From 858fa89291f656f592323c817668cfb376f748a6 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Sat, 2 Feb 2019 01:36:46 +0000 Subject: [PATCH] Inspec ssl certificate Signed-off-by: Modular Magician --- .../google_compute_ssl_certificate.md | 52 ++++++++++ .../google_compute_ssl_certificates.md | 49 ++++++++++ .../google_compute_target_https_proxies.md | 32 +++++++ .../google_compute_target_https_proxy.md | 39 ++++++++ libraries/google_compute_ssl_certificate.rb | 61 ++++++++++++ libraries/google_compute_ssl_certificates.rb | 92 ++++++++++++++++++ .../google_compute_target_https_proxies.rb | 96 +++++++++++++++++++ .../google_compute_target_https_proxy.rb | 65 +++++++++++++ test/integration/build/gcp-mm.tf | 24 +++++ .../configuration/mm-attributes.yml | 32 +++++++ .../google_compute_ssl_certificate.rb | 37 +++++++ .../google_compute_ssl_certificates.rb | 34 +++++++ .../google_compute_target_https_proxies.rb | 30 ++++++ .../google_compute_target_https_proxy.rb | 35 +++++++ 14 files changed, 678 insertions(+) create mode 100644 docs/resources/google_compute_ssl_certificate.md create mode 100644 docs/resources/google_compute_ssl_certificates.md create mode 100644 docs/resources/google_compute_target_https_proxies.md create mode 100644 docs/resources/google_compute_target_https_proxy.md create mode 100644 libraries/google_compute_ssl_certificate.rb create mode 100644 libraries/google_compute_ssl_certificates.rb create mode 100644 libraries/google_compute_target_https_proxies.rb create mode 100644 libraries/google_compute_target_https_proxy.rb create mode 100644 test/integration/verify/controls/google_compute_ssl_certificate.rb create mode 100644 test/integration/verify/controls/google_compute_ssl_certificates.rb create mode 100644 test/integration/verify/controls/google_compute_target_https_proxies.rb create mode 100644 test/integration/verify/controls/google_compute_target_https_proxy.rb diff --git a/docs/resources/google_compute_ssl_certificate.md b/docs/resources/google_compute_ssl_certificate.md new file mode 100644 index 000000000..9d8084fae --- /dev/null +++ b/docs/resources/google_compute_ssl_certificate.md @@ -0,0 +1,52 @@ +--- +title: About the google_compute_ssl_certificate resource +platform: gcp +--- + +## Syntax +A `google_compute_ssl_certificate` is used to test a Google SslCertificate resource + +## Examples +``` +describe google_compute_ssl_certificate(project: 'chef-gcp-inspec', name: 'inspec-gcp-ssl-certificate') do + it { should exist } + its('description') { should eq 'A fake ssl certificate (DO NOT USE)' } + its('certificate') { should eq '-----BEGIN CERTIFICATE----- +MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG +EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT +BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm +b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN +AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 +MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP +BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM +FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z +aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ +4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O +BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn +0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O +M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ +zqGNhIPGq2ULqXKK8BY= +-----END CERTIFICATE----- +' } +end + +describe google_compute_ssl_certificate(project: 'chef-gcp-inspec', name: 'nonexistent') do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_ssl_certificate` resource: + + * `certificate`: The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. + + * `creation_timestamp`: Creation timestamp in RFC3339 text format. + + * `description`: An optional description of this resource. + + * `id`: The unique identifier for the resource. + + * `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + + * `private_key`: The write-only private key in PEM format. diff --git a/docs/resources/google_compute_ssl_certificates.md b/docs/resources/google_compute_ssl_certificates.md new file mode 100644 index 000000000..ab1db6bd7 --- /dev/null +++ b/docs/resources/google_compute_ssl_certificates.md @@ -0,0 +1,49 @@ +--- +title: About the google_compute_ssl_certificates resource +platform: gcp +--- + +## Syntax +A `google_compute_ssl_certificates` is used to test a Google SslCertificate resource + +## Examples +``` +describe google_compute_ssl_certificates(project: 'chef-gcp-inspec') do + + its('names') { should include 'inspec-gcp-ssl-certificate' } + its('descriptions') { should include 'A fake ssl certificate (DO NOT USE)' } + its('certificates') { should include '-----BEGIN CERTIFICATE----- +MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG +EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT +BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm +b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN +AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 +MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP +BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM +FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z +aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ +4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O +BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn +0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O +M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ +zqGNhIPGq2ULqXKK8BY= +-----END CERTIFICATE----- +' } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_ssl_certificates` resource: + +See [google_compute_ssl_certificate.md](google_compute_ssl_certificate.md) for more detailed information + * `certificates`: an array of `google_compute_ssl_certificate` certificate + * `creation_timestamps`: an array of `google_compute_ssl_certificate` creation_timestamp + * `descriptions`: an array of `google_compute_ssl_certificate` description + * `ids`: an array of `google_compute_ssl_certificate` id + * `names`: an array of `google_compute_ssl_certificate` name + * `private_keys`: an array of `google_compute_ssl_certificate` private_key + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. diff --git a/docs/resources/google_compute_target_https_proxies.md b/docs/resources/google_compute_target_https_proxies.md new file mode 100644 index 000000000..72c26502d --- /dev/null +++ b/docs/resources/google_compute_target_https_proxies.md @@ -0,0 +1,32 @@ +--- +title: About the google_compute_target_https_proxies resource +platform: gcp +--- + +## Syntax +A `google_compute_target_https_proxies` is used to test a Google TargetHttpsProxy resource + +## Examples +``` +describe google_compute_target_https_proxies(project: 'chef-gcp-inspec') do + its('names') { should include 'inspec-gcp-https-proxy' } + its('descriptions') { should include 'A HTTPS target proxy' } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_target_https_proxies` resource: + +See [google_compute_target_https_proxy.md](google_compute_target_https_proxy.md) for more detailed information + * `creation_timestamps`: an array of `google_compute_target_https_proxy` creation_timestamp + * `descriptions`: an array of `google_compute_target_https_proxy` description + * `ids`: an array of `google_compute_target_https_proxy` id + * `names`: an array of `google_compute_target_https_proxy` name + * `quic_overrides`: an array of `google_compute_target_https_proxy` quic_override + * `ssl_certificates`: an array of `google_compute_target_https_proxy` ssl_certificates + * `ssl_policies`: an array of `google_compute_target_https_proxy` ssl_policy + * `url_maps`: an array of `google_compute_target_https_proxy` url_map + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. diff --git a/docs/resources/google_compute_target_https_proxy.md b/docs/resources/google_compute_target_https_proxy.md new file mode 100644 index 000000000..eaecf3d4b --- /dev/null +++ b/docs/resources/google_compute_target_https_proxy.md @@ -0,0 +1,39 @@ +--- +title: About the google_compute_target_https_proxy resource +platform: gcp +--- + +## Syntax +A `google_compute_target_https_proxy` is used to test a Google TargetHttpsProxy resource + +## Examples +``` +describe google_compute_target_https_proxy(project: 'chef-gcp-inspec', name: 'inspec-gcp-https-proxy') do + it { should exist } + its('url_map') { should match /\/inspec-gcp-url-map$/ } + its('description') { should eq 'A HTTPS target proxy' } +end + +describe google_compute_target_https_proxy(project: 'chef-gcp-inspec', name: 'nonexistent') do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_target_https_proxy` resource: + + * `creation_timestamp`: Creation timestamp in RFC3339 text format. + + * `description`: An optional description of this resource. + + * `id`: The unique identifier for the resource. + + * `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + + * `quic_override`: Specifies the QUIC override policy for this resource. This determines whether the load balancer will attempt to negotiate QUIC with clients or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is specified, uses the QUIC policy with no user overrides, which is equivalent to DISABLE. Not specifying this field is equivalent to specifying NONE. + + * `ssl_certificates`: A list of SslCertificate resources that are used to authenticate connections between users and the load balancer. Currently, exactly one SSL certificate must be specified. + + * `ssl_policy`: A reference to the SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured. + + * `url_map`: A reference to the UrlMap resource that defines the mapping from URL to the BackendService. diff --git a/libraries/google_compute_ssl_certificate.rb b/libraries/google_compute_ssl_certificate.rb new file mode 100644 index 000000000..6dbcdff93 --- /dev/null +++ b/libraries/google_compute_ssl_certificate.rb @@ -0,0 +1,61 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' + +# A provider to manage Google Compute Engine