Kubernetes resource updates

.rubocop.yml

@@ -44,6 +44,8 @@ Style/PercentLiteralDelimiters:
     '%x': ()
 Layout/AlignHash:
   Enabled: false
+Layout/EmptyLineAfterGuardClause:
+  Enabled: false
 Naming/PredicateName:
   Enabled: false
 Style/ClassAndModuleChildren:

docs/resources/google_container_clusters.md

@@ -20,7 +20,7 @@ A `google_container_clusters` resource block collects GCP clusters by project an
 Use this InSpec resource to enumerate IDs then test in-depth using `google_container_cluster`.
 
     google_container_clusters(project: 'chef-inspec-gcp', zone: 'europe-west2-a').cluster_names.each do |cluster_name|
-      describe google_container_cluster(project: 'chef-inspec-gcp',  cluster: cluster_name) do
+      describe google_container_cluster(project: 'chef-inspec-gcp', zone: 'europe-west2-a', name: cluster_name) do
         it { should exist }
       end
     end
@@ -62,11 +62,12 @@ The following examples show how to use this InSpec audit resource.
 
 ## Filter Criteria
 
-This resource supports the following filter criteria: `cluster_name` and `cluster_status`. Any of these may be used with `where`, as a block or as a method.
+This resource supports the following filter criteria: `cluster_name`, `cluster_subnetwork`, and `cluster_status`. Any of these may be used with `where`, as a block or as a method.
 
 ## Properties
 
 *  `cluster_names` - an array of google_container_cluster name strings
+*  `cluster_subnetworks` - an array of google_compute_subnetwork name strings
 *  `cluster_statuses`- an array of google_container_cluster status strings
 
 <br>

libraries/google_container_cluster.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require 'gcp_backend'
-require 'google/apis/container_v1'
+require 'google/apis/container_v1beta1'
 
 module Inspec::Resources
   class GoogleContainerCluster < GcpResourceBase
@@ -21,11 +21,81 @@ def initialize(opts = {})
       super(opts)
       @display_name = opts[:name]
       catch_gcp_errors do
-        @cluster = @gcp.gcp_client(Google::Apis::ContainerV1::ContainerService).get_zone_cluster(opts[:project], opts[:zone], opts[:name])
+        @cluster = @gcp.gcp_client(Google::Apis::ContainerV1beta1::ContainerService).get_zone_cluster(opts[:project], opts[:zone], opts[:name])
         create_resource_methods(@cluster)
       end
     end
 
+    def has_logging_enabled?
+      return false if !defined?(@cluster.logging_service)
+      return false if @cluster.logging_service.nil?
+      return true if @cluster.logging_service == 'logging.googleapis.com'
+      false
+    end
+
+    def has_monitoring_enabled?
+      return false if !defined?(@cluster.monitoring_service)
+      return false if @cluster.monitoring_service.nil?
+      return true if @cluster.monitoring_service == 'monitoring.googleapis.com'
+      false
+    end
+
+    def has_legacy_abac_disabled?
+      return nil if !defined?(@cluster.legacy_abac)
+      return true if @cluster.legacy_abac.to_h.empty?
+      false
+    end
+
+    def has_master_authorized_networks_enabled?
+      return false if !defined?(@cluster.master_authorized_networks_config)
+      return false if @cluster.master_authorized_networks_config.to_h.empty?
+      return true if  @cluster.master_authorized_networks_config.to_h=={ 'enabled': true }
+      false
+    end
+
+    def has_resource_labels?
+      return false if !defined?(@cluster.resource_labels)
+      return false if @cluster.resource_labels.to_h.empty?
+      true
+    end
+
+    def has_kubernetes_dashboard_disabled?
+      return false if !defined?(@cluster.addons_config.kubernetes_dashboard)
+      return false if @cluster.addons_config.kubernetes_dashboard.to_h.empty?
+      return true if  @cluster.addons_config.kubernetes_dashboard.to_h=={ 'disabled': true }
+      false
+    end
+
+    def has_basic_authorization?
+      return false if @cluster.master_auth.username.nil? and @cluster.master_auth.password.nil?
+      true
+    end
+
+    def has_network_policy_enabled?
+      return false if !defined?(@cluster.network_policy.enabled)
+      return true if  @cluster.network_policy.enabled==true
+      false
+    end
+
+    def has_master_auth_client_key?
+      return false if !defined?(@cluster.master_auth.client_key)
+      return false if @cluster.master_auth.client_key.nil?
+      return false if @cluster.master_auth.client_key==''
+      true
+    end
+
+    def has_ip_alias_enabled?
+      return false if !defined?(@cluster.ip_allocation_policy.use_ip_aliases)
+      return true if @cluster.ip_allocation_policy.use_ip_aliases==true
+      false
+    end
+
+    def has_pod_security_policy_config?
+      return false if !defined?(@cluster.pod_security_policy_config.enabled)
+      return true if @cluster.pod_security_policy_config.enabled==true
+      false
+    end
+
     def exists?
       [email protected]?
     end

libraries/google_container_clusters.rb

@@ -25,6 +25,7 @@ def initialize(opts = {})
     filter_table_config = FilterTable.create
     filter_table_config.add(:cluster_names, field: :cluster_name)
     filter_table_config.add(:cluster_statuses, field: :cluster_status)
+    filter_table_config.add(:cluster_subnetworks, field: :cluster_subnetwork)
     filter_table_config.connect(self, :fetch_data)
 
     def fetch_data
@@ -36,7 +37,8 @@ def fetch_data
       return [] if !@clusters || [email protected]
       @clusters.clusters.map do |cluster|
         cluster_rows+=[{ cluster_name: cluster.name,
-                         cluster_status: cluster.status }]
+                         cluster_status: cluster.status,
+                         cluster_subnetwork: cluster.subnetwork }]
       end
       @table = cluster_rows
     end

libraries/google_container_node_pool.rb

@@ -18,13 +18,40 @@ class GoogleContainerNodePool < GcpResourceBase
     def initialize(opts = {})
       # Call the parent class constructor
       super(opts)
-      @display_name = opts[:name]
+      @display_name = opts[:nodepool_name]
       catch_gcp_errors do
         @nodepool = @gcp.gcp_client(Google::Apis::ContainerV1::ContainerService).get_project_zone_cluster_node_pool(opts[:project], opts[:zone], opts[:cluster_name], opts[:nodepool_name])
         create_resource_methods(@nodepool)
       end
     end
 
+    def has_automatic_node_repair?
+      return false if !defined?(@nodepool.management.auto_repair)
+      return false if @nodepool.management.auto_repair.nil?
+      @nodepool.management.auto_repair
+    end
+
+    def has_automatic_node_upgrade?
+      return false if !defined?(@nodepool.management.auto_upgrade)
+      return false if @nodepool.management.auto_upgrade.nil?
+      @nodepool.management.auto_upgrade
+    end
+
+    def config_image_type
+      return false if !defined?(@nodepool.config.image_type)
+      @nodepool.config.image_type
+    end
+
+    def config_service_account
+      return false if !defined?(@nodepool.config.service_account)
+      @nodepool.config.service_account
+    end
+
+    def config_oauth_scopes
+      return false if !defined?(@nodepool.config.oauth_scopes)
+      @nodepool.config.oauth_scopes
+    end
+
     def exists?
       [email protected]?
     end