This repository has been archived by the owner on Nov 14, 2024. It is now read-only.
forked from inspec/inspec-gcp
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add InSpec support for compute routes
Signed-off-by: Modular Magician <[email protected]>
- Loading branch information
1 parent
a562de7
commit 72ab914
Showing
8 changed files
with
358 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
--- | ||
title: About the Route resource | ||
platform: gcp | ||
--- | ||
|
||
|
||
## Syntax | ||
A `google_compute_route` is used to test a Google Route resource | ||
|
||
## Examples | ||
``` | ||
describe google_compute_route(project: 'chef-gcp-inspec', name: 'inspec-gcp-route') do | ||
it { should exist } | ||
its('dest_range') { should eq '15.0.0.0/24' } | ||
its('network') { should match /\/gcp-inspec-network$/ } | ||
its('next_hop_ip') { should eq '10.2.0.1' } | ||
its('priority') { should eq '100' } | ||
end | ||
describe google_compute_route(project: 'chef-gcp-inspec', name: 'nonexistent') do | ||
it { should_not exist } | ||
end | ||
``` | ||
|
||
## Properties | ||
Properties that can be accessed from the `google_compute_route` resource: | ||
|
||
* `dest_range`: The destination range of outgoing packets that this route applies to. Only IPv4 is supported. | ||
|
||
* `description`: An optional description of this resource. Provide this property when you create the resource. | ||
|
||
* `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. | ||
|
||
* `network`: The network that this route applies to. | ||
|
||
* `priority`: The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535. | ||
|
||
* `tags`: A list of instance tags to which this route applies. | ||
|
||
* `next_hop_gateway`: URL to a gateway that should handle matching packets. Currently, you can only specify the internet gateway, using a full or partial valid URL: * https://www.googleapis.com/compute/v1/projects/project/ global/gateways/default-internet-gateway * projects/project/global/gateways/default-internet-gateway * global/gateways/default-internet-gateway | ||
|
||
* `next_hop_instance`: URL to an instance that should handle matching packets. You can specify this as a full or partial URL. For example: * https://www.googleapis.com/compute/v1/projects/project/zones/zone/ instances/instance * projects/project/zones/zone/instances/instance * zones/zone/instances/instance | ||
|
||
* `next_hop_ip`: Network IP address of an instance that should handle matching packets. | ||
|
||
* `next_hop_vpn_tunnel`: URL to a VpnTunnel that should handle matching packets. | ||
|
||
* `next_hop_network`: URL to a Network that should handle matching packets. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
--- | ||
title: About the Route resource | ||
platform: gcp | ||
--- | ||
|
||
|
||
## Syntax | ||
A `google_compute_routes` is used to test a Google Route resource | ||
|
||
## Examples | ||
``` | ||
describe google_compute_routes(project: 'chef-gcp-inspec') do | ||
its('count') { should be >= 1 } | ||
its('dest_ranges') { should include '15.0.0.0/24' } | ||
its('next_hop_ips') { should include '10.2.0.1' } | ||
its('priorities') { should include '100' } | ||
end | ||
``` | ||
|
||
## Properties | ||
Properties that can be accessed from the `google_compute_routes` resource: | ||
|
||
See [google_compute_route.md](google_compute_route.md) for more detailed information | ||
* `dest_ranges`: an array of `google_compute_route` dest_range | ||
* `descriptions`: an array of `google_compute_route` description | ||
* `names`: an array of `google_compute_route` name | ||
* `networks`: an array of `google_compute_route` network | ||
* `priorities`: an array of `google_compute_route` priority | ||
* `tags`: an array of `google_compute_route` tags | ||
* `next_hop_gateways`: an array of `google_compute_route` next_hop_gateway | ||
* `next_hop_instances`: an array of `google_compute_route` next_hop_instance | ||
* `next_hop_ips`: an array of `google_compute_route` next_hop_ip | ||
* `next_hop_vpn_tunnels`: an array of `google_compute_route` next_hop_vpn_tunnel | ||
* `next_hop_networks`: an array of `google_compute_route` next_hop_network | ||
|
||
## Filter Criteria | ||
This resource supports all of the above properties as filter criteria, which can be used | ||
with `where` as a block or a method. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
# frozen_string_literal: false | ||
|
||
