names, field: :name)
+ filter_table_config.add(:display_names, field: :display_name)
+ filter_table_config.add(:lifecycle_states, field: :lifecycle_state)
+ filter_table_config.add(:creation_times, field: :creation_time)
+ filter_table_config.add(:owners, field: :owner)
- filter_table_config = FilterTable.create
- filter_table_config.add(:names, field: :name)
- filter_table_config.add(:display_names, field: :display_name)
- filter_table_config.add(:lifecycle_state, field: :lifecycle_state)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- organizations_rows = []
- loop do
- catch_gcp_errors do
- @organizations = @gcp.gcp_project_client.search_organizations({})
- end
- return [] if !@organizations || !@organizations.organizations
- @organizations.organizations.map do |organization|
- organizations_rows += [{ name: organization.name,
- display_name: organization.display_name,
- lifecycle_state: organization.lifecycle_state }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('organizations')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Post')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @organizations.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = organizations_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :name, obj['name'] },
+ 'displayName' => ->(obj) { return :display_name, obj['displayName'] },
+ 'lifecycleState' => ->(obj) { return :lifecycle_state, obj['lifecycleState'] },
+ 'creationTime' => ->(obj) { return :creation_time, parse_time_string(obj['creationTime']) },
+ 'owner' => ->(obj) { return :owner, GoogleInSpec::ResourceManager::Property::OrganizationOwner.new(obj['owner'], to_s) },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://cloudresourcemanager.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'organizations:search'
end
end
diff --git a/libraries/google_project.rb b/libraries/google_project.rb
index ce6db146f..8d7bac113 100644
--- a/libraries/google_project.rb
+++ b/libraries/google_project.rb
@@ -1,42 +1,86 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/resourcemanager/property/project_parent'
-module Inspec::Resources
- class GoogleProject < GcpResourceBase
- name 'google_project'
- desc 'Verifies settings for a project'
-
- example "
- describe google_project(project: 'chef-inspec-gcp') do
- it { should exist }
- its('name') { should eq 'chef-inspec-gcp' }
- its('project_number') { should eq 1041234567833 }
- its('lifecycle_state') { should eq 'ACTIVE' }
- its('labels') { should include(key: 'contact', value: 'operations') }
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name] || opts[:project]
- catch_gcp_errors do
- @project = @gcp.gcp_project_client.get_project(opts[:project])
- create_resource_methods(@project)
- end
- end
-
- def label_value_by_key(label_key)
- return [] if !defined?(labels) || labels.nil?
- labels.item[label_key]
- end
-
- def exists?
- !@project.nil?
- end
-
- def to_s
- "Project #{@display_name}"
- end
+# A provider to manage Resource Manager resources.
+class ResourceManagerProject < GcpResourceBase
+ name 'google_project'
+ desc 'Project'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :number
+ attr_reader :lifecycle_state
+ attr_reader :name
+ attr_reader :create_time
+ attr_reader :labels
+ attr_reader :parent
+ attr_reader :project_id
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @number = @fetched['projectNumber']
+ @lifecycle_state = @fetched['lifecycleState']
+ @name = @fetched['name']
+ @create_time = parse_time_string(@fetched['createTime'])
+ @labels = @fetched['labels']
+ @parent = GoogleInSpec::ResourceManager::Property::ProjectParent.new(@fetched['parent'], to_s)
+ @project_id = @fetched['projectId']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Project #{@params[:project]}"
+ end
+
+ def project_name
+ @name
+ end
+
+ def project_number
+ @number&.to_i
+ end
+
+ def label_value_by_key(label_key)
+ return nil if @labels.nil? || !@labels.has_key(label_key)
+ @labels[label_key]
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://cloudresourcemanager.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}'
end
end
diff --git a/libraries/google_project_alert_policies.rb b/libraries/google_project_alert_policies.rb
index fe28e9ebe..19c9c0711 100644
--- a/libraries/google_project_alert_policies.rb
+++ b/libraries/google_project_alert_policies.rb
@@ -1,52 +1,95 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/monitoring_v3'
+class MonitoringAlertPolicys < GcpResourceBase
+ name 'google_project_alert_policies'
+ desc 'AlertPolicy plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleProjectAlertPolicies < GcpResourceBase
- name 'google_project_alert_policies'
- desc 'Verifies settings for GCP project alert policies in bulk'
+ attr_reader :table
- example "
- describe google_project_alert_policies(project: 'chef-inspec-gcp') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- end
+ filter_table_config.add(:policy_names, field: :policy_names)
+ filter_table_config.add(:policy_display_names, field: :policy_display_names)
+ filter_table_config.add(:combiners, field: :combiner)
+ filter_table_config.add(:creation_records, field: :creation_record)
+ filter_table_config.add(:policy_enabled_states, field: :policy_enabled_state)
+ filter_table_config.add(:conditions, field: :conditions)
+ filter_table_config.add(:notification_channels, field: :notification_channels)
+ filter_table_config.add(:user_labels, field: :user_labels)
+ filter_table_config.add(:documentations, field: :documentation)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:policy_names, field: :policy_name)
- filter_table_config.add(:policy_display_names, field: :policy_display_name)
- filter_table_config.add(:policy_enabled_states, field: :policy_enabled_state)
- filter_table_config.add(:policy_filter_lists, field: :policy_filter_list)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- policy_rows = []
- catch_gcp_errors do
- @policies = @gcp.gcp_client(Google::Apis::MonitoringV3::MonitoringService).list_project_alert_policies("projects/#{@project}")
- end
- return [] if !@policies || !@policies.alert_policies
- @policies.alert_policies.map do |policy|
- policy_filters = []
- policy.conditions.each do |condition|
- next if !defined?(condition.condition_threshold.filter) || condition.condition_threshold.filter.nil?
- policy_filters+=[condition.condition_threshold.filter]
- end
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('alertPolicies')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
- policy_rows+=[{ policy_name: policy.name,
- policy_display_name: policy.display_name,
- policy_enabled_state: policy.enabled,
- policy_filter_list: policy_filters }]
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
end
- @table = policy_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :policy_names, obj['name'] },
+ 'displayName' => ->(obj) { return :policy_display_names, obj['displayName'] },
+ 'combiner' => ->(obj) { return :combiner, obj['combiner'] },
+ 'creationRecord' => ->(obj) { return :creation_record, GoogleInSpec::Monitoring::Property::AlertPolicyCreationRecord.new(obj['creationRecord'], to_s) },
+ 'enabled' => ->(obj) { return :policy_enabled_state, obj['enabled'] },
+ 'conditions' => ->(obj) { return :conditions, GoogleInSpec::Monitoring::Property::AlertPolicyConditionsArray.parse(obj['conditions'], to_s) },
+ 'notificationChannels' => ->(obj) { return :notification_channels, obj['notificationChannels'] },
+ 'userLabels' => ->(obj) { return :user_labels, obj['userLabels'] },
+ 'documentation' => ->(obj) { return :documentation, GoogleInSpec::Monitoring::Property::AlertPolicyDocumentation.new(obj['documentation'], to_s) },
+ }
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://monitoring.googleapis.com/v3/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/alertPolicies'
end
end
diff --git a/libraries/google_project_alert_policy.rb b/libraries/google_project_alert_policy.rb
index f9257115b..fc928d7d3 100644
--- a/libraries/google_project_alert_policy.rb
+++ b/libraries/google_project_alert_policy.rb
@@ -1,40 +1,78 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/monitoring_v3'
-
-module Inspec::Resources
- class GoogleProjectAlertPolicy < GcpResourceBase
- name 'google_project_alert_policy'
- desc 'Verifies settings for a single GCP project alert policy'
-
- example "
- describe google_project_alert_policy(policy: 'projects/spaterson-project/alertPolicies/9271751234503117449') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:policy]
- catch_gcp_errors do
- @policy = @gcp.gcp_client(Google::Apis::MonitoringV3::MonitoringService).get_project_alert_policy(opts[:policy])
- create_resource_methods(@policy)
- end
- end
-
- def enabled?
- return false if !defined?(@policy.enabled) || @policy.enabled.nil?
- @policy.enabled
- end
-
- def exists?
- !@policy.nil?
- end
-
- def to_s
- "Alert Policy #{@display_name}"
- end
+require 'google/monitoring/property/alertpolicy_conditions'
+require 'google/monitoring/property/alertpolicy_creation_record'
+require 'google/monitoring/property/alertpolicy_documentation'
+
+# A provider to manage Stackdriver Monitoring resources.
+class MonitoringAlertPolicy < GcpResourceBase
+ name 'google_project_alert_policy'
+ desc 'AlertPolicy'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :name
+ attr_reader :display_name
+ attr_reader :combiner
+ attr_reader :creation_record
+ attr_reader :enabled
+ attr_reader :conditions
+ attr_reader :notification_channels
+ attr_reader :user_labels
+ attr_reader :documentation
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @name = @fetched['name']
+ @display_name = @fetched['displayName']
+ @combiner = @fetched['combiner']
+ @creation_record = GoogleInSpec::Monitoring::Property::AlertPolicyCreationRecord.new(@fetched['creationRecord'], to_s)
+ @enabled = @fetched['enabled']
+ @conditions = GoogleInSpec::Monitoring::Property::AlertPolicyConditionsArray.parse(@fetched['conditions'], to_s)
+ @notification_channels = @fetched['notificationChannels']
+ @user_labels = @fetched['userLabels']
+ @documentation = GoogleInSpec::Monitoring::Property::AlertPolicyDocumentation.new(@fetched['documentation'], to_s)
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "AlertPolicy #{@params[:name]}"
+ end
+
+ def enabled?
+ @enabled
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://monitoring.googleapis.com/v3/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/alertPolicies/{{name}}'
end
end
diff --git a/libraries/google_project_iam_binding.rb b/libraries/google_project_iam_binding.rb
index cc7d3c605..988592af1 100644
--- a/libraries/google_project_iam_binding.rb
+++ b/libraries/google_project_iam_binding.rb
@@ -1,48 +1,84 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
-module Inspec::Resources
- class GoogleProjectIAMBinding < GcpResourceBase
- name 'google_project_iam_binding'
- desc 'Verifies settings for a single GCP KMS key ring IAM bindings'
+# A provider to manage Resource Manager IAM Binding resources.
+class ProjectIamBinding < GcpResourceBase
+ name 'google_project_iam_binding'
+ desc 'Project Iam Binding'
+ supports platform: 'gcp'
- example "
- describe google_kms_key_ring_iam_binding(key_ring_url: 'projects/project/locations/europe-west2/keyRings/key-ring', role: 'roles/compute.admin') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- @role = opts[:role]
- @iam_binding_exists = false
- @members_list=[]
- catch_gcp_errors do
- # note this is the same call as for the plural iam_bindings resource because there isn't an easy way to pull out a singular binding
- @iam_bindings = @gcp.gcp_project_client.get_project_iam_policy(@project)
- raise Inspec::Exceptions::ResourceFailed, "google_project_iam_binding is missing expected IAM policy 'bindings' property" if !@iam_bindings || !@iam_bindings.bindings
- @iam_bindings.bindings.each do |binding|
- next if binding.role != @role
- @iam_binding_exists=true
- @members_list=binding.members
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post', { 'options' => { 'requestedPolicyVersion' => 3 } }.to_json)
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
end
+ end
- # return the list of users corresponding to the role
- def members
- @members_list
- end
+ def exists?
+ @iam_binding_exists
+ end
- def exists?
- @iam_binding_exists
- end
+ def members
+ @members_list
+ end
- def to_s
- "Project IAM Binding #{@role}"
- end
+ def to_s
+ "Project IamBinding #{@params[:project]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://cloudresourcemanager.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}:getIamPolicy'
end
end
diff --git a/libraries/google_project_iam_custom_role.rb b/libraries/google_project_iam_custom_role.rb
index 99811cc14..5bfc1ab9d 100644
--- a/libraries/google_project_iam_custom_role.rb
+++ b/libraries/google_project_iam_custom_role.rb
@@ -1,35 +1,65 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-module Inspec::Resources
- class GoogleProjectIamCustomRole < GcpResourceBase
- name 'google_project_iam_custom_role'
- desc 'Verifies settings for a project IAM role'
-
- example "
- describe google_project_iam_custom_role(project: 'chef-inspec-gcp', name: 'admin12345') do
- it { should exist }
- its('stage') { should eq 'GA' }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @iam_role = @gcp.gcp_iam_client.get_role("projects/#{opts[:project]}/roles/#{opts[:name]}")
- create_resource_methods(@iam_role)
- end
- end
-
- def exists?
- !@iam_role.nil?
- end
-
- def to_s
- "Project IAM Custom Role #{@display_name}"
- end
+# A provider to manage Cloud IAM resources.
+class IAMCustomRole < GcpResourceBase
+ name 'google_project_iam_custom_role'
+ desc 'CustomRole'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :name
+ attr_reader :title
+ attr_reader :description
+ attr_reader :included_permissions
+ attr_reader :stage
+ attr_reader :deleted
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @name = @fetched['name']
+ @title = @fetched['title']
+ @description = @fetched['description']
+ @included_permissions = @fetched['includedPermissions']
+ @stage = @fetched['stage']
+ @deleted = @fetched['deleted']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "CustomRole #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://iam.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/roles/{{name}}'
end
end
diff --git a/libraries/google_project_iam_custom_roles.rb b/libraries/google_project_iam_custom_roles.rb
new file mode 100644
index 000000000..cf53943ff
--- /dev/null
+++ b/libraries/google_project_iam_custom_roles.rb
@@ -0,0 +1,89 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+class IAMCustomRoles < GcpResourceBase
+ name 'google_project_iam_custom_roles'
+ desc 'CustomRole plural resource'
+ supports platform: 'gcp'
+
+ attr_reader :table
+
+ filter_table_config = FilterTable.create
+
+ filter_table_config.add(:names, field: :name)
+ filter_table_config.add(:titles, field: :title)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:included_permissions, field: :included_permissions)
+ filter_table_config.add(:stages, field: :stage)
+ filter_table_config.add(:deleteds, field: :deleted)
+
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('roles')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
+ end
+ end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :name, obj['name'] },
+ 'title' => ->(obj) { return :title, obj['title'] },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'includedPermissions' => ->(obj) { return :included_permissions, obj['includedPermissions'] },
+ 'stage' => ->(obj) { return :stage, obj['stage'] },
+ 'deleted' => ->(obj) { return :deleted, obj['deleted'] },
+ }
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://iam.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/roles?view=FULL'
+ end
+end
diff --git a/libraries/google_resourcemanager_project_iam_policy.rb b/libraries/google_project_iam_policy.rb
similarity index 84%
rename from libraries/google_resourcemanager_project_iam_policy.rb
rename to libraries/google_project_iam_policy.rb
index 5001739d6..090e92c45 100644
--- a/libraries/google_resourcemanager_project_iam_policy.rb
+++ b/libraries/google_project_iam_policy.rb
@@ -19,7 +19,7 @@
# A provider to manage Resource Manager IAM Policy resources.
class ProjectIamPolicy < GcpResourceBase
- name 'google_resourcemanager_project_iam_policy'
+ name 'google_project_iam_policy'
desc 'Project Iam Policy'
supports platform: 'gcp'
@@ -30,7 +30,7 @@ class ProjectIamPolicy < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post')
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post', { 'options' => { 'requestedPolicyVersion' => 3 } }.to_json)
parse unless @fetched.nil?
end
@@ -44,7 +44,15 @@ def exists?
end
def to_s
- "Project IamPolicy #{@params[:project_id]}"
+ "Project IamPolicy #{@params[:project]}"
+ end
+
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
end
private
@@ -54,6 +62,6 @@ def product_url
end
def resource_base_url
- 'projects/{{project_id}}:getIamPolicy'
+ 'projects/{{project}}:getIamPolicy'
end
end
diff --git a/libraries/google_project_metric.rb b/libraries/google_project_metric.rb
index af46038cd..ea826bed7 100644
--- a/libraries/google_project_metric.rb
+++ b/libraries/google_project_metric.rb
@@ -1,35 +1,73 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/logging_v2'
-
-module Inspec::Resources
- class GoogleProjectMetric < GcpResourceBase
- name 'google_project_metric'
- desc 'Verifies settings for a project metric'
-
- example "
- describe google_project_metric(project: 'chef-inspec-gcp', metric: 'metric_name') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:metric]
- catch_gcp_errors do
- @metric = @gcp.gcp_client(Google::Apis::LoggingV2::LoggingService).get_project_metric("projects/#{opts[:project]}/metrics/#{opts[:metric]}")
- create_resource_methods(@metric)
- end
- end
-
- def exists?
- !@metric.nil?
- end
-
- def to_s
- "Project Metric #{@display_name}"
- end
+require 'google/logging/property/metric_bucket_options'
+require 'google/logging/property/metric_bucket_options_explicit_buckets'
+require 'google/logging/property/metric_bucket_options_exponential_buckets'
+require 'google/logging/property/metric_bucket_options_linear_buckets'
+require 'google/logging/property/metric_metric_descriptor'
+require 'google/logging/property/metric_metric_descriptor_labels'
+
+# A provider to manage Stackdriver Logging resources.
+class LoggingMetric < GcpResourceBase
+ name 'google_project_metric'
+ desc 'Metric'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :name
+ attr_reader :description
+ attr_reader :filter
+ attr_reader :metric_descriptor
+ attr_reader :label_extractors
+ attr_reader :value_extractor
+ attr_reader :bucket_options
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @name = @fetched['name']
+ @description = @fetched['description']
+ @filter = @fetched['filter']
+ @metric_descriptor = GoogleInSpec::Logging::Property::MetricMetricDescriptor.new(@fetched['metricDescriptor'], to_s)
+ @label_extractors = @fetched['labelExtractors']
+ @value_extractor = @fetched['valueExtractor']
+ @bucket_options = GoogleInSpec::Logging::Property::MetricBucketOptions.new(@fetched['bucketOptions'], to_s)
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Metric #{@params[:project]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://logging.googleapis.com/v2/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/metrics/{{%name}}'
end
end
diff --git a/libraries/google_project_metrics.rb b/libraries/google_project_metrics.rb
index 63690c445..5e850398c 100644
--- a/libraries/google_project_metrics.rb
+++ b/libraries/google_project_metrics.rb
@@ -1,49 +1,93 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/logging_v2'
+class LoggingMetrics < GcpResourceBase
+ name 'google_project_metrics'
+ desc 'Metric plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleProjectMetrics < GcpResourceBase
- name 'google_project_metrics'
- desc 'Verifies settings for GCP project metrics in bulk'
+ attr_reader :table
- example "
- describe google_project_metrics(project: 'chef-inspec-gcp') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- end
+ filter_table_config.add(:metric_names, field: :metric_name)
+ filter_table_config.add(:descriptions, field: :description)
+ filter_table_config.add(:metric_filters, field: :metric_filter)
+ filter_table_config.add(:metric_descriptors, field: :metric_descriptor)
+ filter_table_config.add(:label_extractors, field: :label_extractors)
+ filter_table_config.add(:value_extractors, field: :value_extractor)
+ filter_table_config.add(:bucket_options, field: :bucket_options)
+ filter_table_config.add(:metric_types, field: :metric_type)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:metric_names, field: :metric_name)
- filter_table_config.add(:metric_types, field: :metric_type)
- filter_table_config.add(:metric_destinations, field: :metric_destination)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- metric_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @metrics = @gcp.gcp_client(Google::Apis::LoggingV2::LoggingService).list_project_metrics("projects/#{@project}", page_token: next_page)
- end
- return [] if !@metrics || !@metrics.metrics
- @metrics.metrics.map do |metric|
- metric_rows+=[{ metric_name: metric.name,
- metric_filter: metric.filter,
- metric_type: metric.metric_descriptor.type }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('metrics')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @metrics.next_page_token
- break unless next_page
+ hash_with_symbols[:metric_type] = hash.dig('metricDescriptor', 'type')
+ converted.push(hash_with_symbols)
end
- @table = metric_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :metric_name, obj['name'] },
+ 'description' => ->(obj) { return :description, obj['description'] },
+ 'filter' => ->(obj) { return :metric_filter, obj['filter'] },
+ 'metricDescriptor' => ->(obj) { return :metric_descriptor, GoogleInSpec::Logging::Property::MetricMetricDescriptor.new(obj['metricDescriptor'], to_s) },
+ 'labelExtractors' => ->(obj) { return :label_extractors, obj['labelExtractors'] },
+ 'valueExtractor' => ->(obj) { return :value_extractor, obj['valueExtractor'] },
+ 'bucketOptions' => ->(obj) { return :bucket_options, GoogleInSpec::Logging::Property::MetricBucketOptions.new(obj['bucketOptions'], to_s) },
+ }
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://logging.googleapis.com/v2/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/metrics'
end
end
diff --git a/libraries/google_project_service.rb b/libraries/google_project_service.rb
index 37fe4506d..2c819b8bc 100644
--- a/libraries/google_project_service.rb
+++ b/libraries/google_project_service.rb
@@ -33,7 +33,7 @@ class ServiceUsageService < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -45,11 +45,6 @@ def parse
@config = GoogleInSpec::ServiceUsage::Property::ServiceConfig.new(@fetched['config'], to_s)
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -60,8 +55,12 @@ def to_s
private
- def product_url
- 'https://serviceusage.googleapis.com/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://serviceusage.googleapis.com/v1beta1/'
+ else
+ 'https://serviceusage.googleapis.com/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_project_services.rb b/libraries/google_project_services.rb
index 4d5071078..0e90a1bf5 100644
--- a/libraries/google_project_services.rb
+++ b/libraries/google_project_services.rb
@@ -75,15 +75,14 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
- 'https://serviceusage.googleapis.com/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://serviceusage.googleapis.com/v1beta1/'
+ else
+ 'https://serviceusage.googleapis.com/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_projects.rb b/libraries/google_projects.rb
index 5d23ddef6..ab0cc1740 100644
--- a/libraries/google_projects.rb
+++ b/libraries/google_projects.rb
@@ -1,50 +1,96 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class ResourceManagerProjects < GcpResourceBase
+ name 'google_projects'
+ desc 'Project plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleComputeProjects < GcpResourceBase
- name 'google_projects'
- desc 'Verifies settings for GCP compute projects in bulk'
+ attr_reader :table
- example "
- describe google_projects do
- it { should exist }
- ...
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- end
+ filter_table_config.add(:project_numbers, field: :project_number)
+ filter_table_config.add(:lifecycle_states, field: :lifecycle_state)
+ filter_table_config.add(:project_names, field: :project_name)
+ filter_table_config.add(:create_times, field: :create_time)
+ filter_table_config.add(:labels, field: :labels)
+ filter_table_config.add(:parents, field: :parent)
+ filter_table_config.add(:project_ids, field: :project_id)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:project_ids, field: :project_id)
- filter_table_config.add(:project_names, field: :project_name)
- filter_table_config.add(:project_numbers, field: :project_number)
- filter_table_config.add(:lifecycle_state, field: :lifecycle_state)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- project_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @projects = @gcp.gcp_project_client.list_projects(page_token: next_page)
- end
- return [] if !@projects || !@projects.projects
- @projects.projects.map do |project|
- project_rows += [{ project_id: project.project_id,
- project_name: project.name,
- project_number: project.project_number,
- lifecycle_state: project.lifecycle_state }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('projects')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @projects.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = project_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'projectNumber' => ->(obj) { return :project_number, obj['projectNumber'] },
+ 'lifecycleState' => ->(obj) { return :lifecycle_state, obj['lifecycleState'] },
+ 'name' => ->(obj) { return :project_name, obj['name'] },
+ 'createTime' => ->(obj) { return :create_time, parse_time_string(obj['createTime']) },
+ 'labels' => ->(obj) { return :labels, obj['labels'] },
+ 'parent' => ->(obj) { return :parent, GoogleInSpec::ResourceManager::Property::ProjectParent.new(obj['parent'], to_s) },
+ 'projectId' => ->(obj) { return :project_id, obj['projectId'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://cloudresourcemanager.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects'
end
end
diff --git a/libraries/google_pubsub_subscription.rb b/libraries/google_pubsub_subscription.rb
index 9f992867b..1b3147395 100644
--- a/libraries/google_pubsub_subscription.rb
+++ b/libraries/google_pubsub_subscription.rb
@@ -14,6 +14,7 @@
#
# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/pubsub/property/subscription_dead_letter_policy'
require 'google/pubsub/property/subscription_expiration_policy'
require 'google/pubsub/property/subscription_push_config'
require 'google/pubsub/property/subscription_push_config_oidc_token'
@@ -33,11 +34,12 @@ class PubsubSubscription < GcpResourceBase
attr_reader :message_retention_duration
attr_reader :retain_acked_messages
attr_reader :expiration_policy
+ attr_reader :dead_letter_policy
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -50,11 +52,7 @@ def parse
@message_retention_duration = @fetched['messageRetentionDuration']
@retain_acked_messages = @fetched['retainAckedMessages']
@expiration_policy = GoogleInSpec::Pubsub::Property::SubscriptionExpirationPolicy.new(@fetched['expirationPolicy'], to_s)
- end
-
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
+ @dead_letter_policy = GoogleInSpec::Pubsub::Property::SubscriptionDeadLetterPolicy.new(@fetched['deadLetterPolicy'], to_s)
end
def exists?
@@ -67,7 +65,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://pubsub.googleapis.com/v1/'
end
diff --git a/libraries/google_pubsub_subscription_iam_binding.rb b/libraries/google_pubsub_subscription_iam_binding.rb
new file mode 100644
index 000000000..8d3c9459e
--- /dev/null
+++ b/libraries/google_pubsub_subscription_iam_binding.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Pub/Sub IAM Binding resources.
+class SubscriptionIamBinding < GcpResourceBase
+ name 'google_pubsub_subscription_iam_binding'
+ desc 'Subscription Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
+ end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
+ end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Subscription IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://pubsub.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/subscriptions/{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_pubsub_subscription_iam_policy.rb b/libraries/google_pubsub_subscription_iam_policy.rb
index 73467b1cf..745ca59a9 100644
--- a/libraries/google_pubsub_subscription_iam_policy.rb
+++ b/libraries/google_pubsub_subscription_iam_policy.rb
@@ -47,6 +47,14 @@ def to_s
"Subscription IamPolicy #{@params[:name]}"
end
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
private
def product_url
diff --git a/libraries/google_pubsub_subscriptions.rb b/libraries/google_pubsub_subscriptions.rb
index 83e9509cb..e3800e0c0 100644
--- a/libraries/google_pubsub_subscriptions.rb
+++ b/libraries/google_pubsub_subscriptions.rb
@@ -31,6 +31,7 @@ class PubsubSubscriptions < GcpResourceBase
filter_table_config.add(:message_retention_durations, field: :message_retention_duration)
filter_table_config.add(:retain_acked_messages, field: :retain_acked_messages)
filter_table_config.add(:expiration_policies, field: :expiration_policy)
+ filter_table_config.add(:dead_letter_policies, field: :dead_letter_policy)
filter_table_config.connect(self, :table)
@@ -78,17 +79,13 @@ def transformers
'messageRetentionDuration' => ->(obj) { return :message_retention_duration, obj['messageRetentionDuration'] },
'retainAckedMessages' => ->(obj) { return :retain_acked_messages, obj['retainAckedMessages'] },
'expirationPolicy' => ->(obj) { return :expiration_policy, GoogleInSpec::Pubsub::Property::SubscriptionExpirationPolicy.new(obj['expirationPolicy'], to_s) },
+ 'deadLetterPolicy' => ->(obj) { return :dead_letter_policy, GoogleInSpec::Pubsub::Property::SubscriptionDeadLetterPolicy.new(obj['deadLetterPolicy'], to_s) },
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://pubsub.googleapis.com/v1/'
end
diff --git a/libraries/google_pubsub_topic.rb b/libraries/google_pubsub_topic.rb
index 3bebf6373..b73553f9d 100644
--- a/libraries/google_pubsub_topic.rb
+++ b/libraries/google_pubsub_topic.rb
@@ -31,7 +31,7 @@ class PubsubTopic < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -42,11 +42,6 @@ def parse
@message_storage_policy = GoogleInSpec::Pubsub::Property::TopicMessageStoragePolicy.new(@fetched['messageStoragePolicy'], to_s)
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -57,7 +52,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://pubsub.googleapis.com/v1/'
end
diff --git a/libraries/google_pubsub_topic_iam_binding.rb b/libraries/google_pubsub_topic_iam_binding.rb
new file mode 100644
index 000000000..153d2415d
--- /dev/null
+++ b/libraries/google_pubsub_topic_iam_binding.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Pub/Sub IAM Binding resources.
+class TopicIamBinding < GcpResourceBase
+ name 'google_pubsub_topic_iam_binding'
+ desc 'Topic Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
+ end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
+ end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Topic IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://pubsub.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/topics/{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_pubsub_topic_iam_policy.rb b/libraries/google_pubsub_topic_iam_policy.rb
index cbc14d1d1..692aaef96 100644
--- a/libraries/google_pubsub_topic_iam_policy.rb
+++ b/libraries/google_pubsub_topic_iam_policy.rb
@@ -47,6 +47,14 @@ def to_s
"Topic IamPolicy #{@params[:name]}"
end
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
private
def product_url
diff --git a/libraries/google_pubsub_topics.rb b/libraries/google_pubsub_topics.rb
index 78f74e9e6..3c7538077 100644
--- a/libraries/google_pubsub_topics.rb
+++ b/libraries/google_pubsub_topics.rb
@@ -73,14 +73,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://pubsub.googleapis.com/v1/'
end
diff --git a/libraries/google_redis_instance.rb b/libraries/google_redis_instance.rb
index e6c7ff8ec..8edb54cc9 100644
--- a/libraries/google_redis_instance.rb
+++ b/libraries/google_redis_instance.rb
@@ -24,6 +24,7 @@ class RedisInstance < GcpResourceBase
attr_reader :params
attr_reader :alternative_location_id
attr_reader :authorized_network
+ attr_reader :connect_mode
attr_reader :create_time
attr_reader :current_location_id
attr_reader :display_name
@@ -42,13 +43,14 @@ class RedisInstance < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
def parse
@alternative_location_id = @fetched['alternativeLocationId']
@authorized_network = @fetched['authorizedNetwork']
+ @connect_mode = @fetched['connectMode']
@create_time = parse_time_string(@fetched['createTime'])
@current_location_id = @fetched['currentLocationId']
@display_name = @fetched['displayName']
@@ -80,8 +82,12 @@ def to_s
private
- def product_url
- 'https://redis.googleapis.com/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://redis.googleapis.com/v1beta1/'
+ else
+ 'https://redis.googleapis.com/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_redis_instances.rb b/libraries/google_redis_instances.rb
index 2265c98b4..1711042c6 100644
--- a/libraries/google_redis_instances.rb
+++ b/libraries/google_redis_instances.rb
@@ -25,6 +25,7 @@ class RedisInstances < GcpResourceBase
filter_table_config.add(:alternative_location_ids, field: :alternative_location_id)
filter_table_config.add(:authorized_networks, field: :authorized_network)
+ filter_table_config.add(:connect_modes, field: :connect_mode)
filter_table_config.add(:create_times, field: :create_time)
filter_table_config.add(:current_location_ids, field: :current_location_id)
filter_table_config.add(:display_names, field: :display_name)
@@ -80,6 +81,7 @@ def transformers
{
'alternativeLocationId' => ->(obj) { return :alternative_location_id, obj['alternativeLocationId'] },
'authorizedNetwork' => ->(obj) { return :authorized_network, obj['authorizedNetwork'] },
+ 'connectMode' => ->(obj) { return :connect_mode, obj['connectMode'] },
'createTime' => ->(obj) { return :create_time, parse_time_string(obj['createTime']) },
'currentLocationId' => ->(obj) { return :current_location_id, obj['currentLocationId'] },
'displayName' => ->(obj) { return :display_name, obj['displayName'] },
@@ -104,8 +106,12 @@ def parse_time_string(time_string)
private
- def product_url
- 'https://redis.googleapis.com/v1/'
+ def product_url(beta = false)
+ if beta
+ 'https://redis.googleapis.com/v1beta1/'
+ else
+ 'https://redis.googleapis.com/v1/'
+ end
end
def resource_base_url
diff --git a/libraries/google_resourcemanager_folder.rb b/libraries/google_resourcemanager_folder.rb
index eda8558e5..3aa8ec35f 100644
--- a/libraries/google_resourcemanager_folder.rb
+++ b/libraries/google_resourcemanager_folder.rb
@@ -31,7 +31,7 @@ class ResourceManagerFolder < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -58,7 +58,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://cloudresourcemanager.googleapis.com/v2/'
end
diff --git a/libraries/google_resourcemanager_folder_iam_binding.rb b/libraries/google_resourcemanager_folder_iam_binding.rb
new file mode 100644
index 000000000..a22d31107
--- /dev/null
+++ b/libraries/google_resourcemanager_folder_iam_binding.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Resource Manager IAM Binding resources.
+class FolderIamBinding < GcpResourceBase
+ name 'google_resourcemanager_folder_iam_binding'
+ desc 'Folder Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
+ end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
+ end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Folder IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://cloudresourcemanager.googleapis.com/v2/'
+ end
+
+ def resource_base_url
+ '{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_resourcemanager_folder_iam_policy.rb b/libraries/google_resourcemanager_folder_iam_policy.rb
new file mode 100644
index 000000000..a6fad00f9
--- /dev/null
+++ b/libraries/google_resourcemanager_folder_iam_policy.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_audit_configs'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Resource Manager IAM Policy resources.
+class FolderIamPolicy < GcpResourceBase
+ name 'google_resourcemanager_folder_iam_policy'
+ desc 'Folder Iam Policy'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :bindings
+ attr_reader :audit_configs
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s)
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Folder IamPolicy #{@params[:name]}"
+ end
+
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
+ private
+
+ def product_url
+ 'https://cloudresourcemanager.googleapis.com/v2/'
+ end
+
+ def resource_base_url
+ '{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_resourcemanager_folders.rb b/libraries/google_resourcemanager_folders.rb
index da6b2b0aa..ff2ffa00e 100644
--- a/libraries/google_resourcemanager_folders.rb
+++ b/libraries/google_resourcemanager_folders.rb
@@ -82,7 +82,7 @@ def parse_time_string(time_string)
private
- def product_url
+ def product_url(_ = nil)
'https://cloudresourcemanager.googleapis.com/v2/'
end
diff --git a/libraries/google_resourcemanager_organization_policy.rb b/libraries/google_resourcemanager_organization_policy.rb
deleted file mode 100644
index 557b48909..000000000
--- a/libraries/google_resourcemanager_organization_policy.rb
+++ /dev/null
@@ -1,65 +0,0 @@
-# frozen_string_literal: false
-
-# ----------------------------------------------------------------------------
-#
-# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
-#
-# ----------------------------------------------------------------------------
-#
-# This file is automatically generated by Magic Modules and manual
-# changes will be clobbered when the file is regenerated.
-#
-# Please read more about how to change this file in README.md and
-# CONTRIBUTING.md located at the root of this package.
-#
-# ----------------------------------------------------------------------------
-require 'gcp_backend'
-require 'google/resourcemanager/property/organizationpolicy_boolean_policy'
-require 'google/resourcemanager/property/organizationpolicy_list_policy'
-
-# A provider to manage Resource Manager resources.
-class OrganizationPolicy < GcpResourceBase
- name 'google_resourcemanager_organization_policy'
- desc 'OrganizationPolicy'
- supports platform: 'gcp'
-
- attr_reader :params
- attr_reader :version
- attr_reader :constraint
- attr_reader :update_time
- attr_reader :list_policy
- attr_reader :boolean_policy
-
- def initialize(opts)
- super(opts)
- @organization_name = opts[:organization_name]
- @constraint = opts[:constraint]
- catch_gcp_errors do
- org_policy_request = Google::Apis::CloudresourcemanagerV1::GetOrgPolicyRequest.new
- org_policy_request.constraint = opts[:constraint]
- @fetched = JSON.parse(@gcp.gcp_project_client.get_organization_org_policy(opts[:organization_name], org_policy_request).to_json)
- parse
- end
- end
-
- def parse
- @version = @fetched['version']
- @constraint = @fetched['constraint']
- @update_time = parse_time_string(@fetched['updateTime'])
- @list_policy = GoogleInSpec::ResourceManager::Property::OrganizationPolicyListPolicy.new(@fetched['listPolicy'], to_s)
- @boolean_policy = GoogleInSpec::ResourceManager::Property::OrganizationPolicyBooleanPolicy.new(@fetched['booleanPolicy'], to_s)
- end
-
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
- def exists?
- !@fetched.nil?
- end
-
- def to_s
- "OrganizationPolicy #{@organization_name} Constraint #{@constraint}"
- end
-end
diff --git a/libraries/google_runtime_config_config.rb b/libraries/google_runtime_config_config.rb
index 38340bea5..79af46038 100644
--- a/libraries/google_runtime_config_config.rb
+++ b/libraries/google_runtime_config_config.rb
@@ -28,7 +28,7 @@ class RuntimeConfigConfig < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -37,11 +37,6 @@ def parse
@name = @fetched['name']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -52,7 +47,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://runtimeconfig.googleapis.com/v1beta1/'
end
diff --git a/libraries/google_runtime_config_config_iam_binding.rb b/libraries/google_runtime_config_config_iam_binding.rb
new file mode 100644
index 000000000..49e420a64
--- /dev/null
+++ b/libraries/google_runtime_config_config_iam_binding.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Runtime Configuration IAM Binding resources.
