diff --git a/docs/resources/google_pubsub_subscription.md b/docs/resources/google_pubsub_subscription.md new file mode 100644 index 000000000..3156d5ced --- /dev/null +++ b/docs/resources/google_pubsub_subscription.md @@ -0,0 +1,29 @@ +--- +title: About the Subscription resource +platform: gcp +--- + + +## Syntax +A `google_pubsub_subscription` is used to test a Google Subscription resource + +## Examples +``` +describe google_pubsub_subscription({project: 'inspec-gcp-project', name: 'inspec-gcp-subscription'}) do + it { should exist } +end + +``` + +## Properties +Properties that can be accessed from the `google_pubsub_subscription` resource: + + * `name`: Name of the subscription. + + * `topic`: A reference to a Topic resource. + + * `push_config`: If push delivery is used with this subscription, this field is used to configure it. An empty pushConfig signifies that the subscriber will pull and ack messages using API methods. + + * `pushEndpoint`: A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push". + + * `ack_deadline_seconds`: This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call subscriptions.modifyAckDeadline with the corresponding ackId if using pull. The minimum custom deadline you can specify is 10 seconds. The maximum custom deadline you can specify is 600 seconds (10 minutes). If this parameter is 0, a default value of 10 seconds is used. For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message. diff --git a/docs/resources/google_pubsub_subscriptions.md b/docs/resources/google_pubsub_subscriptions.md new file mode 100644 index 000000000..c81a8bb51 --- /dev/null +++ b/docs/resources/google_pubsub_subscriptions.md @@ -0,0 +1,37 @@ +--- +title: About the Subscription resource +platform: gcp +--- + + +## Syntax +A `google_pubsub_subscriptions` is used to test a Google Subscription resource + +## Examples +``` +describe google_pubsub_subscriptions({project: 'inspec-gcp-project'}) do + it { should exist } + its('names') { should include 'inspec-gcp-topic' } + its('count') { should eq 1 } +end + +google_pubsub_subscriptions({project: 'inspec-gcp-project'}).names.each do |policy_name| + describe google_pubsub_topic({project: 'inspec-gcp-project', name: policy_name}) do + its('name') { should eq 'inspec-gcp-topic' } + end +end + +``` + +## Properties +Properties that can be accessed from the `google_pubsub_subscriptions` resource: + +See [google_pubsub_subscription.md](google_pubsub_subscription.md) for more detailed information + * `names`: an array of `google_pubsub_subscription` name + * `topics`: an array of `google_pubsub_subscription` topic + * `push_configs`: an array of `google_pubsub_subscription` push_config + * `ack_deadline_seconds`: an array of `google_pubsub_subscription` ack_deadline_seconds + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. diff --git a/docs/resources/google_pubsub_topic.md b/docs/resources/google_pubsub_topic.md new file mode 100644 index 000000000..016556f95 --- /dev/null +++ b/docs/resources/google_pubsub_topic.md @@ -0,0 +1,21 @@ +--- +title: About the Topic resource +platform: gcp +--- + + +## Syntax +A `google_pubsub_topic` is used to test a Google Topic resource + +## Examples +``` +describe google_pubsub_topic({project: 'inspec-gcp-project', name: 'inspec-gcp-topic'}) do + it { should exist } +end + +``` + +## Properties +Properties that can be accessed from the `google_pubsub_topic` resource: + + * `name`: Name of the topic. diff --git a/docs/resources/google_pubsub_topics.md b/docs/resources/google_pubsub_topics.md new file mode 100644 index 000000000..1a36d4c77 --- /dev/null +++ b/docs/resources/google_pubsub_topics.md @@ -0,0 +1,34 @@ +--- +title: About the Topic resource +platform: gcp +--- + + +## Syntax +A `google_pubsub_topics` is used to test a Google Topic resource + +## Examples +``` +describe google_pubsub_topics({project: 'inspec-gcp-project'}) do + it { should exist } + its('names') { should include 'inspec-gcp-topic' } + its('count') { should eq 1 } +end + +google_pubsub_topics({project: 'inspec-gcp-project'}).names.each do |policy_name| + describe google_pubsub_topic({project: 'inspec-gcp-project', name: policy_name}) do + its('name') { should eq 'inspec-gcp-topic' } + end +end + +``` + +## Properties +Properties that can be accessed from the `google_pubsub_topics` resource: + +See [google_pubsub_topic.md](google_pubsub_topic.md) for more detailed information + * `names`: an array of `google_pubsub_topic` name + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. diff --git a/libraries/gcp_backend.rb b/libraries/gcp_backend.rb index 492d95ad6..bd0c2926f 100644 --- a/libraries/gcp_backend.rb +++ b/libraries/gcp_backend.rb @@ -44,6 +44,10 @@ def create_resource_methods(object) dm = GcpResourceDynamicMethods.new dm.create_methods(self, object) end + + def name_from_self_link(property) + property.split('/').last if !property.nil? + end end # end @@ -193,7 +197,7 @@ def initialize def fetch_auth unless @service_account_file.nil? return Network::Authorization.new.for!