From 3dbe020442b8e1553655847a2eac3bab9c53f093 Mon Sep 17 00:00:00 2001
From: Tim Hartmann <tfhartmann@gmail.com>
Date: Thu, 26 Sep 2019 11:09:23 -0400
Subject: [PATCH] wip: adding tests for outputs in the firewall submodule

---
 .kitchen.yml                                  | 12 ++++
 .../controls/inspec_attributes.rb             | 61 +++++++++++++++++++
 .../integration/submodule_firewall/inspec.yml | 22 +++++++
 3 files changed, 95 insertions(+)
 create mode 100644 test/integration/submodule_firewall/controls/inspec_attributes.rb

diff --git a/.kitchen.yml b/.kitchen.yml
index 7f175b523..ed06b86be 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -121,6 +121,18 @@ suites:
           controls:
             - gcp
         - name: local
+          attrs_outputs:
+            customized_inspec_attribute: output_network_name
+            customized_inspec_attribute: output_network_self_link
+            customized_inspec_attribute: output_subnets_ips
+            customized_inspec_attribute: output_routes
+            customized_inspec_attribute: output_subnets_flow_logs
+            customized_inspec_attribute: output_subnets_names
+            customized_inspec_attribute: output_subnets_private_access
+            customized_inspec_attribute: output_subnets_regions
+            customized_inspec_attribute: output_subnets_secondary_ranges
+            customized_inspec_attribute: output_svpc_host_project_id
           backend: local
           controls:
             - gcloud
+            - inspec_attributes
diff --git a/test/integration/submodule_firewall/controls/inspec_attributes.rb b/test/integration/submodule_firewall/controls/inspec_attributes.rb
new file mode 100644
index 000000000..05ca71cb6
--- /dev/null
+++ b/test/integration/submodule_firewall/controls/inspec_attributes.rb
@@ -0,0 +1,61 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+project_id   = attribute('project_id')
+network_name = attribute('network_name')
+
+control "inspec_attributes" do
+  title "Terraform Outputs"
+  desc "Terraform Outputs"
+
+  describe attribute("output_network_name") do
+    it { should eq "#{network_name}" }
+  end
+
+  describe attribute("output_network_self_link") do
+    it { should eq "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}" }
+  end
+
+  describe attribute("output_subnets_ips") do
+    it { should eq ["10.10.10.0/24", "10.10.20.0/24"] }
+  end
+
+  describe attribute("output_routes") do
+    it { should eq [] }
+  end
+
+  describe attribute("output_subnets_flow_logs") do
+    it { should eq [false, true] }
+  end
+
+  describe attribute("output_subnets_names") do
+    it { should eq ["#{network_name}-subnet-01", "#{network_name}-subnet-02"] }
+  end
+
+  describe attribute("output_subnets_private_access") do
+    it { should eq [false, true] }
+  end
+
+  describe attribute("output_subnets_regions") do
+    it { should eq ["us-west1", "us-west1"] }
+  end
+
+  describe attribute("output_subnets_secondary_ranges") do
+    it { should eq [[],[]] }
+  end
+
+  describe attribute("output_svpc_host_project_id") do
+    it { should eq "" }
+  end
+end
diff --git a/test/integration/submodule_firewall/inspec.yml b/test/integration/submodule_firewall/inspec.yml
index 7e69b5296..67efdd294 100644
--- a/test/integration/submodule_firewall/inspec.yml
+++ b/test/integration/submodule_firewall/inspec.yml
@@ -10,3 +10,25 @@ attributes:
   - name: network_name
     required: true
     type: string
+  - name: output_network_name
+    required: true
+    type: string
+  - name: output_network_self_link
+    required: true
+    type: string
+  - name: output_subnets_ips
+    required: true
+  - name: output_routes
+    required: true
+  - name: output_subnets_flow_logs
+    required: true
+  - name: output_subnets_names
+    required: true
+  - name: output_subnets_private_access
+    required: true
+  - name: output_subnets_regions
+    required: true
+  - name: output_subnets_secondary_ranges
+    required: true
+  - name: output_svpc_host_project_id
+    required: true