+class ConfigIamBinding < GcpResourceBase
+ name 'google_runtime_config_config_iam_binding'
+ desc 'Config Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
+ end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
+ end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Config IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://runtimeconfig.googleapis.com/v1beta1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/configs/{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_runtime_config_config_iam_policy.rb b/libraries/google_runtime_config_config_iam_policy.rb
index 9955b8825..b1d66ccc0 100644
--- a/libraries/google_runtime_config_config_iam_policy.rb
+++ b/libraries/google_runtime_config_config_iam_policy.rb
@@ -47,6 +47,14 @@ def to_s
"Config IamPolicy #{@params[:name]}"
end
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
private
def product_url
diff --git a/libraries/google_runtime_config_configs.rb b/libraries/google_runtime_config_configs.rb
index 426aeb48d..c634e0cce 100644
--- a/libraries/google_runtime_config_configs.rb
+++ b/libraries/google_runtime_config_configs.rb
@@ -69,14 +69,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://runtimeconfig.googleapis.com/v1beta1/'
end
diff --git a/libraries/google_runtime_config_variable.rb b/libraries/google_runtime_config_variable.rb
index 5a48a7df5..0bd224854 100644
--- a/libraries/google_runtime_config_variable.rb
+++ b/libraries/google_runtime_config_variable.rb
@@ -30,7 +30,7 @@ class RuntimeConfigVariable < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -41,11 +41,6 @@ def parse
@config = @fetched['config']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -56,7 +51,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://runtimeconfig.googleapis.com/v1beta1/'
end
diff --git a/libraries/google_runtime_config_variables.rb b/libraries/google_runtime_config_variables.rb
index 13ca0ce6d..a985507b3 100644
--- a/libraries/google_runtime_config_variables.rb
+++ b/libraries/google_runtime_config_variables.rb
@@ -73,14 +73,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://runtimeconfig.googleapis.com/v1beta1/'
end
diff --git a/libraries/google_service_account.rb b/libraries/google_service_account.rb
index 660850da9..92dbb6f2e 100644
--- a/libraries/google_service_account.rb
+++ b/libraries/google_service_account.rb
@@ -1,48 +1,65 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-module Inspec::Resources
- class GoogleServiceAccount < GcpResourceBase
- name 'google_service_account'
- desc 'Verifies settings for a project IAM Service Account'
-
- example "
- describe google_service_account(name: 'projects/spaterson-project/serviceAccounts/sample-account@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- its('stage') { should eq 'GA' }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- catch_gcp_errors do
- @service_account = @gcp.gcp_iam_client.get_project_service_account(opts[:name])
- create_resource_methods(@service_account)
- @display_name = @service_account.unique_id
- @display_name = @service_account.display_name if @service_account.display_name
- end
- end
-
- def exists?
- !@service_account.nil?
- end
-
- # Note this is done at the service account level not the individual key level because this metadata is not
- # returned by default when listing keys.
- def user_managed_keys
- raise Inspec::Exceptions::ResourceFailed, "Service Account #{@display_name} does not exist!" if not exists?
- @gcp.gcp_iam_client.list_project_service_account_keys(@service_account.name, key_types: ['USER_MANAGED'])
- end
-
- def has_user_managed_keys?
- return false if !user_managed_keys.keys
- true
- end
-
- def to_s
- "Service Account \"#{@display_name}\""
- end
+# A provider to manage Cloud IAM resources.
+class IAMServiceAccount < GcpResourceBase
+ name 'google_service_account'
+ desc 'ServiceAccount'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :name
+ attr_reader :project_id
+ attr_reader :unique_id
+ attr_reader :email
+ attr_reader :display_name
+ attr_reader :oauth2_client_id
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @name = @fetched['name']
+ @project_id = @fetched['projectId']
+ @unique_id = @fetched['uniqueId']
+ @email = @fetched['email']
+ @display_name = @fetched['displayName']
+ @oauth2_client_id = @fetched['oauth2ClientId']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "ServiceAccount #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://iam.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/serviceAccounts/{{name}}'
end
end
diff --git a/libraries/google_service_account_key.rb b/libraries/google_service_account_key.rb
index 20f7988a6..31d4b3bc6 100644
--- a/libraries/google_service_account_key.rb
+++ b/libraries/google_service_account_key.rb
@@ -1,34 +1,78 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-module Inspec::Resources
- class GoogleServiceAccountKey < GcpResourceBase
- name 'google_service_account_key'
- desc 'Verifies settings for a GCP project service account key'
-
- example "
- describe google_service_account_key(name: 'projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080' ) do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name].split('/').last
- catch_gcp_errors do
- @sa_key = @gcp.gcp_iam_client.get_project_service_account_key(opts[:name])
- create_resource_methods(@sa_key)
- end
- end
-
- def exists?
- !@sa_key.nil?
- end
-
- def to_s
- "Service Account Key #{@display_name}"
- end
+# A provider to manage Cloud IAM resources.
+class IAMServiceAccountKey < GcpResourceBase
+ name 'google_service_account_key'
+ desc 'ServiceAccountKey'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :name
+ attr_reader :private_key_type
+ attr_reader :key_algorithm
+ attr_reader :private_key_data
+ attr_reader :public_key_data
+ attr_reader :valid_after_time
+ attr_reader :valid_before_time
+ attr_reader :key_type
+ attr_reader :service_account
+ attr_reader :path
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @name = @fetched['name']
+ @private_key_type = @fetched['privateKeyType']
+ @key_algorithm = @fetched['keyAlgorithm']
+ @private_key_data = @fetched['privateKeyData']
+ @public_key_data = @fetched['publicKeyData']
+ @valid_after_time = parse_time_string(@fetched['validAfterTime'])
+ @valid_before_time = parse_time_string(@fetched['validBeforeTime'])
+ @key_type = @fetched['keyType']
+ @service_account = @fetched['serviceAccount']
+ @path = @fetched['path']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "ServiceAccountKey #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://iam.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/serviceAccounts/{{service_account}}/keys/{{name}}'
end
end
diff --git a/libraries/google_service_account_keys.rb b/libraries/google_service_account_keys.rb
index d9e1f41ac..04c629a23 100644
--- a/libraries/google_service_account_keys.rb
+++ b/libraries/google_service_account_keys.rb
@@ -1,44 +1,102 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class IAMServiceAccountKeys < GcpResourceBase
+ name 'google_service_account_keys'
+ desc 'ServiceAccountKey plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleServiceAccountKeys < GcpResourceBase
- name 'google_service_account_keys'
- desc 'Verifies settings for GCP service account keys in bulk'
+ attr_reader :table
- example "
- describe google_service_account_keys(service_account: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @service_account = opts[:service_account]
- end
+ filter_table_config.add(:key_names, field: :key_name)
+ filter_table_config.add(:private_key_types, field: :private_key_type)
+ filter_table_config.add(:key_algorithms, field: :key_algorithm)
+ filter_table_config.add(:private_key_data, field: :private_key_data)
+ filter_table_config.add(:public_key_data, field: :public_key_data)
+ filter_table_config.add(:valid_after_times, field: :valid_after_time)
+ filter_table_config.add(:valid_before_times, field: :valid_before_time)
+ filter_table_config.add(:key_types, field: :key_type)
+ filter_table_config.add(:service_accounts, field: :service_account)
+ filter_table_config.add(:paths, field: :path)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:key_names, field: :key_name)
- filter_table_config.add(:valid_after_times, field: :valid_after_time)
- filter_table_config.add(:valid_before_times, field: :valid_before_time)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- account_key_rows = []
- catch_gcp_errors do
- # no pagination in the service API
- @service_account_keys = @gcp.gcp_iam_client.list_project_service_account_keys(@service_account)
- end
- return [] if !@service_account_keys || !@service_account_keys.keys
- @service_account_keys.keys.map do |sa_key|
- account_key_rows+=[{ key_name: sa_key.name,
- valid_after_time: Time.parse(sa_key.valid_after_time),
- valid_before_time: Time.parse(sa_key.valid_before_time) }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('serviceAccountKeys')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
end
- @table = account_key_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :key_name, obj['name'] },
+ 'privateKeyType' => ->(obj) { return :private_key_type, obj['privateKeyType'] },
+ 'keyAlgorithm' => ->(obj) { return :key_algorithm, obj['keyAlgorithm'] },
+ 'privateKeyData' => ->(obj) { return :private_key_data, obj['privateKeyData'] },
+ 'publicKeyData' => ->(obj) { return :public_key_data, obj['publicKeyData'] },
+ 'validAfterTime' => ->(obj) { return :valid_after_time, parse_time_string(obj['validAfterTime']) },
+ 'validBeforeTime' => ->(obj) { return :valid_before_time, parse_time_string(obj['validBeforeTime']) },
+ 'keyType' => ->(obj) { return :key_type, obj['keyType'] },
+ 'serviceAccount' => ->(obj) { return :service_account, obj['serviceAccount'] },
+ 'path' => ->(obj) { return :path, obj['path'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://iam.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/serviceAccounts/{{service_account}}/keys'
end
end
diff --git a/libraries/google_service_accounts.rb b/libraries/google_service_accounts.rb
index 94268ea8b..54e24734c 100644
--- a/libraries/google_service_accounts.rb
+++ b/libraries/google_service_accounts.rb
@@ -1,50 +1,89 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class IAMServiceAccounts < GcpResourceBase
+ name 'google_service_accounts'
+ desc 'ServiceAccount plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleServiceAccounts < GcpResourceBase
- name 'google_service_accounts'
- desc 'Verifies settings for GCP compute service accounts in bulk'
+ attr_reader :table
- example "
- describe google_service_accounts(project: 'chef-inspec-gcp') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- end
+ filter_table_config.add(:service_account_names, field: :service_account_name)
+ filter_table_config.add(:project_ids, field: :project_id)
+ filter_table_config.add(:service_account_ids, field: :service_account_id)
+ filter_table_config.add(:service_account_emails, field: :service_account_email)
+ filter_table_config.add(:service_account_display_names, field: :service_account_display_name)
+ filter_table_config.add(:oauth2_client_ids, field: :oauth2_client_id)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:service_account_ids, field: :service_account_id)
- filter_table_config.add(:service_account_names, field: :service_account_name)
- filter_table_config.add(:service_account_display_names, field: :service_account_display_name)
- filter_table_config.add(:service_account_emails, field: :service_account_email)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- service_account_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @service_accounts = @gcp.gcp_iam_client.list_project_service_accounts("projects/#{@project}", page_token: next_page)
- end
- return [] if !@service_accounts || !@service_accounts.accounts
- @service_accounts.accounts.map do |service_account|
- service_account_rows+=[{ service_account_id: service_account.unique_id,
- service_account_name: service_account.name,
- service_account_display_name: service_account.display_name,
- service_account_email: service_account.email }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('accounts')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @service_accounts.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = service_account_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'name' => ->(obj) { return :service_account_name, obj['name'] },
+ 'projectId' => ->(obj) { return :project_id, obj['projectId'] },
+ 'uniqueId' => ->(obj) { return :service_account_id, obj['uniqueId'] },
+ 'email' => ->(obj) { return :service_account_email, obj['email'] },
+ 'displayName' => ->(obj) { return :service_account_display_name, obj['displayName'] },
+ 'oauth2ClientId' => ->(obj) { return :oauth2_client_id, obj['oauth2ClientId'] },
+ }
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://iam.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/serviceAccounts'
end
end
diff --git a/libraries/google_sourcerepo_repositories.rb b/libraries/google_sourcerepo_repositories.rb
index e589c80e2..3fe360ecb 100644
--- a/libraries/google_sourcerepo_repositories.rb
+++ b/libraries/google_sourcerepo_repositories.rb
@@ -73,14 +73,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://sourcerepo.googleapis.com/v1/'
end
diff --git a/libraries/google_sourcerepo_repository.rb b/libraries/google_sourcerepo_repository.rb
index 665d706df..20312eafc 100644
--- a/libraries/google_sourcerepo_repository.rb
+++ b/libraries/google_sourcerepo_repository.rb
@@ -31,7 +31,7 @@ class SourceRepoRepository < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -42,11 +42,6 @@ def parse
@pubsub_configs = @fetched['pubsubConfigs']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -57,7 +52,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://sourcerepo.googleapis.com/v1/'
end
diff --git a/libraries/google_spanner_database.rb b/libraries/google_spanner_database.rb
index 1e91e8e79..bf893bbdf 100644
--- a/libraries/google_spanner_database.rb
+++ b/libraries/google_spanner_database.rb
@@ -28,7 +28,7 @@ class SpannerDatabase < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -37,11 +37,6 @@ def parse
@instance = @fetched['instance']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -52,7 +47,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://spanner.googleapis.com/v1/'
end
diff --git a/libraries/google_spanner_databases.rb b/libraries/google_spanner_databases.rb
index dd6d01337..58a3874b2 100644
--- a/libraries/google_spanner_databases.rb
+++ b/libraries/google_spanner_databases.rb
@@ -69,14 +69,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://spanner.googleapis.com/v1/'
end
diff --git a/libraries/google_spanner_instance.rb b/libraries/google_spanner_instance.rb
index 7066a3620..e55e886de 100644
--- a/libraries/google_spanner_instance.rb
+++ b/libraries/google_spanner_instance.rb
@@ -31,7 +31,7 @@ class SpannerInstance < GcpResourceBase
def initialize(params)
super(params.merge({ use_http_transport: true }))
@params = params
- @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
parse unless @fetched.nil?
end
@@ -43,11 +43,6 @@ def parse
@labels = @fetched['labels']
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
def exists?
!@fetched.nil?
end
@@ -58,7 +53,7 @@ def to_s
private
- def product_url
+ def product_url(_ = nil)
'https://spanner.googleapis.com/v1/'
end
diff --git a/libraries/google_spanner_instance_iam_binding.rb b/libraries/google_spanner_instance_iam_binding.rb
new file mode 100644
index 000000000..2e8dc0b89
--- /dev/null
+++ b/libraries/google_spanner_instance_iam_binding.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Spanner IAM Binding resources.
+class InstanceIamBinding < GcpResourceBase
+ name 'google_spanner_instance_iam_binding'
+ desc 'Instance Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
+ end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
+ end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Instance IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://spanner.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/instances/{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_spanner_instance_iam_policy.rb b/libraries/google_spanner_instance_iam_policy.rb
index ae5980622..a70177897 100644
--- a/libraries/google_spanner_instance_iam_policy.rb
+++ b/libraries/google_spanner_instance_iam_policy.rb
@@ -47,6 +47,14 @@ def to_s
"Instance IamPolicy #{@params[:name]}"
end
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
private
def product_url
diff --git a/libraries/google_spanner_instances.rb b/libraries/google_spanner_instances.rb
index 11036bfdf..f80abb030 100644
--- a/libraries/google_spanner_instances.rb
+++ b/libraries/google_spanner_instances.rb
@@ -75,14 +75,9 @@ def transformers
}
end
- # Handles parsing RFC3339 time string
- def parse_time_string(time_string)
- time_string ? Time.parse(time_string) : nil
- end
-
private
- def product_url
+ def product_url(_ = nil)
'https://spanner.googleapis.com/v1/'
end
diff --git a/libraries/google_sql_database_instance.rb b/libraries/google_sql_database_instance.rb
index 31e5e459b..9ff53c023 100644
--- a/libraries/google_sql_database_instance.rb
+++ b/libraries/google_sql_database_instance.rb
@@ -1,52 +1,108 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'google/apis/sqladmin_v1beta4'
-
-module Inspec::Resources
- class GoogleCloudSqlDatabaseInstance < GcpResourceBase
- name 'google_sql_database_instance'
- desc 'Verifies settings for a GCP Cloud SQL Database instance'
-
- example "
- describe google_sql_database_instance(project: 'chef-inspec-gcp', database: 'my-database') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:database]
- catch_gcp_errors do
- @database = @gcp.gcp_client(Google::Apis::SqladminV1beta4::SQLAdminService).get_instance(opts[:project], opts[:database])
- create_resource_methods(@database)
- end
- end
-
- def exists?
- !@database.nil?
- end
-
- def has_ip_configuration_require_ssl?
- return false if !defined?(@database.settings.ip_configuration.require_ssl)
- return false if @database.settings.ip_configuration.require_ssl.nil?
- return true if @database.settings.ip_configuration.require_ssl.to_s.casecmp('true').zero?
- false
- end
-
- def authorized_networks
- return [] if !defined?(@database.settings.ip_configuration.authorized_networks) || @database.settings.ip_configuration.authorized_networks.nil?
- @database.settings.ip_configuration.authorized_networks.map(&:value)
- end
-
- def primary_ip_address
- return '' if !defined?(@database.ip_addresses[0].ip_address) || @database.ip_addresses[0].ip_address.nil?
- @database.ip_addresses[0].ip_address
- end
-
- def to_s
- "Database #{@display_name}"
- end
+require 'google/sql/property/databaseinstance_failover_replica'
+require 'google/sql/property/databaseinstance_ip_addresses'
+require 'google/sql/property/databaseinstance_replica_configuration'
+require 'google/sql/property/databaseinstance_replica_configuration_mysql_replica_configuration'
+require 'google/sql/property/databaseinstance_settings'
+require 'google/sql/property/databaseinstance_settings_backup_configuration'
+require 'google/sql/property/databaseinstance_settings_database_flags'
+require 'google/sql/property/databaseinstance_settings_ip_configuration'
+require 'google/sql/property/databaseinstance_settings_ip_configuration_authorized_networks'
+
+# A provider to manage Cloud SQL resources.
+class SQLDatabaseInstance < GcpResourceBase
+ name 'google_sql_database_instance'
+ desc 'DatabaseInstance'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :backend_type
+ attr_reader :connection_name
+ attr_reader :database_version
+ attr_reader :failover_replica
+ attr_reader :instance_type
+ attr_reader :ip_addresses
+ attr_reader :ipv6_address
+ attr_reader :master_instance_name
+ attr_reader :max_disk_size
+ attr_reader :name
+ attr_reader :region
+ attr_reader :replica_configuration
+ attr_reader :settings
+ attr_reader :gce_zone
+ attr_reader :state
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @backend_type = @fetched['backendType']
+ @connection_name = @fetched['connectionName']
+ @database_version = @fetched['databaseVersion']
+ @failover_replica = GoogleInSpec::SQL::Property::DatabaseInstanceFailoverReplica.new(@fetched['failoverReplica'], to_s)
+ @instance_type = @fetched['instanceType']
+ @ip_addresses = GoogleInSpec::SQL::Property::DatabaseInstanceIpAddressesArray.parse(@fetched['ipAddresses'], to_s)
+ @ipv6_address = @fetched['ipv6Address']
+ @master_instance_name = @fetched['masterInstanceName']
+ @max_disk_size = @fetched['maxDiskSize']
+ @name = @fetched['name']
+ @region = @fetched['region']
+ @replica_configuration = GoogleInSpec::SQL::Property::DatabaseInstanceReplicaConfiguration.new(@fetched['replicaConfiguration'], to_s)
+ @settings = GoogleInSpec::SQL::Property::DatabaseInstanceSettings.new(@fetched['settings'], to_s)
+ @gce_zone = @fetched['gceZone']
+ @state = @fetched['state']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "DatabaseInstance #{@params[:database]}"
+ end
+
+ def has_ip_configuration_require_ssl?
+ return false if @settings&.ip_configuration&.require_ssl.nil?
+ return true if @settings.ip_configuration.require_ssl.to_s.casecmp('true').zero?
+ false
+ end
+
+ def authorized_networks
+ return [] if @settings&.ip_configuration&.authorized_networks.nil?
+ @database.settings.ip_configuration.authorized_networks.map(&:value)
+ end
+
+ def primary_ip_address
+ return '' if !@ip_addresses.size.zero? || @ip_addresses[0].ip_address.nil?
+ @ip_addresses[0].ip_address
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/sql/v1beta4/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/instances/{{database}}'
end
end
diff --git a/libraries/google_sql_database_instances.rb b/libraries/google_sql_database_instances.rb
index 72871cc56..8ca45d9d5 100644
--- a/libraries/google_sql_database_instances.rb
+++ b/libraries/google_sql_database_instances.rb
@@ -1,46 +1,107 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class SQLDatabaseInstances < GcpResourceBase
+ name 'google_sql_database_instances'
+ desc 'DatabaseInstance plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleCloudSqlDatabaseInstances < GcpResourceBase
- name 'google_sql_database_instances'
- desc 'Verifies settings for GCP Cloud SQL Database instances in bulk'
+ attr_reader :table
- example "
- describe google_sql_database_instances(project: 'chef-inspec-gcp') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- end
+ filter_table_config.add(:backend_types, field: :backend_type)
+ filter_table_config.add(:connection_names, field: :connection_name)
+ filter_table_config.add(:instance_versions, field: :instance_version)
+ filter_table_config.add(:failover_replicas, field: :failover_replica)
+ filter_table_config.add(:instance_types, field: :instance_type)
+ filter_table_config.add(:ip_addresses, field: :ip_addresses)
+ filter_table_config.add(:ipv6_addresses, field: :ipv6_address)
+ filter_table_config.add(:master_instance_names, field: :master_instance_name)
+ filter_table_config.add(:max_disk_sizes, field: :max_disk_size)
+ filter_table_config.add(:instance_names, field: :instance_name)
+ filter_table_config.add(:instance_regions, field: :instance_region)
+ filter_table_config.add(:replica_configurations, field: :replica_configuration)
+ filter_table_config.add(:settings, field: :settings)
+ filter_table_config.add(:instance_zones, field: :instance_zone)
+ filter_table_config.add(:instance_states, field: :instance_state)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:instance_names, field: :instance_name)
- filter_table_config.add(:instance_versions, field: :instance_version)
- filter_table_config.add(:instance_regions, field: :instance_region)
- filter_table_config.add(:instance_zones, field: :instance_zone)
- filter_table_config.add(:instance_states, field: :instance_state)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- instance_rows = []
- catch_gcp_errors do
- @databases = @gcp.gcp_client(Google::Apis::SqladminV1beta4::SQLAdminService).list_instances(opts[:project])
- end
- return [] if !@databases || !@databases.items
- @databases.items.map do |instance|
- instance_rows+=[{ instance_name: instance.name,
- instance_version: instance.database_version,
- instance_region: instance.region,
- instance_zone: instance.gce_zone,
- instance_state: instance.state }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
end
- @databases = instance_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'backendType' => ->(obj) { return :backend_type, obj['backendType'] },
+ 'connectionName' => ->(obj) { return :connection_name, obj['connectionName'] },
+ 'databaseVersion' => ->(obj) { return :instance_version, obj['databaseVersion'] },
+ 'failoverReplica' => ->(obj) { return :failover_replica, GoogleInSpec::SQL::Property::DatabaseInstanceFailoverReplica.new(obj['failoverReplica'], to_s) },
+ 'instanceType' => ->(obj) { return :instance_type, obj['instanceType'] },
+ 'ipAddresses' => ->(obj) { return :ip_addresses, GoogleInSpec::SQL::Property::DatabaseInstanceIpAddressesArray.parse(obj['ipAddresses'], to_s) },
+ 'ipv6Address' => ->(obj) { return :ipv6_address, obj['ipv6Address'] },
+ 'masterInstanceName' => ->(obj) { return :master_instance_name, obj['masterInstanceName'] },
+ 'maxDiskSize' => ->(obj) { return :max_disk_size, obj['maxDiskSize'] },
+ 'name' => ->(obj) { return :instance_name, obj['name'] },
+ 'region' => ->(obj) { return :instance_region, obj['region'] },
+ 'replicaConfiguration' => ->(obj) { return :replica_configuration, GoogleInSpec::SQL::Property::DatabaseInstanceReplicaConfiguration.new(obj['replicaConfiguration'], to_s) },
+ 'settings' => ->(obj) { return :settings, GoogleInSpec::SQL::Property::DatabaseInstanceSettings.new(obj['settings'], to_s) },
+ 'gceZone' => ->(obj) { return :instance_zone, obj['gceZone'] },
+ 'state' => ->(obj) { return :instance_state, obj['state'] },
+ }
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/sql/v1beta4/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/instances'
end
end
diff --git a/libraries/google_sql_user.rb b/libraries/google_sql_user.rb
new file mode 100644
index 000000000..ce2b57daf
--- /dev/null
+++ b/libraries/google_sql_user.rb
@@ -0,0 +1,74 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+
+# A provider to manage Cloud SQL resources.
+class SQLUser < GcpResourceBase
+ name 'google_sql_user'
+ desc 'User'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :host
+ attr_reader :name
+ attr_reader :instance
+ attr_reader :password
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ @fetched = unwrap(fetched, params)
+ parse unless @fetched.nil?
+ end
+
+ def identity
+ %w{name host}
+ end
+
+ def collection_item
+ 'items'
+ end
+
+ def unwrap(fetched, params)
+ fetched[collection_item].find { |result| identity.all? { |id| result[id] == params[id.to_sym] } }
+ end
+
+ def parse
+ @host = @fetched['host']
+ @name = @fetched['name']
+ @instance = @fetched['instance']
+ @password = @fetched['password']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "User #{@params[:database]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/sql/v1beta4/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/instances/{{database}}/users'
+ end
+end
diff --git a/libraries/google_sql_users.rb b/libraries/google_sql_users.rb
index 437cec101..71ddbdb2d 100644
--- a/libraries/google_sql_users.rb
+++ b/libraries/google_sql_users.rb
@@ -1,42 +1,85 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class SQLUsers < GcpResourceBase
+ name 'google_sql_users'
+ desc 'User plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleCloudSqlUsers < GcpResourceBase
- name 'google_sql_users'
- desc 'Verifies settings for GCP Cloud SQL Database users in bulk'
+ attr_reader :table
- example "
- describe google_sql_users(project: 'chef-inspec-gcp', database: 'database') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- end
+ filter_table_config.add(:user_hosts, field: :user_host)
+ filter_table_config.add(:user_names, field: :user_name)
+ filter_table_config.add(:user_instances, field: :user_instance)
+ filter_table_config.add(:passwords, field: :password)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:user_names, field: :user_name)
- filter_table_config.add(:user_hosts, field: :user_host)
- filter_table_config.add(:user_instances, field: :user_instance)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- user_rows = []
- catch_gcp_errors do
- @users = @gcp.gcp_client(Google::Apis::SqladminV1beta4::SQLAdminService).list_users(opts[:project], opts[:database])
- end
- return [] if !@users || !@users.items
- @users.items.map do |user|
- user_rows+=[{ user_name: user.name,
- user_host: user.host,
- user_instance: user.instance }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
+ end
+ converted.push(hash_with_symbols)
end
- @users = user_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'host' => ->(obj) { return :user_host, obj['host'] },
+ 'name' => ->(obj) { return :user_name, obj['name'] },
+ 'instance' => ->(obj) { return :user_instance, obj['instance'] },
+ 'password' => ->(obj) { return :password, obj['password'] },
+ }
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/sql/v1beta4/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/instances/{{database}}/users'
end
end
diff --git a/libraries/google_storage_bucket.rb b/libraries/google_storage_bucket.rb
index 1f3c7f1f0..ffe317324 100644
--- a/libraries/google_storage_bucket.rb
+++ b/libraries/google_storage_bucket.rb
@@ -1,48 +1,105 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/storage/property/bucket_acl'
+require 'google/storage/property/bucket_cors'
+require 'google/storage/property/bucket_default_object_acl'
+require 'google/storage/property/bucket_lifecycle'
+require 'google/storage/property/bucket_lifecycle_rule'
+require 'google/storage/property/bucket_logging'
+require 'google/storage/property/bucket_owner'
+require 'google/storage/property/bucket_versioning'
+require 'google/storage/property/bucket_website'
-module Inspec::Resources
- class GoogleStorageBucket < GcpResourceBase
- name 'google_storage_bucket'
- desc 'Verifies settings for a bucket'
-
- example "
- describe google_storage_bucket(name: 'inspec-test-bucket') do
- it { should exist }
- its('storage_class') { should eq 'REGIONAL' }
- its('location') { should eq 'US-CENTRAL1' }
- its('lifecycle') { should eq 'enabled' }
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @bucket = @gcp.gcp_storage_client.get_bucket(opts[:name])
- create_resource_methods(@bucket)
- end
- end
-
- def exists?
- !@bucket.nil?
- end
-
- def has_versioning_enabled?
- return false if !defined?(@bucket.versioning)
- return false if @bucket.versioning.nil?
- @bucket.versioning.enabled
- end
-
- def has_logging_enabled?
- return false if !defined?(@bucket.logging)
- return false if @bucket.logging.nil?
- true
- end
-
- def to_s
- "Bucket #{@display_name}"
- end
+# A provider to manage Cloud Storage resources.
+class StorageBucket < GcpResourceBase
+ name 'google_storage_bucket'
+ desc 'Bucket'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :acl
+ attr_reader :cors
+ attr_reader :default_event_based_hold
+ attr_reader :default_object_acl
+ attr_reader :id
+ attr_reader :lifecycle
+ attr_reader :location
+ attr_reader :logging
+ attr_reader :metageneration
+ attr_reader :name
+ attr_reader :owner
+ attr_reader :project_number
+ attr_reader :storage_class
+ attr_reader :time_created
+ attr_reader :updated
+ attr_reader :versioning
+ attr_reader :website
+ attr_reader :project
+ attr_reader :predefined_default_object_acl
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @acl = GoogleInSpec::Storage::Property::BucketAclArray.parse(@fetched['acl'], to_s)
+ @cors = GoogleInSpec::Storage::Property::BucketCorsArray.parse(@fetched['cors'], to_s)
+ @default_event_based_hold = @fetched['defaultEventBasedHold']
+ @default_object_acl = GoogleInSpec::Storage::Property::BucketDefaultObjectAclArray.parse(@fetched['defaultObjectAcl'], to_s)
+ @id = @fetched['id']
+ @lifecycle = GoogleInSpec::Storage::Property::BucketLifecycle.new(@fetched['lifecycle'], to_s)
+ @location = @fetched['location']
+ @logging = GoogleInSpec::Storage::Property::BucketLogging.new(@fetched['logging'], to_s)
+ @metageneration = @fetched['metageneration']
+ @name = @fetched['name']
+ @owner = GoogleInSpec::Storage::Property::BucketOwner.new(@fetched['owner'], to_s)
+ @project_number = @fetched['projectNumber']
+ @storage_class = @fetched['storageClass']
+ @time_created = parse_time_string(@fetched['timeCreated'])
+ @updated = parse_time_string(@fetched['updated'])
+ @versioning = GoogleInSpec::Storage::Property::BucketVersioning.new(@fetched['versioning'], to_s)
+ @website = GoogleInSpec::Storage::Property::BucketWebsite.new(@fetched['website'], to_s)
+ @project = @fetched['project']
+ @predefined_default_object_acl = @fetched['predefinedDefaultObjectAcl']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Bucket #{@params[:name]}"
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{name}}?projection=full'
end
end
diff --git a/libraries/google_storage_bucket_acl.rb b/libraries/google_storage_bucket_acl.rb
index 53b57245b..a86007b1d 100644
--- a/libraries/google_storage_bucket_acl.rb
+++ b/libraries/google_storage_bucket_acl.rb
@@ -1,41 +1,72 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/storage/property/bucketacl_project_team'
-module Inspec::Resources
- class GoogleStorageBucketAcl < GcpResourceBase
- name 'google_storage_bucket_acl'
- desc 'Verifies settings for a storage bucket ACL'
-
- example "
- describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @entity = opts[:entity]
- begin
- @acl = @gcp.gcp_storage_client.get_bucket_access_control(@bucket, @entity)
- create_resource_methods(@acl)
- # all non-existing entities raise a "Not Found" client error
- rescue Google::Apis::ClientError => e
- # re-raise the exception if the error is not "Not Found"
- raise e unless e.status_code == 404
- @acl = nil
- @error = JSON.parse(e.body)
- end
- end
-
- def exists?
- !@acl.nil?
- end
-
- def to_s
- "Storage Bucket ACL #{@bucket}"
- end
+# A provider to manage Cloud Storage resources.
+class StorageBucketACL < GcpResourceBase
+ name 'google_storage_bucket_acl'
+ desc 'BucketACL'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :domain
+ attr_reader :email
+ attr_reader :entity
+ attr_reader :entity_id
+ attr_reader :id
+ attr_reader :project_team
+ attr_reader :role
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @domain = @fetched['domain']
+ @email = @fetched['email']
+ @entity = @fetched['entity']
+ @entity_id = @fetched['entityId']
+ @id = @fetched['id']
+ @project_team = GoogleInSpec::Storage::Property::BucketACLProjectTeam.new(@fetched['projectTeam'], to_s)
+ @role = @fetched['role']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "BucketACL #{@params[:entity]}"
+ end
+
+ def bucket
+ @params[:bucket]
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/acl/{{entity}}'
end
end
diff --git a/libraries/google_storage_bucket_iam_binding.rb b/libraries/google_storage_bucket_iam_binding.rb
index 49de4b189..908f96c98 100644
--- a/libraries/google_storage_bucket_iam_binding.rb
+++ b/libraries/google_storage_bucket_iam_binding.rb
@@ -1,48 +1,84 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
-module Inspec::Resources
- class GoogleStorageBucketIamBinding < GcpResourceBase
- name 'google_storage_bucket_iam_binding'
- desc 'Verifies settings for a storage bucket IAM binding'
+# A provider to manage Cloud Storage IAM Binding resources.
+class BucketIamBinding < GcpResourceBase
+ name 'google_storage_bucket_iam_binding'
+ desc 'Bucket Iam Binding'
+ supports platform: 'gcp'
- example "
- describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz', role: 'roles/storage.objectViewer') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @role = opts[:role]
- @iam_binding_exists = false
- @members_list=[]
- catch_gcp_errors do
- # note this is the same call as for the plural iam_bindings resource because there isn't an easy way to pull out a singular binding
- @iam_bindings = @gcp.gcp_storage_client.get_bucket_iam_policy(@bucket)
- raise Inspec::Exceptions::ResourceFailed, "google_storage_bucket_iam_binding is missing expected IAM policy 'bindings' property" if !@iam_bindings || !@iam_bindings.bindings
- @iam_bindings.bindings.each do |binding|
- next if binding.role != @role
- @iam_binding_exists=true
- @members_list=binding.members
+ attr_reader :params
+
+ attr_reader :condition
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ if params[:condition]
+ # Control defines a condition, match via this condition
+ condition = params[:condition]
+ if condition[:title] && condition[:title] != binding&.condition&.title
+ next
end
+ if condition[:description] && condition[:description] != binding&.condition&.description
+ next
+ end
+ if condition[:expression] && condition[:expression] != binding&.condition&.expression
+ next
+ end
+ else
+ # No condition defined in control, skip any binding with a condition
+ next unless binding.condition.title.nil? && binding.condition.description.nil? && binding.condition.expression.nil?
end
+ @members_list = binding.members
+ @condition = binding.condition
+ @iam_binding_exists = true
end
+ end
- # return the list of users corresponding to the role
- def members
- @members_list
- end
+ def exists?
+ @iam_binding_exists
+ end
- def exists?
- @iam_binding_exists
- end
+ def members
+ @members_list
+ end
- def to_s
- "Storage Bucket IAM Binding #{@role}"
- end
+ def to_s
+ "Bucket IamBinding #{@params[:bucket]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/iam'
end
end
diff --git a/libraries/google_storage_bucket_iam_policy.rb b/libraries/google_storage_bucket_iam_policy.rb
new file mode 100644
index 000000000..9322ee8ca
--- /dev/null
+++ b/libraries/google_storage_bucket_iam_policy.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_audit_configs'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Storage IAM Policy resources.
+class BucketIamPolicy < GcpResourceBase
+ name 'google_storage_bucket_iam_policy'
+ desc 'Bucket Iam Policy'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :bindings
+ attr_reader :audit_configs
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s)
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Bucket IamPolicy #{@params[:bucket]}"
+ end
+
+ def iam_binding_roles
+ @bindings.map(&:role)
+ end
+
+ def count
+ @bindings.size
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/iam'
+ end
+end
diff --git a/libraries/google_storage_bucket_object.rb b/libraries/google_storage_bucket_object.rb
index 8477ba338..9a6522463 100644
--- a/libraries/google_storage_bucket_object.rb
+++ b/libraries/google_storage_bucket_object.rb
@@ -1,53 +1,98 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'time'
-
-module Inspec::Resources
- class GoogleStorageBucketObject < GcpResourceBase
- name 'google_storage_bucket_object'
- desc 'Verifies settings for a storage bucket object'
-
- example "
- describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
- it { should exist }
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @object = opts[:object]
- catch_gcp_errors do
- @bucket_object = @gcp.gcp_storage_client.get_object(@bucket, @object)
- @time_created = @bucket_object.time_created
- @time_updated = @bucket_object.updated
- @time_class_updated = @bucket_object.time_storage_class_updated
- create_resource_methods(@bucket_object)
- end
- end
-
- def updated_date
- return false if !defined?(@time_updated) || @time_updated.nil?
- Time.parse(@time_updated.to_s)
- end
-
- def time_storage_class_updated_date
- return false if !defined?(@time_class_updated) || @time_class_updated.nil?
- Time.parse(@time_class_updated.to_s)
- end
-
- def time_created_date
- return false if !defined?(@time_created) || @time_created.nil?
- Time.parse(@time_created.to_s)
- end
-
- def exists?
- !@bucket_object.nil?
- end
-
- def to_s
- "Bucket object #{@bucket}/#{@object}"
- end
+
+# A provider to manage Cloud Storage resources.
