Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

inspec-gcp 1.0 #226

Merged
merged 98 commits into from
Apr 6, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
98 commits
Select commit Hold shift + click to select a range
ce846b2
Update partially to terraform 0.12 syntax
slevenick Dec 12, 2019
16ae006
Pin rubocop as cop names changed
slevenick Dec 12, 2019
5000485
Moving nexthop ILB to GA
chrisst Dec 12, 2019
dc2ad25
Refactor InSpec terraform file
slevenick Dec 12, 2019
c4dab61
Update inspec container for new rubocop and terraform versions
slevenick Dec 13, 2019
74e3c97
Updating to 3.0, move handwritten firewalls test to new namespace
slevenick Dec 18, 2019
f58aa3d
Updating inspec integration tests to terraform 3.0
slevenick Dec 18, 2019
2f06b76
Update filename cop to check for 100 character files which break the …
slevenick Dec 19, 2019
4bd5a64
These fields were duplicated, they shouldn't be
slevenick Dec 19, 2019
a30ee70
Remove kind from tests for generated resources, it is not useful
slevenick Dec 20, 2019
ebc651d
Remove kind tests
slevenick Dec 27, 2019
8bfffb7
Try to clarify scheduler docs on pubsub (#290)
modular-magician Jan 2, 2020
d20c32b
Fingerprint is not a tag, remove assertion
slevenick Jan 2, 2020
2ad5fd6
Inspec 1
slevenick Jan 2, 2020
06d15ab
remove regional cluster/node pool resources, fix handwritten tests
slevenick Jan 4, 2020
54e4bfc
Update tests for generated resources, fingerprint is NOT considered a…
slevenick Jan 6, 2020
aaa2ba6
Inspec cluster updates
slevenick Jan 6, 2020
3b8e80a
Rename handwritten test to preserve after generation
slevenick Jan 7, 2020
0488dae
Inspec storage
slevenick Jan 8, 2020
8d4bfbd
Update kms, spanner IAM tests for generation
slevenick Jan 9, 2020
9581c83
Move KMS tests to handwritten, use google_projects.project_ids instea…
slevenick Jan 10, 2020
aa9fff6
Inspec kms generated
slevenick Jan 10, 2020
964972b
Make db instance name static for VCR testing
slevenick Jan 10, 2020
67d9951
InSpec generate SQL db instance, user
slevenick Jan 10, 2020
15da960
Re-add random string to db name (needed because gcp cant reuse names)
slevenick Jan 10, 2020
135f7ce
Add generation for project_sink, project_exclusion for InSpec
slevenick Jan 10, 2020
f03c8b2
Allow target to accept other resource types (#302)
modular-magician Jan 13, 2020
4f4a012
Inspec iam gen
slevenick Jan 13, 2020
b746344
Update tests to use new date methods, remove *_bindings tests
slevenick Jan 13, 2020
ea5d8ea
Adding various test fixes, extra logic for special cases
slevenick Jan 13, 2020
3959e50
Add plural resource for bucket object
slevenick Jan 14, 2020
91a4ac5
Revert "Add plural resource for bucket object"
slevenick Jan 14, 2020
0b448b1
Refactor integration test config and tasks for seeding VCR tests
slevenick Jan 14, 2020
ea252e6
Adding start of upgrade guide
slevenick Jan 14, 2020
dd9ea07
Revert "Revert "Add plural resource for bucket object""
slevenick Jan 15, 2020
ad4432f
Update inspec repo
slevenick Jan 15, 2020
ea69413
Fixing identifiers in inspec IAM markdown
slevenick Jan 15, 2020
61d3214
Migrate inspec forwarding rule
slevenick Jan 15, 2020
146f853
Fix link in docs - upstream of TPG#5386 (#305)
modular-magician Jan 15, 2020
b996373
Inspec beta flag on resources
slevenick Jan 15, 2020
ca56220
Add dns zone name to be generated with the config
slevenick Jan 16, 2020
d6fe2c2
Add .com. to dns zone name
slevenick Jan 16, 2020
ea405d5
Added attempt deadline to scheduler resource (#309)
modular-magician Jan 16, 2020
ab95359
Inspec alert policy
slevenick Jan 16, 2020
7352e5b
add defaultEventBasedHold to storage buckets (#300)
modular-magician Jan 16, 2020