# ---------------------------------------------------------------------------- | ||
# | ||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** | ||
# | ||
# ---------------------------------------------------------------------------- | ||
# | ||
# This file is automatically generated by Magic Modules and manual | ||
# changes will be clobbered when the file is regenerated. | ||
# | ||
# Please read more about how to change this file in README.md and | ||
# CONTRIBUTING.md located at the root of this package. | ||
# | ||
# ---------------------------------------------------------------------------- | ||
require 'gcp_backend' | ||
|
||
# A provider to manage Google Compute Engine resources. | ||
class Route < GcpResourceBase | ||
name 'google_compute_route' | ||
desc 'Route' | ||
supports platform: 'gcp' | ||
|
||
attr_reader :dest_range | ||
attr_reader :description | ||
attr_reader :name | ||
attr_reader :network | ||
attr_reader :priority | ||
attr_reader :tags | ||
attr_reader :next_hop_gateway | ||
attr_reader :next_hop_instance | ||
attr_reader :next_hop_ip | ||
attr_reader :next_hop_vpn_tunnel | ||
attr_reader :next_hop_network | ||
def base | ||
'https://www.googleapis.com/compute/v1/' | ||
end | ||
|
||
def url | ||
'projects/{{project}}/global/routes/{{name}}' | ||
end | ||
|
||
def initialize(params) | ||
super(params.merge({ use_http_transport: true })) | ||
@fetched = @connection.fetch(base, url, params) | ||
parse unless @fetched.nil? | ||
end | ||
|
||
def parse | ||
@dest_range = @fetched['destRange'] | ||
@description = @fetched['description'] | ||
@name = @fetched['name'] | ||
@network = @fetched['network'] | ||
@priority = @fetched['priority'] | ||
@tags = @fetched['tags'] | ||
@next_hop_gateway = @fetched['nextHopGateway'] | ||
@next_hop_instance = @fetched['nextHopInstance'] | ||
@next_hop_ip = @fetched['nextHopIp'] | ||
@next_hop_vpn_tunnel = @fetched['nextHopVpnTunnel'] | ||
@next_hop_network = @fetched['nextHopNetwork'] | ||
end | ||
|
||
# Handles parsing RFC3339 time string | ||
def parse_time_string(time_string) | ||
time_string ? Time.parse(time_string) : nil | ||
end | ||
|
||
def exists? | ||
!@fetched.nil? | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
# frozen_string_literal: false | ||
|
||
# ---------------------------------------------------------------------------- | ||
# | ||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** | ||
# | ||
# ---------------------------------------------------------------------------- | ||
# | ||
# This file is automatically generated by Magic Modules and manual | ||
# changes will be clobbered when the file is regenerated. | ||
# | ||
# Please read more about how to change this file in README.md and | ||
# CONTRIBUTING.md located at the root of this package. | ||
# | ||
# ---------------------------------------------------------------------------- | ||
require 'gcp_backend' | ||
class Routes < GcpResourceBase | ||
name 'google_compute_routes' | ||
desc 'Route plural resource' | ||
supports platform: 'gcp' | ||
|
||
attr_reader :table | ||
|
||
filter_table_config = FilterTable.create | ||
|
||
filter_table_config.add(:dest_ranges, field: :dest_range) | ||
filter_table_config.add(:descriptions, field: :description) | ||
filter_table_config.add(:names, field: :name) | ||
filter_table_config.add(:networks, field: :network) | ||
filter_table_config.add(:priorities, field: :priority) | ||
filter_table_config.add(:tags, field: :tags) | ||
filter_table_config.add(:next_hop_gateways, field: :next_hop_gateway) | ||
filter_table_config.add(:next_hop_instances, field: :next_hop_instance) | ||
filter_table_config.add(:next_hop_ips, field: :next_hop_ip) | ||
filter_table_config.add(:next_hop_vpn_tunnels, field: :next_hop_vpn_tunnel) | ||
filter_table_config.add(:next_hop_networks, field: :next_hop_network) | ||
|
||
filter_table_config.connect(self, :table) | ||
|
||
def base | ||
'https://www.googleapis.com/compute/v1/' | ||
end | ||
|
||
def url | ||
'projects/{{project}}/global/routes' | ||
end | ||
|
||
def initialize(params = {}) | ||
super(params.merge({ use_http_transport: true })) | ||
@params = params | ||
@table = fetch_wrapped_resource('items') | ||
end | ||
|
||
def fetch_wrapped_resource(wrap_path) | ||
# fetch_resource returns an array of responses (to handle pagination) | ||
result = @connection.fetch_all(base, url, @params) | ||
return if result.nil? | ||
|
||
# Conversion of string -> object hash to symbol -> object hash that InSpec needs | ||
converted = [] | ||
result.each do |response| | ||
next if response.nil? || !response.key?(wrap_path) | ||
response[wrap_path].each do |hash| | ||
hash_with_symbols = {} | ||