+class StorageBucketObject < GcpResourceBase
+ name 'google_storage_bucket_object'
+ desc 'BucketObject'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :bucket
+ attr_reader :object
+ attr_reader :content_type
+ attr_reader :crc32c
+ attr_reader :etag
+ attr_reader :generation
+ attr_reader :id
+ attr_reader :md5_hash
+ attr_reader :media_link
+ attr_reader :metageneration
+ attr_reader :name
+ attr_reader :size
+ attr_reader :storage_class
+ attr_reader :time_created
+ attr_reader :time_deleted
+ attr_reader :time_storage_class_updated
+ attr_reader :time_updated
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bucket = @fetched['bucket']
+ @object = @fetched['object']
+ @content_type = @fetched['contentType']
+ @crc32c = @fetched['crc32c']
+ @etag = @fetched['etag']
+ @generation = @fetched['generation']
+ @id = @fetched['id']
+ @md5_hash = @fetched['md5Hash']
+ @media_link = @fetched['mediaLink']
+ @metageneration = @fetched['metageneration']
+ @name = @fetched['name']
+ @size = @fetched['size']
+ @storage_class = @fetched['storageClass']
+ @time_created = parse_time_string(@fetched['timeCreated'])
+ @time_deleted = parse_time_string(@fetched['timeDeleted'])
+ @time_storage_class_updated = parse_time_string(@fetched['timeStorageClassUpdated'])
+ @time_updated = parse_time_string(@fetched['updated'])
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "BucketObject #{@params[:object]}"
+ end
+
+ # rubocop:disable Lint/DuplicateMethods
+ def size
+ @size&.to_i
+ end
+ # rubocop:enable Lint/DuplicateMethods
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/o/{{object}}'
end
end
diff --git a/libraries/google_storage_bucket_objects.rb b/libraries/google_storage_bucket_objects.rb
index 8a03233c6..8975c9c42 100644
--- a/libraries/google_storage_bucket_objects.rb
+++ b/libraries/google_storage_bucket_objects.rb
@@ -1,48 +1,116 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class StorageBucketObjects < GcpResourceBase
+ name 'google_storage_bucket_objects'
+ desc 'BucketObject plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleStorageBucketObjects < GcpResourceBase
- name 'google_storage_bucket_objects'
- desc 'Verifies settings for GCP storage bucket objects in bulk'
+ attr_reader :table
- example "
- describe google_storage_bucket_objects(bucket: 'bucket-name') do
- it { should exist }
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- end
+ filter_table_config.add(:object_buckets, field: :object_bucket)
+ filter_table_config.add(:objects, field: :object)
+ filter_table_config.add(:content_types, field: :content_type)
+ filter_table_config.add(:crc32cs, field: :crc32c)
+ filter_table_config.add(:etags, field: :etag)
+ filter_table_config.add(:generations, field: :generation)
+ filter_table_config.add(:ids, field: :id)
+ filter_table_config.add(:md5_hashes, field: :md5_hash)
+ filter_table_config.add(:media_links, field: :media_link)
+ filter_table_config.add(:metagenerations, field: :metageneration)
+ filter_table_config.add(:object_names, field: :object_name)
+ filter_table_config.add(:sizes, field: :size)
+ filter_table_config.add(:storage_classes, field: :storage_class)
+ filter_table_config.add(:object_created_times, field: :object_created_times)
+ filter_table_config.add(:time_deleteds, field: :time_deleted)
+ filter_table_config.add(:time_storage_class_updateds, field: :time_storage_class_updated)
+ filter_table_config.add(:time_updateds, field: :time_updated)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:object_names, field: :object_name)
- filter_table_config.add(:object_buckets, field: :object_bucket)
- filter_table_config.add(:object_created_times, field: :object_created_time)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- bucket_object_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @bucket_objects = @gcp.gcp_storage_client.list_objects(@bucket, page_token: next_page)
- end
- return [] if !@bucket_objects || !@bucket_objects.items
- @bucket_objects.items.map do |object|
- bucket_object_rows+=[{ object_name: object.name,
- object_bucket: object.bucket,
- object_created_time: Time.parse(object.time_created.to_s) }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @bucket_objects.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = bucket_object_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'bucket' => ->(obj) { return :object_bucket, obj['bucket'] },
+ 'object' => ->(obj) { return :object, obj['object'] },
+ 'contentType' => ->(obj) { return :content_type, obj['contentType'] },
+ 'crc32c' => ->(obj) { return :crc32c, obj['crc32c'] },
+ 'etag' => ->(obj) { return :etag, obj['etag'] },
+ 'generation' => ->(obj) { return :generation, obj['generation'] },
+ 'id' => ->(obj) { return :id, obj['id'] },
+ 'md5Hash' => ->(obj) { return :md5_hash, obj['md5Hash'] },
+ 'mediaLink' => ->(obj) { return :media_link, obj['mediaLink'] },
+ 'metageneration' => ->(obj) { return :metageneration, obj['metageneration'] },
+ 'name' => ->(obj) { return :object_name, obj['name'] },
+ 'size' => ->(obj) { return :size, obj['size'] },
+ 'storageClass' => ->(obj) { return :storage_class, obj['storageClass'] },
+ 'timeCreated' => ->(obj) { return :object_created_times, parse_time_string(obj['timeCreated']) },
+ 'timeDeleted' => ->(obj) { return :time_deleted, parse_time_string(obj['timeDeleted']) },
+ 'timeStorageClassUpdated' => ->(obj) { return :time_storage_class_updated, parse_time_string(obj['timeStorageClassUpdated']) },
+ 'updated' => ->(obj) { return :time_updated, parse_time_string(obj['updated']) },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/o'
end
end
diff --git a/libraries/google_storage_buckets.rb b/libraries/google_storage_buckets.rb
index 7970f951d..0291d984b 100644
--- a/libraries/google_storage_buckets.rb
+++ b/libraries/google_storage_buckets.rb
@@ -1,51 +1,120 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class StorageBuckets < GcpResourceBase
+ name 'google_storage_buckets'
+ desc 'Bucket plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleStorageBuckets < GcpResourceBase
- name 'google_storage_buckets'
- desc 'Verifies settings for GCP storage buckets in bulk'
+ attr_reader :table
- example "
- describe google_storage_buckets(project: 'chef-inspec-gcp') do
- it { should exist }
- ...
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- end
+ filter_table_config.add(:acls, field: :acl)
+ filter_table_config.add(:cors, field: :cors)
+ filter_table_config.add(:default_event_based_holds, field: :default_event_based_hold)
+ filter_table_config.add(:default_object_acls, field: :default_object_acl)
+ filter_table_config.add(:bucket_ids, field: :bucket_id)
+ filter_table_config.add(:lifecycles, field: :lifecycle)
+ filter_table_config.add(:bucket_locations, field: :bucket_location)
+ filter_table_config.add(:loggings, field: :logging)
+ filter_table_config.add(:metagenerations, field: :metageneration)
+ filter_table_config.add(:bucket_names, field: :bucket_name)
+ filter_table_config.add(:owners, field: :owner)
+ filter_table_config.add(:bucket_project_numbers, field: :bucket_project_number)
+ filter_table_config.add(:storage_classes, field: :storage_class)
+ filter_table_config.add(:time_createds, field: :time_created)
+ filter_table_config.add(:updateds, field: :updated)
+ filter_table_config.add(:versionings, field: :versioning)
+ filter_table_config.add(:websites, field: :website)
+ filter_table_config.add(:projects, field: :project)
+ filter_table_config.add(:predefined_default_object_acls, field: :predefined_default_object_acl)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:bucket_ids, field: :bucket_id)
- filter_table_config.add(:bucket_names, field: :bucket_name)
- filter_table_config.add(:bucket_project_numbers, field: :bucket_project_number)
- filter_table_config.add(:bucket_locations, field: :bucket_location)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- bucket_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @buckets = @gcp.gcp_storage_client.list_buckets(@project, page_token: next_page)
- end
- return [] if !@buckets || !@buckets.items
- @buckets.items.map do |bucket|
- bucket_rows+=[{ bucket_id: bucket.id,
- bucket_name: bucket.name,
- bucket_project_number: bucket.project_number,
- bucket_location: bucket.location }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @buckets.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = bucket_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'acl' => ->(obj) { return :acl, GoogleInSpec::Storage::Property::BucketAclArray.parse(obj['acl'], to_s) },
+ 'cors' => ->(obj) { return :cors, GoogleInSpec::Storage::Property::BucketCorsArray.parse(obj['cors'], to_s) },
+ 'defaultEventBasedHold' => ->(obj) { return :default_event_based_hold, obj['defaultEventBasedHold'] },
+ 'defaultObjectAcl' => ->(obj) { return :default_object_acl, GoogleInSpec::Storage::Property::BucketDefaultObjectAclArray.parse(obj['defaultObjectAcl'], to_s) },
+ 'id' => ->(obj) { return :bucket_id, obj['id'] },
+ 'lifecycle' => ->(obj) { return :lifecycle, GoogleInSpec::Storage::Property::BucketLifecycle.new(obj['lifecycle'], to_s) },
+ 'location' => ->(obj) { return :bucket_location, obj['location'] },
+ 'logging' => ->(obj) { return :logging, GoogleInSpec::Storage::Property::BucketLogging.new(obj['logging'], to_s) },
+ 'metageneration' => ->(obj) { return :metageneration, obj['metageneration'] },
+ 'name' => ->(obj) { return :bucket_name, obj['name'] },
+ 'owner' => ->(obj) { return :owner, GoogleInSpec::Storage::Property::BucketOwner.new(obj['owner'], to_s) },
+ 'projectNumber' => ->(obj) { return :bucket_project_number, obj['projectNumber'] },
+ 'storageClass' => ->(obj) { return :storage_class, obj['storageClass'] },
+ 'timeCreated' => ->(obj) { return :time_created, parse_time_string(obj['timeCreated']) },
+ 'updated' => ->(obj) { return :updated, parse_time_string(obj['updated']) },
+ 'versioning' => ->(obj) { return :versioning, GoogleInSpec::Storage::Property::BucketVersioning.new(obj['versioning'], to_s) },
+ 'website' => ->(obj) { return :website, GoogleInSpec::Storage::Property::BucketWebsite.new(obj['website'], to_s) },
+ 'project' => ->(obj) { return :project, obj['project'] },
+ 'predefinedDefaultObjectAcl' => ->(obj) { return :predefined_default_object_acl, obj['predefinedDefaultObjectAcl'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b?project={{project}}&projection=full'
end
end
diff --git a/libraries/google_storage_default_object_acl.rb b/libraries/google_storage_default_object_acl.rb
index 20aaff0be..0521a8cd0 100644
--- a/libraries/google_storage_default_object_acl.rb
+++ b/libraries/google_storage_default_object_acl.rb
@@ -1,41 +1,76 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/storage/property/defaultobjectacl_project_team'
-module Inspec::Resources
- class GoogleStorageDefaultObjectAcl < GcpResourceBase
- name 'google_storage_default_object_acl'
- desc 'Verifies settings for a storage default object ACL'
-
- example "
- describe google_storage_default_object_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @entity = opts[:entity]
- begin
- @acl = @gcp.gcp_storage_client.get_default_object_access_control(@bucket, @entity)
- create_resource_methods(@acl)
- # all non-existing entities raise a "Not Found" client error
- rescue Google::Apis::ClientError => e
- @acl=nil
- @error=JSON.parse(e.body)
- end
- end
-
- def exists?
- !@acl.nil?
- end
-
- attr_reader :error
-
- def to_s
- "Storage Default Object ACL #{@bucket} #{@entity}"
- end
+# A provider to manage Cloud Storage resources.
+class StorageDefaultObjectACL < GcpResourceBase
+ name 'google_storage_default_object_acl'
+ desc 'DefaultObjectACL'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :domain
+ attr_reader :email
+ attr_reader :entity
+ attr_reader :entity_id
+ attr_reader :generation
+ attr_reader :id
+ attr_reader :object
+ attr_reader :project_team
+ attr_reader :role
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @domain = @fetched['domain']
+ @email = @fetched['email']
+ @entity = @fetched['entity']
+ @entity_id = @fetched['entityId']
+ @generation = @fetched['generation']
+ @id = @fetched['id']
+ @object = @fetched['object']
+ @project_team = GoogleInSpec::Storage::Property::DefaultObjectACLProjectTeam.new(@fetched['projectTeam'], to_s)
+ @role = @fetched['role']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "DefaultObjectACL #{@params[:entity]}"
+ end
+
+ def bucket
+ @params[:bucket]
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/defaultObjectAcl/{{entity}}'
end
end
diff --git a/libraries/google_storage_object_acl.rb b/libraries/google_storage_object_acl.rb
index 8ea3b79ee..7d09ca8c2 100644
--- a/libraries/google_storage_object_acl.rb
+++ b/libraries/google_storage_object_acl.rb
@@ -1,43 +1,76 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'json'
-
-module Inspec::Resources
- class GoogleStorageObjectAcl < GcpResourceBase
- name 'google_storage_object_acl'
- desc 'Verifies settings for a storage object ACL'
-
- example "
- describe google_storage_object_acl(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @object = opts[:object]
- @entity = opts[:entity]
- begin
- @acl = @gcp.gcp_storage_client.get_object_access_control(@bucket, @object, @entity)
- create_resource_methods(@acl)
- # all non-existing entities raise a "Not Found" client error
- rescue Google::Apis::ClientError => e
- @acl=nil
- @error=JSON.parse(e.body)
- end
- end
-
- def exists?
- !@acl.nil?
- end
-
- attr_reader :error
-
- def to_s
- "Storage Object ACL #{@object} #{@entity}"
- end
+require 'google/storage/property/objectacl_project_team'
+
+# A provider to manage Cloud Storage resources.
+class StorageObjectACL < GcpResourceBase
+ name 'google_storage_object_acl'
+ desc 'ObjectACL'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :domain
+ attr_reader :email
+ attr_reader :entity
+ attr_reader :entity_id
+ attr_reader :generation
+ attr_reader :id
+ attr_reader :object
+ attr_reader :project_team
+ attr_reader :role
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @domain = @fetched['domain']
+ @email = @fetched['email']
+ @entity = @fetched['entity']
+ @entity_id = @fetched['entityId']
+ @generation = @fetched['generation']
+ @id = @fetched['id']
+ @object = @fetched['object']
+ @project_team = GoogleInSpec::Storage::Property::ObjectACLProjectTeam.new(@fetched['projectTeam'], to_s)
+ @role = @fetched['role']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "ObjectACL #{@params[:entity]}"
+ end
+
+ def bucket
+ @params[:bucket]
+ end
+
+ private
+
+ def product_url(_ = nil)
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/o/{{object}}/acl/{{entity}}'
end
end
diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf
index 166285561..887e9395f 100644
--- a/test/integration/build/gcp-mm.tf
+++ b/test/integration/build/gcp-mm.tf
@@ -1,156 +1,152 @@
variable "ssl_policy" {
- type = "map"
+ type = any
}
variable "topic" {
- type = "map"
+ type = any
}
variable "subscription" {
- type = "map"
+ type = any
}
variable "managed_zone" {
- type = "map"
+ type = any
}
variable "record_set" {
- type = "map"
+ type = any
}
variable "instance_group_manager" {
- type = "map"
+ type = any
}
variable "autoscaler" {
- type = "map"
+ type = any
}
variable "target_pool" {
- type = "map"
+ type = any
}
variable "trigger" {
- type = "map"
+ type = any
}
variable "health_check" {
- type = "map"
+ type = any
}
variable "backend_service" {
- type = "map"
+ type = any
}
variable "http_health_check" {
- type = "map"
+ type = any
}
variable "https_health_check" {
- type = "map"
+ type = any
}
variable "instance_template" {
- type = "map"
+ type = any
}
variable "global_address" {
- type = "map"
+ type = any
}
variable "url_map" {
- type = "map"
+ type = any
}
variable "http_proxy" {
- type = "map"
+ type = any
}
variable "global_forwarding_rule" {
- type = "map"
+ type = any
}
variable "target_tcp_proxy" {
- type = "map"
-}
-
-variable "regional_cluster" {
- type = "map"
+ type = any
}
variable "route" {
- type = "map"
+ type = any
}
variable "router" {
- type = "map"
+ type = any
}
variable "snapshot" {
- type = "map"
+ type = any
}
variable "https_proxy" {
- type = "map"
+ type = any
}
variable "ssl_certificate" {
- type = "map"
+ type = any
}
variable "dataset" {
- type = "map"
+ type = any
}
variable "bigquery_table" {
- type = "map"
+ type = any
}
variable "repository" {
- type = "map"
+ type = any
}
variable "folder" {
- type = "map"
+ type = any
}
variable "gcp_organization_id" {
- type = "string"
+ type = string
default = "none"
}
variable "cloudfunction" {
- type = "map"
+ type = any
}
variable "backend_bucket" {
- type = "map"
+ type = any
}
variable "gcp_cloud_function_region" {}
variable "regional_node_pool" {
- type = "map"
+ type = any
}
variable "region_backend_service_health_check" {
- type = "map"
+ type = any
}
variable "region_backend_service" {
- type = "map"
+ type = any
}
variable "org_sink" {
- type = "map"
+ type = any
}
variable "standardappversion" {
- type = "map"
+ type = any
}
variable "ml_model" {
- type = "map"
+ type = any
}
variable "dataproc_cluster" {
@@ -158,138 +154,140 @@ variable "dataproc_cluster" {
}
variable "folder_exclusion" {
- type = "map"
+ type = any
}
variable "filestore_instance" {
- type = "map"
+ type = any
}
variable "folder_sink" {
- type = "map"
+ type = any
}
variable "runtimeconfig_config" {
- type = "map"
+ type = any
}
variable "runtimeconfig_variable" {
- type = "map"
+ type = any
}
variable "redis" {
- type = "map"
+ type = any
}
variable "network_endpoint_group" {
- type = "map"
+ type = any
}
variable "node_template" {
- type = "map"
+ type = any
}
variable "node_group" {
- type = "map"
+ type = any
}
variable "router_nat" {
- type = "map"
+ type = any
}
variable "service" {
- type = "map"
+ type = any
}
variable "spannerinstance" {
- type = "map"
+ type = any
}
variable "spannerdatabase" {
- type = "map"
+ type = any
}
variable "scheduler_job" {
- type = "map"
+ type = any
}
resource "google_compute_ssl_policy" "custom-ssl-policy" {
- name = "${var.ssl_policy["name"]}"
- min_tls_version = "${var.ssl_policy["min_tls_version"]}"
- profile = "${var.ssl_policy["profile"]}"
- custom_features = ["${var.ssl_policy["custom_feature"]}", "${var.ssl_policy["custom_feature2"]}"]
- project = "${var.gcp_project_id}"
+ name = var.ssl_policy["name"]
+ min_tls_version = var.ssl_policy["min_tls_version"]
+ profile = var.ssl_policy["profile"]
+ custom_features = [var.ssl_policy["custom_feature"], var.ssl_policy["custom_feature2"]]
+ project = var.gcp_project_id
}
resource "google_pubsub_topic" "topic" {
- project = "${var.gcp_project_id}"
- name = "${var.topic["name"]}"
+ project = var.gcp_project_id
+ name = var.topic["name"]
}
resource "google_pubsub_subscription" "default" {
- project = "${var.gcp_project_id}"
- name = "${var.subscription["name"]}"
- topic = "${google_pubsub_topic.topic.name}"
- ack_deadline_seconds = "${var.subscription["ack_deadline_seconds"]}"
+ project = var.gcp_project_id
+ name = var.subscription["name"]
+ topic = google_pubsub_topic.topic.name
+ ack_deadline_seconds = var.subscription["ack_deadline_seconds"]
}
resource "google_dns_managed_zone" "prod" {
- name = "${var.managed_zone["name"]}"
- dns_name = "${var.managed_zone["dns_name"]}"
- description = "${var.managed_zone["description"]}"
+ name = var.managed_zone["name"]
+ dns_name = var.managed_zone["dns_name"]
+ description = var.managed_zone["description"]
labels = {
- key = "${var.managed_zone["label_value"]}"
+ key = var.managed_zone["label_value"]
}
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
}
resource "google_dns_record_set" "a" {
- name = "${var.record_set["name"]}"
- managed_zone = "${google_dns_managed_zone.prod.name}"
- type = "${var.record_set["type"]}"
- ttl = "${var.record_set["ttl"]}"
+ name = var.record_set["name"]
+ managed_zone = google_dns_managed_zone.prod.name
+ type = var.record_set["type"]
+ ttl = var.record_set["ttl"]
- rrdatas = ["${var.record_set["rrdatas1"]}", "${var.record_set["rrdatas2"]}"]
- project = "${var.gcp_project_id}"
+ rrdatas = [var.record_set["rrdatas1"], var.record_set["rrdatas2"]]
+ project = var.gcp_project_id
}
resource "google_compute_instance_group_manager" "gcp-inspec-igm" {
- project = "${var.gcp_project_id}"
- zone = "${var.gcp_zone}"
- name = "${var.instance_group_manager["name"]}"
- instance_template = "${google_compute_instance_template.default.self_link}"
- base_instance_name = "${var.instance_group_manager["base_instance_name"]}"
+ project = var.gcp_project_id
+ zone = var.gcp_zone
+ name = var.instance_group_manager["name"]
+ version {
+ instance_template = google_compute_instance_template.default.self_link
+ }
+ base_instance_name = var.instance_group_manager["base_instance_name"]
target_pools = []
target_size = 0
named_port {
- name = "${var.instance_group_manager["named_port_name"]}"
- port = "${var.instance_group_manager["named_port_port"]}"
+ name = var.instance_group_manager["named_port_name"]
+ port = var.instance_group_manager["named_port_port"]
}
}
resource "google_compute_autoscaler" "gcp-inspec-autoscaler" {
- project = "${var.gcp_project_id}"
- name = "${var.autoscaler["name"]}"
- zone = "${var.gcp_zone}"
- target = "${google_compute_instance_group_manager.gcp-inspec-igm.self_link}"
+ project = var.gcp_project_id
+ name = var.autoscaler["name"]
+ zone = var.gcp_zone
+ target = google_compute_instance_group_manager.gcp-inspec-igm.self_link
autoscaling_policy {
- max_replicas = "${var.autoscaler["max_replicas"]}"
- min_replicas = "${var.autoscaler["min_replicas"]}"
- cooldown_period = "${var.autoscaler["cooldown_period"]}"
+ max_replicas = var.autoscaler["max_replicas"]
+ min_replicas = var.autoscaler["min_replicas"]
+ cooldown_period = var.autoscaler["cooldown_period"]
cpu_utilization {
- target = "${var.autoscaler["cpu_utilization_target"]}"
+ target = var.autoscaler["cpu_utilization_target"]
}
}
}
resource "google_compute_target_pool" "gcp-inspec-target-pool" {
- project = "${var.gcp_project_id}"
- name = "${var.target_pool["name"]}"
- session_affinity = "${var.target_pool["session_affinity"]}"
+ project = var.gcp_project_id
+ name = var.target_pool["name"]
+ session_affinity = var.target_pool["session_affinity"]
instances = [
"${var.gcp_zone}/${var.gcp_ext_vm_name}",
@@ -299,230 +297,216 @@ resource "google_compute_target_pool" "gcp-inspec-target-pool" {
resource "google_cloudbuild_trigger" "gcp-inspec-cloudbuild-trigger" {
project = var.gcp_project_id
trigger_template {
- branch_name = "${var.trigger["trigger_template_branch"]}"
- project_id = "${var.trigger["trigger_template_project"]}"
- repo_name = "${var.trigger["trigger_template_repo"]}"
+ branch_name = var.trigger["trigger_template_branch"]
+ project_id = var.trigger["trigger_template_project"]
+ repo_name = var.trigger["trigger_template_repo"]
}
- filename = "${var.trigger["filename"]}"
+ filename = var.trigger["filename"]
}
resource "google_compute_health_check" "gcp-inspec-health-check" {
- project = "${var.gcp_project_id}"
- name = "${var.health_check["name"]}"
+ project = var.gcp_project_id
+ name = var.health_check["name"]
- timeout_sec = "${var.health_check["timeout_sec"]}"
- check_interval_sec = "${var.health_check["check_interval_sec"]}"
+ timeout_sec = var.health_check["timeout_sec"]
+ check_interval_sec = var.health_check["check_interval_sec"]
tcp_health_check {
- port = "${var.health_check["tcp_health_check_port"]}"
+ port = var.health_check["tcp_health_check_port"]
}
}
resource "google_compute_backend_service" "gcp-inspec-backend-service" {
- project = "${var.gcp_project_id}"
- name = "${var.backend_service["name"]}"
- description = "${var.backend_service["description"]}"
- port_name = "${var.backend_service["port_name"]}"
- protocol = "${var.backend_service["protocol"]}"
- timeout_sec = "${var.backend_service["timeout_sec"]}"
- enable_cdn = "${var.backend_service["enable_cdn"]}"
+ project = var.gcp_project_id
+ name = var.backend_service["name"]
+ description = var.backend_service["description"]
+ port_name = var.backend_service["port_name"]
+ protocol = var.backend_service["protocol"]
+ timeout_sec = var.backend_service["timeout_sec"]
+ enable_cdn = var.backend_service["enable_cdn"]
backend {
- group = "${google_compute_instance_group_manager.gcp-inspec-igm.instance_group}"
+ group = google_compute_instance_group_manager.gcp-inspec-igm.instance_group
}
- health_checks = ["${google_compute_health_check.gcp-inspec-health-check.self_link}"]
+ health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link]
}
resource "google_compute_health_check" "gcp-inspec-region-backend-service-hc" {
- project = "${var.gcp_project_id}"
- name = "${var.region_backend_service_health_check["name"]}"
+ project = var.gcp_project_id
+ name = var.region_backend_service_health_check["name"]
- timeout_sec = "${var.region_backend_service_health_check["timeout_sec"]}"
- check_interval_sec = "${var.region_backend_service_health_check["check_interval_sec"]}"
+ timeout_sec = var.region_backend_service_health_check["timeout_sec"]
+ check_interval_sec = var.region_backend_service_health_check["check_interval_sec"]
tcp_health_check {
- port = "${var.region_backend_service_health_check["tcp_health_check_port"]}"
+ port = var.region_backend_service_health_check["tcp_health_check_port"]
}
}
resource "google_compute_region_backend_service" "gcp-inspec-region-backend-service" {
- project = "${var.gcp_project_id}"
- region = "${var.gcp_location}"
- name = "${var.region_backend_service["name"]}"
- description = "${var.region_backend_service["description"]}"
- protocol = "${var.region_backend_service["protocol"]}"
- timeout_sec = "${var.region_backend_service["timeout_sec"]}"
+ project = var.gcp_project_id
+ region = var.gcp_location
+ name = var.region_backend_service["name"]
+ description = var.region_backend_service["description"]
+ protocol = var.region_backend_service["protocol"]
+ timeout_sec = var.region_backend_service["timeout_sec"]
- health_checks = ["${google_compute_health_check.gcp-inspec-region-backend-service-hc.self_link}"]
+ health_checks = [google_compute_health_check.gcp-inspec-region-backend-service-hc.self_link]
}
resource "google_compute_http_health_check" "gcp-inspec-http-health-check" {
- project = "${var.gcp_project_id}"
- name = "${var.http_health_check["name"]}"
- request_path = "${var.http_health_check["request_path"]}"
+ project = var.gcp_project_id
+ name = var.http_health_check["name"]
+ request_path = var.http_health_check["request_path"]
- timeout_sec = "${var.http_health_check["timeout_sec"]}"
- check_interval_sec = "${var.http_health_check["check_interval_sec"]}"
+ timeout_sec = var.http_health_check["timeout_sec"]
+ check_interval_sec = var.http_health_check["check_interval_sec"]
}
resource "google_compute_https_health_check" "gcp-inspec-https-health-check" {
- project = "${var.gcp_project_id}"
- name = "${var.https_health_check["name"]}"
- request_path = "${var.https_health_check["request_path"]}"
+ project = var.gcp_project_id
+ name = var.https_health_check["name"]
+ request_path = var.https_health_check["request_path"]
- timeout_sec = "${var.https_health_check["timeout_sec"]}"
- check_interval_sec = "${var.https_health_check["check_interval_sec"]}"
- unhealthy_threshold = "${var.https_health_check["unhealthy_threshold"]}"
+ timeout_sec = var.https_health_check["timeout_sec"]
+ check_interval_sec = var.https_health_check["check_interval_sec"]
+ unhealthy_threshold = var.https_health_check["unhealthy_threshold"]
}
resource "google_compute_instance_template" "gcp-inspec-instance-template" {
- project = "${var.gcp_project_id}"
- name = "${var.instance_template["name"]}"
- description = "${var.instance_template["description"]}"
+ project = var.gcp_project_id
+ name = var.instance_template["name"]
+ description = var.instance_template["description"]
- tags = ["${var.instance_template["tag"]}"]
+ tags = [var.instance_template["tag"]]
- instance_description = "${var.instance_template["instance_description"]}"
- machine_type = "${var.instance_template["machine_type"]}"
- can_ip_forward = "${var.instance_template["can_ip_forward"]}"
+ instance_description = var.instance_template["instance_description"]
+ machine_type = var.instance_template["machine_type"]
+ can_ip_forward = var.instance_template["can_ip_forward"]
scheduling {
- automatic_restart = "${var.instance_template["scheduling_automatic_restart"]}"
- on_host_maintenance = "${var.instance_template["scheduling_on_host_maintenance"]}"
+ automatic_restart = var.instance_template["scheduling_automatic_restart"]
+ on_host_maintenance = var.instance_template["scheduling_on_host_maintenance"]
}
// Create a new boot disk from an image
disk {
- source_image = "${var.instance_template["disk_source_image"]}"
- auto_delete = "${var.instance_template["disk_auto_delete"]}"
- boot = "${var.instance_template["disk_boot"]}"
+ source_image = var.instance_template["disk_source_image"]
+ auto_delete = var.instance_template["disk_auto_delete"]
+ boot = var.instance_template["disk_boot"]
}
network_interface {
- network = "${var.instance_template["network_interface_network"]}"
+ network = var.instance_template["network_interface_network"]
}
service_account {
- scopes = ["${var.instance_template["service_account_scope"]}"]
+ scopes = [var.instance_template["service_account_scope"]]
}
}
resource "google_compute_global_address" "gcp-inspec-global-address" {
- project = "${var.gcp_project_id}"
- name = "${var.global_address["name"]}"
- ip_version = "${var.global_address["ip_version"]}"
+ project = var.gcp_project_id
+ name = var.global_address["name"]
+ ip_version = var.global_address["ip_version"]
}
resource "google_compute_url_map" "gcp-inspec-url-map" {
- project = "${var.gcp_project_id}"
- name = "${var.url_map["name"]}"
- description = "${var.url_map["description"]}"
+ project = var.gcp_project_id
+ name = var.url_map["name"]
+ description = var.url_map["description"]
- default_service = "${google_compute_backend_service.gcp-inspec-backend-service.self_link}"
+ default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link
host_rule {
- hosts = ["${var.url_map["host_rule_host"]}"]
- path_matcher = "${var.url_map["path_matcher_name"]}"
+ hosts = [var.url_map["host_rule_host"]]
+ path_matcher = var.url_map["path_matcher_name"]
}
path_matcher {
- name = "${var.url_map["path_matcher_name"]}"
- default_service = "${google_compute_backend_service.gcp-inspec-backend-service.self_link}"
+ name = var.url_map["path_matcher_name"]
+ default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link
path_rule {
- paths = ["${var.url_map["path_rule_path"]}"]
- service = "${google_compute_backend_service.gcp-inspec-backend-service.self_link}"
+ paths = [var.url_map["path_rule_path"]]
+ service = google_compute_backend_service.gcp-inspec-backend-service.self_link
}
}
test {
- service = "${google_compute_backend_service.gcp-inspec-backend-service.self_link}"
- host = "${var.url_map["test_host"]}"
- path = "${var.url_map["test_path"]}"
+ service = google_compute_backend_service.gcp-inspec-backend-service.self_link
+ host = var.url_map["test_host"]
+ path = var.url_map["test_path"]
}
}
resource "google_compute_target_http_proxy" "gcp-inspec-http-proxy" {
- project = "${var.gcp_project_id}"
- name = "${var.http_proxy["name"]}"
- url_map = "${google_compute_url_map.gcp-inspec-url-map.self_link}"
- description = "${var.http_proxy["description"]}"
+ project = var.gcp_project_id
+ name = var.http_proxy["name"]
+ url_map = google_compute_url_map.gcp-inspec-url-map.self_link
+ description = var.http_proxy["description"]
}
resource "google_compute_global_forwarding_rule" "gcp-inspec-global-forwarding-rule" {
- project = "${var.gcp_project_id}"
- name = "${var.global_forwarding_rule["name"]}"
- target = "${google_compute_target_http_proxy.gcp-inspec-http-proxy.self_link}"
- port_range = "${var.global_forwarding_rule["port_range"]}"
+ project = var.gcp_project_id
+ name = var.global_forwarding_rule["name"]
+ target = google_compute_target_http_proxy.gcp-inspec-http-proxy.self_link
+ port_range = var.global_forwarding_rule["port_range"]
}
resource "google_compute_backend_service" "gcp-inspec-tcp-backend-service" {
- project = "${var.gcp_project_id}"
- name = "${var.target_tcp_proxy["tcp_backend_service_name"]}"
+ project = var.gcp_project_id
+ name = var.target_tcp_proxy["tcp_backend_service_name"]
protocol = "TCP"
timeout_sec = 10
- health_checks = ["${google_compute_health_check.gcp-inspec-health-check.self_link}"]
+ health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link]
}
resource "google_compute_target_tcp_proxy" "gcp-inspec-target-tcp-proxy" {
- project = "${var.gcp_project_id}"
- name = "${var.target_tcp_proxy["name"]}"
- proxy_header = "${var.target_tcp_proxy["proxy_header"]}"
- backend_service = "${google_compute_backend_service.gcp-inspec-tcp-backend-service.self_link}"
-}
-
-resource "google_container_cluster" "gcp-inspec-regional-cluster" {
- project = "${var.gcp_project_id}"
- name = "${var.regional_cluster["name"]}"
- region = "${var.gcp_location}"
- initial_node_count = 1
- remove_default_node_pool = true
-
- maintenance_policy {
- daily_maintenance_window {
- start_time = "23:00"
- }
- }
+ project = var.gcp_project_id
+ name = var.target_tcp_proxy["name"]
+ proxy_header = var.target_tcp_proxy["proxy_header"]
+ backend_service = google_compute_backend_service.gcp-inspec-tcp-backend-service.self_link
}
resource "google_compute_route" "gcp-inspec-route" {
- project = "${var.gcp_project_id}"
- name = "${var.route["name"]}"
- dest_range = "${var.route["dest_range"]}"
- network = "${google_compute_network.inspec-gcp-network.name}"
- next_hop_ip = "${var.route["next_hop_ip"]}"
- priority = "${var.route["priority"]}"
+ project = var.gcp_project_id
+ name = var.route["name"]
+ dest_range = var.route["dest_range"]
+ network = google_compute_network.inspec-gcp-network.name
+ next_hop_ip = var.route["next_hop_ip"]
+ priority = var.route["priority"]
# google_compute_route depends on next_hop_ip belonging to a subnetwork
# of the named network in this block. Since inspec-gcp-network does not
# automatically create subnetworks, we need to create a dependency so
# the route is not created before the subnetwork
- depends_on = ["google_compute_subnetwork.inspec-gcp-subnetwork"]
+ depends_on = [google_compute_subnetwork.inspec-gcp-subnetwork]
}
resource "google_compute_router" "gcp-inspec-router" {
- project = "${var.gcp_project_id}"
- name = "${var.router["name"]}"
- network = "${google_compute_network.inspec-gcp-network.name}"
+ project = var.gcp_project_id
+ name = var.router["name"]
+ network = google_compute_network.inspec-gcp-network.name
bgp {
- asn = "${var.router["bgp_asn"]}"
- advertise_mode = "${var.router["bgp_advertise_mode"]}"
- advertised_groups = ["${var.router["bgp_advertised_group"]}"]
+ asn = var.router["bgp_asn"]
+ advertise_mode = var.router["bgp_advertise_mode"]
+ advertised_groups = [var.router["bgp_advertised_group"]]
advertised_ip_ranges {
- range = "${var.router["bgp_advertised_ip_range1"]}"
+ range = var.router["bgp_advertised_ip_range1"]
}
advertised_ip_ranges {
- range = "${var.router["bgp_advertised_ip_range2"]}"
+ range = var.router["bgp_advertised_ip_range2"]
}
}
}
resource "google_compute_disk" "snapshot-disk" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
name = var.snapshot["disk_name"]
type = var.snapshot["disk_type"]
- zone = "${var.gcp_zone}"
+ zone = var.gcp_zone
image = var.snapshot["disk_image"]
labels = {
environment = "generic_compute_disk_label"
@@ -530,39 +514,39 @@ resource "google_compute_disk" "snapshot-disk" {
}
resource "google_compute_snapshot" "gcp-inspec-snapshot" {
- project = "${var.gcp_project_id}"
- name = "${var.snapshot["name"]}"
- source_disk = "${google_compute_disk.snapshot-disk.name}"
- zone = "${var.gcp_zone}"
+ project = var.gcp_project_id
+ name = var.snapshot["name"]
+ source_disk = google_compute_disk.snapshot-disk.name
+ zone = var.gcp_zone
}
resource "google_compute_ssl_certificate" "gcp-inspec-ssl-certificate" {
- project = "${var.gcp_project_id}"
- name = "${var.ssl_certificate["name"]}"
- private_key = "${var.ssl_certificate["private_key"]}"
- certificate = "${var.ssl_certificate["certificate"]}"
- description = "${var.ssl_certificate["description"]}"
+ project = var.gcp_project_id
+ name = var.ssl_certificate["name"]
+ private_key = var.ssl_certificate["private_key"]
+ certificate = var.ssl_certificate["certificate"]
+ description = var.ssl_certificate["description"]
}
resource "google_compute_target_https_proxy" "gcp-inspec-https-proxy" {
- project = "${var.gcp_project_id}"
- name = "${var.https_proxy["name"]}"
- url_map = "${google_compute_url_map.gcp-inspec-url-map.self_link}"
- description = "${var.https_proxy["description"]}"
- ssl_certificates = ["${google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link}"]
+ project = var.gcp_project_id
+ name = var.https_proxy["name"]
