diff --git a/docs/resources/google_access_context_manager_access_level.md b/docs/resources/google_access_context_manager_access_level.md new file mode 100644 index 000000000..d393d123b --- /dev/null +++ b/docs/resources/google_access_context_manager_access_level.md @@ -0,0 +1,95 @@ +--- +title: About the google_access_context_manager_access_level resource +platform: gcp +--- + +## Syntax +A `google_access_context_manager_access_level` is used to test a Google AccessLevel resource + +## Examples +``` + +policy_name = google_access_context_manager_access_policies(org_id: '190694428152').names.first + +describe google_access_context_manager_access_level(parent: policy_name, name: "ip_subnet") do + it { should exist } + its('title') { should cmp "ip_subnet" } + its('basic.conditions.size') { should cmp 1 } + its('basic.conditions.first.ip_subnetworks') { should include "192.0.2.0/24" } +end + +describe google_access_context_manager_access_level(parent: policy_name, name: "none") do + it { should_not exist } +end + +``` + +## Properties +Properties that can be accessed from the `google_access_context_manager_access_level` resource: + + + * `title`: Human readable title. Must be unique within the Policy. + + * `description`: Description of the AccessLevel and its use. Does not affect behavior. + + * `basic`: A set of predefined conditions for the access level and a combining function. + + * `combining_function`: How the conditions list should be combined to determine if a request is granted this AccessLevel. If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. + Possible values: + * AND + * OR + + * `conditions`: A set of requirements for the AccessLevel to be granted. + + * `ip_subnetworks`: A list of CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed. + + * `required_access_levels`: A list of other access levels defined in the same Policy, referenced by resource name. Referencing an AccessLevel which does not exist is an error. All access levels listed must be granted for the Condition to be true. Format: accessPolicies/{policy_id}/accessLevels/{short_name} + + * `members`: An allowed list of members (users, service accounts). Using groups is not supported yet. The signed-in user originating the request must be a part of one of the provided members. If not specified, a request may come from any user (logged in/not logged in, not present in any groups, etc.). Formats: `user:{emailid}`, `serviceAccount:{emailid}` + + * `negate`: Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false. + + * `device_policy`: Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed. + + * `require_screen_lock`: Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false. + + * `allowed_encryption_statuses`: A list of allowed encryptions statuses. An empty list allows all statuses. + + * `allowed_device_management_levels`: A list of allowed device management levels. An empty list allows all management levels. + + * `os_constraints`: A list of allowed OS versions. An empty list allows all types and all versions. + + * `minimum_version`: The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: "major.minor.patch" such as "10.5.301", "9.2.1". + + * `os_type`: The operating system type of the device. + Possible values: + * OS_UNSPECIFIED + * DESKTOP_MAC + * DESKTOP_WINDOWS + * DESKTOP_LINUX + * DESKTOP_CHROME_OS + + * `require_admin_approval`: Whether the device needs to be approved by the customer admin. + + * `require_corp_owned`: Whether the device needs to be corp owned. + + * `regions`: The request must originate from one of the provided countries/regions. Format: A valid ISO 3166-1 alpha-2 code. + + * `custom`: Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec. + + * `expr`: Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. This page details the objects and attributes that are used to the build the CEL expressions for custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. + + * `expression`: Textual representation of an expression in Common Expression Language syntax. + + * `title`: Title for the expression, i.e. a short string describing its purpose. + + * `description`: Description of the expression + + * `location`: String indicating the location of the expression for error reporting, e.g. a file name and a position in the file + + * `parent`: Name of the parent access policy + + * `name`: Name of the access level + + +## GCP Permissions diff --git a/docs/resources/google_access_context_manager_access_levels.md b/docs/resources/google_access_context_manager_access_levels.md new file mode 100644 index 000000000..8189c54f1 --- /dev/null +++ b/docs/resources/google_access_context_manager_access_levels.md @@ -0,0 +1,35 @@ +--- +title: About the google_access_context_manager_access_levels resource +platform: gcp +--- + +## Syntax +A `google_access_context_manager_access_levels` is used to test a Google AccessLevel resource + +## Examples +``` + +policy_name = google_access_context_manager_access_policies(org_id: '190694428152').names.first + +describe google_access_context_manager_access_levels(parent: policy_name) do + its('names') { should include "ip_subnet" } +end + +``` + +## Properties +Properties that can be accessed from the `google_access_context_manager_access_levels` resource: + +See [google_access_context_manager_access_level.md](google_access_context_manager_access_level.md) for more detailed information + * `titles`: an array of `google_access_context_manager_access_level` title + * `descriptions`: an array of `google_access_context_manager_access_level` description + * `basics`: an array of `google_access_context_manager_access_level` basic + * `customs`: an array of `google_access_context_manager_access_level` custom + * `parents`: an array of `google_access_context_manager_access_level` parent + * `names`: an array of `google_access_context_manager_access_level` name + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions diff --git a/docs/resources/google_bigquery_table.md b/docs/resources/google_bigquery_table.md index 1738106db..824058b54 100644 --- a/docs/resources/google_bigquery_table.md +++ b/docs/resources/google_bigquery_table.md @@ -148,6 +148,7 @@ Properties that can be accessed from the `google_bigquery_table` resource: * AVRO * DATASTORE_BACKUP * BIGTABLE + * ORC * `source_uris`: The fully-qualified URIs that point to your data in Google Cloud. For Google Cloud Storage URIs: Each URI can contain one '*' wildcard character and it must come after the 'bucket' name. Size limits related to load jobs apply to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. For Google Cloud Datastore backups, exactly one URI can be specified. Also, the '*' wildcard character is not allowed. diff --git a/docs/resources/google_compute_autoscaler.md b/docs/resources/google_compute_autoscaler.md index 5b2f1e0e9..3958561e2 100644 --- a/docs/resources/google_compute_autoscaler.md +++ b/docs/resources/google_compute_autoscaler.md @@ -63,6 +63,16 @@ Properties that can be accessed from the `google_compute_autoscaler` resource: * `time_window_sec`: How long back autoscaling should look when computing recommendations to include directives regarding slower scale down, as described above. + * `scale_in_control`: Defines scale in controls to reduce the risk of response latency and outages due to abrupt scale-in events + + * `max_scaled_in_replicas`: A nested object resource + + * `fixed`: Specifies a fixed number of VM instances. This must be a positive integer. + + * `percent`: Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify 80 for 80%. + + * `time_window_sec`: How long back autoscaling should look when computing recommendations to include directives regarding slower scale down, as described above. + * `cpu_utilization`: Defines the CPU utilization policy that allows the autoscaler to scale based on the average CPU utilization of a managed instance group. * `utilization_target`: The target CPU utilization that the autoscaler should maintain. Must be a float value in the range (0, 1]. If not specified, the default is 0.6. If the CPU level is below the target utilization, the autoscaler scales down the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization. If the average CPU is above the target utilization, the autoscaler scales up until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization. diff --git a/docs/resources/google_sql_database_instance.md b/docs/resources/google_sql_database_instance.md index 10f7ead79..31f43ee55 100644 --- a/docs/resources/google_sql_database_instance.md +++ b/docs/resources/google_sql_database_instance.md @@ -108,13 +108,13 @@ Properties that can be accessed from the `google_sql_database_instance` resource * `ca_certificate`: PEM representation of the trusted CA's x509 certificate. - * `client_certificate`: PEM representation of the slave's x509 certificate + * `client_certificate`: PEM representation of the replica's x509 certificate - * `client_key`: PEM representation of the slave's private key. The corresponding public key is encoded in the client's certificate. + * `client_key`: PEM representation of the replica's private key. The corresponding public key is encoded in the client's certificate. * `connect_retry_interval`: Seconds to wait between connect retries. MySQL's default is 60 seconds. - * `dump_file_path`: Path to a SQL dump file in Google Cloud Storage from which the slave instance is to be created. The