resources. +class SslCertificate < GcpResourceBase + name 'google_compute_ssl_certificate' + desc 'SslCertificate' + supports platform: 'gcp' + + attr_reader :certificate + attr_reader :creation_timestamp + attr_reader :description + attr_reader :id + attr_reader :name + attr_reader :private_key + def base + 'https://www.googleapis.com/compute/v1/' + end + + def url + 'projects/{{project}}/global/sslCertificates/{{name}}' + end + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @fetched = @connection.fetch(base, url, params) + parse unless @fetched.nil? + end + + def parse + @certificate = @fetched['certificate'] + @creation_timestamp = parse_time_string(@fetched['creationTimestamp']) + @description = @fetched['description'] + @id = @fetched['id'] + @name = @fetched['name'] + @private_key = @fetched['privateKey'] + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + def exists? + !@fetched.nil? + end +end diff --git a/libraries/google_compute_ssl_certificates.rb b/libraries/google_compute_ssl_certificates.rb new file mode 100644 index 000000000..0cb922ce1 --- /dev/null +++ b/libraries/google_compute_ssl_certificates.rb @@ -0,0 +1,92 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class SslCertificates < GcpResourceBase + name 'google_compute_ssl_certificates' + desc 'SslCertificate plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:certificates, field: :certificate) + filter_table_config.add(:creation_timestamps, field: :creation_timestamp) + filter_table_config.add(:descriptions, field: :description) + filter_table_config.add(:ids, field: :id) + filter_table_config.add(:names, field: :name) + filter_table_config.add(:private_keys, field: :private_key) + + filter_table_config.connect(self, :table) + + def base + 'https://www.googleapis.com/compute/v1/' + end + + def url + 'projects/{{project}}/global/sslCertificates' + end + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('items') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(base, url, @params) + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'certificate' => ->(obj) { return :certificate, obj['certificate'] }, + 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) }, + 'description' => ->(obj) { return :description, obj['description'] }, + 'id' => ->(obj) { return :id, obj['id'] }, + 'name' => ->(obj) { return :name, obj['name'] }, + 'privateKey' => ->(obj) { return :private_key, obj['privateKey'] }, + } + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end +end diff --git a/libraries/google_compute_target_https_proxies.rb b/libraries/google_compute_target_https_proxies.rb new file mode 100644 index 000000000..b55270214 --- /dev/null +++ b/libraries/google_compute_target_https_proxies.rb @@ -0,0 +1,96 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class TargetHttpsProxys < GcpResourceBase + name 'google_compute_target_https_proxies' + desc 'TargetHttpsProxy plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:creation_timestamps, field: :creation_timestamp) + filter_table_config.add(:descriptions, field: :description) + filter_table_config.add(:ids, field: :id) + filter_table_config.add(:names, field: :name) + filter_table_config.add(:quic_overrides, field: :quic_override) + filter_table_config.add(:ssl_certificates, field: :ssl_certificates) + filter_table_config.add(:ssl_policies, field: :ssl_policy) + filter_table_config.add(:url_maps, field: :url_map) + + filter_table_config.connect(self, :table) + + def base + 'https://www.googleapis.com/compute/v1/' + end + + def url + 'projects/{{project}}/global/targetHttpsProxies' + end + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('items') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(base, url, @params) + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) }, + 'description' => ->(obj) { return :description, obj['description'] }, + 'id' => ->(obj) { return :id, obj['id'] }, + 'name' => ->(obj) { return :name, obj['name'] }, + 'quicOverride' => ->(obj) { return :quic_override, obj['quicOverride'] }, + 'sslCertificates' => ->(obj) { return :ssl_certificates, obj['sslCertificates'] }, + 'sslPolicy' => ->(obj) { return :ssl_policy, obj['sslPolicy'] }, + 'urlMap' => ->(obj) { return :url_map, obj['urlMap'] }, + } + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end +end diff --git a/libraries/google_compute_target_https_proxy.rb b/libraries/google_compute_target_https_proxy.rb new file mode 100644 index 000000000..a7a13378d --- /dev/null +++ b/libraries/google_compute_target_https_proxy.rb @@ -0,0 +1,65 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' + +# A provider to manage Google Compute Engine resources. +class TargetHttpsProxy < GcpResourceBase + name 'google_compute_target_https_proxy' + desc 'TargetHttpsProxy' + supports platform: 'gcp' + + attr_reader :creation_timestamp + attr_reader :description + attr_reader :id + attr_reader :name + attr_reader :quic_override + attr_reader :ssl_certificates + attr_reader :ssl_policy + attr_reader :url_map + def base + 'https://www.googleapis.com/compute/v1/' + end + + def url + 'projects/{{project}}/global/targetHttpsProxies/{{name}}' + end + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @fetched = @connection.fetch(base, url, params) + parse unless @fetched.nil? + end + + def parse + @creation_timestamp = parse_time_string(@fetched['creationTimestamp']) + @description = @fetched['description'] + @id = @fetched['id'] + @name = @fetched['name'] + @quic_override = @fetched['quicOverride'] + @ssl_certificates = @fetched['sslCertificates'] + @ssl_policy = @fetched['sslPolicy'] + @url_map = @fetched['urlMap'] + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + def exists? + !