+ url_map = google_compute_url_map.gcp-inspec-url-map.self_link
+ description = var.https_proxy["description"]
+ ssl_certificates = [google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link]
}
resource "google_bigquery_dataset" "gcp-inspec-dataset" {
- project = "${var.gcp_project_id}"
- dataset_id = "${var.dataset["dataset_id"]}"
- friendly_name = "${var.dataset["friendly_name"]}"
- description = "${var.dataset["description"]}"
- location = "${var.dataset["location"]}"
- default_table_expiration_ms = "${var.dataset["default_table_expiration_ms"]}"
+ project = var.gcp_project_id
+ dataset_id = var.dataset["dataset_id"]
+ friendly_name = var.dataset["friendly_name"]
+ description = var.dataset["description"]
+ location = var.dataset["location"]
+ default_table_expiration_ms = var.dataset["default_table_expiration_ms"]
access {
- role = "${var.dataset["access_writer_role"]}"
- special_group = "${var.dataset["access_writer_special_group"]}"
+ role = var.dataset["access_writer_role"]
+ special_group = var.dataset["access_writer_special_group"]
}
access {
@@ -572,101 +556,119 @@ resource "google_bigquery_dataset" "gcp-inspec-dataset" {
}
resource "google_bigquery_table" "gcp-inspec-bigquery-table" {
- project = "${var.gcp_project_id}"
- dataset_id = "${google_bigquery_dataset.gcp-inspec-dataset.dataset_id}"
- table_id = "${var.bigquery_table["table_id"]}"
+ project = var.gcp_project_id
+ dataset_id = google_bigquery_dataset.gcp-inspec-dataset.dataset_id
+ table_id = var.bigquery_table["table_id"]
time_partitioning {
- type = "${var.bigquery_table["time_partitioning_type"]}"
+ type = var.bigquery_table["time_partitioning_type"]
}
- description = "${var.bigquery_table["description"]}"
- expiration_time = "${var.bigquery_table["expiration_time"]}"
+ description = var.bigquery_table["description"]
+ expiration_time = var.bigquery_table["expiration_time"]
}
resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" {
- project = "${var.gcp_project_id}"
- name = "${var.repository["name"]}"
+ project = var.gcp_project_id
+ name = var.repository["name"]
}
resource "google_folder" "inspec-gcp-folder" {
count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}"
- display_name = "${var.folder["display_name"]}"
+ display_name = var.folder["display_name"]
parent = "organizations/${var.gcp_organization_id}"
}
resource "google_storage_bucket_object" "archive" {
name = "index.js.zip"
- bucket = "${google_storage_bucket.generic-storage-bucket.name}"
+ bucket = google_storage_bucket.generic-storage-bucket.name
source = "../configuration/index.js.zip"
}
resource "google_cloudfunctions_function" "function" {
- project = "${var.gcp_project_id}"
- region = "${var.gcp_cloud_function_region}"
- name = "${var.cloudfunction["name"]}"
- description = "${var.cloudfunction["description"]}"
- available_memory_mb = "${var.cloudfunction["available_memory_mb"]}"
- source_archive_bucket = "${google_storage_bucket.generic-storage-bucket.name}"
- source_archive_object = "${google_storage_bucket_object.archive.name}"
- trigger_http = "${var.cloudfunction["trigger_http"]}"
- timeout = "${var.cloudfunction["timeout"]}"
- entry_point = "${var.cloudfunction["entry_point"]}"
+ project = var.gcp_project_id
+ region = var.gcp_cloud_function_region
+ name = var.cloudfunction["name"]
+ description = var.cloudfunction["description"]
+ available_memory_mb = var.cloudfunction["available_memory_mb"]
+ source_archive_bucket = google_storage_bucket.generic-storage-bucket.name
+ source_archive_object = google_storage_bucket_object.archive.name
+ trigger_http = var.cloudfunction["trigger_http"]
+ timeout = var.cloudfunction["timeout"]
+ entry_point = var.cloudfunction["entry_point"]
runtime = "nodejs8"
environment_variables = {
- MY_ENV_VAR = "${var.cloudfunction["env_var_value"]}"
+ MY_ENV_VAR = var.cloudfunction["env_var_value"]
}
}
resource "google_compute_backend_bucket" "image_backend" {
- project = "${var.gcp_project_id}"
- name = "${var.backend_bucket["name"]}"
- description = "${var.backend_bucket["description"]}"
- bucket_name = "${google_storage_bucket.generic-storage-bucket.name}"
- enable_cdn = "${var.backend_bucket["enable_cdn"]}"
+ project = var.gcp_project_id
+ name = var.backend_bucket["name"]
+ description = var.backend_bucket["description"]
+ bucket_name = google_storage_bucket.generic-storage-bucket.name
+ enable_cdn = var.backend_bucket["enable_cdn"]
}
-resource "google_container_node_pool" "inspec-gcp-regional-node-pool" {
- project = "${var.gcp_project_id}"
- name = "${var.regional_node_pool["name"]}"
- region = "${var.gcp_location}"
- cluster = "${google_container_cluster.gcp-inspec-regional-cluster.name}"
- node_count = "${var.regional_node_pool["node_count"]}"
+resource "google_container_node_pool" "inspec-gcp-node-pool" {
+ project = var.gcp_project_id
+ name = var.regional_node_pool["name"]
+ location = google_container_cluster.primary.location
+ cluster = google_container_cluster.primary.name
+ node_count = var.regional_node_pool["node_count"]
}
resource "google_logging_organization_sink" "my-sink" {
count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}"
- name = "${var.org_sink.name}"
- org_id = "${var.gcp_organization_id}"
+ name = var.org_sink.name
+ org_id = var.gcp_organization_id
# Can export to pubsub, cloud storage, or bigquery
destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}"
# Log all WARN or higher severity messages relating to instances
- filter = "${var.org_sink.filter}"
+ filter = var.org_sink.filter
+}
+
+variable "project_sink" {
+ type = any
+}
+
+resource "google_logging_project_sink" "project-logging-sink" {
+ count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}"
+ project = var.gcp_project_id
+
+ name = var.project_sink.name
+ destination = "storage.googleapis.com/${google_storage_bucket.project-logging-bucket[0].name}"
+
+ filter = var.project_sink.filter
+
+ unique_writer_identity = true
}
resource "google_storage_bucket" "bucket" {
name = "inspec-gcp-static-${var.gcp_project_id}"
project = var.gcp_project_id
+ location = var.gcp_location
force_destroy = true
}
resource "google_storage_bucket_object" "object" {
name = "hello-world.zip"
- bucket = "${google_storage_bucket.bucket.name}"
+ bucket = google_storage_bucket.bucket.name
source = "../configuration/hello-world.zip"
}
resource "google_app_engine_standard_app_version" "default" {
- project = "${var.gcp_project_id}"
- version_id = "${var.standardappversion["version_id"]}"
- service = "${var.standardappversion["service"]}"
- runtime = "${var.standardappversion["runtime"]}"
+ count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}"
+ project = var.gcp_project_id
+ version_id = var.standardappversion["version_id"]
+ service = var.standardappversion["service"]
+ runtime = var.standardappversion["runtime"]
noop_on_destroy = true
entrypoint {
- shell = "${var.standardappversion["entrypoint"]}"
+ shell = var.standardappversion["entrypoint"]
}
deployment {
@@ -676,7 +678,7 @@ resource "google_app_engine_standard_app_version" "default" {
}
env_variables = {
- port = "${var.standardappversion["port"]}"
+ port = var.standardappversion["port"]
}
}
@@ -684,7 +686,7 @@ resource "google_ml_engine_model" "inspec-gcp-model" {
project = var.gcp_project_id
name = var.ml_model["name"]
description = var.ml_model["description"]
- regions = ["${var.ml_model["region"]}"]
+ regions = [var.ml_model["region"]]
online_prediction_logging = var.ml_model["online_prediction_logging"]
online_prediction_console_logging = var.ml_model["online_prediction_console_logging"]
}
@@ -692,7 +694,7 @@ resource "google_ml_engine_model" "inspec-gcp-model" {
resource "google_compute_firewall" "dataproc" {
project = var.gcp_project_id
name = "dataproc-firewall"
- network = "${google_compute_network.dataproc.name}"
+ network = google_compute_network.dataproc.name
source_ranges = ["10.128.0.0/9"]
allow {
@@ -720,7 +722,7 @@ resource "google_dataproc_cluster" "mycluster" {
name = var.dataproc_cluster["name"]
labels = {
- "${var.dataproc_cluster["label_key"]}" = "${var.dataproc_cluster["label_value"]}"
+ "${var.dataproc_cluster["label_key"]}" = var.dataproc_cluster["label_value"]
}
cluster_config {
@@ -745,7 +747,7 @@ resource "google_dataproc_cluster" "mycluster" {
# Override or set some custom properties
software_config {
override_properties = {
- "${var.dataproc_cluster["config"]["software_config"]["prop_key"]}" = "${var.dataproc_cluster["config"]["software_config"]["prop_value"]}"
+ "${var.dataproc_cluster["config"]["software_config"]["prop_key"]}" = var.dataproc_cluster["config"]["software_config"]["prop_value"]
}
}
@@ -766,6 +768,20 @@ resource "google_logging_folder_exclusion" "my-exclusion" {
filter = var.folder_exclusion["filter"]
}
+variable "project_exclusion" {
+ type = any
+}
+
+resource "google_logging_project_exclusion" "project-exclusion" {
+ count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}"
+ name = var.project_exclusion["name"]
+ project = var.gcp_project_id
+
+ description = var.project_exclusion["description"]
+
+ filter = var.project_exclusion["filter"]
+}
+
resource "google_filestore_instance" "instance" {
project = var.gcp_project_id
name = var.filestore_instance["name"]
@@ -801,7 +817,7 @@ resource "google_runtimeconfig_config" "inspec-runtime-config" {
resource "google_runtimeconfig_variable" "inspec-runtime-variable" {
project = var.gcp_project_id
- parent = "${google_runtimeconfig_config.inspec-runtime-config.name}"
+ parent = google_runtimeconfig_config.inspec-runtime-config.name
name = var.runtimeconfig_variable["name"]
text = var.runtimeconfig_variable["text"]
}
@@ -843,10 +859,10 @@ resource "google_compute_node_template" "inspec-template" {
region = var.gcp_location
name = var.node_template["name"]
- node_type = "${data.google_compute_node_types.zone-node-type.names[0]}"
+ node_type = data.google_compute_node_types.zone-node-type.names[0]
node_affinity_labels = {
- "${var.node_template["label_key"]}" = "${var.node_template["label_value"]}"
+ "${var.node_template["label_key"]}" = var.node_template["label_value"]
}
}
@@ -857,7 +873,7 @@ resource "google_compute_node_group" "inspec-node-group" {
description = var.node_group["description"]
size = var.node_group["size"]
- node_template = "${google_compute_node_template.inspec-template.self_link}"
+ node_template = google_compute_node_template.inspec-template.self_link
}
resource "google_compute_router_nat" "inspec-nat" {
@@ -881,24 +897,24 @@ resource "google_project_service" "project" {
}
resource "google_service_account" "spanner_service_account" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
account_id = "${var.gcp_service_account_display_name}-sp"
display_name = "${var.gcp_service_account_display_name}-sp"
}
resource "google_spanner_instance" "spanner_instance" {
- project = "${var.gcp_project_id}"
- config = "${var.spannerinstance["config"]}"
- name = "${var.spannerinstance["name"]}"
- display_name = "${var.spannerinstance["display_name"]}"
- num_nodes = "${var.spannerinstance["num_nodes"]}"
+ project = var.gcp_project_id
+ config = var.spannerinstance["config"]
+ name = var.spannerinstance["name"]
+ display_name = var.spannerinstance["display_name"]
+ num_nodes = var.spannerinstance["num_nodes"]
labels = {
- "${var.spannerinstance["label_key"]}" = "${var.spannerinstance["label_value"]}"
+ "${var.spannerinstance["label_key"]}" = var.spannerinstance["label_value"]
}
}
resource "google_spanner_instance_iam_binding" "instance" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
instance = google_spanner_instance.spanner_instance.name
role = "roles/editor"
@@ -908,10 +924,10 @@ resource "google_spanner_instance_iam_binding" "instance" {
}
resource "google_spanner_database" "database" {
- project = "${var.gcp_project_id}"
- instance = "${google_spanner_instance.spanner_instance.name}"
- name = "${var.spannerdatabase["name"]}"
- ddl = ["${var.spannerdatabase["ddl"]}"]
+ project = var.gcp_project_id
+ instance = google_spanner_instance.spanner_instance.name
+ name = var.spannerdatabase["name"]
+ ddl = [var.spannerdatabase["ddl"]]
}
resource "google_cloud_scheduler_job" "job" {
@@ -929,7 +945,7 @@ resource "google_cloud_scheduler_job" "job" {
}
variable "service_perimeter" {
- type = "map"
+ type = any
}
resource "google_access_context_manager_service_perimeter" "service-perimeter" {
@@ -947,3 +963,251 @@ resource "google_access_context_manager_access_policy" "access-policy" {
parent = "organizations/${var.gcp_organization_id}"
title = var.service_perimeter["policy_title"]
}
+
+variable "firewall" {
+ type = any
+}
+
+resource "google_compute_firewall" "mm-firewall" {
+ project = var.gcp_project_id
+ name = var.firewall["name"]
+ enable_logging = true
+ network = google_compute_network.inspec-gcp-network.name
+
+ allow {
+ protocol = "tcp"
+ ports = ["80", "8080", "1000-2000"]
+ }
+
+ source_tags = [var.firewall["source_tag"]]
+}
+
+variable "address" {
+ type = any
+}
+
+resource "google_compute_address" "internal_with_subnet_and_address" {
+ project = var.gcp_project_id
+ name = var.address["name"]
+ subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link
+ address_type = var.address["address_type"]
+ address = var.address["address"]
+ region = var.gcp_location
+}
+
+variable "instance_group" {
+ type = any
+}
+
+resource "google_compute_instance_group" "inspec-instance-group" {
+ project = var.gcp_project_id
+ zone = var.gcp_zone
+ name = var.instance_group["name"]
+ description = var.instance_group["description"]
+
+ named_port {
+ name = var.instance_group["named_port_name"]
+ port = var.instance_group["named_port_port"]
+ }
+}
+
+variable "instance" {
+ type = any
+}
+
+resource "google_compute_instance" "inspec-instance" {
+ project = var.gcp_project_id
+ zone = var.gcp_zone
+ name = var.instance["name"]
+ machine_type = var.instance["machine_type"]
+
+ tags = [var.instance["tag_1"], var.instance["tag_2"]]
+
+ boot_disk {
+ initialize_params {
+ image = "debian-cloud/debian-9"
+ }
+ }
+
+ network_interface {
+ network = "default"
+
+ access_config {
+ // Ephemeral IP
+ }
+ }
+
+ metadata = {
+ "${var.instance["metadata_key"]}" = var.instance["metadata_value"]
+ }
+
+ metadata_startup_script = var.instance["startup_script"]
+
+ service_account {
+ scopes = [var.instance["sa_scope"]]
+ }
+}
+
+variable "network" {
+ type = any
+}
+
+resource "google_compute_network" "inspec-network" {
+ project = var.gcp_project_id
+ name = var.network["name"]
+ routing_mode = var.network["routing_mode"]
+}
+
+variable "subnetwork" {
+ type = any
+}
+
+resource "google_compute_subnetwork" "subnet-with-logging" {
+ project = var.gcp_project_id
+ region = var.gcp_location
+ name = var.subnetwork["name"]
+ ip_cidr_range = var.subnetwork["ip_cidr_range"]
+ network = google_compute_network.inspec-network.self_link
+
+ log_config {
+ aggregation_interval = var.subnetwork["log_interval"]
+ flow_sampling = var.subnetwork["log_sampling"]
+ metadata = var.subnetwork["log_metadata"]
+ }
+}
+
+variable "rigm" {
+ type = any
+}
+
+resource "google_compute_region_instance_group_manager" "inspec-rigm" {
+ project = var.gcp_project_id
+ region = var.gcp_location
+ name = var.rigm["name"]
+
+ base_instance_name = var.rigm["base_instance_name"]
+
+ version {
+ instance_template = google_compute_instance_template.gcp-inspec-instance-template.self_link
+ }
+
+ target_pools = [google_compute_target_pool.gcp-inspec-target-pool.self_link]
+ target_size = var.rigm["target_size"]
+
+ named_port {
+ name = var.rigm["named_port_name"]
+ port = var.rigm["named_port_port"]
+ }
+
+ auto_healing_policies {
+ health_check = google_compute_health_check.gcp-inspec-health-check.self_link
+ initial_delay_sec = var.rigm["healing_delay"]
+ }
+}
+
+variable "vpn_tunnel" {
+ type = any
+}
+
+resource "google_compute_vpn_tunnel" "tunnel1" {
+ project = var.gcp_project_id
+ name = var.vpn_tunnel["name"]
+ peer_ip = var.vpn_tunnel["peer_ip"]
+ shared_secret = var.vpn_tunnel["shared_secret"]
+
+ remote_traffic_selector = ["0.0.0.0/0"]
+ local_traffic_selector = ["0.0.0.0/0"]
+ target_vpn_gateway = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link
+
+ depends_on = [
+ google_compute_forwarding_rule.inspec-gcp-fr-esp,
+ google_compute_forwarding_rule.inspec-gcp-fr-udp500,
+ google_compute_forwarding_rule.inspec-gcp-fr-udp4500,
+ ]
+}
+
+variable "alert_policy" {
+ type = any
+}
+
+resource "google_monitoring_alert_policy" "alert_policy" {
+ project = var.gcp_project_id
+ display_name = var.alert_policy["display_name"]
+ combiner = var.alert_policy["combiner"]
+ conditions {
+ display_name = var.alert_policy["condition_display_name"]
+ condition_threshold {
+ filter = var.alert_policy["condition_filter"]
+ duration = var.alert_policy["condition_duration"]
+ comparison = var.alert_policy["condition_comparison"]
+ aggregations {
+ alignment_period = "60s"
+ per_series_aligner = "ALIGN_RATE"
+ }
+ }
+ }
+}
+
+variable "dns_managed_zone" {
+ type = any
+}
+
+variable "gcp_dns_zone_name" {}
+
+resource "google_dns_managed_zone" "example-zone" {
+ project = var.gcp_project_id
+ name = var.dns_managed_zone["name"]
+ dns_name = "${var.gcp_dns_zone_name}"
+ description = var.dns_managed_zone["description"]
+ dnssec_config {
+ state = var.dns_managed_zone["dnssec_config_state"]
+ default_key_specs {
+ algorithm = "rsasha256"
+ key_type = "zoneSigning"
+ key_length = 2048
+ }
+ default_key_specs {
+ algorithm = "rsasha512"
+ key_type = "keySigning"
+ key_length = 2048
+ }
+ }
+}
+
+variable "logging_metric" {
+ type = any
+}
+
+resource "google_logging_metric" "logging_metric" {
+ project = var.gcp_project_id
+ name = var.logging_metric["name"]
+ filter = var.logging_metric["filter"]
+ metric_descriptor {
+ metric_kind = var.logging_metric["metric_kind"]
+ value_type = var.logging_metric["value_type"]
+ }
+}
+
+variable "compute_image" {
+ type = any
+}
+
+resource "google_compute_image" "example" {
+ project = var.gcp_project_id
+ name = var.compute_image["name"]
+
+ raw_disk {
+ source = var.compute_image["source"]
+ }
+}
+
+variable "gcp_organization_iam_custom_role_id" {}
+
+resource "google_organization_iam_custom_role" "generic_org_iam_custom_role" {
+ count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}"
+ org_id = var.gcp_organization_id
+ role_id = var.gcp_organization_iam_custom_role_id
+ title = "GCP Inspec Generic Organization IAM Custom Role"
+ description = "Custom role allowing to list IAM roles only"
+ permissions = ["iam.roles.list"]
+}
diff --git a/test/integration/build/gcp.tf b/test/integration/build/gcp.tf
index efc4e2b74..8443ef620 100644
--- a/test/integration/build/gcp.tf
+++ b/test/integration/build/gcp.tf
@@ -98,26 +98,26 @@ variable "gcp_db_user_password" {}
variable "gcp_enable_privileged_resources" {}
provider "google" {
- region = "${var.gcp_location}"
- version = "~> 2.14.0"
+ region = var.gcp_location
+ version = "~> 3.3.0"
}
resource "google_service_account" "generic_service_account_object_viewer" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- account_id = "${var.gcp_service_account_display_name}"
- display_name = "${var.gcp_service_account_display_name}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ account_id = var.gcp_service_account_display_name
+ display_name = var.gcp_service_account_display_name
}
resource "google_compute_instance" "generic_internal_vm_instance" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_int_vm_name}"
- machine_type = "${var.gcp_int_vm_size}"
- zone = "${var.gcp_zone}"
+ project = var.gcp_project_id
+ name = var.gcp_int_vm_name
+ machine_type = var.gcp_int_vm_size
+ zone = var.gcp_zone
boot_disk {
initialize_params {
- image = "${var.gcp_int_vm_image}"
+ image = var.gcp_int_vm_image
}
}
@@ -127,20 +127,20 @@ resource "google_compute_instance" "generic_internal_vm_instance" {
}
resource "google_compute_address" "generic_external_vm_address" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_ext_compute_address_name}"
- region = "${var.gcp_location}"
+ project = var.gcp_project_id
+ name = var.gcp_ext_compute_address_name
+ region = var.gcp_location
}
resource "google_compute_instance" "generic_external_vm_instance" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_ext_vm_name}"
- machine_type = "${var.gcp_ext_vm_size}"
- zone = "${var.gcp_zone}"
+ project = var.gcp_project_id
+ name = var.gcp_ext_vm_name
+ machine_type = var.gcp_ext_vm_size
+ zone = var.gcp_zone
boot_disk {
initialize_params {
- image = "${var.gcp_ext_vm_image}"
+ image = var.gcp_ext_vm_image
}
}
@@ -148,20 +148,20 @@ resource "google_compute_instance" "generic_external_vm_instance" {
network = "default"
access_config {
// Ephemeral IP
- nat_ip = "${google_compute_address.generic_external_vm_address.address}"
+ nat_ip = google_compute_address.generic_external_vm_address.address
}
}
}
resource "google_compute_instance" "generic_windows_internal_vm_instance" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_windows_int_vm_name}"
- machine_type = "${var.gcp_windows_int_vm_size}"
- zone = "${var.gcp_zone}"
+ project = var.gcp_project_id
+ name = var.gcp_windows_int_vm_name
+ machine_type = var.gcp_windows_int_vm_size
+ zone = var.gcp_zone
boot_disk {
initialize_params {
- image = "${var.gcp_windows_int_vm_image}"
+ image = var.gcp_windows_int_vm_image
}
}
@@ -171,54 +171,54 @@ resource "google_compute_instance" "generic_windows_internal_vm_instance" {
}
resource "google_project_iam_custom_role" "generic_project_iam_custom_role" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- role_id = "${var.gcp_project_iam_custom_role_id}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ role_id = var.gcp_project_iam_custom_role_id
title = "GCP Inspec Generic Project IAM Custom Role"
description = "Custom role allowing to list IAM roles only"
permissions = ["iam.roles.list"]
}
resource "google_compute_disk" "generic_compute_disk" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_compute_disk_name}"
- type = "${var.gcp_compute_disk_type}"
- zone = "${var.gcp_zone}"
- image = "${var.gcp_compute_disk_image}"
+ project = var.gcp_project_id
+ name = var.gcp_compute_disk_name
+ type = var.gcp_compute_disk_type
+ zone = var.gcp_zone
+ image = var.gcp_compute_disk_image
labels = {
environment = "generic_compute_disk_label"
}
}
resource "google_compute_address" "generic_external_vm_address_data_disk" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_ext_vm_data_disk_address_name}"
- region = "${var.gcp_location}"
+ project = var.gcp_project_id
+ name = var.gcp_ext_vm_data_disk_address_name
+ region = var.gcp_location
}
resource "google_compute_instance" "generic_external_vm_instance_data_disk" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_ext_vm_data_disk_name}"
- machine_type = "${var.gcp_ext_vm_data_disk_size}"
- zone = "${var.gcp_zone}"
+ project = var.gcp_project_id
+ name = var.gcp_ext_vm_data_disk_name
+ machine_type = var.gcp_ext_vm_data_disk_size
+ zone = var.gcp_zone
boot_disk {
initialize_params {
- image = "${var.gcp_ext_vm_data_disk_image}"
+ image = var.gcp_ext_vm_data_disk_image
}
}
attached_disk {
- source = "${var.gcp_compute_disk_name}"
+ source = var.gcp_compute_disk_name
mode = "READ_WRITE"
- device_name = "${var.gcp_compute_disk_name}"
+ device_name = var.gcp_compute_disk_name
}
network_interface {
network = "default"
access_config {
// Ephemeral IP
- nat_ip = "${google_compute_address.generic_external_vm_address_data_disk.address}"
+ nat_ip = google_compute_address.generic_external_vm_address_data_disk.address
}
}
}
@@ -294,7 +294,7 @@ data "template_file" "group3-startup-script" {
}
resource "google_compute_instance_template" "default" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
name = "app-itpl"
machine_type = "f1-micro"
network_interface {
@@ -308,12 +308,14 @@ resource "google_compute_instance_template" "default" {
}
resource "google_compute_region_instance_group_manager" "appserver" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
name = "app-rigm"
- instance_template = "${google_compute_instance_template.default.self_link}"
+ version {
+ instance_template = google_compute_instance_template.default.self_link
+ }
base_instance_name = "app"
- region = "${var.gcp_lb_region}"
- distribution_policy_zones = ["${var.gcp_lb_zone}"]
+ region = var.gcp_lb_region
+ distribution_policy_zones = [var.gcp_lb_zone]
target_pools = []
target_size = 0
named_port {
@@ -335,19 +337,19 @@ resource "google_compute_region_instance_group_manager" "appserver" {
##############################################################
resource "google_container_cluster" "primary" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_kube_cluster_name}"
- location = "${var.gcp_kube_cluster_zone}"
- initial_node_count = "${var.gcp_kube_cluster_size}"
+ project = var.gcp_project_id
+ name = var.gcp_kube_cluster_name
+ location = var.gcp_kube_cluster_zone
+ initial_node_count = var.gcp_kube_cluster_size
node_locations = [
- "${var.gcp_kube_cluster_zone_extra1}",
- "${var.gcp_kube_cluster_zone_extra2}",
+ var.gcp_kube_cluster_zone_extra1,
+ var.gcp_kube_cluster_zone_extra2,
]
master_auth {
- username = "${var.gcp_kube_cluster_master_user}"
- password = "${var.gcp_kube_cluster_master_pass}"
+ username = var.gcp_kube_cluster_master_user
+ password = var.gcp_kube_cluster_master_pass
client_certificate_config {
issue_client_certificate = false
@@ -372,15 +374,15 @@ resource "google_container_cluster" "primary" {
# The following outputs allow authentication and connectivity to the GKE Cluster.
output "client_certificate" {
- value = "${google_container_cluster.primary.master_auth.0.client_certificate}"
+ value = google_container_cluster.primary.master_auth.0.client_certificate
}
output "client_key" {
- value = "${google_container_cluster.primary.master_auth.0.client_key}"
+ value = google_container_cluster.primary.master_auth.0.client_key
}
output "cluster_ca_certificate" {
- value = "${google_container_cluster.primary.master_auth.0.cluster_ca_certificate}"
+ value = google_container_cluster.primary.master_auth.0.cluster_ca_certificate
}
# Future work - as a more realistic example, could stand up another cluster and
@@ -398,26 +400,26 @@ output "cluster_ca_certificate" {
#Note: google_kms_key_ring_iam_policy cannot be used in conjunction with google_kms_key_ring_iam_binding and google_kms_key_ring_iam_member or they will fight over what your policy should be.
resource "google_kms_key_ring" "gcp_kms_key_ring_policy" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_kms_key_ring_policy_name}"
- location = "${var.gcp_location}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_kms_key_ring_policy_name
+ location = var.gcp_location
}
#Note: google_kms_key_ring_iam_binding resources can be used in conjunction with google_kms_key_ring_iam_member resources only if they do not grant privilege to the same role.
resource "google_kms_key_ring" "gcp_kms_key_ring_binding_member" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_kms_key_ring_binding_member_name}"
- location = "${var.gcp_location}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_kms_key_ring_binding_member_name
+ location = var.gcp_location
}
# Use the first key ring to attach an IAM policy
data "google_iam_policy" "gcp_inspec_admin_key_ring" {
- count = "${var.gcp_enable_privileged_resources}"
+ count = var.gcp_enable_privileged_resources
binding {
role = "roles/editor"
@@ -428,16 +430,16 @@ data "google_iam_policy" "gcp_inspec_admin_key_ring" {
}
resource "google_kms_key_ring_iam_policy" "key_ring_policy" {
- count = "${var.gcp_enable_privileged_resources}"
- key_ring_id = "${google_kms_key_ring.gcp_kms_key_ring_policy[0].id}"
- policy_data = "${data.google_iam_policy.gcp_inspec_admin_key_ring[0].policy_data}"
+ count = var.gcp_enable_privileged_resources
+ key_ring_id = google_kms_key_ring.gcp_kms_key_ring_policy[0].id
+ policy_data = data.google_iam_policy.gcp_inspec_admin_key_ring[0].policy_data
}
# Use the second key ring to attach an IAM binding plus IAM member affecting different roles
resource "google_kms_key_ring_iam_binding" "key_ring_binding" {
- count = "${var.gcp_enable_privileged_resources}"
- key_ring_id = "${google_kms_key_ring.gcp_kms_key_ring_binding_member[0].id}"
+ count = var.gcp_enable_privileged_resources
+ key_ring_id = google_kms_key_ring.gcp_kms_key_ring_binding_member[0].id
role = "roles/editor"
members = [
@@ -446,36 +448,36 @@ resource "google_kms_key_ring_iam_binding" "key_ring_binding" {
}
resource "google_kms_key_ring_iam_member" "key_ring_iam_member" {
- count = "${var.gcp_enable_privileged_resources}"
- key_ring_id = "${google_kms_key_ring.gcp_kms_key_ring_binding_member[0].id}"
+ count = var.gcp_enable_privileged_resources
+ key_ring_id = google_kms_key_ring.gcp_kms_key_ring_binding_member[0].id
role = "roles/owner"
member = "serviceAccount:${google_service_account.generic_service_account_object_viewer[0].email}"
}
resource "google_kms_crypto_key" "crypto_key_policy" {
- count = "${var.gcp_enable_privileged_resources}"
- name = "${var.gcp_kms_crypto_key_name_policy}"
- key_ring = "${google_kms_key_ring.gcp_kms_key_ring_policy[0].id}"
+ count = var.gcp_enable_privileged_resources
+ name = var.gcp_kms_crypto_key_name_policy
+ key_ring = google_kms_key_ring.gcp_kms_key_ring_policy[0].id
rotation_period = "100000s"
}
resource "google_kms_crypto_key" "crypto_key_binding" {
- count = "${var.gcp_enable_privileged_resources}"
- name = "${var.gcp_kms_crypto_key_name_binding}"
- key_ring = "${google_kms_key_ring.gcp_kms_key_ring_binding_member[0].id}"
+ count = var.gcp_enable_privileged_resources
+ name = var.gcp_kms_crypto_key_name_binding
+ key_ring = google_kms_key_ring.gcp_kms_key_ring_binding_member[0].id
rotation_period = "100000s"
}
resource "google_kms_crypto_key_iam_member" "crypto_key_iam_member" {
- count = "${var.gcp_enable_privileged_resources}"
- crypto_key_id = "${google_kms_crypto_key.crypto_key_policy[0].id}"
+ count = var.gcp_enable_privileged_resources
+ crypto_key_id = google_kms_crypto_key.crypto_key_policy[0].id
role = "roles/editor"
member = "serviceAccount:${google_service_account.generic_service_account_object_viewer[0].email}"
}
resource "google_kms_crypto_key_iam_binding" "crypto_key_iam_binding" {
- count = "${var.gcp_enable_privileged_resources}"
- crypto_key_id = "${google_kms_crypto_key.crypto_key_binding[0].id}"
+ count = var.gcp_enable_privileged_resources
+ crypto_key_id = google_kms_crypto_key.crypto_key_binding[0].id
role = "roles/editor"
members = [
@@ -489,15 +491,15 @@ resource "google_kms_crypto_key_iam_binding" "crypto_key_iam_binding" {
# Start storage bucket resources
resource "google_storage_bucket" "generic-storage-bucket" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_storage_bucket_name}"
- location = "${var.gcp_location}"
+ project = var.gcp_project_id
+ name = var.gcp_storage_bucket_name
+ location = var.gcp_location
}
# let's add a default ACL on the previous bucket
resource "google_storage_default_object_acl" "bucket-default-acl" {
- count = "${var.gcp_enable_privileged_resources}"
- bucket = "${google_storage_bucket.generic-storage-bucket.name}"
+ count = var.gcp_enable_privileged_resources
+ bucket = google_storage_bucket.generic-storage-bucket.name
role_entity = [
"OWNER:user-${google_service_account.generic_service_account_object_viewer[0].email}",
"OWNER:project-owners-${var.gcp_project_number}",
@@ -507,16 +509,16 @@ resource "google_storage_default_object_acl" "bucket-default-acl" {
# now test adding an ACL to a bucket
resource "google_storage_bucket" "bucket-with-acl" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_storage_bucket_acl}"
- location = "${var.gcp_location}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_storage_bucket_acl
+ location = var.gcp_location
}
# make use of project convenience values as described here - https://cloud.google.com/storage/docs/access-control/lists
resource "google_storage_bucket_acl" "bucket-acl" {
- count = "${var.gcp_enable_privileged_resources}"
- bucket = "${google_storage_bucket.bucket-with-acl[0].name}"
+ count = var.gcp_enable_privileged_resources
+ bucket = google_storage_bucket.bucket-with-acl[0].name
role_entity = [
"OWNER:user-${google_service_account.generic_service_account_object_viewer[0].email}",
@@ -528,15 +530,15 @@ resource "google_storage_bucket_acl" "bucket-acl" {
# for simplicity here, create a bucket for iam binding and member cases
resource "google_storage_bucket" "bucket-with-iam-binding" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_storage_bucket_binding}"
- location = "${var.gcp_location}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_storage_bucket_binding
+ location = var.gcp_location
}
resource "google_storage_bucket_iam_binding" "bucket-iam-binding" {
- count = "${var.gcp_enable_privileged_resources}"
- bucket = "${google_storage_bucket.bucket-with-iam-binding[0].name}"
+ count = var.gcp_enable_privileged_resources
+ bucket = google_storage_bucket.bucket-with-iam-binding[0].name
role = "roles/storage.objectViewer"
members = [
@@ -545,15 +547,15 @@ resource "google_storage_bucket_iam_binding" "bucket-iam-binding" {
}
resource "google_storage_bucket" "bucket-with-iam-member" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_storage_bucket_member}"
- location = "${var.gcp_location}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_storage_bucket_member
+ location = var.gcp_location
}
resource "google_storage_bucket_iam_member" "bucket-iam-member" {
- count = "${var.gcp_enable_privileged_resources}"
- bucket = "${google_storage_bucket.bucket-with-iam-member[0].name}"
+ count = var.gcp_enable_privileged_resources
+ bucket = google_storage_bucket.bucket-with-iam-member[0].name
role = "roles/storage.objectViewer"
member = "serviceAccount:${google_service_account.generic_service_account_object_viewer[0].email}"
}
@@ -561,14 +563,14 @@ resource "google_storage_bucket_iam_member" "bucket-iam-member" {
# now for the IAM policy case
resource "google_storage_bucket" "bucket-with-iam-policy" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_storage_bucket_policy}"
- location = "${var.gcp_location}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_storage_bucket_policy
+ location = var.gcp_location
}
data "google_iam_policy" "bucket-iam-policy" {
- count = "${var.gcp_enable_privileged_resources}"
+ count = var.gcp_enable_privileged_resources
binding {
role = "roles/storage.admin"
@@ -577,33 +579,33 @@ data "google_iam_policy" "bucket-iam-policy" {
}
resource "google_storage_bucket_iam_policy" "bucket-iam-policy-add" {
- count = "${var.gcp_enable_privileged_resources}"
- bucket = "${google_storage_bucket.bucket-with-iam-policy[0].name}"
- policy_data = "${data.google_iam_policy.bucket-iam-policy[0].policy_data}"
+ count = var.gcp_enable_privileged_resources
+ bucket = google_storage_bucket.bucket-with-iam-policy[0].name
+ policy_data = data.google_iam_policy.bucket-iam-policy[0].policy_data
}
# finally let's create a bucket with object plus an object ACL
resource "google_storage_bucket" "bucket-with-object" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_storage_bucket_object}"
- location = "${var.gcp_location}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_storage_bucket_object
+ location = var.gcp_location
}
resource "google_storage_bucket_object" "bucket-object" {
- count = "${var.gcp_enable_privileged_resources}"
- name = "${var.gcp_storage_bucket_object_name}"
- bucket = "${google_storage_bucket.bucket-with-object[0].name}"
+ count = var.gcp_enable_privileged_resources
+ name = var.gcp_storage_bucket_object_name
+ bucket = google_storage_bucket.bucket-with-object[0].name
content = "Bucket Object ${var.gcp_storage_bucket_object_name} for bucket ${var.gcp_storage_bucket_object} in ${var.gcp_project_id} with ACL."
}
#finally, add object ACL
resource "google_storage_object_acl" "bucket-object-acl" {
- count = "${var.gcp_enable_privileged_resources}"
- bucket = "${google_storage_bucket.bucket-with-object[0].name}"
- object = "${google_storage_bucket_object.bucket-object[0].name}"
+ count = var.gcp_enable_privileged_resources
+ bucket = google_storage_bucket.bucket-with-object[0].name
+ object = google_storage_bucket_object.bucket-object[0].name
role_entity = [
"OWNER:project-owners-${var.gcp_project_number}",
@@ -619,14 +621,14 @@ resource "google_storage_object_acl" "bucket-object-acl" {
# will revisit based on outcome of https://github.com/terraform-providers/terraform-provider-google/issues/1871
//resource "google_storage_bucket_object" "bucket-object-attach-policy" {
-// count = "${var.gcp_enable_privileged_resources}"
+// count = var.gcp_enable_privileged_resources
// name = "${var.gcp_storage_bucket_object_name}-iam"
-// bucket = "${google_storage_bucket.bucket-with-object.name}"
+// bucket = google_storage_bucket.bucket-with-object.name
// content = "Bucket Object ${var.gcp_storage_bucket_object_name} for bucket ${var.gcp_storage_bucket_object} in ${var.gcp_project_id} with IAM policy."
