From fa80781dc9644b3c93f3362426eaaa42d71c4496 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Fri, 23 Aug 2019 18:09:21 +0000 Subject: [PATCH 1/8] Update to work with new inspec version, tf upgrade Signed-off-by: Modular Magician --- Gemfile | 2 +- docs/resources/google_compute_instance_group_manager.md | 1 - .../verify/controls/google_compute_instance_group_managers.rb | 1 - 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index dbb31115c..70df57d4d 100644 --- a/Gemfile +++ b/Gemfile @@ -5,8 +5,8 @@ gem 'google-api-client' gem 'google-cloud' gem 'googleauth' gem 'inifile' -gem 'rubocop' gem 'inspec-bin' +gem 'rubocop' group :development do gem 'github_changelog_generator' diff --git a/docs/resources/google_compute_instance_group_manager.md b/docs/resources/google_compute_instance_group_manager.md index 790a83131..a4bbfdb3b 100644 --- a/docs/resources/google_compute_instance_group_manager.md +++ b/docs/resources/google_compute_instance_group_manager.md @@ -15,7 +15,6 @@ describe google_compute_instance_group_manager(project: 'chef-gcp-inspec', zone: its('named_ports.count') { should cmp 1 } its('named_ports.first.name') { should eq 'port' } its('named_ports.first.port') { should eq '80' } - its('instance_template') { should match 'gcp-managed-group-name' } end describe google_compute_instance_group_manager(project: 'chef-gcp-inspec', zone: 'zone', name: 'nonexistent') do diff --git a/test/integration/verify/controls/google_compute_instance_group_managers.rb b/test/integration/verify/controls/google_compute_instance_group_managers.rb index 5d0a5d5c4..fdd35ac41 100644 --- a/test/integration/verify/controls/google_compute_instance_group_managers.rb +++ b/test/integration/verify/controls/google_compute_instance_group_managers.rb @@ -16,7 +16,6 @@ gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'The GCP project zone.') -gcp_lb_mig1_name = attribute(:gcp_lb_mig1_name, default: 'gcp_lb_mig1_name', description: 'Managed instance group name.') instance_group_manager = attribute('instance_group_manager', default: { "name": "inspec-gcp-igm", "base_instance_name": "igm", From e19011a1e81d9638365d92dc7ffe525f5f6c348d Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Sat, 24 Aug 2019 00:06:14 +0000 Subject: [PATCH 2/8] Inspec org log sink Signed-off-by: Modular Magician --- .../google_logging_organization_log_sink.md | 40 ++++++++ .../google_logging_organization_log_sinks.md | 33 +++++++ .../google_logging_organization_log_sink.rb | 70 ++++++++++++++ .../google_logging_organization_log_sinks.rb | 94 +++++++++++++++++++ test/integration/build/gcp-mm.tf | 18 +++- .../configuration/mm-attributes.yml | 6 +- .../google_logging_organization_log_sink.rb | 33 +++++++ .../google_logging_organization_log_sinks.rb | 28 ++++++ 8 files changed, 320 insertions(+), 2 deletions(-) create mode 100644 docs/resources/google_logging_organization_log_sink.md create mode 100644 docs/resources/google_logging_organization_log_sinks.md create mode 100644 libraries/google_logging_organization_log_sink.rb create mode 100644 libraries/google_logging_organization_log_sinks.rb create mode 100644 test/integration/verify/controls/google_logging_organization_log_sink.rb create mode 100644 test/integration/verify/controls/google_logging_organization_log_sinks.rb diff --git a/docs/resources/google_logging_organization_log_sink.md b/docs/resources/google_logging_organization_log_sink.md new file mode 100644 index 000000000..c8922f4c6 --- /dev/null +++ b/docs/resources/google_logging_organization_log_sink.md @@ -0,0 +1,40 @@ +--- +title: About the google_logging_organization_log_sink resource +platform: gcp +--- + +## Syntax +A `google_logging_organization_log_sink` is used to test a Google OrganizationLogSink resource + +## Examples +``` +describe google_logging_organization_log_sink(organization: '190694428152', name: 'inspec-gcp-org-sink') do + it { should exist } + its('filter') { should cmp 'resource.type = gce_instance' } +end + +describe google_logging_organization_log_sink(organization: '190694428152', name: 'nonexistent') do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_logging_organization_log_sink` resource: + + * `organization`: Id of the organization that this sink belongs to. + + * `name`: Name of the log sink. + + * `filter`: An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter. + + * `destination`: The export destination. + + * `writer_identity`: An IAM identity—a service account or group—under which Logging writes the exported log entries to the sink's destination. This field is set by sinks.create and sinks.update based on the value of uniqueWriterIdentity in those methods. + + * `include_children`: If the field is false, the default, only the logs owned by the sink's parent resource are available for export. If the field is true, then logs from all the projects, folders, and billing accounts contained in the sink's parent resource are also available for export. Whether a particular log entry from the children is exported depends on the sink's filter expression. + + + +## GCP Permissions + +Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_logging_organization_log_sinks.md b/docs/resources/google_logging_organization_log_sinks.md new file mode 100644 index 000000000..12892539f --- /dev/null +++ b/docs/resources/google_logging_organization_log_sinks.md @@ -0,0 +1,33 @@ +--- +title: About the google_logging_organization_log_sinks resource +platform: gcp +--- + +## Syntax +A `google_logging_organization_log_sinks` is used to test a Google OrganizationLogSink resource + +## Examples +``` +describe google_logging_organization_log_sinks(organization: '190694428152') do + its('names') { should include 'inspec-gcp-org-sink' } +end +``` + +## Properties +Properties that can be accessed from the `google_logging_organization_log_sinks` resource: + +See [google_logging_organization_log_sink.md](google_logging_organization_log_sink.md) for more detailed information + * `organizations`: an array of `google_logging_organization_log_sink` organization + * `names`: an array of `google_logging_organization_log_sink` name + * `filters`: an array of `google_logging_organization_log_sink` filter + * `destinations`: an array of `google_logging_organization_log_sink` destination + * `writer_identities`: an array of `google_logging_organization_log_sink` writer_identity + * `include_children`: an array of `google_logging_organization_log_sink` include_children + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Stackdriver Logging API](https://console.cloud.google.com/apis/library/logging.googleapis.com/) is enabled for the current project. diff --git a/libraries/google_logging_organization_log_sink.rb b/libraries/google_logging_organization_log_sink.rb new file mode 100644 index 000000000..4066a904a --- /dev/null +++ b/libraries/google_logging_organization_log_sink.rb @@ -0,0 +1,70 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' + +# A provider to manage Stackdriver Logging resources. +class OrganizationLogSink < GcpResourceBase + name 'google_logging_organization_log_sink' + desc 'OrganizationLogSink' + supports platform: 'gcp' + + attr_reader :params + attr_reader :organization + attr_reader :name + attr_reader :filter + attr_reader :destination + attr_reader :writer_identity + attr_reader :include_children + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url, resource_base_url, params) + parse unless @fetched.nil? + end + + def parse + @organization = @fetched['organization'] + @name = @fetched['name'] + @filter = @fetched['filter'] + @destination = @fetched['destination'] + @writer_identity = @fetched['writerIdentity'] + @include_children = @fetched['includeChildren'] + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + def exists? + !