URI is in the form gs://bucketName/fileName. Compressed gzip files (.gz) are also supported. Dumps should have the binlog coordinates from which replication should begin. This can be accomplished by setting --master-data to 1 when using mysqldump. + * `dump_file_path`: Path to a SQL dump file in Google Cloud Storage from which the replica instance is to be created. The URI is in the form gs://bucketName/fileName. Compressed gzip files (.gz) are also supported. Dumps should have the binlog coordinates from which replication should begin. This can be accomplished by setting --master-data to 1 when using mysqldump. * `master_heartbeat_period`: Interval in milliseconds between replication heartbeats. diff --git a/libraries/google/accesscontextmanager/property/accesslevel_basic.rb b/libraries/google/accesscontextmanager/property/accesslevel_basic.rb new file mode 100644 index 000000000..11c666c9e --- /dev/null +++ b/libraries/google/accesscontextmanager/property/accesslevel_basic.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/accesscontextmanager/property/accesslevel_basic_conditions' +module GoogleInSpec + module AccessContextManager + module Property + class AccessLevelBasic + attr_reader :combining_function + + attr_reader :conditions + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @combining_function = args['combiningFunction'] + @conditions = GoogleInSpec::AccessContextManager::Property::AccessLevelBasicConditionsArray.parse(args['conditions'], to_s) + end + + def to_s + "#{@parent_identifier} AccessLevelBasic" + end + end + end + end +end diff --git a/libraries/google/accesscontextmanager/property/accesslevel_basic_conditions.rb b/libraries/google/accesscontextmanager/property/accesslevel_basic_conditions.rb new file mode 100644 index 000000000..6baa9cce3 --- /dev/null +++ b/libraries/google/accesscontextmanager/property/accesslevel_basic_conditions.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/accesscontextmanager/property/accesslevel_basic_conditions_device_policy' +require 'google/accesscontextmanager/property/accesslevel_basic_conditions_device_policy_os_constraints' +module GoogleInSpec + module AccessContextManager + module Property + class AccessLevelBasicConditions + attr_reader :ip_subnetworks + + attr_reader :required_access_levels + + attr_reader :members + + attr_reader :negate + + attr_reader :device_policy + + attr_reader :regions + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @ip_subnetworks = args['ipSubnetworks'] + @required_access_levels = args['requiredAccessLevels'] + @members = args['members'] + @negate = args['negate'] + @device_policy = GoogleInSpec::AccessContextManager::Property::AccessLevelBasicConditionsDevicePolicy.new(args['devicePolicy'], to_s) + @regions = args['regions'] + end + + def to_s + "#{@parent_identifier} AccessLevelBasicConditions" + end + end + + class AccessLevelBasicConditionsArray + def self.parse(value, parent_identifier) + return if value.nil? + return AccessLevelBasicConditions.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| AccessLevelBasicConditions.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/accesscontextmanager/property/accesslevel_basic_conditions_device_policy.rb b/libraries/google/accesscontextmanager/property/accesslevel_basic_conditions_device_policy.rb new file mode 100644 index 000000000..8eabd8527 --- /dev/null +++ b/libraries/google/accesscontextmanager/property/accesslevel_basic_conditions_device_policy.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/accesscontextmanager/property/accesslevel_basic_conditions_device_policy_os_constraints' +module GoogleInSpec + module AccessContextManager + module Property + class AccessLevelBasicConditionsDevicePolicy + attr_reader :require_screen_lock + + attr_reader :allowed_encryption_statuses + + attr_reader :allowed_device_management_levels + + attr_reader :os_constraints + + attr_reader :require_admin_approval + + attr_reader :require_corp_owned + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @require_screen_lock = args['requireScreenlock'] + @allowed_encryption_statuses = args['allowedEncryptionStatuses'] + @allowed_device_management_levels = args['allowedDeviceManagementLevels'] + @os_constraints = GoogleInSpec::AccessContextManager::Property::AccessLevelBasicConditionsDevicePolicyOsConstraintsArray.parse(args['osConstraints'], to_s) + @require_admin_approval = args['requireAdminApproval'] + @require_corp_owned = args['requireCorpOwned'] + end + + def to_s + "#{@parent_identifier} AccessLevelBasicConditionsDevicePolicy" + end + end + end + end +end diff --git a/libraries/google/accesscontextmanager/property/accesslevel_basic_conditions_device_policy_os_constraints.rb b/libraries/google/accesscontextmanager/property/accesslevel_basic_conditions_device_policy_os_constraints.rb new file mode 100644 index 000000000..5b2c3acff --- /dev/null +++ b/libraries/google/accesscontextmanager/property/accesslevel_basic_conditions_device_policy_os_constraints.