//}
//
//data "google_iam_policy" "object-iam-policy" {
-// count = "${var.gcp_enable_privileged_resources}"
+// count = var.gcp_enable_privileged_resources
// binding {
// role = "roles/storage.admin"
//
@@ -636,10 +638,10 @@ resource "google_storage_object_acl" "bucket-object-acl" {
//
//# would expect this to be something like below:
//resource "google_storage_object_iam_policy" "object-iam-policy-add" {
-// count = "${var.gcp_enable_privileged_resources}"
-// bucket = "${google_storage_bucket.bucket-with-object.name}"
-// object = "${google_storage_bucket_object.bucket-object-attach-policy.name}"
-// policy_data = "${data.google_iam_policy.object-iam-policy.policy_data}"
+// count = var.gcp_enable_privileged_resources
+// bucket = google_storage_bucket.bucket-with-object.name
+// object = google_storage_bucket_object.bucket-object-attach-policy.name
+// policy_data = data.google_iam_policy.object-iam-policy.policy_data
//}
@@ -650,15 +652,15 @@ resource "google_storage_object_acl" "bucket-object-acl" {
resource "google_compute_instance" "vm-with-project-logging" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_logging_vm_name}"
- machine_type = "${var.gcp_int_vm_size}"
- zone = "${var.gcp_zone}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_logging_vm_name
+ machine_type = var.gcp_int_vm_size
+ zone = var.gcp_zone
boot_disk {
initialize_params {
- image = "${var.gcp_int_vm_image}"
+ image = var.gcp_int_vm_image
}
}
@@ -669,16 +671,16 @@ resource "google_compute_instance" "vm-with-project-logging" {
}
resource "google_storage_bucket" "project-logging-bucket" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_logging_bucket_name}"
- location = "${var.gcp_location}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_logging_bucket_name
+ location = var.gcp_location
}
resource "google_logging_project_sink" "project-logging-instance-sink" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_logging_project_sink_name}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_logging_project_sink_name
destination = "storage.googleapis.com/${google_storage_bucket.project-logging-bucket[0].name}"
filter = "resource.type = gce_instance AND resource.labels.instance_id = \"${google_compute_instance.vm-with-project-logging[0].instance_id}\""
@@ -686,19 +688,19 @@ resource "google_logging_project_sink" "project-logging-instance-sink" {
}
resource "google_project_iam_binding" "project-log-writer-iam-binding" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
role = "roles/storage.objectCreator"
members = [
- "${google_logging_project_sink.project-logging-instance-sink[0].writer_identity}",
+ google_logging_project_sink.project-logging-instance-sink[0].writer_identity,
]
}
resource "google_logging_project_exclusion" "project-logging-exclusion" {
- count = "${var.gcp_enable_privileged_resources}"
- project = "${var.gcp_project_id}"
- name = "${var.gcp_logging_project_exclusion_name}"
+ count = var.gcp_enable_privileged_resources
+ project = var.gcp_project_id
+ name = var.gcp_logging_project_exclusion_name
description = "Exclude GCE instance debug logs"
@@ -712,84 +714,84 @@ resource "google_logging_project_exclusion" "project-logging-exclusion" {
# Start network resources
resource "google_compute_network" "inspec-gcp-network" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_network_name}"
+ project = var.gcp_project_id
+ name = var.gcp_network_name
auto_create_subnetworks = "false"
}
resource "google_compute_subnetwork" "inspec-gcp-subnetwork" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
ip_cidr_range = "10.2.0.0/29" # i.e. 8 total & 6 usable IPs
- name = "${var.gcp_subnetwork_name}"
- region = "${var.gcp_location}"
- network = "${google_compute_network.inspec-gcp-network.self_link}"
+ name = var.gcp_subnetwork_name
+ region = var.gcp_location
+ network = google_compute_network.inspec-gcp-network.self_link
}
resource "google_compute_vpn_gateway" "inspec-gcp-vpn-gateway" {
- name = "${var.gcp_vpn_gateway_name}"
- project = "${var.gcp_project_id}"
- region = "${var.gcp_location}"
- network = "${google_compute_network.inspec-gcp-network.self_link}"
+ name = var.gcp_vpn_gateway_name
+ project = var.gcp_project_id
+ region = var.gcp_location
+ network = google_compute_network.inspec-gcp-network.self_link
}
resource "google_compute_address" "inspec-gcp-address" {
- name = "${var.gcp_address_name}"
- project = "${var.gcp_project_id}"
- region = "${var.gcp_location}"
+ name = var.gcp_address_name
+ project = var.gcp_project_id
+ region = var.gcp_location
}
resource "google_compute_address" "inspec-gcp-vpn-address" {
- name = "${var.gcp_vpn_address_name}"
- project = "${var.gcp_project_id}"
- region = "${var.gcp_location}"
+ name = var.gcp_vpn_address_name
+ project = var.gcp_project_id
+ region = var.gcp_location
}
resource "google_compute_forwarding_rule" "inspec-gcp-fr-esp" {
- name = "${var.gcp_fr_esp_name}"
- project = "${var.gcp_project_id}"
- region = "${var.gcp_location}"
+ name = var.gcp_fr_esp_name
+ project = var.gcp_project_id
+ region = var.gcp_location
ip_protocol = "ESP"
- ip_address = "${google_compute_address.inspec-gcp-vpn-address.address}"
- target = "${google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link}"
+ ip_address = google_compute_address.inspec-gcp-vpn-address.address
+ target = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link
}
resource "google_compute_forwarding_rule" "inspec-gcp-fr-udp500" {
name = "${var.gcp_fr_udp_name}-500"
- project = "${var.gcp_project_id}"
- region = "${var.gcp_location}"
+ project = var.gcp_project_id
+ region = var.gcp_location
ip_protocol = "UDP"
port_range = "500-500"
- ip_address = "${google_compute_address.inspec-gcp-vpn-address.address}"
- target = "${google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link}"
+ ip_address = google_compute_address.inspec-gcp-vpn-address.address
+ target = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link
}
resource "google_compute_forwarding_rule" "inspec-gcp-fr-udp4500" {
name = "${var.gcp_fr_udp_name}-4500"
- project = "${var.gcp_project_id}"
- region = "${var.gcp_location}"
+ project = var.gcp_project_id
+ region = var.gcp_location
ip_protocol = "UDP"
port_range = "4500-4500"
- ip_address = "${google_compute_address.inspec-gcp-vpn-address.address}"
- target = "${google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link}"
+ ip_address = google_compute_address.inspec-gcp-vpn-address.address
+ target = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link
}
resource "google_compute_vpn_tunnel" "inspec-gcp-vpn-tunnel" {
- name = "${var.gcp_vpn_tunnel_name}"
- project = "${var.gcp_project_id}"
- region = "${var.gcp_location}"
- peer_ip = "${google_compute_address.inspec-gcp-address.address}"
+ name = var.gcp_vpn_tunnel_name
+ project = var.gcp_project_id
+ region = var.gcp_location
+ peer_ip = google_compute_address.inspec-gcp-address.address
shared_secret = "generic_secret"
- target_vpn_gateway = "${google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link}"
+ target_vpn_gateway = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link
remote_traffic_selector = ["0.0.0.0/0"]
local_traffic_selector = ["0.0.0.0/0"]
depends_on = [
- "google_compute_forwarding_rule.inspec-gcp-fr-esp",
- "google_compute_forwarding_rule.inspec-gcp-fr-udp500",
- "google_compute_forwarding_rule.inspec-gcp-fr-udp4500",
+ google_compute_forwarding_rule.inspec-gcp-fr-esp,
+ google_compute_forwarding_rule.inspec-gcp-fr-udp500,
+ google_compute_forwarding_rule.inspec-gcp-fr-udp4500,
]
}
@@ -798,31 +800,31 @@ resource "google_compute_vpn_tunnel" "inspec-gcp-vpn-tunnel" {
# Start Google SQL resources
resource "google_sql_database_instance" "cloud-sql-db-instance" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_db_instance_name}"
- database_version = "${var.gcp_db_type}"
- region = "${var.gcp_location}"
+ project = var.gcp_project_id
+ name = var.gcp_db_instance_name
+ database_version = var.gcp_db_type
+ region = var.gcp_location
settings {
# Second-generation instance tiers are based on the machine
# type. See argument reference below.
- tier = "${var.gcp_db_size}"
+ tier = var.gcp_db_size
}
}
resource "google_sql_database" "cloud-sql-db-name" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_db_name}"
- instance = "${google_sql_database_instance.cloud-sql-db-instance.name}"
+ project = var.gcp_project_id
+ name = var.gcp_db_name
+ instance = google_sql_database_instance.cloud-sql-db-instance.name
charset = "utf8"
collation = "utf8_general_ci"
}
resource "google_sql_user" "cloud-sql-db-user" {
- project = "${var.gcp_project_id}"
- name = "${var.gcp_db_user_name}"
- instance = "${google_sql_database_instance.cloud-sql-db-instance.name}"
- password = "${var.gcp_db_user_password}"
+ project = var.gcp_project_id
+ name = var.gcp_db_user_name
+ instance = google_sql_database_instance.cloud-sql-db-instance.name
+ password = var.gcp_db_user_password
host = "example.com"
}
@@ -830,7 +832,7 @@ resource "google_sql_user" "cloud-sql-db-user" {
# Resources that used to be created via terraform modules that no longer work
resource "google_compute_firewall" "health-check-firewall" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
name = "vm-hc-inspec-gcp"
network = google_compute_network.inspec-gcp-network.name
@@ -843,7 +845,7 @@ resource "google_compute_firewall" "health-check-firewall" {
}
resource "google_compute_firewall" "default-ssh" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
name = "vm-ssh-inspec-gcp"
network = google_compute_network.inspec-gcp-network.name
@@ -857,7 +859,7 @@ resource "google_compute_firewall" "default-ssh" {
}
resource "google_compute_firewall" "inspec-gcp-tag-test-fw" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
name = "inspec-gcp-tag-test-fw"
network = google_compute_network.inspec-gcp-network.name
@@ -872,9 +874,9 @@ resource "google_compute_firewall" "inspec-gcp-tag-test-fw" {
}
resource "google_compute_region_disk" "regiondisk" {
- project = "${var.gcp_project_id}"
+ project = var.gcp_project_id
name = "${var.gcp_compute_disk_name}-regional"
- type = "${var.gcp_compute_disk_type}"
- region = "${var.gcp_location}"
- replica_zones = ["${var.gcp_kube_cluster_zone}", "${var.gcp_kube_cluster_zone_extra1}"]
+ type = var.gcp_compute_disk_type
+ region = var.gcp_location
+ replica_zones = [var.gcp_kube_cluster_zone, var.gcp_kube_cluster_zone_extra1]
}
diff --git a/test/integration/configuration/gcp_inspec_config.rb b/test/integration/configuration/gcp_inspec_config.rb
index 1408c7567..579be4ad5 100644
--- a/test/integration/configuration/gcp_inspec_config.rb
+++ b/test/integration/configuration/gcp_inspec_config.rb
@@ -8,137 +8,145 @@
require 'erb'
module GCPInspecConfig
+ class Config
- # helper method for adding random strings
- def self.add_random_string(length = 25)
- "#{(0...length).map { (65 + rand(26)).chr }.join.downcase}"
- end
-
- # Config for terraform / inspec in the below hash
- @config = {
- # Generic GCP resource parameters
- :gcp_organization_id => '',
- :gcp_project_name => "SPaterson Project",
- :gcp_project_id => "spaterson-project",
- :gcp_project_number => "1041358276233",
- # Determine the storage account name and the admin password
- :gcp_location => "europe-west2",
- :gcp_zone => "europe-west2-a",
- # Cloud functions are only available in certain regions
- :gcp_cloud_function_region => "us-central1",
- :gcp_int_vm_name => "gcp-inspec-int-linux-vm",
- :gcp_int_vm_size => "f1-micro",
- :gcp_int_vm_image => "ubuntu-os-cloud/ubuntu-1604-lts",
- :gcp_ext_vm_name => "gcp-inspec-ext-linux-vm",
- :gcp_ext_vm_size => "f1-micro",
- :gcp_ext_vm_image => "ubuntu-os-cloud/ubuntu-1604-lts",
- :gcp_ext_compute_address_name => "gcp-inspec-generic-ext-compute-address",
- :gcp_windows_int_vm_image => "windows-cloud/windows-server-2016-dc-core-v20180313",
- :gcp_windows_int_vm_name => "gcp-inspec-int-windows-vm",
- # Recommended to upgrade to a minimum of g1-small
- :gcp_windows_int_vm_size => "g1-small",
- :gcp_service_account_display_name => "gcp-inspec-service-account",
- # We need to randomize the name of this role to avoid e.g.
- # Error 400: You can't create a role with role_id (gcp_inspec_project_custom_role_id) where there is an existing role with that role_id in a deleted state.
- :gcp_project_iam_custom_role_id => "gcp_inspec_custom_role_id_#{add_random_string}",
- :gcp_compute_disk_name => "gcp-inspec-disk-#{add_random_string}",
- :gcp_compute_disk_type => "pd-standard",
- :gcp_compute_disk_image => "ubuntu-os-cloud/ubuntu-1604-lts",
- :gcp_ext_vm_data_disk_address_name => "gcp-inspec-generic-ext-compute-data-disk-address",
- :gcp_ext_vm_data_disk_name => "gcp-inspec-generic-ext-linux-vm-data-disk",
- :gcp_ext_vm_data_disk_size => "f1-micro",
- :gcp_ext_vm_data_disk_image => "ubuntu-os-cloud/ubuntu-1604-lts",
- :gcp_storage_bucket_name => "gcp-inspec-storage-bucket-#{add_random_string}",
- :gcp_storage_bucket_acl => "gcp-inspec-storage-bucket-acl-#{add_random_string}",
- :gcp_storage_bucket_binding => "gcp-inspec-storage-bucket-iam-binding-#{add_random_string}",
- :gcp_storage_bucket_member => "gcp-inspec-storage-bucket-iam-member-#{add_random_string}",
- :gcp_storage_bucket_policy => "gcp-inspec-storage-bucket-iam-policy-#{add_random_string}",
- :gcp_storage_bucket_object => "gcp-inspec-storage-bucket-object-#{add_random_string}",
- :gcp_storage_bucket_object_name => "bucket-object-#{add_random_string}",
- # Google Load Balanced App example parameters
- :gcp_lb_network => "default",
- :gcp_lb_region => "europe-west2",
- :gcp_lb_zone => "europe-west2-a",
- :gcp_lb_zone_mig2 => "europe-west2-b",
- :gcp_lb_zone_mig3 => "europe-west2-c",
- :gcp_lb_fr_name => "gcp-inspec-app-lb-fr-mig1",
- :gcp_lb_ilb_name => "gcp-inspec-app-lb-internal",
- :gcp_lb_mig1_name => "gcp-inspec-app-mig1",
- :gcp_lb_mig2_name => "gcp-inspec-app-mig2",
- :gcp_lb_mig3_name => "gcp-inspec-app-mig3",
- # GKE example parameters
- :gcp_kube_cluster_name => "gcp-inspec-kube-cluster",
- :gcp_kube_cluster_zone => "europe-west2-a",
- :gcp_kube_cluster_size => 1,
- :gcp_kube_cluster_zone_extra1 => "europe-west2-b",
- :gcp_kube_cluster_zone_extra2 => "europe-west2-c",
- :gcp_kube_cluster_master_user => "gcp-inspec-kube-admin",
- :gcp_kube_cluster_master_pass => (("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + %w{! @ # $ % & / ( ) + ? *}).sample(20).join,
- :gcp_kube_nodepool_name => "default-pool",
- :gcp_kms_key_ring_policy_name => "gcp-inspec-kms-key-ring-#{add_random_string}",
- :gcp_kms_key_ring_binding_member_name => "gcp-inspec-kms-key-ring-#{add_random_string}",
- :gcp_kms_crypto_key_name_policy => "gcp-inspec-kms-crypto-key-policy-#{add_random_string}",
- :gcp_kms_crypto_key_name_binding => "gcp-inspec-kms-crypto-key-binding-#{add_random_string}",
- :gcp_logging_vm_name => "gcp-inspec-logging-vm",
- :gcp_logging_bucket_name => "gcp-inspec-logging-#{add_random_string}",
- :gcp_logging_project_sink_name => "gcp-inspec-logging-project-#{add_random_string}",
- :gcp_logging_project_exclusion_name => "gcp-inspec-project-exclusion-#{add_random_string}",
- :gcp_network_name => "gcp-inspec-network",
- :gcp_subnetwork_name => "gcp-inspec-subnetwork",
- :gcp_vpn_gateway_name => "gcp-inspec-gateway",
- :gcp_vpn_tunnel_name => "gcp-inspec-tunnel",
- :gcp_fr_esp_name => "gcp-inspec-fr-esp",
- :gcp_fr_udp_name => "gcp-inspec-fr-udp",
- :gcp_address_name => "gcp-inspec-address",
- :gcp_vpn_address_name => "gcp-inspec-vpn-address",
- :gcp_db_instance_name => "gcp-inspec-db-#{add_random_string}",
- :gcp_db_name => "inspecgcp",
- :gcp_db_type => "MYSQL_5_7",
- :gcp_db_size => "db-f1-micro",
- :gcp_db_user_name => "inspecgcpuser",
- :gcp_db_user_password => (("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + %w{! @ # $ % & / ( ) + ? *}).sample(20).join,
- # Some resources require elevated privileges to create and therefore test against. The below flag is used to control
- # both the terraform resource creation and the inspec test execution for those resources. Default behaviour is for this to
- # be disabled meaning a user needs no special GCP privileges to run the integration test pack.
- #
- # Note, would prefer to use boolean true or false here but will revisit for a future version of tf, see here for more detail: https://www.terraform.io/docs/configuration/variables.html
- :gcp_enable_privileged_resources => 0,
- # Some controls make use of the gcloud command and grep to discover live data to then test against.
- # Only test execution is affected by this flag, resource creation via terraform is unaffected.
- # Default behaviour is for this to be disabled, enable by changing the below flag.
- :gcp_enable_gcloud_calls => 0
- }
+ # helper method for adding random strings
+ def add_random_string(length = 25)
+ "#{(0...length).map { (65 + rand(26)).chr }.join.downcase}"
+ end
- def self.config
- @config
- end
+ def initialize(seed = nil)
+ if seed != nil
+ srand(seed.to_i)
+ end
+ @config = {
+ # Generic GCP resource parameters
+ :gcp_organization_id => '953310715741',
+ :gcp_project_name => "SPaterson Project",
+ :gcp_project_id => "spaterson-project",
+ :gcp_project_number => "1041358276233",
+ # Determine the storage account name and the admin password
+ :gcp_location => "europe-west2",
+ :gcp_zone => "europe-west2-a",
+ # Cloud functions are only available in certain regions
+ :gcp_cloud_function_region => "us-central1",
+ :gcp_int_vm_name => "gcp-inspec-int-linux-vm",
+ :gcp_int_vm_size => "f1-micro",
+ :gcp_int_vm_image => "ubuntu-os-cloud/ubuntu-1604-lts",
+ :gcp_ext_vm_name => "gcp-inspec-ext-linux-vm",
+ :gcp_ext_vm_size => "f1-micro",
+ :gcp_ext_vm_image => "ubuntu-os-cloud/ubuntu-1604-lts",
+ :gcp_ext_compute_address_name => "gcp-inspec-generic-ext-compute-address",
+ :gcp_windows_int_vm_image => "windows-cloud/windows-server-2016-dc-core-v20180313",
+ :gcp_windows_int_vm_name => "gcp-inspec-int-windows-vm",
+ # Recommended to upgrade to a minimum of g1-small
+ :gcp_windows_int_vm_size => "g1-small",
+ :gcp_service_account_display_name => "gcp-inspec-service-account",
+ # We need to randomize the name of this role to avoid e.g.
+ # Error 400: You can't create a role with role_id (gcp_inspec_project_custom_role_id) where there is an existing role with that role_id in a deleted state.
+ :gcp_project_iam_custom_role_id => "gcp_inspec_custom_role_id_#{add_random_string}",
+ :gcp_compute_disk_name => "gcp-inspec-disk-#{add_random_string}",
+ :gcp_compute_disk_type => "pd-standard",
+ :gcp_compute_disk_image => "ubuntu-os-cloud/ubuntu-1604-lts",
+ :gcp_ext_vm_data_disk_address_name => "gcp-inspec-generic-ext-compute-data-disk-address",
+ :gcp_ext_vm_data_disk_name => "gcp-inspec-generic-ext-linux-vm-data-disk",
+ :gcp_ext_vm_data_disk_size => "f1-micro",
+ :gcp_ext_vm_data_disk_image => "ubuntu-os-cloud/ubuntu-1604-lts",
+ :gcp_storage_bucket_name => "gcp-inspec-storage-bucket-#{add_random_string}",
+ :gcp_storage_bucket_acl => "gcp-inspec-storage-bucket-acl-#{add_random_string}",
+ :gcp_storage_bucket_binding => "gcp-inspec-storage-bucket-iam-binding-#{add_random_string}",
+ :gcp_storage_bucket_member => "gcp-inspec-storage-bucket-iam-member-#{add_random_string}",
+ :gcp_storage_bucket_policy => "gcp-inspec-storage-bucket-iam-policy-#{add_random_string}",
+ :gcp_storage_bucket_object => "gcp-inspec-storage-bucket-object-#{add_random_string}",
+ :gcp_storage_bucket_object_name => "bucket-object-#{add_random_string}",
+ # Google Load Balanced App example parameters
+ :gcp_lb_network => "default",
+ :gcp_lb_region => "europe-west2",
+ :gcp_lb_zone => "europe-west2-a",
+ :gcp_lb_zone_mig2 => "europe-west2-b",
+ :gcp_lb_zone_mig3 => "europe-west2-c",
+ :gcp_lb_fr_name => "gcp-inspec-app-lb-fr-mig1",
+ :gcp_lb_ilb_name => "gcp-inspec-app-lb-internal",
+ :gcp_lb_mig1_name => "gcp-inspec-app-mig1",
+ :gcp_lb_mig2_name => "gcp-inspec-app-mig2",
+ :gcp_lb_mig3_name => "gcp-inspec-app-mig3",
+ # GKE example parameters
+ :gcp_kube_cluster_name => "gcp-inspec-kube-cluster",
+ :gcp_kube_cluster_zone => "europe-west2-a",
+ :gcp_kube_cluster_size => 1,
+ :gcp_kube_cluster_zone_extra1 => "europe-west2-b",
+ :gcp_kube_cluster_zone_extra2 => "europe-west2-c",
+ :gcp_kube_cluster_master_user => "gcp-inspec-kube-admin",
+ :gcp_kube_cluster_master_pass => (("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + %w{! @ # $ % & / ( ) + ? *}).sample(20).join,
+ :gcp_kube_nodepool_name => "default-pool",
+ :gcp_kms_key_ring_policy_name => "gcp-inspec-kms-key-ring-#{add_random_string}",
+ :gcp_kms_key_ring_binding_member_name => "gcp-inspec-kms-key-ring-#{add_random_string}",
+ :gcp_kms_crypto_key_name_policy => "gcp-inspec-kms-crypto-key-policy-#{add_random_string}",
+ :gcp_kms_crypto_key_name_binding => "gcp-inspec-kms-crypto-key-binding-#{add_random_string}",
+ :gcp_logging_vm_name => "gcp-inspec-logging-vm",
+ :gcp_logging_bucket_name => "gcp-inspec-logging-#{add_random_string}",
+ :gcp_logging_project_sink_name => "gcp-inspec-logging-project-#{add_random_string}",
+ :gcp_logging_project_exclusion_name => "gcp-inspec-project-exclusion-#{add_random_string}",
+ :gcp_network_name => "gcp-inspec-network",
+ :gcp_subnetwork_name => "gcp-inspec-subnetwork",
+ :gcp_vpn_gateway_name => "gcp-inspec-gateway",
+ :gcp_vpn_tunnel_name => "gcp-inspec-tunnel",
+ :gcp_fr_esp_name => "gcp-inspec-fr-esp",
+ :gcp_fr_udp_name => "gcp-inspec-fr-udp",
+ :gcp_address_name => "gcp-inspec-address",
+ :gcp_vpn_address_name => "gcp-inspec-vpn-address",
+ :gcp_db_instance_name => "gcp-inspec-db-#{add_random_string}",
+ :gcp_db_name => "inspecgcp",
+ :gcp_db_type => "MYSQL_5_7",
+ :gcp_db_size => "db-f1-micro",
+ :gcp_db_user_name => "inspecgcpuser",
+ :gcp_db_user_password => (("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + %w{! @ # $ % & / ( ) + ? *}).sample(20).join,
+ :gcp_dns_zone_name => "dnszone-#{add_random_string}.com.",
+ :gcp_organization_iam_custom_role_id => "org_role_#{add_random_string}",
+ # Some resources require elevated privileges to create and therefore test against. The below flag is used to control
+ # both the terraform resource creation and the inspec test execution for those resources. Default behaviour is for this to
+ # be disabled meaning a user needs no special GCP privileges to run the integration test pack.
+ #
+ # Note, would prefer to use boolean true or false here but will revisit for a future version of tf, see here for more detail: https://www.terraform.io/docs/configuration/variables.html
+ :gcp_enable_privileged_resources => 1,
+ # Some controls make use of the gcloud command and grep to discover live data to then test against.
+ # Only test execution is affected by this flag, resource creation via terraform is unaffected.
+ # Default behaviour is for this to be disabled, enable by changing the below flag.
+ :gcp_enable_gcloud_calls => 0
+ }
+ @config.each { |k, v| @config[k] = ENV[k.to_s.upcase] || v }
+ end
- # This method ensures any environment variables take precedence.
- def self.update_from_environment
- @config.each { |k, v| @config[k] = ENV[k.to_s.upcase] || v }
- end
+ def config
+ @config
+ end
- def self.load_mm_vars
- loaded = YAML.load_file(File.join(File.dirname(__FILE__), 'mm-attributes.yml'))
- @config = loaded.merge(@config)
- end
+ def load_mm_vars
+ loaded = YAML.load_file(File.join(File.dirname(__FILE__), 'mm-attributes.yml'))
+ @config = loaded.merge(@config)
+ end
- # Create JSON for terraform
- def self.store_json(file_name = "gcp-inspec.tfvars.json")
- load_mm_vars
- update_from_environment
- File.open(File.join(File.dirname(__FILE__), '..', 'build', file_name), "w") do |f|
- f.write(@config.to_json)
+ # Create JSON for terraform
+ def store_json(file_name = "gcp-inspec.tfvars.json")
+ load_mm_vars
+ # These variables are used in InSpec controls but not terraform. Including them causes large warning messages about unused vars
+ unused_vars = [:gcp_enable_gcloud_calls, :gcp_kube_nodepool_name]
+ cfg = @config.clone
+ unused_vars.each do |unused_var|
+ cfg.delete(unused_var)
+ end
+ File.open(File.join(File.dirname(__FILE__), '..', 'build', file_name), "w") do |f|
+ f.write(cfg.to_json)
+ end
end
- end
- # Create YAML for inspec
- def self.store_yaml(file_name = "gcp-inspec-attributes.yaml")
- load_mm_vars
- update_from_environment
- File.open(File.join(File.dirname(__FILE__), '..', 'build', file_name), "w") do |f|
- f.write(@config.to_yaml)
+ # Create YAML for inspec
+ def store_yaml(file_name = "gcp-inspec-attributes.yaml")
+ load_mm_vars
+ File.open(File.join(File.dirname(__FILE__), '..', 'build', file_name), "w") do |f|
+ f.write(@config.to_yaml)
+ end
end
- end
-end
+ end
+end
\ No newline at end of file
diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml
index a56bcd50c..ab78ff156 100644
--- a/test/integration/configuration/mm-attributes.yml
+++ b/test/integration/configuration/mm-attributes.yml
@@ -31,6 +31,7 @@ instance_group_manager:
base_instance_name: 'igm'
named_port_name: 'port'
named_port_port: 80
+
autoscaler:
name: 'inspec-gcp-autoscaler'
max_replicas: 5
@@ -128,10 +129,6 @@ target_tcp_proxy:
proxy_header: NONE
tcp_backend_service_name: gcp-inspec-tcp-backend-service
-regional_cluster:
- name: inspec-gcp-regional-cluster
- initial_node_count: 1
-
route:
name: inspec-gcp-route
dest_range: 15.0.0.0/24
@@ -358,3 +355,86 @@ service_perimeter:
title: restrict_all
restricted_service: storage.googleapis.com
policy_title: policytitle
+
+firewall:
+ name: inspec-gcp-firewall
+ source_tag: some-tag
+
+address:
+ name: inspec-gcp-global-address
+ address_type: INTERNAL
+ address: "10.2.0.3"
+
+instance_group:
+ name: inspec-instance-group
+ description: My instance group for testing
+ named_port_name: https
+ named_port_port: 8080
+
+instance:
+ name: inspec-instance
+ machine_type: n1-standard-1
+ tag_1: foo
+ tag_2: bar
+ metadata_key: '123'
+ metadata_value: asdf
+ sa_scope: https://www.googleapis.com/auth/compute.readonly
+ startup_script: "echo hi > /test.txt"
+
+network:
+ name: inspec-network
+ routing_mode: REGIONAL
+
+subnetwork:
+ name: inspec-subnet
+ ip_cidr_range: "10.2.0.0/16"
+ log_interval: INTERVAL_10_MIN
+ log_sampling: .5
+ log_metadata: INCLUDE_ALL_METADATA
+
+rigm:
+ name: inspec-rigm
+ base_instance_name: rigm1
+ target_size: 1
+ named_port_name: https
+ named_port_port: 8888
+ healing_delay: 300
+
+vpn_tunnel:
+ name: inspec-vpn-tunnel
+ peer_ip: "15.0.0.120"
+ shared_secret: super secret
+
+project_sink:
+ name: inspec-gcp-org-sink
+ filter: resource.type = gce_instance AND severity = DEBUG
+
+project_exclusion:
+ name: inspec-project-exclusion
+ description: My project exclusion description
+ filter: resource.type = gce_instance AND severity <= DEBUG
+
+alert_policy:
+ display_name: Display
+ combiner: OR
+ condition_display_name: condition
+ condition_filter: "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\""
+ condition_duration: 60s
+ condition_comparison: COMPARISON_GT
+
+dns_managed_zone:
+ # managed zone dns_name must be randomly generated, so it happens in the other script
+ name: example-zone
+ description: example description
+ dnssec_config_state: 'on'
+
+logging_metric:
+ name: some/metric
+ filter: 'resource.type=gae_app AND severity>=ERROR'
+ metric_kind: DELTA
+ value_type: INT64
+
+compute_image:
+ name: inspec-image
+ source: https://storage.googleapis.com/bosh-cpi-artifacts/bosh-stemcell-3262.4-google-kvm-ubuntu-trusty-go_agent-raw.tar.gz
+
\ No newline at end of file
diff --git a/test/integration/verify/controls/container_cluster.rb b/test/integration/verify/controls/container_cluster.rb
index d27cac35c..151d6ff1d 100644
--- a/test/integration/verify/controls/container_cluster.rb
+++ b/test/integration/verify/controls/container_cluster.rb
@@ -14,10 +14,10 @@
impact 1.0
title 'Ensure GKE Container Cluster was built correctly'
- describe google_container_cluster(project: gcp_project_id, zone: gcp_kube_cluster_zone, name: gcp_kube_cluster_name) do
+ describe google_container_cluster(project: gcp_project_id, location: gcp_kube_cluster_zone, name: gcp_kube_cluster_name) do
it { should exist }
its('name') { should eq gcp_kube_cluster_name }
- its('zone') { should match gcp_kube_cluster_zone }
+ its('location') { should match gcp_kube_cluster_zone }
# the cluster should not be tainted
its('tainted?') { should be false }
@@ -47,8 +47,8 @@
# check ipv4 cidr size
its('node_ipv4_cidr_size'){should eq 24}
- # check there is one node pool in the cluster
- its('node_pools.count'){should eq 1}
+ # check there are two node pools in the cluster
+ its('node_pools.count'){should eq 2}
end
end
diff --git a/test/integration/verify/controls/container_clusters.rb b/test/integration/verify/controls/container_clusters.rb
index 6066fed8f..ea43cc127 100644
--- a/test/integration/verify/controls/container_clusters.rb
+++ b/test/integration/verify/controls/container_clusters.rb
@@ -9,7 +9,7 @@
impact 1.0
title 'Ensure container clusters have the correct properties in bulk.'
- describe google_container_clusters(project: gcp_project_id, zone: gcp_kube_cluster_zone) do
+ describe google_container_clusters(project: gcp_project_id, location: gcp_kube_cluster_zone) do
it { should exist }
its('count') { should be <= 10}
its('cluster_names') { should include gcp_kube_cluster_name }
diff --git a/test/integration/verify/controls/container_nodepool.rb b/test/integration/verify/controls/container_nodepool.rb
index 73b86ae41..e229f8872 100644
--- a/test/integration/verify/controls/container_nodepool.rb
+++ b/test/integration/verify/controls/container_nodepool.rb
@@ -11,7 +11,7 @@
impact 1.0
title 'Ensure GKE Container Node Pool was built correctly'
- describe google_container_node_pool(project: gcp_project_id, zone: gcp_kube_cluster_zone, cluster_name: gcp_kube_cluster_name, nodepool_name: gcp_kube_nodepool_name) do
+ describe google_container_node_pool(project: gcp_project_id, location: gcp_kube_cluster_zone, cluster_name: gcp_kube_cluster_name, nodepool_name: gcp_kube_nodepool_name) do
it { should exist }
its('name') { should eq gcp_kube_nodepool_name }
diff --git a/test/integration/verify/controls/container_nodepools.rb b/test/integration/verify/controls/container_nodepools.rb
index 827e0faa3..3f3cdfc19 100644
--- a/test/integration/verify/controls/container_nodepools.rb
+++ b/test/integration/verify/controls/container_nodepools.rb
@@ -10,7 +10,7 @@
impact 1.0
title 'Ensure container cluster node pools have the correct properties in bulk.'
- describe google_container_node_pools(project: gcp_project_id, zone: gcp_kube_cluster_zone, cluster_name: gcp_kube_cluster_name) do
+ describe google_container_node_pools(project: gcp_project_id, location: gcp_kube_cluster_zone, cluster_name: gcp_kube_cluster_name) do
it { should exist }
its('count') { should be <= 10}
its('node_pool_names') { should include gcp_kube_nodepool_name }
diff --git a/test/integration/verify/controls/generic_external_vm.rb b/test/integration/verify/controls/generic_external_vm.rb
index 45bc051e8..a9883efe0 100644
--- a/test/integration/verify/controls/generic_external_vm.rb
+++ b/test/integration/verify/controls/generic_external_vm.rb
@@ -31,11 +31,6 @@
its('status') { should eq 'RUNNING' }
- its('kind') { should eq "compute#instance" }
-
- # there's one default tag e.g. => {:fingerprint=>"\xE3e\xA6J\x90|\xAD#"}
- its('tag_count'){should eq 1}
-
# see if the disk is present with the correct name
its('disk_count'){should eq 1}
# see the internal vm control for more on the below
diff --git a/test/integration/verify/controls/generic_external_vm_data_disk.rb b/test/integration/verify/controls/generic_external_vm_data_disk.rb
index 33033ddbb..c41e64b30 100644
--- a/test/integration/verify/controls/generic_external_vm_data_disk.rb
+++ b/test/integration/verify/controls/generic_external_vm_data_disk.rb
@@ -31,18 +31,12 @@
its('status') { should eq 'RUNNING' }
- its('kind') { should eq "compute#instance" }
-
- # there's one default tag e.g. => {:fingerprint=>"\xE3e\xA6J\x90|\xAD#"}
- its('tag_count'){should eq 1}
-
# see if the disks are present and correct
its('disk_count'){should eq 2}
its('first_disks_source_name') { should eq gcp_ext_vm_data_disk_name }
its('first_disks_first_license') { should match "ubuntu"}
# properties specific to the VM with attached disk
its('second_disks_device_name') { should eq gcp_compute_disk_name }
- its('second_disks_kind') { should eq "compute#attachedDisk" }
its('second_disks_source_name') { should eq gcp_compute_disk_name }
its('second_disks_first_license') { should match "ubuntu"}
diff --git a/test/integration/verify/controls/generic_image_family.rb b/test/integration/verify/controls/generic_image_family.rb
index 43654315a..2f4f94608 100644
--- a/test/integration/verify/controls/generic_image_family.rb
+++ b/test/integration/verify/controls/generic_image_family.rb
@@ -11,7 +11,6 @@
its('name') { should match "ubuntu" }
its('family') { should match "ubuntu" }
- its('kind') { should eq "compute#image" }
# the image should be available for use
its('status') { should eq "READY" }
diff --git a/test/integration/verify/controls/generic_internal_vm.rb b/test/integration/verify/controls/generic_internal_vm.rb
index 2e06ef905..b99b6b1ab 100644
--- a/test/integration/verify/controls/generic_internal_vm.rb
+++ b/test/integration/verify/controls/generic_internal_vm.rb
@@ -30,11 +30,6 @@
its('cpu_platform') { should match "Intel" }
its('status') { should eq 'RUNNING' }
- its('kind') { should eq "compute#instance" }
-
- # there's one default tag e.g. => {:fingerprint=>"\xE3e\xA6J\x90|\xAD#"}
- its('tag_count'){should eq 1}
-
# see if the disk is present with the correct name
its('disk_count'){should eq 1}
diff --git a/test/integration/verify/controls/generic_public_ip_address.rb b/test/integration/verify/controls/generic_public_ip_address.rb
index 33695af33..b6498d37e 100644
--- a/test/integration/verify/controls/generic_public_ip_address.rb
+++ b/test/integration/verify/controls/generic_public_ip_address.rb
@@ -24,7 +24,6 @@
its('untrusted?') { should be false }
its('region') { should match gcp_location}
- its('kind') { should eq "compute#address" }
# we attached this to the external generic vm so the status should be "in_use"
its('status') { should eq "IN_USE" }
diff --git a/test/integration/verify/controls/generic_windows_internal_vm.rb b/test/integration/verify/controls/generic_windows_internal_vm.rb
index 70cfe6583..f8ddb6654 100644
--- a/test/integration/verify/controls/generic_windows_internal_vm.rb
+++ b/test/integration/verify/controls/generic_windows_internal_vm.rb
@@ -30,11 +30,6 @@
its('cpu_platform') { should match "Intel" }
its('status') { should eq 'RUNNING' }
- its('kind') { should eq "compute#instance" }
-
- # there's one default tag e.g. => {:fingerprint=>"\xE3e\xA6J\x90|\xAD#"}
- its('tag_count'){should eq 1}
-
# see if the disk is present with the correct name
its('disk_count'){should eq 1}
its('first_disks_source_name') { should eq gcp_windows_int_vm_name }
diff --git a/test/integration/verify/controls/google_access_context_manager_access_policies.rb b/test/integration/verify/controls/google_access_context_manager_access_policies.rb
index 4b70ab130..84da2696f 100644
--- a/test/integration/verify/controls/google_access_context_manager_access_policies.rb
+++ b/test/integration/verify/controls/google_access_context_manager_access_policies.rb
@@ -26,7 +26,7 @@
impact 1.0
title 'google_access_context_manager_access_policies resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_access_context_manager_access_policies(org_id: gcp_organization_id) do
its('count') { should be >= 1 }
diff --git a/test/integration/verify/controls/google_access_context_manager_access_policy.rb b/test/integration/verify/controls/google_access_context_manager_access_policy.rb
index ef99925f1..eb67085ab 100644
--- a/test/integration/verify/controls/google_access_context_manager_access_policy.rb
+++ b/test/integration/verify/controls/google_access_context_manager_access_policy.rb
@@ -26,7 +26,7 @@
impact 1.0
title 'google_access_context_manager_access_policy resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe.one do
google_access_context_manager_access_policies(org_id: gcp_organization_id).names.each do |policy_name|
diff --git a/test/integration/verify/controls/google_access_context_manager_service_perimeter.rb b/test/integration/verify/controls/google_access_context_manager_service_perimeter.rb
index 85c11b504..5319c52ee 100644
--- a/test/integration/verify/controls/google_access_context_manager_service_perimeter.rb
+++ b/test/integration/verify/controls/google_access_context_manager_service_perimeter.rb
@@ -26,7 +26,7 @@
impact 1.0
title 'google_access_context_manager_service_perimeter resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe.one do
google_access_context_manager_access_policies(org_id: gcp_organization_id).names.each do |policy_name|
diff --git a/test/integration/verify/controls/google_access_context_manager_service_perimeters.rb b/test/integration/verify/controls/google_access_context_manager_service_perimeters.rb
index 1bfe4e79f..1b770f4bf 100644
--- a/test/integration/verify/controls/google_access_context_manager_service_perimeters.rb
+++ b/test/integration/verify/controls/google_access_context_manager_service_perimeters.rb
@@ -26,7 +26,7 @@
impact 1.0
title 'google_access_context_manager_service_perimeters resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe.one do
google_access_context_manager_access_policies(org_id: gcp_organization_id).names.each do |policy_name|
diff --git a/test/integration/verify/controls/google_appengine_standard_app_version.rb b/test/integration/verify/controls/google_appengine_standard_app_version.rb
index 48ec6a4f3..67ca44007 100644
--- a/test/integration/verify/controls/google_appengine_standard_app_version.rb
+++ b/test/integration/verify/controls/google_appengine_standard_app_version.rb
@@ -23,10 +23,13 @@
"entrypoint": "node ./app.js",
"port": "8080"
}, description: 'Cloud App Engine definition')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
control 'google_appengine_standard_app_version-1.0' do
impact 1.0
title 'google_appengine_standard_app_version resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_appengine_standard_app_version(project: gcp_project_id, location: gcp_location, version_id: standardappversion['version_id'], service: standardappversion['service']) do
it { should exist }
diff --git a/test/integration/verify/controls/google_appengine_standard_app_versions.rb b/test/integration/verify/controls/google_appengine_standard_app_versions.rb
index 4bbb0e889..1cae916ab 100644
--- a/test/integration/verify/controls/google_appengine_standard_app_versions.rb
+++ b/test/integration/verify/controls/google_appengine_standard_app_versions.rb
@@ -23,10 +23,13 @@
"entrypoint": "node ./app.js",
"port": "8080"
}, description: 'Cloud App Engine definition')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
control 'google_appengine_standard_app_versions-1.0' do
impact 1.0
title 'google_appengine_standard_app_versions resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_appengine_standard_app_versions(project: gcp_project_id, location: gcp_location,service: standardappversion['service']) do
its('runtimes') { should include standardappversion['runtime'] }
diff --git a/test/integration/verify/controls/google_billing_project_billing_info.rb b/test/integration/verify/controls/google_billing_project_billing_info.rb
index a9b685bb5..56a61115e 100644
--- a/test/integration/verify/controls/google_billing_project_billing_info.rb
+++ b/test/integration/verify/controls/google_billing_project_billing_info.rb
@@ -22,7 +22,7 @@
impact 1.0
title 'google_billing_project_billing_info resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_billing_project_billing_info(project_id: gcp_project_id) do
it { should exist }
diff --git a/test/integration/verify/controls/google_container_regional_cluster.rb b/test/integration/verify/controls/google_compute_address.rb
similarity index 54%
rename from test/integration/verify/controls/google_container_regional_cluster.rb
rename to test/integration/verify/controls/google_compute_address.rb
index 2c3af1b17..30d22bbb6 100644
--- a/test/integration/verify/controls/google_container_regional_cluster.rb
+++ b/test/integration/verify/controls/google_compute_address.rb
@@ -12,25 +12,27 @@
#
# ----------------------------------------------------------------------------
-title 'Test GCP google_container_regional_cluster resource.'