hash.each_key do |key| | ||
name, value = transform(key, hash) | ||
hash_with_symbols[name] = value | ||
end | ||
converted.push(hash_with_symbols) | ||
end | ||
end | ||
|
||
converted | ||
end | ||
|
||
def transform(key, value) | ||
return transformers[key].call(value) if transformers.key?(key) | ||
|
||
[key.to_sym, value] | ||
end | ||
|
||
def transformers | ||
{ | ||
'destRange' => ->(obj) { return :dest_range, obj['destRange'] }, | ||
'description' => ->(obj) { return :description, obj['description'] }, | ||
'name' => ->(obj) { return :name, obj['name'] }, | ||
'network' => ->(obj) { return :network, obj['network'] }, | ||
'priority' => ->(obj) { return :priority, obj['priority'] }, | ||
'tags' => ->(obj) { return :tags, obj['tags'] }, | ||
'nextHopGateway' => ->(obj) { return :next_hop_gateway, obj['nextHopGateway'] }, | ||
'nextHopInstance' => ->(obj) { return :next_hop_instance, obj['nextHopInstance'] }, | ||
'nextHopIp' => ->(obj) { return :next_hop_ip, obj['nextHopIp'] }, | ||
'nextHopVpnTunnel' => ->(obj) { return :next_hop_vpn_tunnel, obj['nextHopVpnTunnel'] }, | ||
'nextHopNetwork' => ->(obj) { return :next_hop_network, obj['nextHopNetwork'] }, | ||
} | ||
end | ||
|
||
# Handles parsing RFC3339 time string | ||
def parse_time_string(time_string) | ||
time_string ? Time.parse(time_string) : nil | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# ---------------------------------------------------------------------------- | ||
# | ||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** | ||
# | ||
# ---------------------------------------------------------------------------- | ||
# | ||
# This file is automatically generated by Magic Modules and manual | ||
# changes will be clobbered when the file is regenerated. | ||
# | ||
# Please read more about how to change this file in README.md and | ||
# CONTRIBUTING.md located at the root of this package. | ||
# | ||
# ---------------------------------------------------------------------------- | ||
|
||
title 'Test GCP google_compute_route resource.' | ||
|
||
gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') | ||
route = attribute('route', default: { | ||
"name": "inspec-gcp-route", | ||
"dest_range": "15.0.0.0/24", | ||
"next_hop_ip": "10.2.0.1", | ||
"priority": 100 | ||
}, description: 'Compute route description') | ||
gcp_network_name = attribute(:gcp_network_name, default: 'gcp_network_name', description: 'GCP network name') | ||
control 'google_compute_route-1.0' do | ||
impact 1.0 | ||
title 'google_compute_route resource test' | ||
|
||
describe google_compute_route(project: gcp_project_id, name: route['name']) do | ||
it { should exist } | ||
its('dest_range') { should eq route['dest_range'] } | ||
its('network') { should match /\/#{gcp_network_name}$/ } | ||
its('next_hop_ip') { should eq route['next_hop_ip'] } | ||
its('priority') { should eq route['priority'] } | ||
end | ||
|
||
describe google_compute_route(project: gcp_project_id, name: 'nonexistent') do | ||
it { should_not exist } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# ---------------------------------------------------------------------------- | ||
# | ||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** | ||
# | ||
# ---------------------------------------------------------------------------- | ||
# | ||
# This file is automatically generated by Magic Modules and manual | ||
# changes will be clobbered when the file is regenerated. | ||
# | ||
# Please read more about how to change this file in README.md and | ||
# CONTRIBUTING.md located at the root of this package. | ||
# | ||
# ---------------------------------------------------------------------------- | ||
|
||
title 'Test GCP google_compute_routes resource.' | ||
|
||
gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') | ||
route = attribute('route', default: { | ||
"name": "inspec-gcp-route", | ||
"dest_range": "15.0.0.0/24", | ||
"next_hop_ip": "10.2.0.1", | ||
"priority": 100 | ||
}, description: 'Compute route description') | ||
gcp_network_name = attribute(:gcp_network_name, default: 'gcp_network_name', description: 'GCP network name') | ||
control 'google_compute_routes-1.0' do | ||
impact 1.0 | ||
title 'google_compute_routes resource test' | ||
|
||
describe google_compute_routes(project: gcp_project_id) do | ||
its('count') { should be >= 1 } | ||
its('dest_ranges') { should include route['dest_range'] } | ||
its('next_hop_ips') { should include route['next_hop_ip'] } | ||
its('priorities') { should include route['priority'] } | ||
end | ||
end |