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module AccessContextManager + module Property + class AccessLevelBasicConditionsDevicePolicyOsConstraints + attr_reader :minimum_version + + attr_reader :os_type + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @minimum_version = args['minimumVersion'] + @os_type = args['osType'] + end + + def to_s + "#{@parent_identifier} AccessLevelBasicConditionsDevicePolicyOsConstraints" + end + end + + class AccessLevelBasicConditionsDevicePolicyOsConstraintsArray + def self.parse(value, parent_identifier) + return if value.nil? + return AccessLevelBasicConditionsDevicePolicyOsConstraints.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| AccessLevelBasicConditionsDevicePolicyOsConstraints.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/accesscontextmanager/property/accesslevel_custom.rb b/libraries/google/accesscontextmanager/property/accesslevel_custom.rb new file mode 100644 index 000000000..106490aa2 --- /dev/null +++ b/libraries/google/accesscontextmanager/property/accesslevel_custom.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/accesscontextmanager/property/accesslevel_custom_expr' +module GoogleInSpec + module AccessContextManager + module Property + class AccessLevelCustom + attr_reader :expr + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @expr = GoogleInSpec::AccessContextManager::Property::AccessLevelCustomExpr.new(args['expr'], to_s) + end + + def to_s + "#{@parent_identifier} AccessLevelCustom" + end + end + end + end +end diff --git a/libraries/google/accesscontextmanager/property/accesslevel_custom_expr.rb b/libraries/google/accesscontextmanager/property/accesslevel_custom_expr.rb new file mode 100644 index 000000000..7347e874d --- /dev/null +++ b/libraries/google/accesscontextmanager/property/accesslevel_custom_expr.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module AccessContextManager + module Property + class AccessLevelCustomExpr + attr_reader :expression + + attr_reader :title + + attr_reader :description + + attr_reader :location + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @expression = args['expression'] + @title = args['title'] + @description = args['description'] + @location = args['location'] + end + + def to_s + "#{@parent_identifier} AccessLevelCustomExpr" + end + end + end + end +end diff --git a/libraries/google/compute/property/autoscaler_autoscaling_policy.rb b/libraries/google/compute/property/autoscaler_autoscaling_policy.rb index 05afac369..61a417b3e 100644 --- a/libraries/google/compute/property/autoscaler_autoscaling_policy.rb +++ b/libraries/google/compute/property/autoscaler_autoscaling_policy.rb @@ -18,6 +18,8 @@ require 'google/compute/property/autoscaler_autoscaling_policy_load_balancing_utilization' require 'google/compute/property/autoscaler_autoscaling_policy_scale_down_control' require 'google/compute/property/autoscaler_autoscaling_policy_scale_down_control_max_scaled_down_replicas' +require 'google/compute/property/autoscaler_autoscaling_policy_scale_in_control' +require 'google/compute/property/autoscaler_autoscaling_policy_scale_in_control_max_scaled_in_replicas' module GoogleInSpec module Compute module Property @@ -32,6 +34,8 @@ class AutoscalerAutoscalingPolicy attr_reader :scale_down_control + attr_reader :scale_in_control + attr_reader :cpu_utilization attr_reader :custom_metric_utilizations @@ -46,6 +50,7 @@ def initialize(args = nil, parent_identifier = nil) @cool_down_period_sec = args['coolDownPeriodSec'] @mode = args['mode'] @scale_down_control = GoogleInSpec::Compute::Property::AutoscalerAutoscalingPolicyScaleDownControl.new(args['scaleDownControl'], to_s) + @scale_in_control = GoogleInSpec::Compute::Property::AutoscalerAutoscalingPolicyScaleInControl.new(args['scaleInControl'], to_s) @cpu_utilization = GoogleInSpec::Compute::Property::AutoscalerAutoscalingPolicyCpuUtilization.new(args['cpuUtilization'], to_s) @custom_metric_utilizations = GoogleInSpec::Compute::Property::AutoscalerAutoscalingPolicyCustomMetricUtilizationsArray.parse(args['customMetricUtilizations'], to_s) @load_balancing_utilization = GoogleInSpec::Compute::Property::AutoscalerAutoscalingPolicyLoadBalancingUtilization.new(args['loadBalancingUtilization'], to_s) diff --git a/libraries/google/compute/property/autoscaler_autoscaling_policy_scale_in_control.rb b/libraries/google/compute/property/autoscaler_autoscaling_policy_scale_in_control.rb new file mode 100644 index 000000000..861a2f89c --- /dev/null +++ b/libraries/google/compute/property/autoscaler_autoscaling_policy_scale_in_control.