+title 'Test GCP google_compute_address resource.'
gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
-regional_cluster = attribute('regional_cluster', default: {
- "name": "inspec-gcp-regional-cluster",
- "initial_node_count": 1
-}, description: 'Regional container cluster definition')
-control 'google_container_regional_cluster-1.0' do
+address = attribute('address', default: {
+ "name": "inspec-gcp-global-address",
+ "address_type": "INTERNAL",
+ "address": "10.2.0.3"
+}, description: 'Address definition')
+control 'google_compute_address-1.0' do
impact 1.0
- title 'google_container_regional_cluster resource test'
+ title 'google_compute_address resource test'
- describe google_container_regional_cluster(project: gcp_project_id, location: gcp_location, name: regional_cluster['name']) do
+ describe google_compute_address(project: gcp_project_id, location: gcp_location, name: address['name']) do
it { should exist }
- its('initial_node_count') { should eq regional_cluster['initial_node_count']}
- its('location') { should eq gcp_location}
+ its('address') { should eq address['address'] }
+ its('address_type') { should eq address['address_type'] }
+ its('user_count') { should eq 0 }
end
- describe google_container_regional_cluster(project: gcp_project_id, location: gcp_location, name: 'nonexistent') do
+ describe google_compute_address(project: gcp_project_id, location: gcp_location, name: 'nonexistent') do
it { should_not exist }
end
end
diff --git a/test/integration/verify/controls/google_container_regional_clusters.rb b/test/integration/verify/controls/google_compute_addresses.rb
similarity index 56%
rename from test/integration/verify/controls/google_container_regional_clusters.rb
rename to test/integration/verify/controls/google_compute_addresses.rb
index 4f7017eee..a9f52e282 100644
--- a/test/integration/verify/controls/google_container_regional_clusters.rb
+++ b/test/integration/verify/controls/google_compute_addresses.rb
@@ -12,21 +12,21 @@
#
# ----------------------------------------------------------------------------
-title 'Test GCP google_container_regional_clusters resource.'
+title 'Test GCP google_compute_addresses resource.'
gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
-regional_cluster = attribute('regional_cluster', default: {
- "name": "inspec-gcp-regional-cluster",
- "initial_node_count": 1
-}, description: 'Regional container cluster definition')
-control 'google_container_regional_clusters-1.0' do
+address = attribute('address', default: {
+ "name": "inspec-gcp-global-address",
+ "address_type": "INTERNAL",
+ "address": "10.2.0.3"
+}, description: 'Address definition')
+control 'google_compute_addresses-1.0' do
impact 1.0
- title 'google_container_regional_clusters resource test'
+ title 'google_compute_addresses resource test'
- describe google_container_regional_clusters(project: gcp_project_id, location: gcp_location) do
- its('count') { should be >= 1 }
- its('names') { should include regional_cluster['name'] }
- its('initial_node_counts') { should include regional_cluster['initial_node_count']}
+ describe google_compute_addresses(project: gcp_project_id, location: gcp_location) do
+ its('addresses') { should include address['address'] }
+ its('names') { should include address['name'] }
end
end
diff --git a/test/integration/verify/controls/google_compute_firewall.rb b/test/integration/verify/controls/google_compute_firewall.rb
new file mode 100644
index 000000000..f54b4a6a1
--- /dev/null
+++ b/test/integration/verify/controls/google_compute_firewall.rb
@@ -0,0 +1,31 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_compute_firewall resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+firewall = attribute('firewall', default: {
+ "name": "inspec-gcp-firewall",
+ "source_tag": "some-tag"
+}, description: 'Firewall rule definition')
+control 'google_compute_firewall-1.0' do
+ impact 1.0
+ title 'google_compute_firewall resource test'
+
+ describe google_compute_firewall(project: gcp_project_id, name: firewall['name']) do
+ its('direction') { should cmp 'INGRESS' }
+ its('log_config_enabled?') { should be true }
+ its('source_tags') { should include firewall['source_tag'] }
+ end
+end
diff --git a/test/integration/verify/controls/google_compute_firewalls.rb b/test/integration/verify/controls/google_compute_firewalls.rb
index 134e8efcc..7d3a36b28 100644
--- a/test/integration/verify/controls/google_compute_firewalls.rb
+++ b/test/integration/verify/controls/google_compute_firewalls.rb
@@ -1,25 +1,31 @@
-title 'Firewalls Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_enable_gcloud_calls = attribute(:gcp_enable_gcloud_calls,default:0,description:'Flag to enable the use of gcloud command line to pull in live data to test against.')
+title 'Test GCP google_compute_firewalls resource.'
-control 'gcp-firewalls-1.0' do
-
- only_if { gcp_enable_gcloud_calls.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+firewall = attribute('firewall', default: {
+ "name": "inspec-gcp-firewall",
+ "source_tag": "some-tag"
+}, description: 'Firewall rule definition')
+control 'google_compute_firewalls-1.0' do
impact 1.0
- title 'Ensure firewalls have the correct properties in bulk'
+ title 'google_compute_firewalls resource test'
describe google_compute_firewalls(project: gcp_project_id) do
- it { should exist }
- its('count') { should be <= 100}
- # assume this is a development setup for a moment
- its('firewall_names') { should include "default-allow-ssh" }
- its('firewall_names') { should include "default-allow-rdp" }
- its('firewall_names') { should include "default-allow-internal" }
- its('firewall_names') { should include "default-allow-icmp" }
- # Only make the call if the configuration flag is specified and the test will run
- gcp_firewall_id = `gcloud compute firewall-rules list --filter="name=default-allow-ssh" --format=json | grep id | grep -o '[0-9]\\+'`.chomp.to_i
- its('firewall_ids') { should include gcp_firewall_id }
+ its('count') { should be >= 1 }
+ its('firewall_names') { should include firewall['name'] }
+ its('firewall_directions') { should include 'INGRESS' }
end
-
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_compute_firewalls_handwritten.rb b/test/integration/verify/controls/google_compute_firewalls_handwritten.rb
new file mode 100644
index 000000000..4c4b732e9
--- /dev/null
+++ b/test/integration/verify/controls/google_compute_firewalls_handwritten.rb
@@ -0,0 +1,25 @@
+title 'Firewalls Properties'
+
+gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
+gcp_enable_gcloud_calls = attribute(:gcp_enable_gcloud_calls,default:0,description:'Flag to enable the use of gcloud command line to pull in live data to test against.')
+
+control 'gcp-firewalls-1.0' do
+
+ only_if { gcp_enable_gcloud_calls.to_i == 1 }
+ impact 1.0
+ title 'Ensure firewalls have the correct properties in bulk'
+
+ describe google_compute_firewalls(project: gcp_project_id) do
+ it { should exist }
+ its('count') { should be <= 100}
+ # assume this is a development setup for a moment
+ its('firewall_names') { should include "default-allow-ssh" }
+ its('firewall_names') { should include "default-allow-rdp" }
+ its('firewall_names') { should include "default-allow-internal" }
+ its('firewall_names') { should include "default-allow-icmp" }
+ # Only make the call if the configuration flag is specified and the test will run
+ gcp_firewall_id = `gcloud compute firewall-rules list --filter="name=default-allow-ssh" --format=json | grep id | grep -o '[0-9]\\+'`.chomp
+ its('firewall_ids') { should include gcp_firewall_id }
+ end
+
+end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_compute_firewalls_loop.rb b/test/integration/verify/controls/google_compute_firewalls_loop.rb
index f34d0fffc..3fb41adec 100644
--- a/test/integration/verify/controls/google_compute_firewalls_loop.rb
+++ b/test/integration/verify/controls/google_compute_firewalls_loop.rb
@@ -10,7 +10,6 @@
google_compute_firewalls(project: gcp_project_id).firewall_names.each do |firewall_name|
describe google_compute_firewall(project: gcp_project_id, name: firewall_name) do
it { should exist }
- its('kind') { should eq "compute#firewall" }
its('direction') { should be_in ["INGRESS","EGRESS"] }
end
end
diff --git a/test/integration/verify/controls/google_compute_forwarding_rule.rb b/test/integration/verify/controls/google_compute_forwarding_rule.rb
index 05f2f96d2..ad2c3c3da 100644
--- a/test/integration/verify/controls/google_compute_forwarding_rule.rb
+++ b/test/integration/verify/controls/google_compute_forwarding_rule.rb
@@ -1,22 +1,38 @@
-title 'Test single GCP compute forwarding_rule'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_network_name = attribute(:gcp_lb_network, default: '', description: 'The GCP network name.')
-gcp_region = attribute(:gcp_lb_region, default: '', description: 'The GCP region being used.')
-gcp_forwarding_rule_name = attribute(:gcp_fr_udp_name, default: 'inspec-gcp-fr-udp', description: 'The GCP forwarding_rule name.')
+title 'Test GCP google_compute_forwarding_rule resource.'
-control 'gcp-compute-forwarding_rule-1.0' do
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_lb_region = attribute(:gcp_lb_region, default: 'gcp_lb_region', description: 'The region used for the forwarding rule.')
+gcp_fr_udp_name = attribute(:gcp_fr_udp_name, default: 'gcp_fr_udp_name', description: 'The forwarding rule name.')
+control 'google_compute_forwarding_rule-1.0' do
impact 1.0
- title 'Ensure GCP compute forwarding_rule has the correct properties.'
+ title 'google_compute_forwarding_rule resource test'
- describe google_compute_forwarding_rule(project: gcp_project_id, region: gcp_region, name: "#{gcp_forwarding_rule_name}-500") do
+
+ describe google_compute_forwarding_rule(project: gcp_project_id, region: gcp_lb_region, name: "#{gcp_fr_udp_name}-500") do
it { should exist }
- its('name') { should eq "#{gcp_forwarding_rule_name}-500" }
- its('region') { should match gcp_region }
- its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
+ its('region') { should match gcp_lb_region }
+ its('creation_timestamp') { should be > Time.now - 365*60*60*24*10 }
its('load_balancing_scheme') { should match 'EXTERNAL' }
its('port_range') { should match "500-500" }
its('ip_protocol') { should match "UDP" }
end
+
+ describe google_compute_forwarding_rule(project: gcp_project_id, region: gcp_lb_region, name: "nonexistent") do
+ it { should_not exist }
+ end
end
diff --git a/test/integration/verify/controls/google_compute_forwarding_rules.rb b/test/integration/verify/controls/google_compute_forwarding_rules.rb
index ac301c0f3..024a7dd9f 100644
--- a/test/integration/verify/controls/google_compute_forwarding_rules.rb
+++ b/test/integration/verify/controls/google_compute_forwarding_rules.rb
@@ -1,18 +1,29 @@
-title 'ForwardingRules Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_region = attribute(:gcp_lb_region, default: '', description: 'The GCP region being used.')
-gcp_forwarding_rule_name = attribute(:gcp_fr_udp_name, default: 'inspec-gcp-fr-udp', description: 'The GCP forwarding_rule name.')
+title 'Test GCP google_compute_forwarding_rules resource.'
-control 'gcp-forwarding_rules-1.0' do
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_lb_region = attribute(:gcp_lb_region, default: 'gcp_lb_region', description: 'The region used for the forwarding rule.')
+gcp_fr_udp_name = attribute(:gcp_fr_udp_name, default: 'gcp_fr_udp_name', description: 'The forwarding rule name.')
+control 'google_compute_forwarding_rules-1.0' do
impact 1.0
- title 'Ensure forwarding_rules have the correct properties in bulk'
+ title 'google_compute_forwarding_rules resource test'
- describe google_compute_forwarding_rules(project: gcp_project_id, region: gcp_region) do
- it { should exist }
- its('count') { should be <= 100}
- its('forwarding_rule_names') { should include "#{gcp_forwarding_rule_name}-500" }
- end
+ describe google_compute_forwarding_rules(project: gcp_project_id, region: gcp_lb_region) do
+ its('forwarding_rule_names') { should include "#{gcp_fr_udp_name}-500" }
+ end
end
diff --git a/test/integration/verify/controls/google_compute_image.rb b/test/integration/verify/controls/google_compute_image.rb
new file mode 100644
index 000000000..43c0a0006
--- /dev/null
+++ b/test/integration/verify/controls/google_compute_image.rb
@@ -0,0 +1,34 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_compute_image resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+compute_image = attribute('compute_image', default: {
+ "name": "inspec-image",
+ "source": "https://storage.googleapis.com/bosh-cpi-artifacts/bosh-stemcell-3262.4-google-kvm-ubuntu-trusty-go_agent-raw.tar.gz"
+}, description: 'Compute image description')
+control 'google_compute_image-1.0' do
+ impact 1.0
+ title 'google_compute_image resource test'
+
+ describe google_compute_image(project: gcp_project_id, name: compute_image['name']) do
+ it { should exist }
+ its('disk_size_gb') { should cmp 3 }
+ end
+
+ describe google_compute_image(project: gcp_project_id, name: 'notfound') do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_compute_instance.rb b/test/integration/verify/controls/google_compute_instance.rb
new file mode 100644
index 000000000..8be16c5e1
--- /dev/null
+++ b/test/integration/verify/controls/google_compute_instance.rb
@@ -0,0 +1,46 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_compute_instance resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'GCP zone name of the compute disk')
+instance = attribute('instance', default: {
+ "name": "inspec-instance",
+ "machine_type": "n1-standard-1",
+ "tag_1": "foo",
+ "tag_2": "bar",
+ "metadata_key": "123",
+ "metadata_value": "asdf",
+ "sa_scope": "https://www.googleapis.com/auth/compute.readonly",
+ "startup_script": "echo hi > /test.txt"
+}, description: 'Compute instance description')
+control 'google_compute_instance-1.0' do
+ impact 1.0
+ title 'google_compute_instance resource test'
+
+
+ describe google_compute_instance(project: gcp_project_id, zone: gcp_zone, name: instance['name']) do
+ it { should exist }
+ its('machine_type') { should match instance['machine_type'] }
+ its('tags.items') { should include instance['tag_1'] }
+ its('tags.items') { should include instance['tag_2'] }
+ its('tag_count') { should cmp 2 }
+ its('service_account_scopes') { should include instance['sa_scope'] }
+ end
+
+ describe google_compute_instance(project: gcp_project_id, zone: gcp_zone, name: 'nonexistent') do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_compute_instance_group.rb b/test/integration/verify/controls/google_compute_instance_group.rb
new file mode 100644
index 000000000..75dd15f08
--- /dev/null
+++ b/test/integration/verify/controls/google_compute_instance_group.rb
@@ -0,0 +1,41 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_compute_instance_group resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'GCP zone name')
+instance_group = attribute('instance_group', default: {
+ "name": "inspec-instance-group",
+ "description": "My instance group for testing",
+ "named_port_name": "https",
+ "named_port_port": 8080
+}, description: 'Instance group')
+control 'google_compute_instance_group-1.0' do
+ impact 1.0
+ title 'google_compute_instance_group resource test'
+
+
+ describe google_compute_instance_group(project: gcp_project_id, zone: gcp_zone, name: instance_group['name']) do
+ it { should exist }
+ its('description') { should cmp instance_group['description'] }
+ its('named_ports.count') { should cmp 1 }
+ its('named_ports.first.name') { should cmp instance_group['named_port_name'] }
+ its('named_ports.first.port') { should cmp instance_group['named_port_port'] }
+ end
+
+ describe google_compute_instance_group(project: gcp_project_id, zone: gcp_zone, name: 'nonexistent') do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_compute_instance_groups.rb b/test/integration/verify/controls/google_compute_instance_groups.rb
index 1a0077cea..d87c864fa 100644
--- a/test/integration/verify/controls/google_compute_instance_groups.rb
+++ b/test/integration/verify/controls/google_compute_instance_groups.rb
@@ -1,16 +1,33 @@
-title 'Google compute instance groups properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_lb_zone = attribute(:gcp_lb_zone, default: '', description: 'The GCP pattern zone for the managed instance group (mig1).')
-
-control 'gcp-compute-instance-groups-1.0' do
+title 'Test GCP google_compute_instance_groups resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'GCP zone name')
+instance_group = attribute('instance_group', default: {
+ "name": "inspec-instance-group",
+ "description": "My instance group for testing",
+ "named_port_name": "https",
+ "named_port_port": 8080
+}, description: 'Instance group')
+control 'google_compute_instance_groups-1.0' do
impact 1.0
- title 'Ensure compute instance groups have the correct properties in bulk'
+ title 'google_compute_instance_groups resource test'
+
- describe google_compute_instance_groups(project: gcp_project_id, zone: gcp_lb_zone) do
- it { should exist }
- its('count') { should be <= 100}
- its('instance_group_names') { should include "inspec-gcp-igm" }
+ describe google_compute_instance_groups(project: gcp_project_id, zone: gcp_zone) do
+ its('instance_group_names') { should include instance_group['name'] }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_compute_instances.rb b/test/integration/verify/controls/google_compute_instances.rb
new file mode 100644
index 000000000..4df008d56
--- /dev/null
+++ b/test/integration/verify/controls/google_compute_instances.rb
@@ -0,0 +1,37 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_compute_instances resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'GCP zone name of the compute disk')
+instance = attribute('instance', default: {
+ "name": "inspec-instance",
+ "machine_type": "n1-standard-1",
+ "tag_1": "foo",
+ "tag_2": "bar",
+ "metadata_key": "123",
+ "metadata_value": "asdf",
+ "sa_scope": "https://www.googleapis.com/auth/compute.readonly",
+ "startup_script": "echo hi > /test.txt"
+}, description: 'Compute instance description')
+control 'google_compute_instances-1.0' do
+ impact 1.0
+ title 'google_compute_instances resource test'
+
+
+ describe google_compute_instances(project: gcp_project_id, zone: gcp_zone) do
+ its('instance_names') { should include instance['name'] }
+ end
+end
diff --git a/test/integration/verify/controls/google_compute_network.rb b/test/integration/verify/controls/google_compute_network.rb
index 0e7a1ce6b..f0114d466 100644
--- a/test/integration/verify/controls/google_compute_network.rb
+++ b/test/integration/verify/controls/google_compute_network.rb
@@ -1,23 +1,34 @@
-title 'Test single GCP compute network'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_network_name = attribute(:gcp_network_name, default: '', description: 'The GCP network name.')
-gcp_subnetwork_name = attribute(:gcp_subnetwork_name, default: '', description: 'The GCP subnetwork name.')
-
-control 'gcp-compute-network-1.0' do
+title 'Test GCP google_compute_network resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+network = attribute('network', default: {
+ "name": "inspec-network",
+ "routing_mode": "REGIONAL"
+}, description: 'Network description')
+control 'google_compute_network-1.0' do
impact 1.0
- title 'Ensure GCP compute network has the correct properties.'
+ title 'google_compute_network resource test'
- describe google_compute_network(project: gcp_project_id, name: gcp_network_name) do
+ describe google_compute_network(project: gcp_project_id, name: network['name']) do
it { should exist }
- # the below id example is valid but not tested each time by default
- #its('id') { should eq 5815877451834825315 }
- its('name') { should eq gcp_network_name }
- its ('subnetworks.count') { should eq 1 }
- its ('subnetworks.first') { should match gcp_subnetwork_name }
- its ('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
- its ('routing_config.routing_mode') { should eq "REGIONAL" }
- its ('auto_create_subnetworks'){ should be false }
+ its('routing_config.routing_mode') { should cmp network['routing_mode'] }
+ end
+
+ describe google_compute_network(project: gcp_project_id, name: 'nonexistent') do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_compute_networks.rb b/test/integration/verify/controls/google_compute_networks.rb
index bae5714d6..306042255 100644
--- a/test/integration/verify/controls/google_compute_networks.rb
+++ b/test/integration/verify/controls/google_compute_networks.rb
@@ -1,17 +1,29 @@
-title 'Networks Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_network_name = attribute(:gcp_network_name, default: '', description: 'The GCP network name.')
-
-control 'gcp-networks-1.0' do
+title 'Test GCP google_compute_networks resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+network = attribute('network', default: {
+ "name": "inspec-network",
+ "routing_mode": "REGIONAL"
+}, description: 'Network description')
+control 'google_compute_networks-1.0' do
impact 1.0
- title 'Ensure networks have the correct properties in bulk'
+ title 'google_compute_networks resource test'
describe google_compute_networks(project: gcp_project_id) do
- it { should exist }
- its('count') { should be <= 100}
- its('network_names') { should include gcp_network_name }
+ its('network_names') { should include network['name'] }
end
-
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_compute_project_info.rb b/test/integration/verify/controls/google_compute_project_info.rb
index b4ca9e87c..74be711dc 100644
--- a/test/integration/verify/controls/google_compute_project_info.rb
+++ b/test/integration/verify/controls/google_compute_project_info.rb
@@ -1,14 +1,26 @@
-title 'Test GCP Compute Project Info'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-
-control 'gcp-compute-project-info-1.0' do
+title 'Test GCP google_compute_project_info resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+control 'google_compute_project_info-1.0' do
impact 1.0
- title 'Ensure GCP Compute Project Info has the correct properties.'
+ title 'google_compute_project_info resource test'
describe google_compute_project_info(project: gcp_project_id) do
- it { should exist }
- its('name') { should eq gcp_project_id }
+ it { should exist }
+ its('default_service_account') { should match "developer.gserviceaccount.com" }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_compute_region_instance_group_manager.rb b/test/integration/verify/controls/google_compute_region_instance_group_manager.rb
new file mode 100644
index 000000000..85758b5bb
--- /dev/null
+++ b/test/integration/verify/controls/google_compute_region_instance_group_manager.rb
@@ -0,0 +1,43 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_compute_region_instance_group_manager resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+rigm = attribute('rigm', default: {
+ "name": "inspec-rigm",
+ "base_instance_name": "rigm1",
+ "target_size": 1,
+ "named_port_name": "https",
+ "named_port_port": 8888,
+ "healing_delay": 300
+}, description: 'Compute region instance group manager description')
+control 'google_compute_region_instance_group_manager-1.0' do
+ impact 1.0
+ title 'google_compute_region_instance_group_manager resource test'
+
+ describe google_compute_region_instance_group_manager(project: gcp_project_id, region: gcp_location, name: rigm['name']) do
+ it { should exist }
+ its('base_instance_name') { should eq rigm['base_instance_name'] }
+ its('target_size') { should eq rigm['target_size'] }
+ its('named_ports.first.name') { should eq rigm['named_port_name'] }
+ its('named_ports.first.port') { should eq rigm['named_port_port'] }
+ its('auto_healing_policies.first.initial_delay_sec') { should eq rigm['healing_delay'] }
+ end
+
+ describe google_compute_region_instance_group_manager(project: gcp_project_id, region: gcp_location, name: 'nonexistent') do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_compute_region_instance_group_managers.rb b/test/integration/verify/controls/google_compute_region_instance_group_managers.rb
index 3a0ad78d7..b200f7a73 100644
--- a/test/integration/verify/controls/google_compute_region_instance_group_managers.rb
+++ b/test/integration/verify/controls/google_compute_region_instance_group_managers.rb
@@ -1,20 +1,35 @@
-title 'Google compute region instance group managers properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_lb_region = attribute(:gcp_lb_region, default: '', description: 'The GCP region being used.')
-
-control 'gcp-compute-region-instance-group-managers-1.0' do
+title 'Test GCP google_compute_region_instance_group_managers resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+rigm = attribute('rigm', default: {
+ "name": "inspec-rigm",
+ "base_instance_name": "rigm1",
+ "target_size": 1,
+ "named_port_name": "https",
+ "named_port_port": 8888,
+ "healing_delay": 300
+}, description: 'Compute region instance group manager description')
+control 'google_compute_region_instance_group_managers-1.0' do
impact 1.0
- title 'Ensure compute regional instance group managers have the correct properties in bulk'
+ title 'google_compute_region_instance_group_managers resource test'
- google_compute_region_instance_group_managers(project: gcp_project_id, region: gcp_lb_region).instance_group_manager_names.each do |instance_group_manager_name|
- describe google_compute_region_instance_group_manager(project: gcp_project_id, region: gcp_lb_region, name: instance_group_manager_name) do
- it { should exist }
- its('name') { should cmp /rigm/ }
- its('instance_template') { should cmp /itpl/ }
- its('target_size') { should eq 0 }
- end
+ describe google_compute_region_instance_group_managers(project: gcp_project_id, region: gcp_location) do
+ its('instance_group_manager_names') { should include rigm['name'] }
+ its('base_instance_names') { should include rigm['base_instance_name'] }
end
-
end
diff --git a/test/integration/verify/controls/google_compute_subnetwork.rb b/test/integration/verify/controls/google_compute_subnetwork.rb
index 8f16d023b..a6a9601c5 100644
--- a/test/integration/verify/controls/google_compute_subnetwork.rb
+++ b/test/integration/verify/controls/google_compute_subnetwork.rb
@@ -1,25 +1,42 @@
-title 'Test single GCP compute subnetwork'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_region = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_network_name = attribute(:gcp_network_name, default: '', description: 'The GCP network name.')
-gcp_subnetwork_name = attribute(:gcp_subnetwork_name, default: '', description: 'The GCP subnetwork name.')
-
-control 'gcp-compute-subnetwork-1.0' do
+title 'Test GCP google_compute_subnetwork resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+subnetwork = attribute('subnetwork', default: {
+ "name": "inspec-subnet",
+ "ip_cidr_range": "10.2.0.0/16",
+ "log_interval": "INTERVAL_10_MIN",
+ "log_sampling": 0.5,
+ "log_metadata": "INCLUDE_ALL_METADATA"
+}, description: 'Compute subnetwork description')
+control 'google_compute_subnetwork-1.0' do
impact 1.0
- title 'Ensure GCP compute subnetwork has the correct properties.'
+ title 'google_compute_subnetwork resource test'
- describe google_compute_subnetwork(project: gcp_project_id, region: gcp_region, name: gcp_subnetwork_name) do
+ describe google_compute_subnetwork(project: gcp_project_id, region: gcp_location, name: subnetwork['name']) do
it { should exist }
- # leaving the below two lines as examples of valid tests
- #its('id') { should eq 3916412205080353392 }
- #its('gateway_address') { should eq "10.2.0.1" }
- its('name') { should eq gcp_subnetwork_name }
- its('region') { should match gcp_region }
- its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
- its('ip_cidr_range') { should eq "10.2.0.0/29" }
- its('network') { should match gcp_network_name }
- its('private_ip_google_access') { should be false }
+ its('ip_cidr_range') { should eq subnetwork['ip_cidr_range'] }
+ its('log_config.enable') { should be true }
+ its('log_config.flow_sampling') { should cmp subnetwork['log_sampling'] }
+ its('log_config.aggregation_interval') { should cmp subnetwork['log_interval'] }
+ its('log_config.metadata') { should include subnetwork['log_metadata'] }
+ end
+
+ describe google_compute_subnetwork(project: gcp_project_id, region: gcp_location, name: 'nonexistent') do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_compute_subnetworks.rb b/test/integration/verify/controls/google_compute_subnetworks.rb
index 1d0d2fdcc..4d5b530c4 100644
--- a/test/integration/verify/controls/google_compute_subnetworks.rb
+++ b/test/integration/verify/controls/google_compute_subnetworks.rb
@@ -1,20 +1,34 @@
-title 'Subnetworks Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_network_name = attribute(:gcp_network_name, default: '', description: 'The GCP network name.')
-gcp_region = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_subnetwork_name = attribute(:gcp_subnetwork_name, default: '', description: 'The GCP subnetwork name.')
-
-control 'gcp-subnetworks-1.0' do
+title 'Test GCP google_compute_subnetworks resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+subnetwork = attribute('subnetwork', default: {
+ "name": "inspec-subnet",
+ "ip_cidr_range": "10.2.0.0/16",
+ "log_interval": "INTERVAL_10_MIN",
+ "log_sampling": 0.5,
+ "log_metadata": "INCLUDE_ALL_METADATA"
+}, description: 'Compute subnetwork description')
+control 'google_compute_subnetworks-1.0' do
impact 1.0
- title 'Ensure subnetworks have the correct properties in bulk'
+ title 'google_compute_subnetworks resource test'
- describe google_compute_subnetworks(project: gcp_project_id, region: gcp_region) do
- it { should exist }
- its('count') { should be <= 100}
- its('subnetwork_names') { should include gcp_subnetwork_name }
- its('subnetwork_networks') { should include gcp_network_name }
+ describe google_compute_subnetworks(project: gcp_project_id, region: gcp_location) do
+ its('ip_cidr_ranges') { should include subnetwork['ip_cidr_range'] }
+ its('subnetwork_names') { should include subnetwork['name'] }
end
-
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_compute_vms.rb b/test/integration/verify/controls/google_compute_vms.rb
index 7fefc58cc..3bd7d9f9f 100644
--- a/test/integration/verify/controls/google_compute_vms.rb
+++ b/test/integration/verify/controls/google_compute_vms.rb
@@ -17,7 +17,7 @@
its('instance_ids.count') { should be > 0 }
its('instance_names') { should include gcp_ext_vm_data_disk_name }
# Only make the call if the configuration flag is specified and the test will run
- gcp_instance_id = `gcloud compute instances list --filter="name=gcp-inspec-ext-linux-vm" --format=json | grep id | grep -o '[0-9]\\+'`.chomp.to_i
+ gcp_instance_id = `gcloud compute instances list --filter="name=gcp-inspec-ext-linux-vm" --format=json | grep id | grep -o '[0-9]\\+'`.chomp
its('instance_ids') { should include gcp_instance_id }
end
diff --git a/test/integration/verify/controls/google_compute_vms_loop.rb b/test/integration/verify/controls/google_compute_vms_loop.rb
index 78e275f21..15d1decbb 100644
--- a/test/integration/verify/controls/google_compute_vms_loop.rb
+++ b/test/integration/verify/controls/google_compute_vms_loop.rb
@@ -12,9 +12,7 @@
describe google_compute_instance(project: gcp_project_id, zone: gcp_zone, name: instance_name) do
it { should exist }
its('zone') { should match gcp_zone }
- its('kind') { should eq "compute#instance" }
its('status') { should be_in ['RUNNING', 'PROVISIONING', 'STAGING', 'STOPPING', 'TERMINATED'] }
- its('tag_count'){ should be >= 1 }
end
end
end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_compute_vpn_tunnel.rb b/test/integration/verify/controls/google_compute_vpn_tunnel.rb
index e1090668f..3028836d3 100644
--- a/test/integration/verify/controls/google_compute_vpn_tunnel.rb
+++ b/test/integration/verify/controls/google_compute_vpn_tunnel.rb
@@ -1,21 +1,36 @@
-title 'VPN Tunnel Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_region = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_vpn_tunnel_name = attribute(:gcp_vpn_tunnel_name, default: '', description: 'The GCP VPN tunnel name.')
-gcp_vpn_gateway_name = attribute(:gcp_vpn_gateway_name, default: '', description: 'The GCP VPN gateway name.')
-
-control 'gcp-vpn_tunnel-1.0' do
+title 'Test GCP google_compute_vpn_tunnel resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+vpn_tunnel = attribute('vpn_tunnel', default: {
+ "name": "inspec-vpn-tunnel",
+ "peer_ip": "15.0.0.120",
+ "shared_secret": "super secret"
+}, description: 'Compute VPN tunnel description')
+control 'google_compute_vpn_tunnel-1.0' do
impact 1.0
- title 'Ensure VPN tunnel have the correct properties in bulk'
+ title 'google_compute_vpn_tunnel resource test'
- describe google_compute_vpn_tunnel(project: gcp_project_id, region: gcp_region, name: gcp_vpn_tunnel_name ) do
+ describe google_compute_vpn_tunnel(project: gcp_project_id, region: gcp_location, name: vpn_tunnel['name']) do
it { should exist }
- its('name') { should eq gcp_vpn_tunnel_name }
- its('target_vpn_gateway') { should match /#{gcp_vpn_gateway_name}/ }
- its('remote_traffic_selector') { should include "0.0.0.0/0" }
- its('status') { should_not eq "ESTABLISHED" }
+ its('peer_ip') { should eq vpn_tunnel['peer_ip'] }
end
+ describe google_compute_vpn_tunnel(project: gcp_project_id, region: gcp_location, name: 'nonexistent') do
+ it { should_not exist }
+ end
end
diff --git a/test/integration/verify/controls/google_compute_vpn_tunnels.rb b/test/integration/verify/controls/google_compute_vpn_tunnels.rb
index b2246427b..8c6e844b7 100644
--- a/test/integration/verify/controls/google_compute_vpn_tunnels.rb
+++ b/test/integration/verify/controls/google_compute_vpn_tunnels.rb
@@ -1,20 +1,32 @@
-title 'VPN Tunnel Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_region = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_vpn_tunnel_name = attribute(:gcp_vpn_tunnel_name, default: '', description: 'The GCP VPN tunnel name.')
-gcp_vpn_gateway_name = attribute(:gcp_vpn_gateway_name, default: '', description: 'The GCP VPN gateway name.')
-
-control 'gcp-vpn_tunnels-1.0' do
+title 'Test GCP google_compute_vpn_tunnels resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+vpn_tunnel = attribute('vpn_tunnel', default: {
+ "name": "inspec-vpn-tunnel",
+ "peer_ip": "15.0.0.120",
+ "shared_secret": "super secret"
+}, description: 'Compute VPN tunnel description')
+control 'google_compute_vpn_tunnels-1.0' do
impact 1.0
- title 'Ensure VPN tunnels have the correct properties in bulk'
+ title 'google_compute_vpn_tunnels resource test'
- describe google_compute_vpn_tunnels(project: gcp_project_id, region: gcp_region) do
- it { should exist }
- its('count') { should be 1}
- its('vpn_tunnel_names') { should include gcp_vpn_tunnel_name }
- its('vpn_tunnel_target_vpn_gateways') { should include /#{gcp_vpn_gateway_name}/ }
+ describe google_compute_vpn_tunnels(project: gcp_project_id, region: gcp_location) do
+ its('vpn_tunnel_names') { should include vpn_tunnel['name'] }
+ its('peer_ips') { should include vpn_tunnel['peer_ip'] }
end
-
end
diff --git a/test/integration/verify/controls/google_compute_zone.rb b/test/integration/verify/controls/google_compute_zone.rb
index 2bf2d4174..a193ed865 100644
--- a/test/integration/verify/controls/google_compute_zone.rb
+++ b/test/integration/verify/controls/google_compute_zone.rb
@@ -1,15 +1,26 @@
-title 'Test single GCP Zone'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_zone = attribute(:gcp_zone, default: '', description: 'The GCP zone being used.')