@fetched.nil? + end + + def to_s + "OrganizationLogSink #{@params[:name]}" + end + + private + + def product_url + 'https://logging.googleapis.com/v2/' + end + + def resource_base_url + 'organizations/{{organization}}/sinks/{{name}}' + end +end diff --git a/libraries/google_logging_organization_log_sinks.rb b/libraries/google_logging_organization_log_sinks.rb new file mode 100644 index 000000000..8d0a07538 --- /dev/null +++ b/libraries/google_logging_organization_log_sinks.rb @@ -0,0 +1,94 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class OrganizationLogSinks < GcpResourceBase + name 'google_logging_organization_log_sinks' + desc 'OrganizationLogSink plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:organizations, field: :organization) + filter_table_config.add(:names, field: :name) + filter_table_config.add(:filters, field: :filter) + filter_table_config.add(:destinations, field: :destination) + filter_table_config.add(:writer_identities, field: :writer_identity) + filter_table_config.add(:include_children, field: :include_children) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('sinks') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params) + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'organization' => ->(obj) { return :organization, obj['organization'] }, + 'name' => ->(obj) { return :name, obj['name'] }, + 'filter' => ->(obj) { return :filter, obj['filter'] }, + 'destination' => ->(obj) { return :destination, obj['destination'] }, + 'writerIdentity' => ->(obj) { return :writer_identity, obj['writerIdentity'] }, + 'includeChildren' => ->(obj) { return :include_children, obj['includeChildren'] }, + } + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + private + + def product_url + 'https://logging.googleapis.com/v2/' + end + + def resource_base_url + 'organizations/{{organization}}/sinks' + end +end diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index 09a08f096..86211476e 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -141,6 +141,10 @@ variable "region_backend_service" { type = "map" } +variable "org_sink" { + type = "map" +} + resource "google_compute_ssl_policy" "custom-ssl-policy" { name = "${var.ssl_policy["name"]}" min_tls_version = "${var.ssl_policy["min_tls_version"]}" @@ -511,7 +515,7 @@ resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" { resource "google_folder" "inspec-gcp-folder" { count = "${var.gcp_organization_id == "none" ? 0 : var.gcp_enable_privileged_resources}" display_name = "${var.folder["display_name"]}" - parent = "${var.gcp_organization_id}" + parent = "organizations/${var.gcp_organization_id}" } resource "google_storage_bucket_object" "archive" { @@ -552,4 +556,16 @@ resource "google_container_node_pool" "inspec-gcp-regional-node-pool" { region = "${var.gcp_location}" cluster = "${google_container_cluster.gcp-inspec-regional-cluster.name}" node_count = "${var.regional_node_pool["node_count"]}" +} + +resource "google_logging_organization_sink" "my-sink" { + count = "${var.gcp_organization_id == "none" ? 0 : var.gcp_enable_privileged_resources}" + name = "${var.org_sink.name}" + org_id = "${var.gcp_organization_id}" + + # Can export to pubsub, cloud storage, or bigquery + destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" + + # Log all WARN or higher severity messages relating to instances + filter = "${var.org_sink.filter}" } \ No newline at end of file diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index d9ba8968b..e422a48d5 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -220,4 +220,8 @@ regional_node_pool: name: inspec-gcp-regional-node-pool cluster_name: inspec-gcp-regional-node-pool-cluster node_count: 1 - initial_node_count: 1 \ No newline at end of file + initial_node_count: 1 + +org_sink: + name: inspec-gcp-org-sink + filter: resource.type = gce_instance \ No newline at end of file diff --git a/test/integration/verify/controls/google_logging_organization_log_sink.rb b/test/integration/verify/controls/google_logging_organization_log_sink.rb new file mode 100644 index 000000000..dd01d33e2 --- /dev/null +++ b/test/integration/verify/controls/google_logging_organization_log_sink.rb @@ -0,0 +1,33 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_logging_organization_log_sink resource.' + +org_sink = attribute('org_sink', default: {"name"=>"inspec-gcp-org-sink", "filter"=>"resource.type = gce_instance"}) +gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of this folder') +gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.') +control 'google_logging_organization_log_sink-1.0' do + impact 1.0 + title 'google_logging_organization_log_sink resource test' + + only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''} + describe google_logging_organization_log_sink(organization: gcp_organization_id, name: org_sink['name']) do + it { should exist } + its('filter') { should cmp org_sink['filter'] } + end + + describe google_logging_organization_log_sink(organization: gcp_organization_id, name: 'nonexistent') do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_logging_organization_log_sinks.rb b/test/integration/verify/controls/google_logging_organization_log_sinks.rb new file mode 100644 index 000000000..cded73e29 --- /dev/null +++ b/test/integration/verify/controls/google_logging_organization_log_sinks.rb @@ -0,0 +1,28 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_logging_organization_log_sinks resource.' + +org_sink = attribute('org_sink', default: {"name"=>"inspec-gcp-org-sink", "filter"=>"resource.type = gce_instance"}) +gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of this folder') +gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.') +control 'google_logging_organization_log_sinks-1.0' do + impact 1.0 + title 'google_logging_organization_log_sinks resource test' + + only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != ''} + describe google_logging_organization_log_sinks(organization: gcp_organization_id) do + its('names') { should include org_sink['name'] } + end +end From 19dc528ebc9028660efe20e404f501a7138649b8 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Wed, 28 Aug 2019 20:50:28 +0000 Subject: [PATCH 3/8] Add new fields to container cluster api.yaml Signed-off-by: Modular Magician --- .../google_container_regional_cluster.md | 8 ++++ .../google_container_regional_clusters.md | 1 + .../property/regionalcluster_addons_config.rb | 4 ++ ...ster_addons_config_kubernetes_dashboard.rb | 34 ++++++++++++++ ...uster_master_authorized_networks_config.rb | 38 ++++++++++++++++ ..._authorized_networks_config_cidr_blocks.rb | 45 +++++++++++++++++++ .../google_container_regional_cluster.rb | 5 +++ .../google_container_regional_clusters.rb | 2 + 8 files changed, 137 insertions(+) create mode 100644 libraries/google/container/property/regionalcluster_addons_config_kubernetes_dashboard.rb create mode 100644 libraries/google/container/property/regionalcluster_master_authorized_networks_config.rb create mode 100644 libraries/google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks.rb diff --git a/docs/resources/google_container_regional_cluster.md b/docs/resources/google_container_regional_cluster.md index 163d98bea..fcfe55c94 100644 --- a/docs/resources/google_container_regional_cluster.md +++ b/docs/resources/google_container_regional_cluster.md @@ -98,6 +98,8 @@ Properties that can be accessed from the `google_container_regional_cluster` res * `horizontal_pod_autoscaling`: Configuration for the horizontal pod autoscaling feature, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. + * `kubernetes_dashboard`: Configuration for the Kubernetes Dashboard. This addon is deprecated, and will be disabled in 1.15. It is recommended to use the Cloud Console to manage and monitor your Kubernetes clusters, workloads and applications. + * `network_policy_config`: Configuration for NetworkPolicy. This only tracks whether the addon is enabled or not on the Master, it does not track whether network policy is enabled for the nodes. * `subnetwork`: The name of the Google Compute Engine subnetwork to which the cluster is connected. @@ -174,6 +176,12 @@ Properties that can be accessed from the `google_container_regional_cluster` res * `message`: Human-friendly representation of the condition + * `master_authorized_networks_config`: Configuration for controlling how IPs are allocated in the cluster + + * `enabled`: Whether or not master authorized networks is enabled. + + * `cidr_blocks`: Define up to 50 external networks that could access Kubernetes master through HTTPS. + * `location`: The location where the cluster is deployed diff --git a/docs/resources/google_container_regional_clusters.md b/docs/resources/google_container_regional_clusters.md index b1127be64..3917f4432 100644 --- a/docs/resources/google_container_regional_clusters.md +++ b/docs/resources/google_container_regional_clusters.md @@ -52,6 +52,7 @@ See [google_container_regional_cluster.md](google_container_regional_cluster.md) * `enable_tpus`: an array of `google_container_regional_cluster` enable_tpu * `tpu_ipv4_cidr_blocks`: an array of `google_container_regional_cluster` tpu_ipv4_cidr_block * `conditions`: an array of `google_container_regional_cluster` conditions + * `master_authorized_networks_configs`: an array of `google_container_regional_cluster` master_authorized_networks_config * `locations`: an array of `google_container_regional_cluster` location ## Filter Criteria diff --git a/libraries/google/container/property/regionalcluster_addons_config.rb b/libraries/google/container/property/regionalcluster_addons_config.rb index 8d691cb0e..19f72e94b 100644 --- a/libraries/google/container/property/regionalcluster_addons_config.rb +++ b/libraries/google/container/property/regionalcluster_addons_config.rb @@ -15,6 +15,7 @@ # ---------------------------------------------------------------------------- require 'google/container/property/regionalcluster_addons_config_horizontal_pod_autoscaling' require 'google/container/property/regionalcluster_addons_config_http_load_balancing' +require 'google/container/property/regionalcluster_addons_config_kubernetes_dashboard' require 'google/container/property/regionalcluster_addons_config_network_policy_config' module GoogleInSpec module Container @@ -24,6 +25,8 @@ class RegionalClusterAddonsConfig attr_reader :horizontal_pod_autoscaling + attr_reader :kubernetes_dashboard + attr_reader :network_policy_config def initialize(args = nil, parent_identifier = nil) @@ -31,6 +34,7 @@ def initialize(args = nil, parent_identifier = nil) @parent_identifier = parent_identifier @http_load_balancing = GoogleInSpec::Container::Property::RegionalClusterAddonsConfigHttpLoadBalancing.new(args['httpLoadBalancing'], to_s) @horizontal_pod_autoscaling = GoogleInSpec::Container::Property::RegionalClusterAddonsConfigHorizontalPodAutoscaling.new(args['horizontalPodAutoscaling'], to_s) + @kubernetes_dashboard = GoogleInSpec::Container::Property::RegionalClusterAddonsConfigKubernetesDashboard.new(args['kubernetesDashboard'], to_s) @network_policy_config = GoogleInSpec::Container::Property::RegionalClusterAddonsConfigNetworkPolicyConfig.new(args['networkPolicyConfig'], to_s) end diff --git a/libraries/google/container/property/regionalcluster_addons_config_kubernetes_dashboard.rb b/libraries/google/container/property/regionalcluster_addons_config_kubernetes_dashboard.rb new file mode 100644 index 000000000..af2ccd01c --- /dev/null +++ b/libraries/google/container/property/regionalcluster_addons_config_kubernetes_dashboard.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Container + module Property + class RegionalClusterAddonsConfigKubernetesDashboard + attr_reader :disabled + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @disabled = args['disabled'] + end + + def to_s + "#{@parent_identifier} RegionalClusterAddonsConfigKubernetesDashboard" + end + end + end + end +end diff --git a/libraries/google/container/property/regionalcluster_master_authorized_networks_config.rb b/libraries/google/container/property/regionalcluster_master_authorized_networks_config.rb new file mode 100644 index 000000000..a84d0f462 --- /dev/null +++ b/libraries/google/container/property/regionalcluster_master_authorized_networks_config.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks' +module GoogleInSpec + module Container + module Property + class RegionalClusterMasterAuthorizedNetworksConfig + attr_reader :enabled + + attr_reader :cidr_blocks + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @enabled = args['enabled'] + @cidr_blocks = GoogleInSpec::Container::Property::RegionalClusterMasterAuthorizedNetworksConfigCidrBlocksArray.parse(args['cidrBlocks'], to_s) + end + + def to_s + "#{@parent_identifier} RegionalClusterMasterAuthorizedNetworksConfig" + end + end + end + end +end diff --git a/libraries/google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks.rb b/libraries/google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks.rb new file mode 100644 index 000000000..56152446d --- /dev/null +++ b/libraries/google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Container + module Property + class RegionalClusterMasterAuthorizedNetworksConfigCidrBlocks + attr_reader :display_name + + attr_reader :cidr_block + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @display_name = args['displayName'] + @cidr_block = args['cidrBlock'] + end + + def to_s + "#{@parent_identifier} RegionalClusterMasterAuthorizedNetworksConfigCidrBlocks" + end + end + + class RegionalClusterMasterAuthorizedNetworksConfigCidrBlocksArray + def self.parse(value, parent_identifier) + return if value.nil? + return RegionalClusterMasterAuthorizedNetworksConfigCidrBlocks.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| RegionalClusterMasterAuthorizedNetworksConfigCidrBlocks.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google_container_regional_cluster.rb b/libraries/google_container_regional_cluster.rb index 06ab4001f..2668fa9bd 100644 --- a/libraries/google_container_regional_cluster.rb +++ b/libraries/google_container_regional_cluster.rb @@ -17,6 +17,7 @@ require 'google/container/property/regionalcluster_addons_config' require 'google/container/property/regionalcluster_addons_config_horizontal_pod_autoscaling' require 'google/container/property/regionalcluster_addons_config_http_load_balancing' +require 'google/container/property/regionalcluster_addons_config_kubernetes_dashboard' require 'google/container/property/regionalcluster_addons_config_network_policy_config' require 'google/container/property/regionalcluster_conditions' require 'google/container/property/regionalcluster_default_max_pods_constraint' @@ -24,6 +25,8 @@ require 'google/container/property/regionalcluster_legacy_abac' require 'google/container/property/regionalcluster_master_auth' require 'google/container/property/regionalcluster_master_auth_client_certificate_config' +require 'google/container/property/regionalcluster_master_authorized_networks_config' +require 'google/container/property/regionalcluster_master_authorized_networks_config_cidr_blocks' require 'google/container/property/regionalcluster_network_policy' require 'google/container/property/regionalcluster_node_config' require 'google/container/property/regionalcluster_node_config_accelerators' @@ -70,6 +73,7 @@ class RegionalCluster < GcpResourceBase attr_reader :enable_tpu attr_reader :tpu_ipv4_cidr_block attr_reader :conditions + attr_reader :master_authorized_networks_config attr_reader :location def initialize(params) @@ -113,6 +117,7 @@ def parse @enable_tpu = @fetched['enableTpu'] @tpu_ipv4_cidr_block = @fetched['tpuIpv4CidrBlock'] @conditions = GoogleInSpec::Container::Property::RegionalClusterConditionsArray.parse(@fetched['conditions'], to_s) + @master_authorized_networks_config = GoogleInSpec::Container::Property::RegionalClusterMasterAuthorizedNetworksConfig.new(@fetched['masterAuthorizedNetworksConfig'], to_s) @location = @fetched['location'] end diff --git a/libraries/google_container_regional_clusters.rb b/libraries/google_container_regional_clusters.rb index c42f0ec1f..451567340 100644 --- a/libraries/google_container_regional_clusters.rb +++ b/libraries/google_container_regional_clusters.rb @@ -56,6 +56,7 @@ class RegionalClusters < GcpResourceBase filter_table_config.add(:enable_tpus, field: :enable_tpu) filter_table_config.add(:tpu_ipv4_cidr_blocks, field: :tpu_ipv4_cidr_block) filter_table_config.add(:conditions, field: :conditions) + filter_table_config.add(:master_authorized_networks_configs, field: :master_authorized_networks_config) filter_table_config.add(:locations, field: :location) filter_table_config.connect(self, :table) @@ -129,6 +130,7 @@ def transformers 'enableTpu' => ->(obj) { return :enable_tpu, obj['enableTpu'] }, 'tpuIpv4CidrBlock' => ->(obj) { return :tpu_ipv4_cidr_block, obj['tpuIpv4CidrBlock'] }, 'conditions' => ->(obj) { return :conditions, GoogleInSpec::Container::Property::RegionalClusterConditionsArray.parse(obj['conditions'], to_s) }, + 'masterAuthorizedNetworksConfig' => ->(obj) { return :master_authorized_networks_config, GoogleInSpec::Container::Property::RegionalClusterMasterAuthorizedNetworksConfig.new(obj['masterAuthorizedNetworksConfig'], to_s) }, 'location' => ->(obj) { return :location, obj['location'] }, } end From 84afaea61273cb2e2849ea2403e5145b38925602 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Wed, 28 Aug 2019 16:34:00 -0700 Subject: [PATCH 4/8] Upgrade to google terraform provider 2.14.0 Signed-off-by: Sam Levenick --- test/integration/build/gcp.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/build/gcp.tf b/test/integration/build/gcp.tf index c7bffae92..a3ede9579 100644 --- a/test/integration/build/gcp.tf +++ b/test/integration/build/gcp.tf @@ -99,7 +99,7 @@ variable "gcp_enable_privileged_resources" {} provider "google" { region = "${var.gcp_location}" - version = "~> 2.13.0" + version = "~> 2.14.0" } resource "google_service_account" "generic_service_account_object_viewer" { From 39543965b31fd74643fd4ca654897882363fd652 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Thu, 5 Sep 2019 09:12:14 -0700 Subject: [PATCH 5/8] Add possible different verb for fetches on IAM policies Signed-off-by: Sam Levenick --- libraries/gcp_backend.rb | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/libraries/gcp_backend.rb b/libraries/gcp_backend.rb index 29dd6d88a..227f2156b 100644 --- a/libraries/gcp_backend.rb +++ b/libraries/gcp_backend.rb @@ -207,19 +207,20 @@ def fetch_auth Network::Authorization.new.from_application_default! end - def fetch(base_url, template, var_data) + def fetch(base_url, template, var_data, request_type = 'Get') get_request = Network::Base.new( build_uri(base_url, template, var_data), fetch_auth, + request_type, ) return_if_object get_request.send end - def fetch_all(base_url, template, var_data) - next_page(build_uri(base_url, template, var_data)) + def fetch_all(base_url, template, var_data, request_type = 'Get') + next_page(build_uri(base_url, template, var_data), request_type) end - def next_page(uri, token = nil) + def next_page(uri, request_type, token = nil) next_hash = {} next_hash['pageToken'] = token unless token.nil? current_params = Hash[URI.decode_www_form(uri.query || '')].merge(next_hash) @@ -227,12 +228,13 @@ def next_page(uri, token = nil) get_request = Network::Base.new( uri, fetch_auth, + request_type, ) result = JSON.parse(get_request.send.body) next_page_token = result['nextPageToken'] return [result] if next_page_token.nil? - [result] + next_page(uri, next_page_token) + [result] + next_page(uri, request_type, next_page_token) end def return_if_object(response) @@ -294,13 +296,14 @@ def expand_variables(template, var_data) # A handler for authenticated network request module Network class Base - def initialize(link, cred) + def initialize(link, cred, request_type) @link = link @cred = cred + @request_type = request_type end def builder - Net::HTTP.const_get('Get') + Net::HTTP.const_get(request_type) end def send From 35449ba1f63edfc5ad6908a736e624732d9aa132 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Thu, 5 Sep 2019 09:41:35 -0700 Subject: [PATCH 6/8] Clean up tests to prevent extra variables Signed-off-by: Sam Levenick --- libraries/gcp_backend.rb | 2 +- test/integration/build/gcp.tf | 4 ++-- test/integration/configuration/gcp_inspec_config.rb | 3 --- test/integration/verify/controls/google_compute_region.rb | 1 - test/integration/verify/controls/google_compute_regions.rb | 3 +-- test/integration/verify/controls/google_compute_zones.rb | 3 +-- 6 files changed, 5 insertions(+), 11 deletions(-) diff --git a/libraries/gcp_backend.rb b/libraries/gcp_backend.rb index 227f2156b..389f2b650 100644 --- a/libraries/gcp_backend.rb +++ b/libraries/gcp_backend.rb @@ -303,7 +303,7 @@ def initialize(link, cred, request_type) end def builder - Net::HTTP.const_get(request_type) + Net::HTTP.const_get(@request_type) end def send diff --git a/test/integration/build/gcp.tf b/test/integration/build/gcp.tf index a3ede9579..efc4e2b74 100644 --- a/test/integration/build/gcp.tf +++ b/test/integration/build/gcp.tf @@ -337,10 +337,10 @@ resource "google_compute_region_instance_group_manager" "appserver" { resource "google_container_cluster" "primary" { project = "${var.gcp_project_id}" name = "${var.gcp_kube_cluster_name}" - zone = "${var.gcp_kube_cluster_zone}" + location = "${var.gcp_kube_cluster_zone}" initial_node_count = "${var.gcp_kube_cluster_size}" - additional_zones = [ + node_locations = [ "${var.gcp_kube_cluster_zone_extra1}", "${var.gcp_kube_cluster_zone_extra2}", ] diff --git a/test/integration/configuration/gcp_inspec_config.rb b/test/integration/configuration/gcp_inspec_config.rb index 9171b001a..26cdd813f 100644 --- a/test/integration/configuration/gcp_inspec_config.rb +++ b/test/integration/configuration/gcp_inspec_config.rb @@ -23,8 +23,6 @@ def self.add_random_string(length = 25) # Determine the storage account name and the admin password :gcp_location => "europe-west2", :gcp_zone => "europe-west2-a", - :gcp_zone_id => "2290", - :gcp_region_id => "1290", # Cloud functions are only available in certain regions :gcp_cloud_function_region => "us-central1", :gcp_int_vm_name => "gcp-inspec-int-linux-vm", @@ -76,7 +74,6 @@ def self.add_random_string(length = 25) :gcp_kube_cluster_master_user => "gcp-inspec-kube-admin", :gcp_kube_cluster_master_pass => (("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a + %w{! @ # $ % & / ( ) + ? *}).sample(20).join, :gcp_kube_nodepool_name => "default-pool", - :gcp_inspec_user_email => "user:chef@example.com", :gcp_kms_key_ring_policy_name => "gcp-inspec-kms-key-ring-#{add_random_string}", :gcp_kms_key_ring_binding_member_name => "gcp-inspec-kms-key-ring-#{add_random_string}", :gcp_kms_crypto_key_name_policy => "gcp-inspec-kms-crypto-key-policy-#{add_random_string}", diff --git a/test/integration/verify/controls/google_compute_region.rb b/test/integration/verify/controls/google_compute_region.rb index a438352aa..eaaf8fb22 100644 --- a/test/integration/verify/controls/google_compute_region.rb +++ b/test/integration/verify/controls/google_compute_region.rb @@ -16,7 +16,6 @@ gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.') -gcp_region_id = attribute(:gcp_region_id, default: 'gcp_region_id', description: 'A sample GCP region identifier to test for.') control 'google_compute_region-1.0' do impact 1.0 title 'google_compute_region resource test' diff --git a/test/integration/verify/controls/google_compute_regions.rb b/test/integration/verify/controls/google_compute_regions.rb index bcd584d9e..129f3fe84 100644 --- a/test/integration/verify/controls/google_compute_regions.rb +++ b/test/integration/verify/controls/google_compute_regions.rb @@ -16,7 +16,6 @@ gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.') -gcp_region_id = attribute(:gcp_region_id, default: 'gcp_region_id', description: 'A sample GCP region identifier to test for.') control 'google_compute_regions-1.0' do impact 1.0 title 'google_compute_regions resource test' @@ -25,6 +24,6 @@ its('count') { should be >= 1 } its('region_names') { should