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/compute/property/autoscaler_autoscaling_policy_scale_in_control_max_scaled_in_replicas' +module GoogleInSpec + module Compute + module Property + class AutoscalerAutoscalingPolicyScaleInControl + attr_reader :max_scaled_in_replicas + + attr_reader :time_window_sec + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @max_scaled_in_replicas = GoogleInSpec::Compute::Property::AutoscalerAutoscalingPolicyScaleInControlMaxScaledInReplicas.new(args['maxScaledInReplicas'], to_s) + @time_window_sec = args['timeWindowSec'] + end + + def to_s + "#{@parent_identifier} AutoscalerAutoscalingPolicyScaleInControl" + end + end + end + end +end diff --git a/libraries/google/compute/property/autoscaler_autoscaling_policy_scale_in_control_max_scaled_in_replicas.rb b/libraries/google/compute/property/autoscaler_autoscaling_policy_scale_in_control_max_scaled_in_replicas.rb new file mode 100644 index 000000000..61a343ac0 --- /dev/null +++ b/libraries/google/compute/property/autoscaler_autoscaling_policy_scale_in_control_max_scaled_in_replicas.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class AutoscalerAutoscalingPolicyScaleInControlMaxScaledInReplicas + attr_reader :fixed + + attr_reader :percent + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @fixed = args['fixed'] + @percent = args['percent'] + end + + def to_s + "#{@parent_identifier} AutoscalerAutoscalingPolicyScaleInControlMaxScaledInReplicas" + end + end + end + end +end diff --git a/libraries/google_access_context_manager_access_level.rb b/libraries/google_access_context_manager_access_level.rb new file mode 100644 index 000000000..12ca05447 --- /dev/null +++ b/libraries/google_access_context_manager_access_level.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/accesscontextmanager/property/accesslevel_basic' +require 'google/accesscontextmanager/property/accesslevel_basic_conditions' +require 'google/accesscontextmanager/property/accesslevel_custom' +require 'google/accesscontextmanager/property/accesslevel_custom_expr' + +# A provider to manage Access Context Manager (VPC Service Controls) resources. +class AccessContextManagerAccessLevel < GcpResourceBase + name 'google_access_context_manager_access_level' + desc 'AccessLevel' + supports platform: 'gcp' + + attr_reader :params + attr_reader :title + attr_reader :description + attr_reader :basic + attr_reader :custom + attr_reader :parent + attr_reader :name + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @title = @fetched['title'] + @description = @fetched['description'] + @basic = GoogleInSpec::AccessContextManager::Property::AccessLevelBasic.new(@fetched['basic'], to_s) + @custom = GoogleInSpec::AccessContextManager::Property::AccessLevelCustom.new(@fetched['custom'], to_s) + @parent = name_from_self_link(@fetched['parent']) + @name = name_from_self_link(@fetched['name']) + end + + def exists? + !@fetched.nil? + end + + def to_s + "AccessLevel #{@params[:name]}" + end + + private + + def product_url(_ = nil) + 'https://accesscontextmanager.googleapis.com/v1/' + end + + def resource_base_url + 'accessPolicies/{{parent}}/accessLevels/{{name}}' + end +end diff --git a/libraries/google_access_context_manager_access_levels.rb b/libraries/google_access_context_manager_access_levels.rb new file mode 100644 index 000000000..1c8a1386b --- /dev/null +++ b/libraries/google_access_context_manager_access_levels.rb @@ -0,0 +1,89 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class AccessContextManagerAccessLevels < GcpResourceBase + name 'google_access_context_manager_access_levels' + desc 'AccessLevel plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:titles, field: :title) + filter_table_config.add(:descriptions, field: :description) + filter_table_config.add(:basics, field: :basic) + filter_table_config.add(:customs, field: :custom) + filter_table_config.add(:parents, field: :parent) + filter_table_config.add(:names, field: :name) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('accessLevels') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'title' => ->(obj) { return :title, obj['title'] }, + 'description' => ->(obj) { return :description, obj['description'] }, + 'basic' => ->(obj) { return :basic, GoogleInSpec::AccessContextManager::Property::AccessLevelBasic.new(obj['basic'], to_s) }, + 'custom' => ->(obj) { return :custom, GoogleInSpec::AccessContextManager::Property::AccessLevelCustom.new(obj['custom'], to_s) }, + 'parent' => ->(obj) { return :parent, name_from_self_link(obj['parent']) }, + 'name' => ->(obj) { return :name, name_from_self_link(obj['name']) }, + } + end + + private + + def product_url(_ = nil) + 'https://accesscontextmanager.googleapis.com/v1/' + end + + def resource_base_url + 'accessPolicies/{{parent}}/accessLevels' + end +end diff --git a/libraries/google_compute_autoscaler.rb b/libraries/google_compute_autoscaler.rb index c6bd564c9..43e0012f1 100644 --- a/libraries/google_compute_autoscaler.rb +++ b/libraries/google_compute_autoscaler.rb @@ -20,6 +20,8 @@ require 'google/compute/property/autoscaler_autoscaling_policy_load_balancing_utilization' require 'google/compute/property/autoscaler_autoscaling_policy_scale_down_control' require 'google/compute/property/autoscaler_autoscaling_policy_scale_down_control_max_scaled_down_replicas' +require 'google/compute/property/autoscaler_autoscaling_policy_scale_in_control' +require 'google/compute/property/autoscaler_autoscaling_policy_scale_in_control_max_scaled_in_replicas' # A provider to manage Compute Engine resources. class ComputeAutoscaler < GcpResourceBase diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index e6dae623f..ccc5e055f 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -941,7 +941,6 @@ resource "google_spanner_database" "database" { instance = google_spanner_instance.spanner_instance.name name = var.spannerdatabase["name"] ddl = [var.spannerdatabase["ddl"]] - deletion_protection = false } resource "google_cloud_scheduler_job" "job" { @@ -978,6 +977,25 @@ resource "google_access_context_manager_access_policy" "access-policy" { title = var.service_perimeter["policy_title"] } +resource "google_access_context_manager_access_level" "access-level" { + count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/accessLevels/os_lock" + title = "os_lock" + basic { + conditions { + device_policy { + require_screen_lock = true + } + regions = [ + "CH", + "IT", + "US", + ] + } + } +} + variable "firewall" { type = any } diff --git a/test/integration/verify/controls/google_access_context_manager_access_level.rb b/test/integration/verify/controls/google_access_context_manager_access_level.rb new file mode 100644 index 000000000..f17ef1ad7 --- /dev/null +++ b/test/integration/verify/controls/google_access_context_manager_access_level.rb @@ -0,0 +1,44 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_access_context_manager_access_level resource.' + +gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of the perimeter') +gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.') +service_perimeter = attribute('service_perimeter', default: { + "name": "restrict_all", + "title": "restrict_all", + "restricted_service": "storage.googleapis.com", + "policy_title": "policytitle" +}, description: 'Service perimeter definition') + +control 'google_access_context_manager_access_level-1.0' do + impact 1.0 + title 'google_access_context_manager_access_level resource test' + + only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' } + + policy_name = google_access_context_manager_access_policies(org_id: gcp_organization_id).names.first + + describe google_access_context_manager_access_level(parent: policy_name, name: "ip_subnet") do + it { should exist } + its('title') { should cmp "ip_subnet" } + its('basic.conditions.size') { should cmp 1 } + its('basic.conditions.first.ip_subnetworks') { should include "192.0.2.0/24" } + end + + describe google_access_context_manager_access_level(parent: policy_name, name: "none") do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_access_context_manager_access_levels.rb b/test/integration/verify/controls/google_access_context_manager_access_levels.rb new file mode 100644 index 000000000..d3ed69d32 --- /dev/null +++ b/test/integration/verify/controls/google_access_context_manager_access_levels.rb @@ -0,0 +1,37 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_access_context_manager_access_levels resource.' + +gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of the perimeter') +gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.') +service_perimeter = attribute('service_perimeter', default: { + "name": "restrict_all", + "title": "restrict_all", + "restricted_service": "storage.googleapis.com", + "policy_title": "policytitle" +}, description: 'Service perimeter definition') + +control 'google_access_context_manager_access_levels-1.0' do + impact 1.0 + title 'google_access_context_manager_access_levels resource test' + + only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' } + + policy_name = google_access_context_manager_access_policies(org_id: gcp_organization_id).names.first + + describe google_access_context_manager_access_levels(parent: policy_name) do + its('names') { should include "ip_subnet" } + end +end