-
-control 'gcp-single-zone-1.0' do
+title 'Test GCP google_compute_zone resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+control 'google_compute_zone-1.0' do
impact 1.0
- title 'Ensure single zone has the correct properties.'
+ title 'google_compute_zone resource test'
- describe google_compute_zone(project: gcp_project_id, name: gcp_zone) do
+ describe google_compute_zone(project: gcp_project_id, name: "us-central1-a") do
it { should exist }
it { should be_up }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_compute_zones.rb b/test/integration/verify/controls/google_compute_zones.rb
index b6f06d34d..fe0b8165a 100644
--- a/test/integration/verify/controls/google_compute_zones.rb
+++ b/test/integration/verify/controls/google_compute_zones.rb
@@ -1,19 +1,28 @@
-title 'Zones Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_zone = attribute(:gcp_zone, default: '', description: 'The GCP zone being used.')
-
-control 'gcp-zones-1.0' do
+title 'Test GCP google_compute_zones resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+control 'google_compute_zones-1.0' do
impact 1.0
- title 'Ensure zones have the correct properties in bulk'
+ title 'google_compute_zones resource test'
- describe google_compute_zones(project: gcp_project_id) do
- it { should exist }
- its('count') { should be <= 100} # 46 at the time of writing
- its('zone_names') { should include gcp_zone }
- its('zone_statuses') { should_not include "DOWN" }
- its('zone_ids') { should include 2290 }
+ google_compute_zones(project: gcp_project_id).zone_names.each do |zone_name|
+ describe google_compute_zone(project: gcp_project_id, name: zone_name) do
+ it { should exist }
+ it { should be_up }
+ end
end
-
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_compute_zones_loop.rb b/test/integration/verify/controls/google_compute_zones_loop.rb
index 0731b29f7..8cd4c9a3f 100644
--- a/test/integration/verify/controls/google_compute_zones_loop.rb
+++ b/test/integration/verify/controls/google_compute_zones_loop.rb
@@ -10,7 +10,6 @@
google_compute_zones(project: gcp_project_id).zone_names.each do |zone_name|
describe google_compute_zone(project: gcp_project_id, name: zone_name) do
it { should exist }
- its('kind') { should eq "compute#zone" }
its('status') { should eq 'UP' }
# or equivalently
it { should be_up }
diff --git a/test/integration/verify/controls/google_container_cluster.rb b/test/integration/verify/controls/google_container_cluster.rb
new file mode 100644
index 000000000..9de4ddd25
--- /dev/null
+++ b/test/integration/verify/controls/google_container_cluster.rb
@@ -0,0 +1,38 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_container_cluster resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_kube_cluster_name = attribute(:gcp_kube_cluster_name, default: 'gcp_kube_cluster_name', description: 'GCP container cluster name')
+gcp_kube_cluster_zone = attribute(:gcp_kube_cluster_zone, default: 'gcp_kube_cluster_zone', description: 'GCP container cluster zone')
+gcp_kube_cluster_size = attribute(:gcp_kube_cluster_size, default: 'gcp_kube_cluster_size', description: 'GCP container cluster size')
+gcp_kube_cluster_zone_extra1 = attribute(:gcp_kube_cluster_zone_extra1, default: 'gcp_kube_cluster_zone_extra1', description: 'First extra zone for the cluster')
+gcp_kube_cluster_zone_extra2 = attribute(:gcp_kube_cluster_zone_extra2, default: 'gcp_kube_cluster_zone_extra2', description: 'Second extra zone for the cluster')
+gcp_kube_cluster_master_user = attribute(:gcp_kube_cluster_master_user, default: 'gcp_kube_cluster_master_user', description: 'GCP container cluster admin username')
+control 'google_container_cluster-1.0' do
+ impact 1.0
+ title 'google_container_cluster resource test'
+
+ describe google_container_cluster(project: gcp_project_id, location: gcp_kube_cluster_zone, name: gcp_kube_cluster_name) do
+ it { should exist }
+ its('locations.sort'){ should cmp [ gcp_kube_cluster_zone, gcp_kube_cluster_zone_extra1, gcp_kube_cluster_zone_extra2 ].sort }
+
+ its('master_auth.username') { should eq gcp_kube_cluster_master_user }
+ end
+
+ describe google_container_cluster(project: gcp_project_id, location: gcp_kube_cluster_zone, name: 'nonexistent') do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_container_clusters.rb b/test/integration/verify/controls/google_container_clusters.rb
new file mode 100644
index 000000000..dcd58a423
--- /dev/null
+++ b/test/integration/verify/controls/google_container_clusters.rb
@@ -0,0 +1,31 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_container_clusters resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_kube_cluster_name = attribute(:gcp_kube_cluster_name, default: 'gcp_kube_cluster_name', description: 'GCP container cluster name')
+gcp_kube_cluster_zone = attribute(:gcp_kube_cluster_zone, default: 'gcp_kube_cluster_zone', description: 'GCP container cluster zone')
+gcp_kube_cluster_size = attribute(:gcp_kube_cluster_size, default: 'gcp_kube_cluster_size', description: 'GCP container cluster size')
+gcp_kube_cluster_zone_extra1 = attribute(:gcp_kube_cluster_zone_extra1, default: 'gcp_kube_cluster_zone_extra1', description: 'First extra zone for the cluster')
+gcp_kube_cluster_zone_extra2 = attribute(:gcp_kube_cluster_zone_extra2, default: 'gcp_kube_cluster_zone_extra2', description: 'Second extra zone for the cluster')
+gcp_kube_cluster_master_user = attribute(:gcp_kube_cluster_master_user, default: 'gcp_kube_cluster_master_user', description: 'GCP container cluster admin username')
+control 'google_container_clusters-1.0' do
+ impact 1.0
+ title 'google_container_clusters resource test'
+
+ describe google_container_clusters(project: gcp_project_id, location: gcp_kube_cluster_zone) do
+ its('cluster_names') { should include gcp_kube_cluster_name }
+ end
+end
diff --git a/test/integration/verify/controls/google_container_regional_node_pool.rb b/test/integration/verify/controls/google_container_node_pool.rb
similarity index 58%
rename from test/integration/verify/controls/google_container_regional_node_pool.rb
rename to test/integration/verify/controls/google_container_node_pool.rb
index c4bda4f78..e9b04e5ab 100644
--- a/test/integration/verify/controls/google_container_regional_node_pool.rb
+++ b/test/integration/verify/controls/google_container_node_pool.rb
@@ -12,30 +12,27 @@
#
# ----------------------------------------------------------------------------
-title 'Test GCP google_container_regional_node_pool resource.'
+title 'Test GCP google_container_node_pool resource.'
gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
-gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+gcp_kube_cluster_zone = attribute(:gcp_kube_cluster_zone, default: 'gcp_kube_cluster_zone', description: 'The zone that the kube cluster resides in.')
+gcp_kube_cluster_name = attribute(:gcp_kube_cluster_name, default: 'gcp_kube_cluster_name', description: 'The parent container clusters name.')
regional_node_pool = attribute('regional_node_pool', default: {
"name": "inspec-gcp-regional-node-pool",
"cluster_name": "inspec-gcp-regional-node-pool-cluster",
"node_count": 1,
"initial_node_count": 1
}, description: 'Regional Node Pool definition')
-regional_cluster = attribute('regional_cluster', default: {
- "name": "inspec-gcp-regional-cluster",
- "initial_node_count": 1
-}, description: 'Regional container cluster definition')
-control 'google_container_regional_node_pool-1.0' do
+control 'google_container_node_pool-1.0' do
impact 1.0
- title 'google_container_regional_node_pool resource test'
+ title 'google_container_node_pool resource test'
- describe google_container_regional_node_pool(project: gcp_project_id, location: gcp_location, cluster: regional_cluster['name'], name: regional_node_pool['name']) do
+ describe google_container_node_pool(project: gcp_project_id, location: gcp_kube_cluster_zone, cluster_name: gcp_kube_cluster_name, nodepool_name: regional_node_pool['name']) do
it { should exist }
its('initial_node_count') { should eq regional_node_pool['initial_node_count']}
end
- describe google_container_regional_node_pool(project: gcp_project_id, location: gcp_location, cluster: regional_cluster['name'], name: 'nonexistent') do
+ describe google_container_node_pool(project: gcp_project_id, location: gcp_kube_cluster_zone, cluster_name: gcp_kube_cluster_name, nodepool_name: 'nonexistent') do
it { should_not exist }
end
end
diff --git a/test/integration/verify/controls/google_container_regional_node_pools.rb b/test/integration/verify/controls/google_container_node_pools.rb
similarity index 64%
rename from test/integration/verify/controls/google_container_regional_node_pools.rb
rename to test/integration/verify/controls/google_container_node_pools.rb
index a07dd3d77..46121ace0 100644
--- a/test/integration/verify/controls/google_container_regional_node_pools.rb
+++ b/test/integration/verify/controls/google_container_node_pools.rb
@@ -12,25 +12,22 @@
#
# ----------------------------------------------------------------------------
-title 'Test GCP google_container_regional_node_pools resource.'
+title 'Test GCP google_container_node_pools resource.'
gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
-gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+gcp_kube_cluster_zone = attribute(:gcp_kube_cluster_zone, default: 'gcp_kube_cluster_zone', description: 'The zone that the kube cluster resides in.')
+gcp_kube_cluster_name = attribute(:gcp_kube_cluster_name, default: 'gcp_kube_cluster_name', description: 'The parent container clusters name.')
regional_node_pool = attribute('regional_node_pool', default: {
"name": "inspec-gcp-regional-node-pool",
"cluster_name": "inspec-gcp-regional-node-pool-cluster",
"node_count": 1,
"initial_node_count": 1
}, description: 'Regional Node Pool definition')
-regional_cluster = attribute('regional_cluster', default: {
- "name": "inspec-gcp-regional-cluster",
- "initial_node_count": 1
-}, description: 'Regional container cluster definition')
-control 'google_container_regional_node_pools-1.0' do
+control 'google_container_node_pools-1.0' do
impact 1.0
- title 'google_container_regional_node_pools resource test'
+ title 'google_container_node_pools resource test'
- describe google_container_regional_node_pools(project: gcp_project_id, location: gcp_location, cluster: regional_cluster['name']) do
+ describe google_container_node_pools(project: gcp_project_id, location: gcp_kube_cluster_zone, cluster_name: gcp_kube_cluster_name) do
its('initial_node_counts') { should include regional_node_pool['initial_node_count']}
end
end
diff --git a/test/integration/verify/controls/google_dns_managed_zone.rb b/test/integration/verify/controls/google_dns_managed_zone.rb
new file mode 100644
index 000000000..515ac84b6
--- /dev/null
+++ b/test/integration/verify/controls/google_dns_managed_zone.rb
@@ -0,0 +1,36 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_dns_managed_zone resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_dns_zone_name = attribute(:gcp_dns_zone_name, default: 'gcp_dns_zone_name', description: 'The DNS name of the DNS zone.')
+dns_managed_zone = attribute('dns_managed_zone', default: {"name"=>"example-zone", "description"=>"example description", "dnssec_config_state"=>"on"})
+control 'google_dns_managed_zone-1.0' do
+ impact 1.0
+ title 'google_dns_managed_zone resource test'
+
+ describe google_dns_managed_zone(project: gcp_project_id, zone: dns_managed_zone['name']) do
+ it { should exist }
+ its('dns_name') { should cmp gcp_dns_zone_name }
+
+ its('description') { should cmp dns_managed_zone['description'] }
+ its('zone_signing_key_algorithm') { should cmp 'rsasha256' }
+ its('key_signing_key_algorithm') { should cmp 'rsasha512' }
+ end
+
+ describe google_dns_managed_zone(project: gcp_project_id, zone: 'nonexistent') do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_dns_managed_zones.rb b/test/integration/verify/controls/google_dns_managed_zones.rb
new file mode 100644
index 000000000..ae3783881
--- /dev/null
+++ b/test/integration/verify/controls/google_dns_managed_zones.rb
@@ -0,0 +1,29 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_dns_managed_zones resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_dns_zone_name = attribute(:gcp_dns_zone_name, default: 'gcp_dns_zone_name', description: 'The DNS name of the DNS zone.')
+dns_managed_zone = attribute('dns_managed_zone', default: {"name"=>"example-zone", "description"=>"example description", "dnssec_config_state"=>"on"})
+control 'google_dns_managed_zones-1.0' do
+ impact 1.0
+ title 'google_dns_managed_zones resource test'
+
+ describe google_dns_managed_zones(project: gcp_project_id) do
+ it { should exist }
+ its('zone_names') { should include dns_managed_zone['name'] }
+ its('zone_dns_names') { should include gcp_dns_zone_name }
+ end
+end
diff --git a/test/integration/verify/controls/google_iam_organization_custom_role.rb b/test/integration/verify/controls/google_iam_organization_custom_role.rb
new file mode 100644
index 000000000..966b66599
--- /dev/null
+++ b/test/integration/verify/controls/google_iam_organization_custom_role.rb
@@ -0,0 +1,34 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_iam_organization_custom_role resource.'
+
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of the folder')
+gcp_organization_iam_custom_role_id = attribute(:gcp_organization_iam_custom_role_id, default: 'gcp_organization_iam_custom_role_id', description: 'The IAM custom role identifier.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+control 'google_iam_organization_custom_role-1.0' do
+ impact 1.0
+ title 'google_iam_organization_custom_role resource test'
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ describe google_iam_organization_custom_role(org_id: gcp_organization_id, name: gcp_organization_iam_custom_role_id) do
+ it { should exist }
+ its('stage') { should eq 'GA' }
+ its('included_permissions') { should eq ["iam.roles.list"] }
+ end
+
+ describe google_iam_organization_custom_role(org_id: gcp_organization_id, name: gcp_organization_iam_custom_role_id, name: 'nonexistent') do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_iam_organization_custom_roles.rb b/test/integration/verify/controls/google_iam_organization_custom_roles.rb
new file mode 100644
index 000000000..26bd6a4e9
--- /dev/null
+++ b/test/integration/verify/controls/google_iam_organization_custom_roles.rb
@@ -0,0 +1,28 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_iam_organization_custom_roles resource.'
+
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of the folder')
+gcp_organization_iam_custom_role_id = attribute(:gcp_organization_iam_custom_role_id, default: 'gcp_organization_iam_custom_role_id', description: 'The IAM custom role identifier.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+control 'google_iam_organization_custom_roles-1.0' do
+ impact 1.0
+ title 'google_iam_organization_custom_roles resource test'
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ describe google_iam_organization_custom_roles(org_id: gcp_organization_id) do
+ its('names') { should include "organizations/#{gcp_organization_id}/roles/#{gcp_organization_iam_custom_role_id}" }
+ end
+end
diff --git a/test/integration/verify/controls/google_kms_crypto_key.rb b/test/integration/verify/controls/google_kms_crypto_key.rb
index dd66d5c1f..f5090eb3f 100644
--- a/test/integration/verify/controls/google_kms_crypto_key.rb
+++ b/test/integration/verify/controls/google_kms_crypto_key.rb
@@ -1,24 +1,40 @@
-title 'Test single GCP KMS Crypto Key'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name,default:'',description:'GCP key ring name to test against.')
-gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_kms_crypto_key_name_policy = attribute(:gcp_kms_crypto_key_name_policy, default: '', description: 'The GCP cryto key name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_kms_crypto_key resource.'
-control 'gcp-kms-crypto-key-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'GCP location')
+gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name, default: 'gcp_kms_key_ring_policy_name', description: 'Key ring name')
+gcp_kms_crypto_key_name_policy = attribute(:gcp_kms_crypto_key_name_policy, default: 'gcp_kms_crypto_key_name_policy', description: 'Key name')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_kms_crypto_key-1.0' do
impact 1.0
- title 'Ensure single GCP KMS Crypto Key has the correct properties.'
+ title 'google_kms_crypto_key resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_kms_crypto_key(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_policy_name, name: gcp_kms_crypto_key_name_policy) do
it { should exist }
- its('create_time_date') { should be > Time.now - 365*60*60*24*10 }
- its('crypto_key_name'){ should eq gcp_kms_crypto_key_name_policy }
+ its('crypto_key_name') { should cmp gcp_kms_crypto_key_name_policy }
its('primary_state') { should eq "ENABLED" }
its('purpose') { should eq "ENCRYPT_DECRYPT" }
- its('next_rotation_time_date') { should be > Time.now - 100000 }
- its('create_time_date') { should be > Time.now - 365*60*60*24*10 }
+ its('next_rotation_time') { should be > Time.now - 100000 }
+ its('create_time') { should be > Time.now - 365*60*60*24*10 }
+ end
+
+ describe google_kms_crypto_key(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_policy_name, name: "nonexistent") do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_kms_crypto_key_handwritten.rb b/test/integration/verify/controls/google_kms_crypto_key_handwritten.rb
new file mode 100644
index 000000000..38c87bafd
--- /dev/null
+++ b/test/integration/verify/controls/google_kms_crypto_key_handwritten.rb
@@ -0,0 +1,23 @@
+title 'Test single GCP KMS Crypto Key'
+
+gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
+gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name,default:'',description:'GCP key ring name to test against.')
+gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
+gcp_kms_crypto_key_name_policy = attribute(:gcp_kms_crypto_key_name_policy, default: '', description: 'The GCP cryto key name.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+
+control 'gcp-kms-crypto-key-1.0' do
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
+ impact 1.0
+ title 'Ensure single GCP KMS Crypto Key has the correct properties.'
+
+ describe google_kms_crypto_key(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_policy_name, name: gcp_kms_crypto_key_name_policy) do
+ it { should exist }
+ its('create_time') { should be > Time.now - 365*60*60*24*10 }
+ its('crypto_key_name'){ should eq gcp_kms_crypto_key_name_policy }
+ its('primary_state') { should eq "ENABLED" }
+ its('purpose') { should eq "ENCRYPT_DECRYPT" }
+ its('next_rotation_time') { should be > Time.now - 100000 }
+ end
+end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_kms_crypto_key_iam_binding.rb b/test/integration/verify/controls/google_kms_crypto_key_iam_binding.rb
index a7191659c..d27c4ee22 100644
--- a/test/integration/verify/controls/google_kms_crypto_key_iam_binding.rb
+++ b/test/integration/verify/controls/google_kms_crypto_key_iam_binding.rb
@@ -15,12 +15,12 @@
impact 1.0
title 'Ensure single KMS Crypto Key IAM Binding has the correct properties'
- describe google_kms_crypto_key_iam_binding(crypto_key_url: "projects/#{gcp_project_id}/locations/#{gcp_location}/keyRings/#{gcp_kms_key_ring_binding_member_name}/cryptoKeys/#{gcp_kms_crypto_key_name_binding}", role: "roles/editor") do
+ describe google_kms_crypto_key_iam_binding(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_binding_member_name, crypto_key_name: gcp_kms_crypto_key_name_binding, role: "roles/editor") do
it { should exist }
its('members.count') { should eq 1}
end
- describe google_kms_crypto_key_iam_binding(crypto_key_url: "projects/#{gcp_project_id}/locations/#{gcp_location}/keyRings/#{gcp_kms_key_ring_policy_name}/cryptoKeys/#{gcp_kms_crypto_key_name_policy}", role: "roles/editor") do
+ describe google_kms_crypto_key_iam_binding(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_policy_name, crypto_key_name: gcp_kms_crypto_key_name_policy, role: "roles/editor") do
it { should exist }
its('members.count') { should eq 1}
end
diff --git a/test/integration/verify/controls/google_kms_crypto_key_iam_bindings.rb b/test/integration/verify/controls/google_kms_crypto_key_iam_policy.rb
similarity index 82%
rename from test/integration/verify/controls/google_kms_crypto_key_iam_bindings.rb
rename to test/integration/verify/controls/google_kms_crypto_key_iam_policy.rb
index 78dc31712..b6d01fe94 100644
--- a/test/integration/verify/controls/google_kms_crypto_key_iam_bindings.rb
+++ b/test/integration/verify/controls/google_kms_crypto_key_iam_policy.rb
@@ -12,7 +12,7 @@
impact 1.0
title 'Ensure GCP KMS Crypto Key IAM Bindings have the correct properties in bulk'
- describe google_kms_crypto_key_iam_bindings(crypto_key_url: "projects/#{gcp_project_id}/locations/#{gcp_location}/keyRings/#{gcp_kms_key_ring_binding_member_name}/cryptoKeys/#{gcp_kms_crypto_key_name_binding}") do
+ describe google_kms_crypto_key_iam_policy(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_binding_member_name, crypto_key_name: gcp_kms_crypto_key_name_binding) do
it { should exist }
its('count') { should be <= 100}
its('iam_binding_roles') { should include "roles/editor" }
diff --git a/test/integration/verify/controls/google_kms_crypto_keys.rb b/test/integration/verify/controls/google_kms_crypto_keys.rb
index a6c51dabd..dfd928489 100644
--- a/test/integration/verify/controls/google_kms_crypto_keys.rb
+++ b/test/integration/verify/controls/google_kms_crypto_keys.rb
@@ -1,29 +1,32 @@
-title 'GCP KMS Crypto Keys Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name,default:'',description:'GCP key ring name to test against.')
-gcp_kms_crypto_key_name_policy = attribute(:gcp_kms_crypto_key_name_policy, default: '', description: 'The GCP cryto key name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
-gcp_kms_crypto_key_name_binding = attribute(:gcp_kms_crypto_key_name_binding,default:'',description:'GCP key ring name to test against.')
-gcp_kms_key_ring_binding_member_name = attribute(:gcp_kms_key_ring_binding_member_name, default: '', description: 'The GCP cryto key name.')
+title 'Test GCP google_kms_crypto_keys resource.'
-
-control 'gcp-crypto-keys-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'GCP location')
+gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name, default: 'gcp_kms_key_ring_policy_name', description: 'Key ring name')
+gcp_kms_crypto_key_name_policy = attribute(:gcp_kms_crypto_key_name_policy, default: 'gcp_kms_crypto_key_name_policy', description: 'Key name')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_kms_crypto_keys-1.0' do
impact 1.0
- title 'Ensure KMS crypto keys have the correct properties in bulk'
+ title 'google_kms_crypto_keys resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_kms_crypto_keys(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_policy_name) do
- it { should exist }
- its('count') { should eq 1}
- its ('crypto_key_names') { should include gcp_kms_crypto_key_name_policy }
- end
-
- describe google_kms_crypto_keys(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_binding_member_name) do
- it { should exist }
- its('count') { should eq 1}
- its ('crypto_key_names') { should include gcp_kms_crypto_key_name_binding }
+ its('count') { should be >= 1 }
+ its('crypto_key_names') { should include gcp_kms_crypto_key_name_policy }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_kms_crypto_keys_handwritten.rb b/test/integration/verify/controls/google_kms_crypto_keys_handwritten.rb
new file mode 100644
index 000000000..a6c51dabd
--- /dev/null
+++ b/test/integration/verify/controls/google_kms_crypto_keys_handwritten.rb
@@ -0,0 +1,29 @@
+title 'GCP KMS Crypto Keys Properties'
+
+gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
+gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name,default:'',description:'GCP key ring name to test against.')
+gcp_kms_crypto_key_name_policy = attribute(:gcp_kms_crypto_key_name_policy, default: '', description: 'The GCP cryto key name.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_kms_crypto_key_name_binding = attribute(:gcp_kms_crypto_key_name_binding,default:'',description:'GCP key ring name to test against.')
+gcp_kms_key_ring_binding_member_name = attribute(:gcp_kms_key_ring_binding_member_name, default: '', description: 'The GCP cryto key name.')
+
+
+control 'gcp-crypto-keys-1.0' do
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
+ impact 1.0
+ title 'Ensure KMS crypto keys have the correct properties in bulk'
+
+ describe google_kms_crypto_keys(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_policy_name) do
+ it { should exist }
+ its('count') { should eq 1}
+ its ('crypto_key_names') { should include gcp_kms_crypto_key_name_policy }
+ end
+
+ describe google_kms_crypto_keys(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_binding_member_name) do
+ it { should exist }
+ its('count') { should eq 1}
+ its ('crypto_key_names') { should include gcp_kms_crypto_key_name_binding }
+ end
+end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_kms_key_ring.rb b/test/integration/verify/controls/google_kms_key_ring.rb
index 298e9a922..91bd36666 100644
--- a/test/integration/verify/controls/google_kms_key_ring.rb
+++ b/test/integration/verify/controls/google_kms_key_ring.rb
@@ -1,19 +1,37 @@
-title 'Test single GCP KMS Key Ring'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
-gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name,default:'',description:'GCP key ring name to test against.')
+title 'Test GCP google_kms_key_ring resource.'
-control 'gcp-key-ring-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'GCP location')
+gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name, default: 'gcp_kms_key_ring_policy_name', description: 'Key ring name')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_kms_key_ring-1.0' do
impact 1.0
- title 'Ensure single KMS Key Ring has the correct properties.'
+ title 'google_kms_key_ring resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_kms_key_ring(project: gcp_project_id, location: gcp_location, name: gcp_kms_key_ring_policy_name) do
it { should exist }
- its('create_time_date') { should be > Time.now - 365*60*60*24*10 }
+ its('create_time') { should be > Time.now - 365*60*60*24*10 }
its('key_ring_name'){ should eq gcp_kms_key_ring_policy_name }
+ its('key_ring_url'){ should match gcp_kms_key_ring_policy_name }
+ end
+
+ describe google_kms_key_ring(project: gcp_project_id, location: gcp_location, name: "nonexistent") do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_kms_key_ring_handwritten.rb b/test/integration/verify/controls/google_kms_key_ring_handwritten.rb
new file mode 100644
index 000000000..e8ac2831f
--- /dev/null
+++ b/test/integration/verify/controls/google_kms_key_ring_handwritten.rb
@@ -0,0 +1,19 @@
+title 'Test single GCP KMS Key Ring'
+
+gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name,default:'',description:'GCP key ring name to test against.')
+
+control 'gcp-key-ring-1.0' do
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
+ impact 1.0
+ title 'Ensure single KMS Key Ring has the correct properties.'
+
+ describe google_kms_key_ring(project: gcp_project_id, location: gcp_location, name: gcp_kms_key_ring_policy_name) do
+ it { should exist }
+ its('create_time') { should be > Time.now - 365*60*60*24*10 }
+ its('key_ring_name'){ should eq gcp_kms_key_ring_policy_name }
+ end
+end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_kms_key_ring_iam_binding.rb b/test/integration/verify/controls/google_kms_key_ring_iam_binding.rb
index b8aa86f00..c2e9d3115 100644
--- a/test/integration/verify/controls/google_kms_key_ring_iam_binding.rb
+++ b/test/integration/verify/controls/google_kms_key_ring_iam_binding.rb
@@ -12,17 +12,17 @@
impact 1.0
title 'Ensure single GCP GCP KMS Key Ring IAM bindings have the correct properties. Examples below include attaching an IAM policy, binding and member to a key ring.'
- describe google_kms_key_ring_iam_binding(key_ring_url: "projects/#{gcp_project_id}/locations/#{gcp_location}/keyRings/#{gcp_kms_key_ring_policy_name}", role: "roles/editor") do
+ describe google_kms_key_ring_iam_binding(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_policy_name, role: "roles/editor") do
it { should exist }
its ('members.count'){ should eq 1 }
end
- describe google_kms_key_ring_iam_binding(key_ring_url: "projects/#{gcp_project_id}/locations/#{gcp_location}/keyRings/#{gcp_kms_key_ring_binding_member_name}", role: "roles/editor") do
+ describe google_kms_key_ring_iam_binding(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_binding_member_name, role: "roles/editor") do
it { should exist }
its ('members.count'){ should eq 1 }
end
- describe google_kms_key_ring_iam_binding(key_ring_url: "projects/#{gcp_project_id}/locations/#{gcp_location}/keyRings/#{gcp_kms_key_ring_binding_member_name}", role: "roles/owner") do
+ describe google_kms_key_ring_iam_binding(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_binding_member_name, role: "roles/owner") do
it { should exist }
its ('members.count'){ should eq 1 }
end
diff --git a/test/integration/verify/controls/google_kms_key_ring_iam_bindings.rb b/test/integration/verify/controls/google_kms_key_ring_iam_policy.rb
similarity index 85%
rename from test/integration/verify/controls/google_kms_key_ring_iam_bindings.rb
rename to test/integration/verify/controls/google_kms_key_ring_iam_policy.rb
index c6ffbbbc0..0afc11256 100644
--- a/test/integration/verify/controls/google_kms_key_ring_iam_bindings.rb
+++ b/test/integration/verify/controls/google_kms_key_ring_iam_policy.rb
@@ -11,7 +11,7 @@
impact 1.0
title 'Ensure GCP KMS Key Ring IAM bindings have the correct properties in bulk'
- describe google_kms_key_ring_iam_bindings(key_ring_url: "projects/#{gcp_project_id}/locations/#{gcp_location}/keyRings/#{gcp_kms_key_ring_binding_member_name}") do
+ describe google_kms_key_ring_iam_policy(project: gcp_project_id, location: gcp_location, key_ring_name: gcp_kms_key_ring_binding_member_name) do
it { should exist }
its('count') { should be <= 100}
its('iam_binding_roles') { should include "roles/owner" }
diff --git a/test/integration/verify/controls/google_kms_key_rings.rb b/test/integration/verify/controls/google_kms_key_rings.rb
index 2556317bd..d90a6577a 100644
--- a/test/integration/verify/controls/google_kms_key_rings.rb
+++ b/test/integration/verify/controls/google_kms_key_rings.rb
@@ -1,21 +1,38 @@
-title 'GCP KMS Key Rings Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
-gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name,default:'',description:'GCP key ring name to test against.')
-gcp_kms_key_ring_binding_member_name = attribute(:gcp_kms_key_ring_binding_member_name,default:'',description:'GCP key ring name to test against.')
+title 'Test GCP google_kms_key_rings resource.'
-control 'gcp-key-rings-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'GCP location')
+gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name, default: 'gcp_kms_key_ring_policy_name', description: 'Key ring name')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_kms_key_rings-1.0' do
impact 1.0
- title 'Ensure KMS key rings have the correct properties in bulk'
+ title 'google_kms_key_rings resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_kms_key_rings(project: gcp_project_id, location: gcp_location) do
- it { should exist }
- its ('key_ring_names') { should include gcp_kms_key_ring_policy_name }
- its ('key_ring_names') { should include gcp_kms_key_ring_binding_member_name }
+ its('key_ring_names'){ should include gcp_kms_key_ring_policy_name }
end
-end
\ No newline at end of file
+ describe.one do
+ google_kms_key_rings(project: gcp_project_id, location: gcp_location).key_ring_urls do |url|
+ describe url do
+ it { should match gcp_kms_key_ring_policy_name }
+ end
+ end
+ end
+end
diff --git a/test/integration/verify/controls/google_kms_key_rings_handwritten.rb b/test/integration/verify/controls/google_kms_key_rings_handwritten.rb
new file mode 100644
index 000000000..2556317bd
--- /dev/null
+++ b/test/integration/verify/controls/google_kms_key_rings_handwritten.rb
@@ -0,0 +1,21 @@
+title 'GCP KMS Key Rings Properties'
+
+gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_kms_key_ring_policy_name = attribute(:gcp_kms_key_ring_policy_name,default:'',description:'GCP key ring name to test against.')
+gcp_kms_key_ring_binding_member_name = attribute(:gcp_kms_key_ring_binding_member_name,default:'',description:'GCP key ring name to test against.')
+
+control 'gcp-key-rings-1.0' do
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
+ impact 1.0
+ title 'Ensure KMS key rings have the correct properties in bulk'
+
+ describe google_kms_key_rings(project: gcp_project_id, location: gcp_location) do
+ it { should exist }
+ its ('key_ring_names') { should include gcp_kms_key_ring_policy_name }
+ its ('key_ring_names') { should include gcp_kms_key_ring_binding_member_name }
+ end
+
+end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_logging_folder_exclusion.rb b/test/integration/verify/controls/google_logging_folder_exclusion.rb
index de5fa738f..4fbd38739 100644
--- a/test/integration/verify/controls/google_logging_folder_exclusion.rb
+++ b/test/integration/verify/controls/google_logging_folder_exclusion.rb
@@ -21,7 +21,7 @@
impact 1.0
title 'google_logging_folder_exclusion resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
# Getting folder exclusions is complicated due to the name being generated by the server.
# This can be drastically simplified if you have the name when writing the test
describe.one do
diff --git a/test/integration/verify/controls/google_logging_folder_exclusions.rb b/test/integration/verify/controls/google_logging_folder_exclusions.rb
index 602fb47b2..da89529a9 100644
--- a/test/integration/verify/controls/google_logging_folder_exclusions.rb
+++ b/test/integration/verify/controls/google_logging_folder_exclusions.rb
@@ -21,7 +21,7 @@
impact 1.0
title 'google_logging_folder_exclusions resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
# Getting folder exclusions is complicated due to the name being generated by the server.
# This can be drastically simplified if you have the name when writing the test
describe.one do
diff --git a/test/integration/verify/controls/google_logging_folder_log_sink.rb b/test/integration/verify/controls/google_logging_folder_log_sink.rb
index f4de57d9e..c8803d423 100644
--- a/test/integration/verify/controls/google_logging_folder_log_sink.rb
+++ b/test/integration/verify/controls/google_logging_folder_log_sink.rb
@@ -21,7 +21,7 @@
impact 1.0
title 'google_logging_folder_log_sink resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
# Getting folder sinks is complicated due to the name being generated by the server.
# This can be drastically simplified if you have the folder name when writing the test
describe.one do
diff --git a/test/integration/verify/controls/google_logging_folder_log_sinks.rb b/test/integration/verify/controls/google_logging_folder_log_sinks.rb
index a8457b1fb..48738f930 100644
--- a/test/integration/verify/controls/google_logging_folder_log_sinks.rb
+++ b/test/integration/verify/controls/google_logging_folder_log_sinks.rb
@@ -21,7 +21,7 @@
impact 1.0
title 'google_logging_folder_log_sinks resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
# Getting folder sinks is complicated due to the name being generated by the server.
# This can be drastically simplified if you have the folder name when writing the test
describe.one do
diff --git a/test/integration/verify/controls/google_logging_organization_log_sink.rb b/test/integration/verify/controls/google_logging_organization_log_sink.rb
index dd01d33e2..04f756afb 100644
--- a/test/integration/verify/controls/google_logging_organization_log_sink.rb
+++ b/test/integration/verify/controls/google_logging_organization_log_sink.rb
@@ -21,7 +21,7 @@
impact 1.0
title 'google_logging_organization_log_sink resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_logging_organization_log_sink(organization: gcp_organization_id, name: org_sink['name']) do
it { should exist }
its('filter') { should cmp org_sink['filter'] }
diff --git a/test/integration/verify/controls/google_logging_organization_log_sinks.rb b/test/integration/verify/controls/google_logging_organization_log_sinks.rb
index cded73e29..d0f4166ad 100644
--- a/test/integration/verify/controls/google_logging_organization_log_sinks.rb
+++ b/test/integration/verify/controls/google_logging_organization_log_sinks.rb
@@ -21,7 +21,7 @@
impact 1.0
title 'google_logging_organization_log_sinks resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_logging_organization_log_sinks(organization: gcp_organization_id) do
its('names') { should include org_sink['name'] }
end
diff --git a/test/integration/verify/controls/google_logging_project_exclusion.rb b/test/integration/verify/controls/google_logging_project_exclusion.rb
index ebeedd265..a58e2d156 100644
--- a/test/integration/verify/controls/google_logging_project_exclusion.rb
+++ b/test/integration/verify/controls/google_logging_project_exclusion.rb
@@ -1,19 +1,36 @@
-title 'Test single GCP project logging exclusion'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_logging_project_exclusion_name = attribute(:gcp_logging_project_exclusion_name, default: '', description: 'The GCP project logging exclusion name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_logging_project_exclusion resource.'
-control 'gcp-project-logging-exclusion-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+project_exclusion = attribute('project_exclusion', default: {"name"=>"inspec-project-exclusion", "description"=>"My project exclusion description", "filter"=>"resource.type = gce_instance AND severity <= DEBUG"})
+gcp_project_id = attribute(:gcp_project_id, default: gcp_project_id, description: 'The project identifier')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_logging_project_exclusion-1.0' do
impact 1.0
- title 'Ensure single GCP project logging exclusion has the correct properties.'
+ title 'google_logging_project_exclusion resource test'
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+
+ describe google_logging_project_exclusion(project: gcp_project_id, name: project_exclusion['name']) do
+ it { should exist }
+ its('description'){ should cmp project_exclusion['description'] }
+ its('filter'){ should cmp project_exclusion['filter'] }
+ end
- describe google_logging_project_exclusion(project: gcp_project_id, exclusion: gcp_logging_project_exclusion_name) do
- it { should exist }
- its('name') { should eq gcp_logging_project_exclusion_name }
- its('filter') { should eq 'resource.type = gce_instance AND severity <= DEBUG' }
- its('description') { should eq 'Exclude GCE instance debug logs' }
+ describe google_logging_project_exclusion(project: gcp_project_id, name: 'nonexistent') do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_logging_project_exclusions.rb b/test/integration/verify/controls/google_logging_project_exclusions.rb
new file mode 100644
index 000000000..3849c3dcf
--- /dev/null
+++ b/test/integration/verify/controls/google_logging_project_exclusions.rb
@@ -0,0 +1,30 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_logging_project_exclusions resource.'
+
+project_exclusion = attribute('project_exclusion', default: {"name"=>"inspec-project-exclusion", "description"=>"My project exclusion description", "filter"=>"resource.type = gce_instance AND severity <= DEBUG"})
+gcp_project_id = attribute(:gcp_project_id, default: gcp_project_id, description: 'The project identifier')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_logging_project_exclusions-1.0' do
+ impact 1.0
+ title 'google_logging_project_exclusions resource test'
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+
+ describe google_logging_project_exclusions(project: gcp_project_id) do
+ its('names'){ should include project_exclusion['name'] }
+ end
+end
diff --git a/test/integration/verify/controls/google_logging_project_sink.rb b/test/integration/verify/controls/google_logging_project_sink.rb
index faa15a4be..ea96d232c 100644
--- a/test/integration/verify/controls/google_logging_project_sink.rb
+++ b/test/integration/verify/controls/google_logging_project_sink.rb
@@ -1,22 +1,34 @@
-title 'Test single GCP project logging sink'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_logging_project_sink_name = attribute(:gcp_logging_project_sink_name, default: '', description: 'The GCP project logging sink name.')