@fetched.nil? + end +end diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index c99734988..23f803e70 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -90,6 +90,14 @@ variable "snapshot" { type = "map" } +variable "https_proxy" { + type = "map" +} + +variable "ssl_certificate" { + type = "map" +} + resource "google_compute_ssl_policy" "custom-ssl-policy" { name = "${var.ssl_policy["name"]}" min_tls_version = "${var.ssl_policy["min_tls_version"]}" @@ -369,4 +377,20 @@ resource "google_compute_snapshot" "gcp-inspec-snapshot" { name = "${var.snapshot["name"]}" source_disk = "${google_compute_disk.generic_compute_disk.name}" zone = "${var.gcp_zone}" +} + +resource "google_compute_ssl_certificate" "gcp-inspec-ssl-certificate" { + project = "${var.gcp_project_id}" + name = "${var.ssl_certificate["name"]}" + private_key = "${var.ssl_certificate["private_key"]}" + certificate = "${var.ssl_certificate["certificate"]}" + description = "${var.ssl_certificate["description"]}" +} + +resource "google_compute_target_https_proxy" "gcp-inspec-https-proxy" { + project = "${var.gcp_project_id}" + name = "${var.https_proxy["name"]}" + url_map = "${google_compute_url_map.gcp-inspec-url-map.self_link}" + description = "${var.https_proxy["description"]}" + ssl_certificates = ["${google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link}"] } \ No newline at end of file diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index 20c365268..eb2437a4a 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -137,3 +137,35 @@ router: snapshot: name: inspec-gcp-disk-snapshot + +https_proxy: + name: inspec-gcp-https-proxy + description: A HTTPS target proxy + +ssl_certificate: + name: inspec-gcp-ssl-certificate + description: A fake ssl certificate (DO NOT USE) + certificate: | + -----BEGIN CERTIFICATE----- + MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG + EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT + BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm + b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN + AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 + MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP + BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM + FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z + aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH + KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ + 4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O + BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn + 0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O + M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ + zqGNhIPGq2ULqXKK8BY= + -----END CERTIFICATE----- + private_key: | + -----BEGIN EC PRIVATE KEY----- + MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49 + AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f + OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ== + -----END EC PRIVATE KEY----- \ No newline at end of file diff --git a/test/integration/verify/controls/google_compute_ssl_certificate.rb b/test/integration/verify/controls/google_compute_ssl_certificate.rb new file mode 100644 index 000000000..f9c8b544b --- /dev/null +++ b/test/integration/verify/controls/google_compute_ssl_certificate.rb @@ -0,0 +1,37 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_ssl_certificate resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +ssl_certificate = attribute('ssl_certificate', default: { + "name": "inspec-gcp-ssl-certificate", + "description": "A fake ssl certificate (DO NOT USE)", + "certificate": "-----BEGIN CERTIFICATE-----\nMIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG\nEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT\nBgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm\nb3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN\nAQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2\nMDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP\nBgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM\nFUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z\naXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ\n4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O\nBBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn\n0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O\nM3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ\nzqGNhIPGq2ULqXKK8BY=\n-----END