include "#{gcp_location}" } its('region_statuses') { should_not include "DOWN" } - its('region_ids') { should include gcp_region_id } + its('region_ids') { should include "1290" } end end diff --git a/test/integration/verify/controls/google_compute_zones.rb b/test/integration/verify/controls/google_compute_zones.rb index e1f357054..b6f06d34d 100644 --- a/test/integration/verify/controls/google_compute_zones.rb +++ b/test/integration/verify/controls/google_compute_zones.rb @@ -2,7 +2,6 @@ gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.') gcp_zone = attribute(:gcp_zone, default: '', description: 'The GCP zone being used.') -gcp_zone_id = attribute(:gcp_zone_id, default: '', description: 'A sample zone identifier to test for.') control 'gcp-zones-1.0' do @@ -14,7 +13,7 @@ its('count') { should be <= 100} # 46 at the time of writing its('zone_names') { should include gcp_zone } its('zone_statuses') { should_not include "DOWN" } - its('zone_ids') { should include gcp_zone_id.to_i } + its('zone_ids') { should include 2290 } end end \ No newline at end of file From 54061714cbd69794e5917fa5acf0bc4c386ce407 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Fri, 6 Sep 2019 18:26:44 +0000 Subject: [PATCH 7/8] Hard code hard coded variable Signed-off-by: Modular Magician --- docs/resources/google_compute_regions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/google_compute_regions.md b/docs/resources/google_compute_regions.md index 36dff5b1a..626a01a24 100644 --- a/docs/resources/google_compute_regions.md +++ b/docs/resources/google_compute_regions.md @@ -12,7 +12,7 @@ describe google_compute_regions(project: 'chef-gcp-inspec') do its('count') { should be >= 1 } its('region_names') { should include "#{gcp_location}" } its('region_statuses') { should_not include "DOWN" } - its('region_ids') { should include gcp_region_id } + its('region_ids') { should include "1290" } end ``` From cd1d1b219e8d10226066a651cea49ffc2d5364c8 Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Fri, 6 Sep 2019 18:59:28 +0000 Subject: [PATCH 8/8] Inspec project iam Signed-off-by: Modular Magician --- .../google_compute_subnetwork_iam_policy.md | 4 ++ .../google_pubsub_subscription_iam_policy.md | 4 ++ .../google_pubsub_topic_iam_policy.md | 4 ++ ...ogle_resourcemanager_project_iam_policy.md | 46 +++++++++++++++ libraries/google_bigquery_dataset.rb | 2 +- libraries/google_bigquery_datasets.rb | 2 +- libraries/google_bigquery_table.rb | 2 +- libraries/google_bigquery_tables.rb | 2 +- libraries/google_cloudbuild_trigger.rb | 2 +- libraries/google_cloudbuild_triggers.rb | 2 +- .../google_cloudfunctions_cloud_function.rb | 2 +- .../google_cloudfunctions_cloud_functions.rb | 2 +- libraries/google_compute_autoscaler.rb | 2 +- libraries/google_compute_autoscalers.rb | 2 +- libraries/google_compute_backend_bucket.rb | 2 +- libraries/google_compute_backend_buckets.rb | 2 +- libraries/google_compute_backend_service.rb | 2 +- libraries/google_compute_backend_services.rb | 2 +- libraries/google_compute_disk.rb | 2 +- libraries/google_compute_disks.rb | 2 +- libraries/google_compute_global_address.rb | 2 +- libraries/google_compute_global_addresses.rb | 2 +- .../google_compute_global_forwarding_rule.rb | 2 +- .../google_compute_global_forwarding_rules.rb | 2 +- libraries/google_compute_health_check.rb | 2 +- libraries/google_compute_health_checks.rb | 2 +- libraries/google_compute_http_health_check.rb | 2 +- .../google_compute_http_health_checks.rb | 2 +- .../google_compute_https_health_check.rb | 2 +- .../google_compute_https_health_checks.rb | 2 +- .../google_compute_instance_group_manager.rb | 2 +- .../google_compute_instance_group_managers.rb | 2 +- libraries/google_compute_instance_template.rb | 2 +- .../google_compute_instance_templates.rb | 2 +- libraries/google_compute_region.rb | 2 +- .../google_compute_region_backend_service.rb | 2 +- .../google_compute_region_backend_services.rb | 2 +- libraries/google_compute_regions.rb | 2 +- libraries/google_compute_route.rb | 2 +- libraries/google_compute_router.rb | 2 +- libraries/google_compute_routers.rb | 2 +- libraries/google_compute_routes.rb | 2 +- libraries/google_compute_snapshot.rb | 2 +- libraries/google_compute_snapshots.rb | 2 +- libraries/google_compute_ssl_certificate.rb | 2 +- libraries/google_compute_ssl_certificates.rb | 2 +- libraries/google_compute_ssl_policies.rb | 2 +- libraries/google_compute_ssl_policy.rb | 2 +- .../google_compute_subnetwork_iam_policy.rb | 2 +- .../google_compute_target_http_proxies.rb | 2 +- libraries/google_compute_target_http_proxy.rb | 2 +- .../google_compute_target_https_proxies.rb | 2 +- .../google_compute_target_https_proxy.rb | 2 +- libraries/google_compute_target_pool.rb | 2 +- libraries/google_compute_target_pools.rb | 2 +- .../google_compute_target_tcp_proxies.rb | 2 +- libraries/google_compute_target_tcp_proxy.rb | 2 +- libraries/google_compute_url_map.rb | 2 +- libraries/google_compute_url_maps.rb | 2 +- .../google_container_regional_cluster.rb | 2 +- .../google_container_regional_clusters.rb | 2 +- .../google_container_regional_node_pool.rb | 2 +- .../google_container_regional_node_pools.rb | 2 +- libraries/google_dns_resource_record_set.rb | 2 +- libraries/google_dns_resource_record_sets.rb | 2 +- .../google_logging_organization_log_sink.rb | 2 +- .../google_logging_organization_log_sinks.rb | 2 +- libraries/google_pubsub_subscription.rb | 2 +- .../google_pubsub_subscription_iam_policy.rb | 2 +- libraries/google_pubsub_subscriptions.rb | 2 +- libraries/google_pubsub_topic.rb | 2 +- libraries/google_pubsub_topic_iam_policy.rb | 2 +- libraries/google_pubsub_topics.rb | 2 +- libraries/google_resourcemanager_folder.rb | 2 +- libraries/google_resourcemanager_folders.rb | 2 +- ...ogle_resourcemanager_project_iam_policy.rb | 59 +++++++++++++++++++ libraries/google_sourcerepo_repositories.rb | 2 +- libraries/google_sourcerepo_repository.rb | 2 +- 78 files changed, 190 insertions(+), 73 deletions(-) create mode 100644 docs/resources/google_resourcemanager_project_iam_policy.md create mode 100644 libraries/google_resourcemanager_project_iam_policy.rb diff --git a/docs/resources/google_compute_subnetwork_iam_policy.md b/docs/resources/google_compute_subnetwork_iam_policy.md index 38aba9d0c..64da00441 100644 --- a/docs/resources/google_compute_subnetwork_iam_policy.md +++ b/docs/resources/google_compute_subnetwork_iam_policy.md @@ -35,6 +35,10 @@ Properties that can be accessed from the `google_compute_subnetwork_iam_policy` * `audit_log_configs`: The configuration for logging of each type of permission. + * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ + + * `exempted_members`: Specifies the identities that do not cause logging for this type of permission. + ## GCP Permissions diff --git a/docs/resources/google_pubsub_subscription_iam_policy.md b/docs/resources/google_pubsub_subscription_iam_policy.md index 35a192094..a403d34a4 100644 --- a/docs/resources/google_pubsub_subscription_iam_policy.md +++ b/docs/resources/google_pubsub_subscription_iam_policy.md @@ -35,6 +35,10 @@ Properties that can be accessed from the `google_pubsub_subscription_iam_policy` * `audit_log_configs`: The configuration for logging of each type of permission. + * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ + + * `exempted_members`: Specifies the identities that do not cause logging for this type of permission. + ## GCP Permissions diff --git a/docs/resources/google_pubsub_topic_iam_policy.md b/docs/resources/google_pubsub_topic_iam_policy.md index 1b9d839c8..36ec4bc25 100644 --- a/docs/resources/google_pubsub_topic_iam_policy.md +++ b/docs/resources/google_pubsub_topic_iam_policy.md @@ -35,6 +35,10 @@ Properties that can be accessed from the `google_pubsub_topic_iam_policy` resour * `audit_log_configs`: The configuration for logging of each type of permission. + * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ + + * `exempted_members`: Specifies the identities that do not cause