322ddfc
Convert dns managed zone
slevenick Jan 16, 2020
9513c22
Convert google_project to MM
slevenick Jan 16, 2020
1d75fab
Migrate compute_zone to MM
slevenick Jan 21, 2020
121cea6
Add possibility to CGI.escape URL parameters for MM resources that st…
slevenick Jan 22, 2020
17cfbaa
Inspec project_metric
slevenick Jan 22, 2020
5eec349
Skip URI.join on two URI halves in case we need to use : as a part of…
slevenick Jan 23, 2020
ea54d65
Rubocop
slevenick Jan 24, 2020
fc8f269
Convert compute image with switching constructor to MM (#3022) (#345)
modular-magician Jan 24, 2020
8187ea3
Add support for google_compute_project_info to inspec to migrate from…
modular-magician Jan 24, 2020
7e6afc6
Migrate organizations. Need support for POST verb in MM plural resour…
modular-magician Jan 24, 2020
a2775b9
Add support for new beta non-rfc fields in dns managed zone (#3026) (…
modular-magician Jan 25, 2020
93c3267
Move IAM resources to their pre-MM namespaces (#3029) (#349)
modular-magician Jan 27, 2020
7082e2f
Remove resources that didnt fit old standards
slevenick Jan 27, 2020
9f0804e
Remove unused resources/tests
slevenick Jan 27, 2020
dddd5b6
Fix escaping bug, remove now-unused resources
slevenick Jan 27, 2020
17ac507
Add storage object plural support (#3031) (#350)
modular-magician Jan 30, 2020
7690913
Add conditional validation, allow sending empty capacity scaler for r…
modular-magician Jan 31, 2020
933f221
Add handwritten examples from handwritten resources (#3129) (#352)
modular-magician Feb 14, 2020
050b71f
Terraform Data Source to get DNSKEY records of DNSSEC-signed managed …
modular-magician Feb 18, 2020
983d9b5
docs changes (#3137) (#354)
modular-magician Feb 18, 2020
927c5ba
Remove *_iam_bindings, they are replaced by *_iam_policy
slevenick Feb 20, 2020
2d5a6b4
Update rubocop, remove braces style cop that no longer exists
slevenick Feb 20, 2020
9868fe7
Remove docs for removed bindings resources
slevenick Feb 20, 2020
fba373e
fixing beta example for google_compute_region_autoscaler (#3152) (#355)
modular-magician Feb 20, 2020
6f3e3ba
Add packet mirroring to beta. (#3157) (#356)
modular-magician Feb 25, 2020
d496f3a
Add support for google_iam_organization_custom_role to inspec (#3195)…
modular-magician Mar 2, 2020
4cc82e8
Add 404-retries for pubsub and poll async utils (#3155) (#358)
modular-magician Mar 2, 2020
f76d6f0
Move drain_nat_ips to GA from beta. (#3209) (#359)
modular-magician Mar 4, 2020
f4de2bd
Add node group autoscaling policy (#3230) (#360)
modular-magician Mar 9, 2020
ec9d2d6
update golang links (#3238) (#361)
modular-magician Mar 10, 2020
9758af1
Memorystore Redis connectMode support (#3246) (#362)
modular-magician Mar 13, 2020
e00c45e
Add podSecurityPolicyConfig to gke cluster (#3254) (#363)
modular-magician Mar 16, 2020
e2e4453
GA ILB global access (#3253) (#364)
modular-magician Mar 17, 2020
df7d4f4
Gcp backend update to support post body
slevenick Mar 20, 2020
53aa0cd
Org role in integration test config
slevenick Mar 20, 2020
464a049
Support for IAM conditions in InSpec, currently only for project (#32…
modular-magician Mar 20, 2020
7a67d35
Rubocop
slevenick Mar 20, 2020
23e7f61
Update test_terraform.sh (#3283) (#366)
modular-magician Mar 20, 2020
3df100e
Fix lint issues, adding folder IAM (#3282) (#367)
modular-magician Mar 23, 2020
b51780f
GA ILB multi-nic (#3289) (#368)
modular-magician Mar 23, 2020
fe060cc
Add serviceusage's consumerquotaoverride. (#3267) (#369)
modular-magician Mar 24, 2020
8d04589
PR feedback (#3307) (#370)
modular-magician Mar 26, 2020
6e550e4
ACM: service perimeter's vpc_accessible_services (#3318) (#371)