CERTIFICATE-----\n", + "private_key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49\nAwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f\nOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ==\n-----END EC PRIVATE KEY-----" +}, description: 'A GCP SSL certificate definition') +control 'google_compute_ssl_certificate-1.0' do + impact 1.0 + title 'google_compute_ssl_certificate resource test' + + describe google_compute_ssl_certificate(project: gcp_project_id, name: ssl_certificate['name']) do + it { should exist } + its('description') { should eq ssl_certificate['description'] } + its('certificate') { should eq ssl_certificate['certificate'] } + end + + describe google_compute_ssl_certificate(project: gcp_project_id, name: 'nonexistent') do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_compute_ssl_certificates.rb b/test/integration/verify/controls/google_compute_ssl_certificates.rb new file mode 100644 index 000000000..10ec90b24 --- /dev/null +++ b/test/integration/verify/controls/google_compute_ssl_certificates.rb @@ -0,0 +1,34 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_ssl_certificates resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +ssl_certificate = attribute('ssl_certificate', default: { + "name": "inspec-gcp-ssl-certificate", + "description": "A fake ssl certificate (DO NOT USE)", + "certificate": "-----BEGIN CERTIFICATE-----\nMIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG\nEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT\nBgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm\nb3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN\nAQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2\nMDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP\nBgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM\nFUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z\naXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ\n4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O\nBBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn\n0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O\nM3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ\nzqGNhIPGq2ULqXKK8BY=\n-----END CERTIFICATE-----\n", + "private_key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49\nAwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f\nOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ==\n-----END EC PRIVATE KEY-----" +}, description: 'A GCP SSL certificate definition') +control 'google_compute_ssl_certificates-1.0' do + impact 1.0 + title 'google_compute_ssl_certificates resource test' + + describe google_compute_ssl_certificates(project: gcp_project_id) do + + its('names') { should include ssl_certificate['name'] } + its('descriptions') { should include ssl_certificate['description'] } + its('certificates') { should include ssl_certificate['certificate'] } + end +end diff --git a/test/integration/verify/controls/google_compute_target_https_proxies.rb b/test/integration/verify/controls/google_compute_target_https_proxies.rb new file mode 100644 index 000000000..90d7a9eff --- /dev/null +++ b/test/integration/verify/controls/google_compute_target_https_proxies.rb @@ -0,0 +1,30 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_target_https_proxies resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +https_proxy = attribute('https_proxy', default: { + "name": "inspec-gcp-https-proxy", + "description": "A HTTPS target proxy" +}, description: 'Compute HTTPS proxy definition') +control 'google_compute_target_https_proxies-1.0' do + impact 1.0 + title 'google_compute_target_https_proxies resource test' + + describe google_compute_target_https_proxies(project: gcp_project_id) do + its('names') { should include https_proxy['name'] } + its('descriptions') { should include https_proxy['description'] } + end +end diff --git a/test/integration/verify/controls/google_compute_target_https_proxy.rb b/test/integration/verify/controls/google_compute_target_https_proxy.rb new file mode 100644 index 000000000..24ff7ea64 --- /dev/null +++ b/test/integration/verify/controls/google_compute_target_https_proxy.rb @@ -0,0 +1,35 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_target_https_proxy resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +https_proxy = attribute('https_proxy', default: { + "name": "inspec-gcp-https-proxy", + "description": "A HTTPS target proxy" +}, description: 'Compute HTTPS proxy definition') +control 'google_compute_target_https_proxy-1.0' do + impact 1.0 + title 'google_compute_target_https_proxy resource test' + + describe google_compute_target_https_proxy(project: gcp_project_id, name: https_proxy['name']) do + it { should exist } + its('url_map') { should match /\/inspec-gcp-url-map$/ } + its('description') { should eq https_proxy['description'] } + end + + describe google_compute_target_https_proxy(project: gcp_project_id, name: 'nonexistent') do + it { should_not exist } + end +end