logging for this type of permission. + ## GCP Permissions diff --git a/docs/resources/google_resourcemanager_project_iam_policy.md b/docs/resources/google_resourcemanager_project_iam_policy.md new file mode 100644 index 000000000..65970c3a0 --- /dev/null +++ b/docs/resources/google_resourcemanager_project_iam_policy.md @@ -0,0 +1,46 @@ +--- +title: About the google_resourcemanager_project_iam_policy resource +platform: gcp +--- + +## Syntax +A `google_resourcemanager_project_iam_policy` is used to test a Google Project Iam Policy resource + +## Examples +``` +describe google_resourcemanager_project_iam_policy(project_id: "projectId") do + it { should exist } +end + +google_resourcemanager_project_iam_policy(project_id: "projectId").bindings.each do |binding| + describe binding do + its('role') { should eq 'roles/editor'} + its('members') { should include 'user:testuser@example.com'} + end +end +``` + +## Properties +Properties that can be accessed from the `google_resourcemanager_project_iam_policy` resource: + + * `bindings`: Associates a list of members to a role. + + * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. + + * `members`: Specifies the identities requesting access for a Cloud Platform resource. + + * `audit_configs`: Specifies cloud audit logging configuration for this policy. + + * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. + + * `audit_log_configs`: The configuration for logging of each type of permission. + + * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ + + * `exempted_members`: Specifies the identities that do not cause logging for this type of permission. + + + +## GCP Permissions + +Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project. diff --git a/libraries/google_bigquery_dataset.rb b/libraries/google_bigquery_dataset.rb index 1d6386fe7..968212a5e 100644 --- a/libraries/google_bigquery_dataset.rb +++ b/libraries/google_bigquery_dataset.rb @@ -40,7 +40,7 @@ class Dataset < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_bigquery_datasets.rb b/libraries/google_bigquery_datasets.rb index 60ae1ed8f..1215bfb14 100644 --- a/libraries/google_bigquery_datasets.rb +++ b/libraries/google_bigquery_datasets.rb @@ -41,7 +41,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_bigquery_table.rb b/libraries/google_bigquery_table.rb index 48124bcac..f8bbb91f0 100644 --- a/libraries/google_bigquery_table.rb +++ b/libraries/google_bigquery_table.rb @@ -64,7 +64,7 @@ class Table < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_bigquery_tables.rb b/libraries/google_bigquery_tables.rb index 1442960cb..4fe2efbe1 100644 --- a/libraries/google_bigquery_tables.rb +++ b/libraries/google_bigquery_tables.rb @@ -55,7 +55,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_cloudbuild_trigger.rb b/libraries/google_cloudbuild_trigger.rb index 0153cd7ff..553efc230 100644 --- a/libraries/google_cloudbuild_trigger.rb +++ b/libraries/google_cloudbuild_trigger.rb @@ -39,7 +39,7 @@ class Trigger < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_cloudbuild_triggers.rb b/libraries/google_cloudbuild_triggers.rb index 3a66e2c83..3d89f1192 100644 --- a/libraries/google_cloudbuild_triggers.rb +++ b/libraries/google_cloudbuild_triggers.rb @@ -44,7 +44,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_cloudfunctions_cloud_function.rb b/libraries/google_cloudfunctions_cloud_function.rb index 78a57e2f5..09a4b890c 100644 --- a/libraries/google_cloudfunctions_cloud_function.rb +++ b/libraries/google_cloudfunctions_cloud_function.rb @@ -47,7 +47,7 @@ class CloudFunction < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_cloudfunctions_cloud_functions.rb b/libraries/google_cloudfunctions_cloud_functions.rb index df0928a04..ceb2c8c75 100644 --- a/libraries/google_cloudfunctions_cloud_functions.rb +++ b/libraries/google_cloudfunctions_cloud_functions.rb @@ -52,7 +52,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_autoscaler.rb b/libraries/google_compute_autoscaler.rb index 38c375f1d..c44e2bc8d 100644 --- a/libraries/google_compute_autoscaler.rb +++ b/libraries/google_compute_autoscaler.rb @@ -37,7 +37,7 @@ class Autoscaler < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_autoscalers.rb b/libraries/google_compute_autoscalers.rb index 951e153bf..885f39c6d 100644 --- a/libraries/google_compute_autoscalers.rb +++ b/libraries/google_compute_autoscalers.rb @@ -41,7 +41,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_backend_bucket.rb b/libraries/google_compute_backend_bucket.rb index 8e58bbc40..f5517e99f 100644 --- a/libraries/google_compute_backend_bucket.rb +++ b/libraries/google_compute_backend_bucket.rb @@ -34,7 +34,7 @@ class BackendBucket < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_backend_buckets.rb b/libraries/google_compute_backend_buckets.rb index 5fa1d5c25..1249c0ab2 100644 --- a/libraries/google_compute_backend_buckets.rb +++ b/libraries/google_compute_backend_buckets.rb @@ -41,7 +41,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_backend_service.rb b/libraries/google_compute_backend_service.rb index 9f884d9ab..f865dd2f3 100644 --- a/libraries/google_compute_backend_service.rb +++ b/libraries/google_compute_backend_service.rb @@ -49,7 +49,7 @@ class BackendService < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_backend_services.rb b/libraries/google_compute_backend_services.rb index b8f38b3f6..7682ca7ab 100644 --- a/libraries/google_compute_backend_services.rb +++ b/libraries/google_compute_backend_services.rb @@ -52,7 +52,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_disk.rb b/libraries/google_compute_disk.rb index 32c268c48..9f5fafce9 100644 --- a/libraries/google_compute_disk.rb +++ b/libraries/google_compute_disk.rb @@ -50,7 +50,7 @@ class Disk < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_disks.rb b/libraries/google_compute_disks.rb index fb962254b..9d5f5ae2e 100644 --- a/libraries/google_compute_disks.rb +++ b/libraries/google_compute_disks.rb @@ -55,7 +55,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_global_address.rb b/libraries/google_compute_global_address.rb index c8f2a005d..8343eb24c 100644 --- a/libraries/google_compute_global_address.rb +++ b/libraries/google_compute_global_address.rb @@ -37,7 +37,7 @@ class GlobalAddress < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_global_addresses.rb b/libraries/google_compute_global_addresses.rb index 43edbc236..dca8ebb7e 100644 --- a/libraries/google_compute_global_addresses.rb +++ b/libraries/google_compute_global_addresses.rb @@ -45,7 +45,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_global_forwarding_rule.rb b/libraries/google_compute_global_forwarding_rule.rb index 44ef3f7ab..4528cecbb 100644 --- a/libraries/google_compute_global_forwarding_rule.rb +++ b/libraries/google_compute_global_forwarding_rule.rb @@ -37,7 +37,7 @@ class GlobalForwardingRule < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_global_forwarding_rules.rb b/libraries/google_compute_global_forwarding_rules.rb index 197107f47..b4d3d5c56 100644 --- a/libraries/google_compute_global_forwarding_rules.rb +++ b/libraries/google_compute_global_forwarding_rules.rb @@ -45,7 +45,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_health_check.rb b/libraries/google_compute_health_check.rb index 106e76996..b72cc5962 100644 --- a/libraries/google_compute_health_check.rb +++ b/libraries/google_compute_health_check.rb @@ -43,7 +43,7 @@ class HealthCheck < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_health_checks.rb b/libraries/google_compute_health_checks.rb index f95e5d53c..7e6509402 100644 --- a/libraries/google_compute_health_checks.rb +++ b/libraries/google_compute_health_checks.rb @@ -47,7 +47,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_http_health_check.rb b/libraries/google_compute_http_health_check.rb index 0eb24f485..f53dae187 100644 --- a/libraries/google_compute_http_health_check.rb +++ b/libraries/google_compute_http_health_check.rb @@ -37,7 +37,7 @@ class HttpHealthCheck < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_http_health_checks.rb b/libraries/google_compute_http_health_checks.rb index 64c5a6c81..888634d9a 100644 --- a/libraries/google_compute_http_health_checks.rb +++ b/libraries/google_compute_http_health_checks.rb @@ -45,7 +45,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_https_health_check.rb b/libraries/google_compute_https_health_check.rb index fd8d76bdc..91326145d 100644 --- a/libraries/google_compute_https_health_check.rb +++ b/libraries/google_compute_https_health_check.rb @@ -37,7 +37,7 @@ class HttpsHealthCheck < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_https_health_checks.rb b/libraries/google_compute_https_health_checks.rb index 8576ef71c..5d6ad9c91 100644 --- a/libraries/google_compute_https_health_checks.rb +++ b/libraries/google_compute_https_health_checks.rb @@ -45,7 +45,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_instance_group_manager.rb b/libraries/google_compute_instance_group_manager.rb index b1797b919..3eb5cb81f 100644 --- a/libraries/google_compute_instance_group_manager.rb +++ b/libraries/google_compute_instance_group_manager.rb @@ -41,7 +41,7 @@ class InstanceGroupManager < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_instance_group_managers.rb b/libraries/google_compute_instance_group_managers.rb index 0a4bee4e4..f0f407cc1 100644 --- a/libraries/google_compute_instance_group_managers.rb +++ b/libraries/google_compute_instance_group_managers.rb @@ -47,7 +47,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_instance_template.rb b/libraries/google_compute_instance_template.rb index 8ad45a23d..23da37294 100644 --- a/libraries/google_compute_instance_template.rb +++ b/libraries/google_compute_instance_template.rb @@ -38,7 +38,7 @@ class InstanceTemplate < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_instance_templates.rb b/libraries/google_compute_instance_templates.rb index 53c6cfe26..63156b983 100644 --- a/libraries/google_compute_instance_templates.rb +++ b/libraries/google_compute_instance_templates.rb @@ -39,7 +39,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_region.rb b/libraries/google_compute_region.rb index 8b2fb8bb8..2f4759bf1 100644 --- a/libraries/google_compute_region.rb +++ b/libraries/google_compute_region.rb @@ -36,7 +36,7 @@ class Region < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_region_backend_service.rb b/libraries/google_compute_region_backend_service.rb index 259815db0..5497e9632 100644 --- a/libraries/google_compute_region_backend_service.rb +++ b/libraries/google_compute_region_backend_service.rb @@ -39,7 +39,7 @@ class RegionBackendService < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_region_backend_services.rb b/libraries/google_compute_region_backend_services.rb index 740e16bda..a38a73ec2 100644 --- a/libraries/google_compute_region_backend_services.rb +++ b/libraries/google_compute_region_backend_services.rb @@ -45,7 +45,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_regions.rb b/libraries/google_compute_regions.rb index feceb6469..71fe28b35 100644 --- a/libraries/google_compute_regions.rb +++ b/libraries/google_compute_regions.rb @@ -42,7 +42,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_route.rb b/libraries/google_compute_route.rb index 0e28ff37e..25d89b426 100644 --- a/libraries/google_compute_route.rb +++ b/libraries/google_compute_route.rb @@ -37,7 +37,7 @@ class Route < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_router.rb b/libraries/google_compute_router.rb index 6f7a2f069..480bd7f81 100644 --- a/libraries/google_compute_router.rb +++ b/libraries/google_compute_router.rb @@ -35,7 +35,7 @@ class Router < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_routers.rb b/libraries/google_compute_routers.rb index 26ce1710b..e88612b54 100644 --- a/libraries/google_compute_routers.rb +++ b/libraries/google_compute_routers.rb @@ -41,7 +41,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_routes.rb b/libraries/google_compute_routes.rb index 34446a7d4..22f18c6bb 100644 --- a/libraries/google_compute_routes.rb +++ b/libraries/google_compute_routes.rb @@ -45,7 +45,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_snapshot.rb b/libraries/google_compute_snapshot.rb index 4244fb18a..2ae95d3d0 100644 --- a/libraries/google_compute_snapshot.rb +++ b/libraries/google_compute_snapshot.rb @@ -41,7 +41,7 @@ class Snapshot < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_snapshots.rb b/libraries/google_compute_snapshots.rb index 907dd4345..4e2892bca 100644 --- a/libraries/google_compute_snapshots.rb +++ b/libraries/google_compute_snapshots.rb @@ -47,7 +47,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_ssl_certificate.rb b/libraries/google_compute_ssl_certificate.rb index 1fe030795..ce29978d8 100644 --- a/libraries/google_compute_ssl_certificate.rb +++ b/libraries/google_compute_ssl_certificate.rb @@ -32,7 +32,7 @@ class SslCertificate < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_ssl_certificates.rb b/libraries/google_compute_ssl_certificates.rb index ba3d09b9c..275fea69d 100644 --- a/libraries/google_compute_ssl_certificates.rb +++ b/libraries/google_compute_ssl_certificates.rb @@ -40,7 +40,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_ssl_policies.rb b/libraries/google_compute_ssl_policies.rb index 85a02d748..8e5c79aa8 100644 --- a/libraries/google_compute_ssl_policies.rb +++ b/libraries/google_compute_ssl_policies.rb @@ -44,7 +44,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_ssl_policy.rb b/libraries/google_compute_ssl_policy.rb index 59febb9f7..afddeaeac 100644 --- a/libraries/google_compute_ssl_policy.rb +++ b/libraries/google_compute_ssl_policy.rb @@ -37,7 +37,7 @@ class SslPolicy < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_subnetwork_iam_policy.rb b/libraries/google_compute_subnetwork_iam_policy.rb index cfdaf8443..f5c70fe93 100644 --- a/libraries/google_compute_subnetwork_iam_policy.rb +++ b/libraries/google_compute_subnetwork_iam_policy.rb @@ -30,7 +30,7 @@ class SubnetworkIamPolicy < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_target_http_proxies.rb b/libraries/google_compute_target_http_proxies.rb index 4e10faf98..3663c1780 100644 --- a/libraries/google_compute_target_http_proxies.rb +++ b/libraries/google_compute_target_http_proxies.rb @@ -39,7 +39,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_target_http_proxy.rb b/libraries/google_compute_target_http_proxy.rb index eacc4dd74..9eb7206a4 100644 --- a/libraries/google_compute_target_http_proxy.rb +++ b/libraries/google_compute_target_http_proxy.rb @@ -31,7 +31,7 @@ class TargetHttpProxy < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_target_https_proxies.rb b/libraries/google_compute_target_https_proxies.rb index beb420b38..b3d4394a8 100644 --- a/libraries/google_compute_target_https_proxies.rb +++ b/libraries/google_compute_target_https_proxies.rb @@ -42,7 +42,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_target_https_proxy.rb b/libraries/google_compute_target_https_proxy.rb index 59b497734..6c450e84a 100644 --- a/libraries/google_compute_target_https_proxy.rb +++ b/libraries/google_compute_target_https_proxy.rb @@ -34,7 +34,7 @@ class TargetHttpsProxy < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_target_pool.rb b/libraries/google_compute_target_pool.rb index 3b8ebb509..f84b061b4 100644 --- a/libraries/google_compute_target_pool.rb +++ b/libraries/google_compute_target_pool.rb @@ -36,7 +36,7 @@ class TargetPool < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_target_pools.rb b/libraries/google_compute_target_pools.rb index f0bef0ba0..e92d20149 100644 --- a/libraries/google_compute_target_pools.rb +++ b/libraries/google_compute_target_pools.rb @@ -44,7 +44,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_target_tcp_proxies.rb b/libraries/google_compute_target_tcp_proxies.rb index a07c8108b..3d2fd64d9 100644 --- a/libraries/google_compute_target_tcp_proxies.rb +++ b/libraries/google_compute_target_tcp_proxies.rb @@ -40,7 +40,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_compute_target_tcp_proxy.rb b/libraries/google_compute_target_tcp_proxy.rb index c0049ec9b..aa9fcb749 100644 --- a/libraries/google_compute_target_tcp_proxy.rb +++ b/libraries/google_compute_target_tcp_proxy.rb @@ -32,7 +32,7 @@ class TargetTcpProxy < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_url_map.rb b/libraries/google_compute_url_map.rb index 79ace5f17..83b0374a8 100644 --- a/libraries/google_compute_url_map.rb +++ b/libraries/google_compute_url_map.rb @@ -38,7 +38,7 @@ class UrlMap < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_compute_url_maps.rb b/libraries/google_compute_url_maps.rb index 407362fab..04965071c 100644 --- a/libraries/google_compute_url_maps.rb +++ b/libraries/google_compute_url_maps.rb @@ -43,7 +43,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_container_regional_cluster.rb b/libraries/google_container_regional_cluster.rb index 2668fa9bd..97eba5dc9 100644 --- a/libraries/google_container_regional_cluster.rb +++ b/libraries/google_container_regional_cluster.rb @@ -79,7 +79,7 @@ class RegionalCluster < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_container_regional_clusters.rb b/libraries/google_container_regional_clusters.rb index 451567340..69a162879 100644 --- a/libraries/google_container_regional_clusters.rb +++ b/libraries/google_container_regional_clusters.rb @@ -69,7 +69,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_container_regional_node_pool.rb b/libraries/google_container_regional_node_pool.rb index 18efe534a..ee6815c15 100644 --- a/libraries/google_container_regional_node_pool.rb +++ b/libraries/google_container_regional_node_pool.rb @@ -47,7 +47,7 @@ class RegionalNodePool < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_container_regional_node_pools.rb b/libraries/google_container_regional_node_pools.rb index bc5108f0c..740a3f95f 100644 --- a/libraries/google_container_regional_node_pools.rb +++ b/libraries/google_container_regional_node_pools.rb @@ -47,7 +47,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_dns_resource_record_set.rb b/libraries/google_dns_resource_record_set.rb index 93a26067c..c4532a568 100644 --- a/libraries/google_dns_resource_record_set.rb +++ b/libraries/google_dns_resource_record_set.rb @@ -31,7 +31,7 @@ class ResourceRecordSet < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - fetched = @connection.fetch(product_url, resource_base_url, params) + fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') @fetched = unwrap(fetched, params) parse unless @fetched.nil? end diff --git a/libraries/google_dns_resource_record_sets.rb b/libraries/google_dns_resource_record_sets.rb index ce288e71b..31bf32133 100644 --- a/libraries/google_dns_resource_record_sets.rb +++ b/libraries/google_dns_resource_record_sets.rb @@ -39,7 +39,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_logging_organization_log_sink.rb b/libraries/google_logging_organization_log_sink.rb index 4066a904a..ac4632e79 100644 --- a/libraries/google_logging_organization_log_sink.rb +++ b/libraries/google_logging_organization_log_sink.rb @@ -32,7 +32,7 @@ class OrganizationLogSink < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_logging_organization_log_sinks.rb b/libraries/google_logging_organization_log_sinks.rb index 8d0a07538..28a5d7207 100644 --- a/libraries/google_logging_organization_log_sinks.rb +++ b/libraries/google_logging_organization_log_sinks.rb @@ -40,7 +40,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_pubsub_subscription.rb b/libraries/google_pubsub_subscription.rb index 6975ba247..2fadd60b5 100644 --- a/libraries/google_pubsub_subscription.rb +++ b/libraries/google_pubsub_subscription.rb @@ -36,7 +36,7 @@ class Subscription < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_pubsub_subscription_iam_policy.rb b/libraries/google_pubsub_subscription_iam_policy.rb index 0b69b262a..73467b1cf 100644 --- a/libraries/google_pubsub_subscription_iam_policy.rb +++ b/libraries/google_pubsub_subscription_iam_policy.rb @@ -30,7 +30,7 @@ class SubscriptionIamPolicy < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_pubsub_subscriptions.rb b/libraries/google_pubsub_subscriptions.rb index a07e976dd..818cad157 100644 --- a/libraries/google_pubsub_subscriptions.rb +++ b/libraries/google_pubsub_subscriptions.rb @@ -42,7 +42,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_pubsub_topic.rb b/libraries/google_pubsub_topic.rb index 26e9ed488..1e82242de 100644 --- a/libraries/google_pubsub_topic.rb +++ b/libraries/google_pubsub_topic.rb @@ -31,7 +31,7 @@ class Topic < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_pubsub_topic_iam_policy.rb b/libraries/google_pubsub_topic_iam_policy.rb index 14571848f..cbc14d1d1 100644 --- a/libraries/google_pubsub_topic_iam_policy.rb +++ b/libraries/google_pubsub_topic_iam_policy.rb @@ -30,7 +30,7 @@ class TopicIamPolicy < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_pubsub_topics.rb b/libraries/google_pubsub_topics.rb index de9c9b45a..8d39d4c77 100644 --- a/libraries/google_pubsub_topics.rb +++ b/libraries/google_pubsub_topics.rb @@ -38,7 +38,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_resourcemanager_folder.rb b/libraries/google_resourcemanager_folder.rb index e206d2cb9..7e9770858 100644 --- a/libraries/google_resourcemanager_folder.rb +++ b/libraries/google_resourcemanager_folder.rb @@ -31,7 +31,7 @@ class Folder < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end diff --git a/libraries/google_resourcemanager_folders.rb b/libraries/google_resourcemanager_folders.rb index 9e46d9bcb..6ee2583f5 100644 --- a/libraries/google_resourcemanager_folders.rb +++ b/libraries/google_resourcemanager_folders.rb @@ -39,7 +39,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_resourcemanager_project_iam_policy.rb b/libraries/google_resourcemanager_project_iam_policy.rb new file mode 100644 index 000000000..5001739d6 --- /dev/null +++ b/libraries/google_resourcemanager_project_iam_policy.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/iam/property/iam_policy_audit_configs' +require 'google/iam/property/iam_policy_bindings' + +# A provider to manage Resource Manager IAM Policy resources. +class ProjectIamPolicy < GcpResourceBase + name 'google_resourcemanager_project_iam_policy' + desc 'Project Iam Policy' + supports platform: 'gcp' + + attr_reader :params + attr_reader :bindings + attr_reader :audit_configs + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post') + parse unless @fetched.nil? + end + + def parse + @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s) + @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s) + end + + def exists? + !@fetched.nil? + end + + def to_s + "Project IamPolicy #{@params[:project_id]}" + end + + private + + def product_url + 'https://cloudresourcemanager.googleapis.com/v1/' + end + + def resource_base_url + 'projects/{{project_id}}:getIamPolicy' + end +end diff --git a/libraries/google_sourcerepo_repositories.rb b/libraries/google_sourcerepo_repositories.rb index 20cd31324..5d0e96e1d 100644 --- a/libraries/google_sourcerepo_repositories.rb +++ b/libraries/google_sourcerepo_repositories.rb @@ -37,7 +37,7 @@ def initialize(params = {}) def fetch_wrapped_resource(wrap_path) # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') return if result.nil? # Conversion of string -> object hash to symbol -> object hash that InSpec needs diff --git a/libraries/google_sourcerepo_repository.rb b/libraries/google_sourcerepo_repository.rb index a5b6740a2..8f11c1875 100644 --- a/libraries/google_sourcerepo_repository.rb +++ b/libraries/google_sourcerepo_repository.rb @@ -29,7 +29,7 @@ class Repository < GcpResourceBase def initialize(params) super(params.merge({ use_http_transport: true })) @params = params - @fetched = @connection.fetch(product_url, resource_base_url, params) + @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') parse unless @fetched.nil? end