modular-magician Mar 30, 2020
38a3abd
Add deadLetterPolicy to Pub/Sub Subscription resource (#3305) (#372)
modular-magician Mar 30, 2020
4a15ccf
allow google_dns_managed_zone.dnssec_config to be updated (#3313) (#373)
modular-magician Mar 30, 2020
acecbbb
Add back iam_bindings resources for backwards compatibility, add note…
slevenick Mar 31, 2020
db16cac
Randomize org role
slevenick Apr 1, 2020
5b293ed
Add org id to attributes as it is required in privileged resources (#…
modular-magician Apr 1, 2020
73ca30f
Add requires to kms key ring iam bindings
slevenick Apr 2, 2020
9ac5f4a
Remove deprecation notice, it is not showing up
slevenick Apr 2, 2020
3acdcb5
remove to_i in tests, whitespace
slevenick Apr 2, 2020
6ae251a
Upstream https://github.com/terraform-providers/terraform-provi… (#33…
modular-magician Apr 3, 2020
1c2bcbc
Merge remote-tracking branch 'gcp/master'
slevenick Apr 6, 2020
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
3 changes: 3 additions & 0 deletions .changelog/3013.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:REPLACEME

```
3 changes: 3 additions & 0 deletions .changelog/3021.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:REPLACEME

```
3 changes: 3 additions & 0 deletions .changelog/3022.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:REPLACEME

```
3 changes: 3 additions & 0 deletions .changelog/3026.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
dns: `google_dns_managed_zone` added support for Non-RFC1918 fields for reverse lookup and fowarding paths.
```
3 changes: 3 additions & 0 deletions .changelog/3029.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:REPLACEME

```
Empty file added .changelog/3031.txt
Empty file.
9 changes: 9 additions & 0 deletions .changelog/3033.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
```release-note:breakingchange
compute: Added conditional requirement of `google_compute_**region**_backend_service` `backend.capacity_scaler` to no longer accept the API default if not INTERNAL. Non-INTERNAL backend services must now specify `capacity_scaler` explicitly and have a total capacity greater than 0. In addition, API default of 1.0 must now be explicitly set and will be treated as nil or zero if not set in config.
```
```release-note:bug
compute: Fixed `google_compute_**region**_backend_service` so it no longer has a permadiff if `backend.capacity_scaler` is unset in config by requiring capacity scaler.
```
```release-note:bug
compute: Fixed `backend.capacity_scaler` to actually set zero (0.0) value.
```
3 changes: 2 additions & 1 deletion .rubocop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,8 @@ Style/AndOr:
Style/Not:
Enabled: false
Naming/FileName:
Enabled: false
Enabled: true
Regex: !ruby/regexp '/^.{3,100}$/'
Style/TrailingCommaInArrayLiteral:
EnforcedStyleForMultiline: comma
Style/TrailingCommaInHashLiteral:
Expand Down
2 changes: 1 addition & 1 deletion Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ gem 'google-cloud'
gem 'googleauth'
gem 'inifile'
gem 'inspec-bin', '4.16.0'
gem 'rubocop'
gem 'rubocop', '>= 0.77.0'

group :development do
gem 'github_changelog_generator'
Expand Down
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,10 @@ Changed Quota:

Sometimes there can be occasional errors when performing the cleanup rake task. This happens when resources are already deleted and can be ignored.

## Upgrading to version 1.0

A guide on upgrading to version 1.0 can be found [here](docs/version_1_upgrade.md)

## Support

The InSpec GCP resources are community supported. For bugs and features, please open a github issue and label it appropriately.