( - ['https://www.googleapis.com/auth/compute.readonly'], + ['https://www.googleapis.com/auth/compute.readonly', 'https://www.googleapis.com/auth/pubsub'], ).from_service_account_json!( @service_account_file, ) diff --git a/libraries/google/pubsub/property/subscription_push_config.rb b/libraries/google/pubsub/property/subscription_push_config.rb new file mode 100644 index 000000000..234cf0bfd --- /dev/null +++ b/libraries/google/pubsub/property/subscription_push_config.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Pubsub + module Property + class SubscriptionPushconfig + attr_reader :push_endpoint + + def initialize(args = nil) + return if args.nil? + @push_endpoint = args['pushEndpoint'] + end + end + end + end +end diff --git a/libraries/google_pubsub_subscription.rb b/libraries/google_pubsub_subscription.rb new file mode 100644 index 000000000..4138c7b22 --- /dev/null +++ b/libraries/google_pubsub_subscription.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/pubsub/property/subscription_push_config' + +# A provider to manage Google Cloud Pub/Sub resources. +class Subscription < GcpResourceBase + name 'google_pubsub_subscription' + desc 'Subscription' + supports platform: 'gcp' + + attr_reader :name + attr_reader :topic + attr_reader :push_config + attr_reader :ack_deadline_seconds + def base + 'https://pubsub.googleapis.com/v1/' + end + + def url + 'projects/{{project}}/subscriptions/{{name}}' + end + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @fetched = @connection.fetch(base, url, params) + parse unless @fetched.nil? + end + + def parse + @name = name_from_self_link(@fetched['name']) + @topic = @fetched['topic'] + @push_config = GoogleInSpec::Pubsub::Property::SubscriptionPushconfig.new(@fetched['pushConfig']) + @ack_deadline_seconds = @fetched['ackDeadlineSeconds'] + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + def exists? + !@fetched.nil? + end +end diff --git a/libraries/google_pubsub_subscriptions.rb b/libraries/google_pubsub_subscriptions.rb new file mode 100644 index 000000000..902c6ff61 --- /dev/null +++ b/libraries/google_pubsub_subscriptions.rb @@ -0,0 +1,66 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class Subscriptions < GcpResourceBase + name 'google_pubsub_subscriptions' + desc 'Subscription plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:topics, field: :topic) + filter_table_config.add(:push_configs, field: :pushConfig) + filter_table_config.add(:ack_deadline_seconds, field: :ackDeadlineSeconds) + + filter_table_config.connect(self, :table) + + def base + 'https://pubsub.googleapis.com/v1/' + end + + def url + 'projects/{{project}}/subscriptions' + end + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('subscriptions') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(base, url, @params) + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_pair { |k, v| hash_with_symbols[k.to_sym] = v } + hash_with_symbols[:name] = name_from_self_link(hash_with_symbols[:name]) + converted.push(hash_with_symbols) + end + end + + converted + end +end diff --git a/libraries/google_pubsub_topic.rb b/libraries/google_pubsub_topic.rb new file mode 100644 index 000000000..163cddfcf --- /dev/null +++ b/libraries/google_pubsub_topic.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' + +# A provider to manage Google Cloud Pub/Sub resources. +class Topic < GcpResourceBase + name 'google_pubsub_topic' + desc 'Topic' + supports platform: 'gcp' + + attr_reader :name + def base + 'https://pubsub.googleapis.com/v1/' + end + + def url + 'projects/{{project}}/topics/{{name}}' + end + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @fetched = @connection.fetch(base, url, params) + parse unless @fetched.nil? + end + + def parse + @name = name_from_self_link(@fetched['name']) + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + def exists? + !@fetched.nil? + end +end diff --git a/libraries/google_pubsub_topics.rb b/libraries/google_pubsub_topics.rb new file mode 100644 index 000000000..236f933e5 --- /dev/null +++ b/libraries/google_pubsub_topics.rb @@ -0,0 +1,63 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class Topics < GcpResourceBase + name 'google_pubsub_topics' + desc 'Topic plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + + filter_table_config.connect(self, :table) + + def base + 'https://pubsub.googleapis.com/v1/' + end + + def url + 'projects/{{project}}/topics' + end + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('topics') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(base, url, @params) + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_pair { |k, v| hash_with_symbols[k.to_sym] = v } + hash_with_symbols[:name] = name_from_self_link(hash_with_symbols[:name]) + converted.push(hash_with_symbols) + end + end + + converted + end +end diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index a80322bd4..9b7853230 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -2,10 +2,30 @@ variable "ssl_policy" { type = "map" } +variable "topic" { + type = "map" +} + +variable "subscription" { + type = "map" +} + resource "google_compute_ssl_policy" "custom-ssl-policy" { name = "${var.ssl_policy["name"]}" min_tls_version = "${var.ssl_policy["min_tls_version"]}" profile = "${var.ssl_policy["profile"]}" custom_features = ["${var.ssl_policy["custom_feature"]}", "${var.ssl_policy["custom_feature2"]}"] + project = "${var.gcp_project_id}" +} + +resource "google_pubsub_topic" "topic" { project = "${var.gcp_project_id}" -} \ No newline at end of file + name = "${var.topic["name"]}" +} + +resource "google_pubsub_subscription" "default" { + project = "${var.gcp_project_id}" + name = "${var.subscription["name"]}" + topic = "${google_pubsub_topic.topic.name}" + ack_deadline_seconds = "${var.subscription["ack_deadline_seconds"]}" +} diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index adbf7782d..64fa7bf6f 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -4,3 +4,9 @@ ssl_policy: profile: 'CUSTOM' custom_feature: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' custom_feature2: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' +topic: + name: 'inspec-gcp-topic' +subscription: + name: 'inspec-gcp-subscription' + ack_deadline_seconds: 20 + diff --git a/test/integration/verify/controls/google_pubsub_subscription.rb b/test/integration/verify/controls/google_pubsub_subscription.rb new file mode 100644 index 000000000..bde2c6cd8 --- /dev/null +++ b/test/integration/verify/controls/google_pubsub_subscription.rb @@ -0,0 +1,27 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_pubsub_subscription resource.' + +gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.') +subscription = attribute('subscription', default: {"name"=>"inspec-gcp-subscription", "ack_deadline_seconds"=>20}) + +control 'google_pubsub_subscription-1.0' do + impact 1.0 + title 'google_pubsub_subscription resource test' + + describe google_pubsub_subscription(project: gcp_project_id, name: subscription['name']) do + it { should exist } + end +end diff --git a/test/integration/verify/controls/google_pubsub_subscriptions.rb b/test/integration/verify/controls/google_pubsub_subscriptions.rb new file mode 100644 index 000000000..f90f2f59b --- /dev/null +++ b/test/integration/verify/controls/google_pubsub_subscriptions.rb @@ -0,0 +1,34 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_pubsub_subscriptions resource.' + +gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.') +subscription = attribute('subscription', default: {"name"=>"inspec-gcp-subscription", "ack_deadline_seconds"=>20}) + +control 'google_pubsub_subscriptions-1.0' do + impact 1.0 + title 'google_pubsub_subscriptions resource test' + + describe google_pubsub_subscriptions(project: gcp_project_id) do + it { should exist } + its('count') { should eq 1 } + end + + google_pubsub_subscriptions(project: gcp_project_id).names.each do |subscription_name| + describe google_pubsub_subscription(project: gcp_project_id, name: subscription_name) do + its('name') { should match /#{subscription['name']}/ } + end + end +end diff --git a/test/integration/verify/controls/google_pubsub_topic.rb b/test/integration/verify/controls/google_pubsub_topic.rb new file mode 100644 index 000000000..c4e1c895b --- /dev/null +++ b/test/integration/verify/controls/google_pubsub_topic.rb @@ -0,0 +1,27 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_pubsub_topic resource.' + +gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.') +topic = attribute('topic', default: {"name"=>"inspec-gcp-topic"}) + +control 'google_pubsub_topic-1.0' do + impact 1.0 + title 'google_pubsub_topic resource test' + + describe google_pubsub_topic(project: gcp_project_id, name: topic['name']) do + it { should exist } + end +end diff --git a/test/integration/verify/controls/google_pubsub_topics.rb b/test/integration/verify/controls/google_pubsub_topics.rb new file mode 100644 index 000000000..cb1b6c9ad --- /dev/null +++ b/test/integration/verify/controls/google_pubsub_topics.rb @@ -0,0 +1,35 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_pubsub_topics resource.' + +gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.') +topic = attribute('topic', default: {"name"=>"inspec-gcp-topic"}) + +control 'google_pubsub_topics-1.0' do + impact 1.0 + title 'google_pubsub_topics resource test' + + describe google_pubsub_topics(project: gcp_project_id) do + it { should exist } + its('names') { should include topic['name'] } + its('count') { should eq 1 } + end + + google_pubsub_topics(project: gcp_project_id).names.each do |topic_name| + describe google_pubsub_topic(project: gcp_project_id, name: topic_name) do + its('name') { should eq topic['name'] } + end + end +end