-gcp_logging_bucket_name = attribute(:gcp_logging_bucket_name, default: '', description: 'The GCP project logging bucket name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_logging_project_sink resource.'
-control 'gcp-project-logging-sink-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+project_sink = attribute('project_sink', default: {"name"=>"inspec-gcp-org-sink", "filter"=>"resource.type = gce_instance AND severity = DEBUG"})
+gcp_project_id = attribute(:gcp_project_id, default: gcp_project_id, description: 'The project id.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_logging_project_sink-1.0' do
impact 1.0
- title 'Ensure single GCP project logging sink has the correct properties.'
+ title 'google_logging_project_sink resource test'
- describe google_logging_project_sink(project: gcp_project_id, sink: gcp_logging_project_sink_name) do
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ describe google_logging_project_sink(project: gcp_project_id, name: project_sink['name']) do
it { should exist }
- its('name') { should eq gcp_logging_project_sink_name }
- its('filter') { should match "resource.type = gce_instance AND resource.labels.instance_id = \"" }
- its('output_version_format') { should eq "V2" }
- its('destination') { should eq "storage.googleapis.com/#{gcp_logging_bucket_name}" }
- its('writer_identity') { should match "serviceAccount:" }
+ its('filter') { should cmp project_sink['filter'] }
+ end
+
+ describe google_logging_project_sink(project: gcp_project_id, name: 'nonexistent') do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_logging_project_sinks.rb b/test/integration/verify/controls/google_logging_project_sinks.rb
index 6ad81f403..e7a6cf746 100644
--- a/test/integration/verify/controls/google_logging_project_sinks.rb
+++ b/test/integration/verify/controls/google_logging_project_sinks.rb
@@ -1,19 +1,29 @@
-title 'Test GCP project logging sinks'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_logging_project_sink_name = attribute(:gcp_logging_project_sink_name, default: '', description: 'The GCP project logging sink name.')
-gcp_logging_bucket_name = attribute(:gcp_logging_bucket_name, default: '', description: 'The GCP project logging bucket name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_logging_project_sinks resource.'
-control 'gcp-project-logging-sinks-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+project_sink = attribute('project_sink', default: {"name"=>"inspec-gcp-org-sink", "filter"=>"resource.type = gce_instance AND severity = DEBUG"})
+gcp_project_id = attribute(:gcp_project_id, default: gcp_project_id, description: 'The project id.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_logging_project_sinks-1.0' do
impact 1.0
- title 'Ensure GCP project logging sinks have the correct properties in bulk.'
+ title 'google_logging_project_sinks resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_logging_project_sinks(project: gcp_project_id) do
- it { should exist }
- its('sink_names') { should include gcp_logging_project_sink_name }
- its('sink_destinations') { should include "storage.googleapis.com/#{gcp_logging_bucket_name}" }
+ its('names') { should include project_sink['name'] }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_organization.rb b/test/integration/verify/controls/google_organization.rb
index eff350e34..5ac3c4b2f 100644
--- a/test/integration/verify/controls/google_organization.rb
+++ b/test/integration/verify/controls/google_organization.rb
@@ -1,19 +1,29 @@
-title 'Test GCP Organization'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_organization_id = attribute(:gcp_organization_id, default: '', description: 'The GCP organization identifier.')
-gcp_organization_display_name = attribute(:gcp_organization_display_name, default: '', description: 'The GCP organization display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_organization resource.'
-control 'gcp-organization-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of this folder')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+control 'google_organization-1.0' do
impact 1.0
- title 'Ensure organization has the correct properties.'
+ title 'google_organization resource test'
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_organization(name: "organizations/#{gcp_organization_id}") do
- it { should exist }
its('name') { should eq "organizations/#{gcp_organization_id}" }
- its('display_name') { should eq gcp_organization_display_name }
- its('lifecycle_state') { should include 'ACTIVE' }
+ its('lifecycle_state') { should cmp 'ACTIVE' }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_organizations.rb b/test/integration/verify/controls/google_organizations.rb
index 799391780..6c4cd2407 100644
--- a/test/integration/verify/controls/google_organizations.rb
+++ b/test/integration/verify/controls/google_organizations.rb
@@ -1,19 +1,28 @@
-title 'Test GCP Organizations'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_organization_id = attribute(:gcp_organization_id, default: '', description: 'The GCP organization identifier.')
-gcp_organization_display_name = attribute(:gcp_organization_display_name, default: '', description: 'The GCP organization display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_organizations resource.'
-control 'gcp-organizations-loop-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of this folder')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+control 'google_organizations-1.0' do
impact 1.0
- title 'Ensure organizations have the correct properties in bulk.'
+ title 'google_organizations resource test'
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_organizations do
- it { should exist }
- its('names'){ should include "organizations/#{gcp_organization_id}" }
- its('display_names'){ should include gcp_organization_display_name }
- its('lifecycle_state'){ should include 'ACTIVE' }
+ its('names') { should include "organizations/#{gcp_organization_id}" }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_project.rb b/test/integration/verify/controls/google_project.rb
new file mode 100644
index 000000000..b15db0939
--- /dev/null
+++ b/test/integration/verify/controls/google_project.rb
@@ -0,0 +1,27 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_project resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+control 'google_project-1.0' do
+ impact 1.0
+ title 'google_project resource test'
+
+ describe google_project(project: gcp_project_id) do
+ it { should exist }
+ its('project_id') { should cmp gcp_project_id }
+ its('lifecycle_state') { should cmp 'ACTIVE' }
+ end
+end
diff --git a/test/integration/verify/controls/google_project_alert_policies.rb b/test/integration/verify/controls/google_project_alert_policies.rb
new file mode 100644
index 000000000..b72d76ba5
--- /dev/null
+++ b/test/integration/verify/controls/google_project_alert_policies.rb
@@ -0,0 +1,35 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_project_alert_policies resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+alert_policy = attribute('alert_policy', default: {
+ "display_name": "Display",
+ "combiner": "OR",
+ "condition_display_name": "condition",
+ "condition_filter": "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"",
+ "condition_duration": "60s",
+ "condition_comparison": "COMPARISON_GT"
+}, description: 'Alert Policy description')
+control 'google_project_alert_policies-1.0' do
+ impact 1.0
+ title 'google_project_alert_policies resource test'
+
+ describe google_project_alert_policies(project: gcp_project_id) do
+ it { should exist }
+ its('policy_display_names') { should include alert_policy['display_name']}
+ its('combiners') { should include alert_policy['combiner']}
+ end
+end
diff --git a/test/integration/verify/controls/google_project_alert_policy.rb b/test/integration/verify/controls/google_project_alert_policy.rb
new file mode 100644
index 000000000..4645055d5
--- /dev/null
+++ b/test/integration/verify/controls/google_project_alert_policy.rb
@@ -0,0 +1,40 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_project_alert_policy resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+alert_policy = attribute('alert_policy', default: {
+ "display_name": "Display",
+ "combiner": "OR",
+ "condition_display_name": "condition",
+ "condition_filter": "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"",
+ "condition_duration": "60s",
+ "condition_comparison": "COMPARISON_GT"
+}, description: 'Alert Policy description')
+control 'google_project_alert_policy-1.0' do
+ impact 1.0
+ title 'google_project_alert_policy resource test'
+
+ describe.one do
+ google_project_alert_policies(project: gcp_project_id).policy_names do |policy_name|
+ describe google_project_alert_policy(project: gcp_project_id, name: policy_name) do
+ it { should exist }
+ its('display_name') { should cmp alert_policy['display_name']}
+ its('combiner') { should cmp alert_policy['combiner']}
+ it { should be_enabled }
+ end
+ end
+ end
+end
diff --git a/test/integration/verify/controls/google_project_iam_bindings.rb b/test/integration/verify/controls/google_project_iam_bindings.rb
deleted file mode 100644
index 1cb2e4504..000000000
--- a/test/integration/verify/controls/google_project_iam_bindings.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-title 'GCP Project IAM Bindings Properties'
-
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
-
-control 'gcp-project-iam-bindings-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
- impact 1.0
- title 'Ensure project IAM bindings have the correct properties in bulk'
-
- describe google_project_iam_bindings(project: gcp_project_id) do
- it { should exist }
- its('count') { should be <= 100}
- its('iam_binding_roles') { should include "roles/owner" }
- end
-
-end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_project_iam_custom_role.rb b/test/integration/verify/controls/google_project_iam_custom_role.rb
new file mode 100644
index 000000000..edd829b8b
--- /dev/null
+++ b/test/integration/verify/controls/google_project_iam_custom_role.rb
@@ -0,0 +1,35 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_project_iam_custom_role resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_project_iam_custom_role_id = attribute(:gcp_project_iam_custom_role_id, default: 'gcp_project_iam_custom_role_id', description: 'The IAM custom role identifier.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_project_iam_custom_role-1.0' do
+ impact 1.0
+ title 'google_project_iam_custom_role resource test'
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ describe google_project_iam_custom_role(project: gcp_project_id, name: gcp_project_iam_custom_role_id) do
+ it { should exist }
+ its('stage') { should eq 'GA' }
+ its('included_permissions') { should eq ["iam.roles.list"] }
+ end
+
+ describe google_project_iam_custom_role(project: gcp_project_id, name: 'nonexistent') do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_project_iam_custom_roles.rb b/test/integration/verify/controls/google_project_iam_custom_roles.rb
new file mode 100644
index 000000000..768bf40d1
--- /dev/null
+++ b/test/integration/verify/controls/google_project_iam_custom_roles.rb
@@ -0,0 +1,29 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_project_iam_custom_roles resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_project_iam_custom_role_id = attribute(:gcp_project_iam_custom_role_id, default: 'gcp_project_iam_custom_role_id', description: 'The IAM custom role identifier.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_project_iam_custom_roles-1.0' do
+ impact 1.0
+ title 'google_project_iam_custom_roles resource test'
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ describe google_project_iam_custom_roles(project: gcp_project_id) do
+ its('names') { should include "projects/#{gcp_project_id}/roles/#{gcp_project_iam_custom_role_id}" }
+ end
+end
diff --git a/test/integration/verify/controls/google_project_metric.rb b/test/integration/verify/controls/google_project_metric.rb
new file mode 100644
index 000000000..d4bdfebe5
--- /dev/null
+++ b/test/integration/verify/controls/google_project_metric.rb
@@ -0,0 +1,38 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_project_metric resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+logging_metric = attribute('logging_metric', default: {
+ "name": "some/metric",
+ "filter": "resource.type=gae_app AND severity>=ERROR",
+ "metric_kind": "DELTA",
+ "value_type": "INT64"
+}, description: 'Logging metric definition')
+control 'google_project_metric-1.0' do
+ impact 1.0
+ title 'google_project_metric resource test'
+
+ describe google_project_metric(project: gcp_project_id, name: logging_metric['name']) do
+ it { should exist }
+ its('filter') { should cmp logging_metric['filter'] }
+ its('metric_descriptor.metric_kind') { should cmp logging_metric['metric_kind'] }
+ its('metric_descriptor.value_type') { should cmp logging_metric['value_type'] }
+ end
+
+ describe google_project_metric(project: gcp_project_id, name: 'nonexistent') do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_project_metrics.rb b/test/integration/verify/controls/google_project_metrics.rb
new file mode 100644
index 000000000..7c32c2a95
--- /dev/null
+++ b/test/integration/verify/controls/google_project_metrics.rb
@@ -0,0 +1,41 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_project_metrics resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+logging_metric = attribute('logging_metric', default: {
+ "name": "some/metric",
+ "filter": "resource.type=gae_app AND severity>=ERROR",
+ "metric_kind": "DELTA",
+ "value_type": "INT64"
+}, description: 'Logging metric definition')
+control 'google_project_metrics-1.0' do
+ impact 1.0
+ title 'google_project_metrics resource test'
+
+ describe google_project_metrics(project: gcp_project_id) do
+ it { should exist }
+ its('metric_filters') { should include logging_metric['filter'] }
+ its('metric_names') { should include logging_metric['name'] }
+ end
+
+ describe.one do
+ google_project_metrics(project: gcp_project_id).metric_types.each do |metric_type|
+ describe metric_type do
+ it { should match logging_metric['name'] }
+ end
+ end
+ end
+end
diff --git a/test/integration/verify/controls/google_projects.rb b/test/integration/verify/controls/google_projects.rb
index 04b8b5673..6817e55b0 100644
--- a/test/integration/verify/controls/google_projects.rb
+++ b/test/integration/verify/controls/google_projects.rb
@@ -1,20 +1,27 @@
-title 'Loop over all GCP Projects'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_project_name = attribute(:gcp_project_name, default: '', description: 'The GCP project name.')
-gcp_project_number = attribute(:gcp_project_number, default: '', description: 'The GCP project number.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_projects resource.'
-control 'gcp-projects-loop-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+control 'google_projects-1.0' do
impact 1.0
- title 'Ensure projects have the correct properties in bulk.'
+ title 'google_projects resource test'
- describe google_projects do
- it { should exist }
- its('project_names'){ should include gcp_project_name }
- its('project_ids'){ should include gcp_project_id }
- its('project_numbers'){ should include gcp_project_number.to_i }
+ describe google_projects() do
+ its('count') { should be >= 1 }
+ its('project_ids') { should include gcp_project_id }
+ its('lifecycle_states') { should include 'ACTIVE' }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_projects_firewalls_loop.rb b/test/integration/verify/controls/google_projects_firewalls_loop.rb
index 9d49a08f1..8dda78ad5 100644
--- a/test/integration/verify/controls/google_projects_firewalls_loop.rb
+++ b/test/integration/verify/controls/google_projects_firewalls_loop.rb
@@ -5,7 +5,7 @@
impact 1.0
title 'Ensure INGRESS firewalls in all projects have the correct properties using google_compute_firewall for detail.'
- google_projects.project_names.each do |project_name|
+ google_projects.project_ids.each do |project_name|
google_compute_firewalls(project: project_name).where(firewall_direction: 'INGRESS').firewall_names.each do |firewall_name|
describe google_compute_firewall(project: project_name, name: firewall_name) do
it { should exist }
diff --git a/test/integration/verify/controls/google_resourcemanager_folder.rb b/test/integration/verify/controls/google_resourcemanager_folder.rb
index dd653f52d..c40a55a12 100644
--- a/test/integration/verify/controls/google_resourcemanager_folder.rb
+++ b/test/integration/verify/controls/google_resourcemanager_folder.rb
@@ -21,7 +21,7 @@
impact 1.0
title 'google_resourcemanager_folder resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe.one do
google_resourcemanager_folders(parent: "organizations/#{gcp_organization_id}").names.each do |name|
describe google_resourcemanager_folder(name: name) do
diff --git a/test/integration/verify/controls/google_resourcemanager_folders.rb b/test/integration/verify/controls/google_resourcemanager_folders.rb
index f9baed1b2..ecfdc9c18 100644
--- a/test/integration/verify/controls/google_resourcemanager_folders.rb
+++ b/test/integration/verify/controls/google_resourcemanager_folders.rb
@@ -21,7 +21,7 @@
impact 1.0
title 'google_resourcemanager_folders resource test'
- only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe.one do
google_resourcemanager_folders(parent: "organizations/#{gcp_organization_id}").display_names.each do |display_name|
describe display_name do
diff --git a/test/integration/verify/controls/google_service_account.rb b/test/integration/verify/controls/google_service_account.rb
index 02fa186c8..614f8c77c 100644
--- a/test/integration/verify/controls/google_service_account.rb
+++ b/test/integration/verify/controls/google_service_account.rb
@@ -1,17 +1,34 @@
-title 'IAM Service Account Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: '', description: 'The GCP IAM Service Account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_service_account resource.'
-control 'google-service-account-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The IAM service account display name.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_service_account-1.0' do
impact 1.0
- title 'Ensure that the Service Account is correctly set up'
+ title 'google_service_account resource test'
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ describe google_service_account(project: gcp_project_id, name: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
+ it { should exist }
+ its('display_name') { should cmp gcp_service_account_display_name }
+ end
- describe google_service_account(name: "projects/#{gcp_project_id}/serviceAccounts/#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
- its('display_name') { should match gcp_service_account_display_name } # by design in this case
- its('project_id') { should eq gcp_project_id }
+ describe google_service_account(project: gcp_project_id, name: "nonexistent@#{gcp_project_id}.iam.gserviceaccount.com") do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_service_account_key.rb b/test/integration/verify/controls/google_service_account_key.rb
index 92768b3f2..091dfdc6e 100644
--- a/test/integration/verify/controls/google_service_account_key.rb
+++ b/test/integration/verify/controls/google_service_account_key.rb
@@ -1,20 +1,29 @@
-title 'Service Accounts Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: '', description: 'The GCP IAM Service Account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_service_account_key resource.'
-control 'gcp-service-account-key-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The IAM service account display name.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_service_account_key-1.0' do
impact 1.0
- title 'Ensure service account keys have the correct properties in bulk'
+ title 'google_service_account_key resource test'
- google_service_account_keys(service_account: "projects/#{gcp_project_id}/serviceAccounts/#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com").key_names.each do |sa_key_name|
- describe google_service_account_key(name: sa_key_name) do
- it { should exist }
- its('key_algorithm') { should eq "KEY_ALG_RSA_2048" }
- end
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ google_service_account_keys(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com").key_names.each do |sa_key_name|
+ describe
end
-
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_service_account_keys.rb b/test/integration/verify/controls/google_service_account_keys.rb
index 65551ac19..e0832935e 100644
--- a/test/integration/verify/controls/google_service_account_keys.rb
+++ b/test/integration/verify/controls/google_service_account_keys.rb
@@ -1,18 +1,29 @@
-title 'Service Account Keys Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: '', description: 'The GCP IAM Service Account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_service_account_keys resource.'
-control 'gcp-service-account-keys-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The IAM service account display name.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_service_account_keys-1.0' do
impact 1.0
- title 'Ensure service account keys have the correct properties in bulk'
+ title 'google_service_account_keys resource test'
- describe google_service_account_keys(service_account: "projects/#{gcp_project_id}/serviceAccounts/#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
- it { should exist }
- its('count') { should be <= 1000}
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ describe google_service_account_keys(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
+ its('count') { should be <= 1000 }
end
-
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_service_accounts.rb b/test/integration/verify/controls/google_service_accounts.rb
index acdeb761c..2507f3976 100644
--- a/test/integration/verify/controls/google_service_accounts.rb
+++ b/test/integration/verify/controls/google_service_accounts.rb
@@ -1,18 +1,30 @@
-title 'Service Accounts Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: '', description: 'The GCP IAM Service Account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_service_accounts resource.'
-control 'gcp-service-accounts-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The IAM service account display name.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_service_accounts-1.0' do
impact 1.0
- title 'Ensure service accounts have the correct properties in bulk'
+ title 'google_service_accounts resource test'
- describe google_service_accounts(project: gcp_project_id) do
- it { should exist }
- its('count') { should be <= 1000}
- its('service_account_display_names') { should include gcp_service_account_display_name }
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ describe google_service_accounts(project: gcp_project_id, name: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
+ its('service_account_emails') { should include "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com" }
+ its('count') { should be <= 1000 }
end
end
diff --git a/test/integration/verify/controls/google_spanner_instance_iam_policy.rb b/test/integration/verify/controls/google_spanner_instance_iam_policy.rb
index 1aeb14b6a..e171868c1 100644
--- a/test/integration/verify/controls/google_spanner_instance_iam_policy.rb
+++ b/test/integration/verify/controls/google_spanner_instance_iam_policy.rb
@@ -19,9 +19,12 @@
impact 1.0
title 'google_spanner_instance_iam_policy resource test'
- describe google_spanner_instance_iam_policy(project: gcp_project_id, name: spannerinstance['name']) do
- it { should exist }
- its('role') { should eq "roles/editor" }
- its('members') { should include "serviceAccount:#{gcp_service_account_display_name}-sp@#{gcp_project_id}.iam.gserviceaccount.com" }
+ describe.one do
+ google_spanner_instance_iam_policy(project: gcp_project_id, name: spannerinstance['name']).bindings.each do |binding|
+ describe binding do
+ its('role') { should eq "roles/editor" }
+ its('members') { should include "serviceAccount:#{gcp_service_account_display_name}-sp@#{gcp_project_id}.iam.gserviceaccount.com" }
+ end
+ end
end
end
diff --git a/test/integration/verify/controls/google_sql_database_instance.rb b/test/integration/verify/controls/google_sql_database_instance.rb
index a75a86d5d..92a4f1fa4 100644
--- a/test/integration/verify/controls/google_sql_database_instance.rb
+++ b/test/integration/verify/controls/google_sql_database_instance.rb
@@ -1,17 +1,31 @@
-title 'Test single GCP Cloud SQL Database instance'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_db_instance_name = attribute(:gcp_db_instance_name, default: '', description: 'The GCP DB instance name.')
-
-control 'gcp-db-instance-1.0' do
+title 'Test GCP google_sql_database_instance resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project location.')
+gcp_db_instance_name = attribute(:gcp_db_instance_name, default: 'gcp_db_instance_name', description: 'Database instance name.')
+control 'google_sql_database_instance-1.0' do
impact 1.0
- title 'Ensure GCP Cloud SQL Database instance has the correct properties.'
+ title 'google_sql_database_instance resource test'
+
- describe google_sql_database_instance(project: gcp_project_id, database: gcp_db_instance_name) do
+ describe google_sql_database_instance(project: gcp_project_id, database: gcp_db_instance_name) do
it { should exist }
its('state') { should eq 'RUNNABLE' }
its('backend_type') { should eq 'SECOND_GEN' }
its('database_version') { should eq 'MYSQL_5_7' }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_sql_database_instances.rb b/test/integration/verify/controls/google_sql_database_instances.rb
index a886b8e40..c46fbd4f0 100644
--- a/test/integration/verify/controls/google_sql_database_instances.rb
+++ b/test/integration/verify/controls/google_sql_database_instances.rb
@@ -1,17 +1,29 @@
-title 'GCP Cloud SQL Database Instances Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_db_instance_name = attribute(:gcp_db_instance_name, default: '', description: 'The GCP DB instance name.')
-
-control 'gcp-db-instances-1.0' do
+title 'Test GCP google_sql_database_instances resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project location.')
+gcp_db_instance_name = attribute(:gcp_db_instance_name, default: 'gcp_db_instance_name', description: 'Database instance name.')
+control 'google_sql_database_instances-1.0' do
impact 1.0
- title 'Ensure GCP Cloud SQL Database instances have the correct properties in bulk'
+ title 'google_sql_database_instances resource test'
+
describe google_sql_database_instances(project: gcp_project_id) do
- its('count') { should be <= 100}
its('instance_states') { should include 'RUNNABLE' }
its('instance_names') { should include gcp_db_instance_name }
end
-
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_sql_user.rb b/test/integration/verify/controls/google_sql_user.rb
new file mode 100644
index 000000000..1653ddbae
--- /dev/null
+++ b/test/integration/verify/controls/google_sql_user.rb
@@ -0,0 +1,35 @@
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_sql_user resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project location.')
+gcp_db_instance_name = attribute(:gcp_db_instance_name, default: 'gcp_db_instance_name', description: 'Database instance name.')
+gcp_db_user_name = attribute(:gcp_db_user_name, default: 'gcp_db_user_name', description: 'SQL database user name.')
+control 'google_sql_user-1.0' do
+ impact 1.0
+ title 'google_sql_user resource test'
+
+
+ describe google_sql_user(project: gcp_project_id, database: gcp_db_instance_name, name: gcp_db_user_name, host: "example.com") do
+ it { should exist }
+ its('name') { should cmp gcp_db_user_name }
+ its('instance') { should cmp gcp_db_instance_name }
+ end
+
+ describe google_sql_user(project: gcp_project_id, database: gcp_db_instance_name, name: "nonexistent", host: "example.com") do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_sql_users.rb b/test/integration/verify/controls/google_sql_users.rb
index 54b9aae77..8a3db4345 100644
--- a/test/integration/verify/controls/google_sql_users.rb
+++ b/test/integration/verify/controls/google_sql_users.rb
@@ -1,16 +1,29 @@
-title 'Test GCP Cloud SQL Database users'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_db_instance_name = attribute(:gcp_db_instance_name, default: '', description: 'The GCP DB instance name.')
-
-control 'gcp-db-users-1.0' do
+title 'Test GCP google_sql_users resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project location.')
+gcp_db_instance_name = attribute(:gcp_db_instance_name, default: 'gcp_db_instance_name', description: 'Database instance name.')
+gcp_db_user_name = attribute(:gcp_db_user_name, default: 'gcp_db_user_name', description: 'SQL database user name.')
+control 'google_sql_users-1.0' do
impact 1.0
- title 'Ensure GCP Cloud SQL Database users have the correct properties.'
+ title 'google_sql_users resource test'
+
- describe google_sql_users(project: gcp_project_id, database: gcp_db_instance_name) do
- it { should exist }
- its('count') { should be <= 100}
- its('user_instances') { should include gcp_db_instance_name }
+ describe google_sql_users(project: gcp_project_id, database: gcp_db_instance_name) do
+ its('user_names') { should include gcp_db_user_name }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_storage_bucket.rb b/test/integration/verify/controls/google_storage_bucket.rb
index 6df5d4934..361a8bb85 100644
--- a/test/integration/verify/controls/google_storage_bucket.rb
+++ b/test/integration/verify/controls/google_storage_bucket.rb
@@ -1,21 +1,33 @@
-title 'Storage Bucket Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_number = attribute(:gcp_project_number, default: '', description: 'The GCP project number.')
-gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_storage_bucket_name = attribute(:gcp_storage_bucket_name, default:'', description: 'The Storage Bucket name.')
-
-control 'gcp-storage-bucket-1.0' do
+title 'Test GCP google_storage_bucket resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'GCP location')
+control 'google_storage_bucket-1.0' do
impact 1.0
- title 'Ensure that the Storage Bucket has been created correctly'
+ title 'google_storage_bucket resource test'
- describe google_storage_bucket(name: gcp_storage_bucket_name) do
+ describe google_storage_bucket(name: "inspec-gcp-static-#{gcp_project_id}") do
it { should exist }
- its('name') { should eq gcp_storage_bucket_name }
- its('id') { should eq gcp_storage_bucket_name }
- its('location') { should eq gcp_location.upcase }
- its('kind') { should eq "storage#bucket" }
- its('project_number') {should eq gcp_project_number.to_i }
- its('storage_class') { should eq 'STANDARD' }
+ its('location') { should cmp gcp_location.upcase }
+
+ its('storage_class') { should eq "STANDARD" }
+ end
+
+ describe google_storage_bucket(name: "nonexistent") do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_storage_bucket_acl.rb b/test/integration/verify/controls/google_storage_bucket_acl.rb
index adc0ab8bb..f4be8b5e9 100644
--- a/test/integration/verify/controls/google_storage_bucket_acl.rb
+++ b/test/integration/verify/controls/google_storage_bucket_acl.rb
@@ -1,24 +1,38 @@
-title 'Test single GCP storage bucket ACL'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_storage_bucket_acl = attribute(:gcp_storage_bucket_acl, default: '', description: 'The GCP bucket with ACL set.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default:'', description: 'Service account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_storage_bucket_acl resource.'
-control 'gcp-storage-bucket-acl-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_storage_bucket_acl = attribute(:gcp_storage_bucket_acl, default: 'gcp_storage_bucket_acl', description: 'The name of the storage bucket with ACLs attached')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The name of the service account assigned permissions')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_storage_bucket_acl-1.0' do
impact 1.0
- title 'Ensure storage bucket ACL has the correct properties.'
+ title 'google_storage_bucket_acl resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_storage_bucket_acl(bucket: gcp_storage_bucket_acl, entity: "user-#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
it { should exist }
- its('email') { should include "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com" }
- its('role') { should eq "OWNER" }
+ its('role') { should cmp "OWNER" }
+
its('bucket') { should eq gcp_storage_bucket_acl }
+ its('email') { should include "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com" }
end
- describe google_storage_bucket_acl(bucket: gcp_storage_bucket_acl, entity: 'allUsers') do
+ describe google_storage_bucket_acl(bucket: gcp_storage_bucket_acl, entity: "allUsers") do
it { should_not exist }
end
end
diff --git a/test/integration/verify/controls/google_storage_bucket_iam_bindings.rb b/test/integration/verify/controls/google_storage_bucket_iam_bindings.rb
deleted file mode 100644
index ea8a4c280..000000000
--- a/test/integration/verify/controls/google_storage_bucket_iam_bindings.rb
+++ /dev/null
@@ -1,29 +0,0 @@
-title 'GCP Storage Bucket IAM Bindings Properties'
-
-gcp_storage_bucket_binding = attribute(:gcp_storage_bucket_binding, default: '', description: 'The GCP bucket with IAM binding.')
-gcp_storage_bucket_member = attribute(:gcp_storage_bucket_member, default: '', description: 'The GCP bucket with IAM member.')
-gcp_storage_bucket_policy = attribute(:gcp_storage_bucket_policy, default: '', description: 'The GCP bucket with IAM policy.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
-
-control 'gcp-storage-bucket-iam-bindings-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
- impact 1.0
- title 'Ensure project IAM bindings have the correct properties in bulk'
-
- describe google_storage_bucket_iam_bindings(bucket: gcp_storage_bucket_binding) do
- it { should exist }
- its('count') { should be <= 100}
- its('iam_binding_roles') { should include "roles/storage.objectViewer" }
- end
-
- describe google_storage_bucket_iam_bindings(bucket: gcp_storage_bucket_member) do
- it { should exist }
- its('iam_binding_roles') { should include "roles/storage.objectViewer" }
- end
-
- describe google_storage_bucket_iam_bindings(bucket: gcp_storage_bucket_policy) do
- it { should exist }
- its('iam_binding_roles') { should include "roles/storage.admin" }
- end
-end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_storage_bucket_object.rb b/test/integration/verify/controls/google_storage_bucket_object.rb
index 8d447d6a7..646b26a6c 100644
--- a/test/integration/verify/controls/google_storage_bucket_object.rb
+++ b/test/integration/verify/controls/google_storage_bucket_object.rb
@@ -1,21 +1,39 @@
-title 'Storage Bucket Object Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: '', description: 'The GCP bucket with objects.')
-gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: '', description: 'The GCP bucket object name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_storage_bucket_object resource.'
-control 'gcp-storage-bucket-object-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: 'gcp_storage_bucket_object', description: 'The name of the storage bucket with an object')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The name of the service account assigned permissions')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: 'gcp_storage_bucket_object_name', description: 'The name of the object')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_storage_bucket_object-1.0' do
impact 1.0
- title 'Ensure that the Storage Bucket Object has been created correctly'
+ title 'google_storage_bucket_object resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_storage_bucket_object(bucket: gcp_storage_bucket_object, object: gcp_storage_bucket_object_name) do
it { should exist }
- its('name') { should eq gcp_storage_bucket_object_name }
- its('size') { should be > 0 }
- its('content_type') { should eq "text/plain; charset=utf-8" }
- its('time_created_date') { should be > Time.now - 365*60*60*24*10 }
- its('updated_date') { should be > Time.now - 365*60*60*24*10 }
+ its('size.to_i') { should be > 0 }
+
+ its('time_created') { should be > Time.now - 60*60*24*10 }
+ its('time_updated') { should be > Time.now - 60*60*24*10 }
+ end
+
+ describe google_storage_bucket_object(bucket: gcp_storage_bucket_object, object: "nonexistent") do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_storage_bucket_object_handwritten.rb b/test/integration/verify/controls/google_storage_bucket_object_handwritten.rb
new file mode 100644
index 000000000..adaf9b09a
--- /dev/null
+++ b/test/integration/verify/controls/google_storage_bucket_object_handwritten.rb
@@ -0,0 +1,21 @@
+title 'Storage Bucket Object Properties'
+
+gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: '', description: 'The GCP bucket with objects.')
+gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: '', description: 'The GCP bucket object name.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+
+control 'gcp-storage-bucket-object-1.0' do
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
+ impact 1.0
+ title 'Ensure that the Storage Bucket Object has been created correctly'
+
+ describe google_storage_bucket_object(bucket: gcp_storage_bucket_object, object: gcp_storage_bucket_object_name) do
+ it { should exist }
+ its('name') { should eq gcp_storage_bucket_object_name }
+ its('size') { should be > 0 }
+ its('content_type') { should eq "text/plain; charset=utf-8" }
+ its('time_created') { should be > Time.now - 365*60*60*24*10 }
+ its('time_updated') { should be > Time.now - 365*60*60*24*10 }
+ end
+end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_storage_bucket_objects.rb b/test/integration/verify/controls/google_storage_bucket_objects.rb
index bfa53f558..e49891eb6 100644
--- a/test/integration/verify/controls/google_storage_bucket_objects.rb
+++ b/test/integration/verify/controls/google_storage_bucket_objects.rb
@@ -1,18 +1,32 @@
-title 'Storage Bucket Objects Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: '', description: 'The GCP bucket with objects.')
-gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: '', description: 'The GCP bucket object name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_storage_bucket_objects resource.'
-control 'gcp-storage-bucket-objects-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: 'gcp_storage_bucket_object', description: 'The name of the storage bucket with an object')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The name of the service account assigned permissions')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: 'gcp_storage_bucket_object_name', description: 'The name of the object')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_storage_bucket_objects-1.0' do
impact 1.0
- title 'Ensure that the Storage Bucket Objects have the correct properties in bulk'
+ title 'google_storage_bucket_objects resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_storage_bucket_objects(bucket: gcp_storage_bucket_object) do
- it { should exist }
- its('object_buckets') { should include gcp_storage_bucket_object }
- its('object_names') { should include gcp_storage_bucket_object_name}
+ its('object_names') { should include gcp_storage_bucket_object_name }
+ its('count') { should be <= 10 }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_storage_buckets.rb b/test/integration/verify/controls/google_storage_buckets.rb
index e5226e67b..4b1e23e24 100644
--- a/test/integration/verify/controls/google_storage_buckets.rb
+++ b/test/integration/verify/controls/google_storage_buckets.rb
@@ -1,21 +1,26 @@
-title 'Loop over all GCP Storage Buckets for a project'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_project_number = attribute(:gcp_project_number, default: '', description: 'The GCP project number.')
-gcp_storage_bucket_name = attribute(:gcp_storage_bucket_name, default:'', description: 'The Storage Bucket name.')
-gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-
-control 'gcp-storage-buckets-1.0' do
+title 'Test GCP google_storage_buckets resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'GCP location')
+control 'google_storage_buckets-1.0' do
impact 1.0
- title 'Ensure storage buckets have the correct properties in bulk.'
+ title 'google_storage_buckets resource test'
describe google_storage_buckets(project: gcp_project_id) do
- it { should exist }
- its('count') { should be <= 100}
- its('bucket_names') { should include gcp_storage_bucket_name }
- its('bucket_ids') { should include gcp_storage_bucket_name }
- its('bucket_locations') { should include gcp_location.upcase }
- its('bucket_project_numbers') {should include gcp_project_number.to_i }
+ its('bucket_names') { should include "inspec-gcp-static-#{gcp_project_id}" }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_storage_default_object_acl.rb b/test/integration/verify/controls/google_storage_default_object_acl.rb
index c868d9446..d6b582947 100644
--- a/test/integration/verify/controls/google_storage_default_object_acl.rb
+++ b/test/integration/verify/controls/google_storage_default_object_acl.rb
@@ -1,20 +1,38 @@
-title 'Test single GCP storage default object ACL'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_storage_object_default_acl = attribute(:gcp_storage_bucket_name, default: '', description: 'The GCP bucket with default ACL set.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default:'', description: 'Service account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_storage_default_object_acl resource.'
-control 'gcp-storage-default-object-acl-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_storage_bucket_name = attribute(:gcp_storage_bucket_name, default: 'gcp_storage_bucket_name', description: 'The name of the storage bucket with the default object ACL')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The name of the service account assigned permissions')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_storage_default_object_acl-1.0' do
impact 1.0
- title 'Ensure storage default object ACL has the correct properties.'
+ title 'google_storage_default_object_acl resource test'
- describe google_storage_default_object_acl(bucket: gcp_storage_object_default_acl, entity: "user-#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
+ describe google_storage_default_object_acl(bucket: gcp_storage_bucket_name, entity: "user-#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
it { should exist }
+ its('role') { should cmp "OWNER" }
+
+ its('bucket') { should eq gcp_storage_bucket_name }
its('email') { should include "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com" }
- its('role') { should eq "OWNER" }
end
-end
\ No newline at end of file
+ describe google_storage_default_object_acl(bucket: gcp_storage_bucket_name, entity: "allUsers") do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_storage_object_acl.rb b/test/integration/verify/controls/google_storage_object_acl.rb
index 59c92fe55..bdd85ea2f 100644
--- a/test/integration/verify/controls/google_storage_object_acl.rb
+++ b/test/integration/verify/controls/google_storage_object_acl.rb
@@ -1,20 +1,39 @@
-title 'Test single GCP storage object ACL'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: '', description: 'The GCP bucket with objects.')
-gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: '', description: 'The GCP bucket object name.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default:'', description: 'Service account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_storage_object_acl resource.'
-control 'gcp-storage-object-acl-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: 'gcp_storage_bucket_object', description: 'The name of the storage bucket with ACLs attached')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The name of the service account assigned permissions')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: 'gcp_storage_bucket_object_name', description: 'The name of the object with ACLs')
+gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization')
+control 'google_storage_object_acl-1.0' do
impact 1.0
- title 'Ensure storage default object ACL has the correct properties.'
+ title 'google_storage_object_acl resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' }
describe google_storage_object_acl(bucket: gcp_storage_bucket_object, object: gcp_storage_bucket_object_name, entity: "user-#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
it { should exist }
+ its('role') { should cmp "OWNER" }
+
+ its('bucket') { should eq gcp_storage_bucket_object }
its('email') { should include "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com" }
- its('role') { should eq "OWNER" }
end
-end
\ No newline at end of file
+
+ describe google_storage_object_acl(bucket: gcp_storage_bucket_object, object: gcp_storage_bucket_object_name, entity: "allUsers") do
+ it { should_not exist }
+ end
+end