Expand Down
14 changes: 5 additions & 9 deletions Rakefile
Original file line number Diff line number Diff line change
Expand Up @@ -47,16 +47,12 @@ namespace :test do
sh(cmd)
end

task :generate_integration_test_variables do
task :plan_integration_tests, [:seed] do |t, args|
puts "----> Generating terraform and inspec variable files"
#p GCPInspecConfig.config[:gcp_project_id]
GCPInspecConfig.store_json(variable_file_name)
GCPInspecConfig.store_yaml(profile_attributes)
end

task :plan_integration_tests do

Rake::Task["test:generate_integration_test_variables"].execute
puts "Seeding random suffixes with: #{args.seed}" unless args.seed.nil?
config = GCPInspecConfig::Config.new(args.seed)
config.store_json(variable_file_name)
config.store_yaml(profile_attributes)

puts "----> Setup"
# Create the plan that can be applied to GCP
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,12 @@ Properties that can be accessed from the `google_access_context_manager_service_

* `restricted_services`: GCP services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.

* `vpc_accessible_services`: Specifies how APIs are allowed to communicate within the Service Perimeter.

* `enable_restriction`: Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowedServices'.

* `allowed_services`: The list of APIs usable within the Service Perimeter. Must be empty unless `enableRestriction` is True.

* `parent`: The AccessPolicy this ServicePerimeter lives in. Format: accessPolicies/{policy_id}

* `name`: Resource name for the ServicePerimeter. The short_name component must begin with a letter and only include alphanumeric and '_'. Format: accessPolicies/{policy_id}/servicePerimeters/{short_name}
Expand Down
4 changes: 3 additions & 1 deletion docs/resources/google_cloud_scheduler_job.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ Properties that can be accessed from the `google_cloud_scheduler_job` resource:

* `time_zone`: Specifies the time zone to be used in interpreting schedule. The value of this field must be a time zone name from the tz database.

* `attempt_deadline`: The deadline for job attempts. If the request handler does not respond by this deadline then the request is cancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in execution logs. Cloud Scheduler will retry the job according to the RetryConfig. The allowed duration for this deadline is: * For HTTP targets, between 15 seconds and 30 minutes. * For App Engine HTTP targets, between 15 seconds and 24 hours. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s"

* `retry_config`: By default, if a job does not complete successfully, meaning that an acknowledgement is not received from the handler, then it will be retried with exponential backoff according to the settings

* `retry_count`: The number of attempts that the system will make to run a job using the exponential backoff procedure described by maxDoublings. Values greater than 5 and negative values are not allowed.
Expand All @@ -45,7 +47,7 @@ Properties that can be accessed from the `google_cloud_scheduler_job` resource:

* `pubsub_target`: Pub/Sub target If the job providers a Pub/Sub target the cron will publish a message to the provided topic

* `topic_name`: The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by PubSub's PublishRequest.name, for example projects/PROJECT_ID/topics/TOPIC_ID.
* `topic_name`: The full resource name for the Cloud Pub/Sub topic to which messages will be published when a job is delivered. ~>**NOTE**: The topic name must be in the same format as required by PubSub's PublishRequest.name, e.g. `projects/my-project/topics/my-topic`.

* `data`: The message payload for PubsubMessage. Pubsub message must contain either non-empty data, or at least one attribute.

Expand Down
1 change: 1 addition & 0 deletions docs/resources/google_cloud_scheduler_jobs.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ See [google_cloud_scheduler_job.md](google_cloud_scheduler_job.md) for more deta
* `descriptions`: an array of `google_cloud_scheduler_job` description
* `schedules`: an array of `google_cloud_scheduler_job` schedule
* `time_zones`: an array of `google_cloud_scheduler_job` time_zone
* `attempt_deadlines`: an array of `google_cloud_scheduler_job` attempt_deadline
* `retry_configs`: an array of `google_cloud_scheduler_job` retry_config
* `pubsub_targets`: an array of `google_cloud_scheduler_job` pubsub_target
* `app_engine_http_targets`: an array of `google_cloud_scheduler_job` app_engine_http_target
Expand Down
24 changes: 21 additions & 3 deletions docs/resources/google_cloudbuild_trigger.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ Properties that can be accessed from the `google_cloudbuild_trigger` resource:

* `filename`: Path, from the source root, to a file whose contents is used for the template. Either a filename or build template must be provided.

* `ignored_files`: ignoredFiles and includedFiles are file glob matches using http://godoc/pkg/path/filepath#Match extended with support for `**`. If ignoredFiles and changed files are both empty, then they are not used to determine whether or not to trigger a build. If ignoredFiles is not empty, then we ignore any files that match any of the ignored_file globs. If the change has no files that are outside of the ignoredFiles globs, then we do not trigger a build.
* `ignored_files`: ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match extended with support for `**`. If ignoredFiles and changed files are both empty, then they are not used to determine whether or not to trigger a build. If ignoredFiles is not empty, then we ignore any files that match any of the ignored_file globs. If the change has no files that are outside of the ignoredFiles globs, then we do not trigger a build.

* `included_files`: ignoredFiles and includedFiles are file glob matches using http://godoc/pkg/path/filepath#Match extended with support for `**`. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is empty, then as far as this filter is concerned, we should trigger the build. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is not empty, then we make sure that at least one of those files matches a includedFiles glob. If not, then we do not trigger a build.
* `included_files`: ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match extended with support for `**`. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is empty, then as far as this filter is concerned, we should trigger the build. If any of the files altered in the commit pass the ignoredFiles filter and includedFiles is not empty, then we make sure that at least one of those files matches a includedFiles glob. If not, then we do not trigger a build.

* `trigger_template`: Template describing the types of source changes to trigger a build. Branch and tag names in trigger templates are interpreted as regular expressions. Any branch or tag change that matches that regular expression will trigger a build.

Expand All @@ -58,13 +58,31 @@ Properties that can be accessed from the `google_cloudbuild_trigger` resource:

* `commit_sha`: Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.

* `github`: (Beta only) Describes the configuration of a trigger that creates a build whenever a GitHub event is received.

* `owner`: Owner of the repository. For example: The owner for https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform".

* `name`: Name of the repository. For example: The name for https://github.com/googlecloudplatform/cloud-builders is "cloud-builders".

* `pull_request`: filter to match changes in pull requests. Specify only one of pullRequest or push.

* `branch`: Regex of branches to match.

* `comment_control`: Whether to block builds on a "/gcbrun" comment from a repository owner or collaborator.

* `push`: filter to match changes in refs, like branches or tags. Specify only one of pullRequest or push.

* `branch`: Regex of branches to match. Specify only one of branch or tag.

* `tag`: Regex of tags to match. Specify only one of branch or tag.

* `build`: Contents of the build template. Either a filename or build template must be provided.

* `tags`: Tags for annotation of a Build. These are not docker tags.

* `images`: A list of images to be pushed upon the successful completion of all build steps. The images are pushed using the builder service account's credentials. The digests of the pushed images will be stored in the Build resource's results field. If any of the images fail to be pushed, the build status is marked FAILURE.

* `timeout`: Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. The expected format is the number of seconds followed by s. Default time is ten minutes (600s).
* `timeout`: Amount of time that this build should be allowed to run, to second granularity. If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. The expected format is the number of seconds followed by s. Default time is ten minutes (600s).

* `steps`: The operations to be performed on the workspace.

Expand Down
1 change: 1 addition & 0 deletions docs/resources/google_cloudbuild_triggers.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ See [google_cloudbuild_trigger.md](google_cloudbuild_trigger.md) for more detail
* `ignored_files`: an array of `google_cloudbuild_trigger` ignored_files
* `included_files`: an array of `google_cloudbuild_trigger` included_files
* `trigger_templates`: an array of `google_cloudbuild_trigger` trigger_template
* `githubs`: (Beta only) an array of `google_cloudbuild_trigger` github
* `builds`: an array of `google_cloudbuild_trigger` build

## Filter Criteria
Expand Down
66 changes: 45 additions & 21 deletions docs/resources/google_compute_address.md
Original file line number Diff line number Diff line change
@@ -1,29 +1,28 @@
---
title: About the google_compute_address Resource
title: About the google_compute_address resource
platform: gcp
---

# google\_compute\_address

Use the `google_compute_address` InSpec audit resource to test properties of a single GCP compute address.

<br>

## Syntax
A `google_compute_address` is used to test a Google Address resource

A `google_compute_address` resource block declares the tests for a single GCP compute address by project, region and name.

describe google_compute_address(project: 'chef-inspec-gcp', location: 'europe-west2', name: 'compute-address') do
it { should exist }
its('name') { should eq 'compute-address' }
its('region') { should match 'europe-west2' }
end

<br>
## Beta Resource
This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource

## Examples

The following examples show how to use this InSpec audit resource.
```
describe google_compute_address(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'inspec-gcp-global-address') do
it { should exist }
its('address') { should eq '10.2.0.3' }
its('address_type') { should eq 'INTERNAL' }
its('user_count') { should eq 0 }
end

describe google_compute_address(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'nonexistent') do
it { should_not exist }
end
```

### Test that a GCP compute address IP exists

Expand All @@ -49,15 +48,40 @@ The following examples show how to use this InSpec audit resource.
its('user_resource_name') { should eq "gcp_ext_vm_name" }
end

<br>

## Properties
Properties that can be accessed from the `google_compute_address` resource:


* `address`: The static external IP address represented by this resource. Only IPv4 is supported. An address may only be specified for INTERNAL address types. The IP address must be inside the specified subnetwork, if any.

* `address_type`: The type of address to reserve, either INTERNAL or EXTERNAL. If unspecified, defaults to EXTERNAL.

* `creation_timestamp`: Creation timestamp in RFC3339 text format.

* `description`: An optional description of this resource.

* `id`: The unique identifier for the resource.

* `name`: Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

* `purpose`: The purpose of this resource, which can be one of the following values: - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, internal load balancers, and similar resources. This should only be set when using an Internal address.

* `network_tier`: The networking tier used for configuring this address. This field can take the following values: PREMIUM or STANDARD. If this field is not specified, it is assumed to be PREMIUM.

* `subnetwork`: The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER purposes.

* `users`: The URLs of the resources that are using this address.

* `labels`: (Beta only) Labels to apply to this address. A list of key->value pairs.

* `label_fingerprint`: (Beta only) The fingerprint used for optimistic locking of this resource. Used internally during updates.

* `address`, `creation_timestamp`, `description`, `id`, `kind`, `name`, `region`, `status`, `users`
* `status`: The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. An address that is RESERVING is currently in the process of being reserved. A RESERVED address is currently reserved and available to use. An IN_USE address is currently being used by another resource and is not available.

<br>
* `region`: URL of the region where the regional address resides. This field is not applicable to global addresses.


## GCP Permissions

Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
46 changes: 46 additions & 0 deletions docs/resources/google_compute_addresses.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
title: About the google_compute_addresses resource
platform: gcp
---

## Syntax
A `google_compute_addresses` is used to test a Google Address resource


## Beta Resource
This resource has beta fields available. To retrieve these fields, include `beta: true` in the constructor for the resource

## Examples
```
describe google_compute_addresses(project: 'chef-gcp-inspec', location: 'europe-west2') do
its('addresses') { should include '10.2.0.3' }
its('names') { should include 'inspec-gcp-global-address' }
end
```

## Properties
Properties that can be accessed from the `google_compute_addresses` resource:

See [google_compute_address.md](google_compute_address.md) for more detailed information
* `addresses`: an array of `google_compute_address` address
* `address_types`: an array of `google_compute_address` address_type
* `creation_timestamps`: an array of `google_compute_address` creation_timestamp
* `descriptions`: an array of `google_compute_address` description
* `ids`: an array of `google_compute_address` id
* `names`: an array of `google_compute_address` name
* `purposes`: an array of `google_compute_address` purpose
* `network_tiers`: an array of `google_compute_address` network_tier
* `subnetworks`: an array of `google_compute_address` subnetwork
* `users`: an array of `google_compute_address` users
* `labels`: (Beta only) an array of `google_compute_address` labels
* `label_fingerprints`: (Beta only) an array of `google_compute_address` label_fingerprint
* `statuses`: an array of `google_compute_address` status
* `regions`: an array of `google_compute_address` region

## Filter Criteria
This resource supports all of the above properties as filter criteria, which can be used
with `where` as a block or a method.

## GCP Permissions

Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
Loading