From b746331dc054ab5a15c5b4c371546ec6b20120fc Mon Sep 17 00:00:00 2001 From: Samir Anand Date: Wed, 29 Nov 2023 23:39:46 +0530 Subject: [PATCH 1/7] Automatically generated by magic modules for service: compute and resource: ServiceAttachment. This commit includes the following changes: - Singular Resource - Plural Resource - Documentation updates - Terraform configuration - Integration tests Signed-off-by: Samir Anand --- .../google_compute_service_attachment.md | 106 ++++++++++++++++ .../google_compute_service_attachments.md | 46 +++++++ .../serviceattachment_connected_endpoints.rb | 51 ++++++++ ...serviceattachment_consumer_accept_lists.rb | 48 ++++++++ ...iceattachment_psc_service_attachment_id.rb | 37 ++++++ .../google_compute_service_attachment.rb | 94 ++++++++++++++ .../google_compute_service_attachments.rb | 115 ++++++++++++++++++ .../google_compute_service_attachment.rb | 57 +++++++++ .../google_compute_service_attachments.rb | 41 +++++++ 9 files changed, 595 insertions(+) create mode 100644 docs/resources/google_compute_service_attachment.md create mode 100644 docs/resources/google_compute_service_attachments.md create mode 100644 libraries/google/compute/property/serviceattachment_connected_endpoints.rb create mode 100644 libraries/google/compute/property/serviceattachment_consumer_accept_lists.rb create mode 100644 libraries/google/compute/property/serviceattachment_psc_service_attachment_id.rb create mode 100644 libraries/google_compute_service_attachment.rb create mode 100644 libraries/google_compute_service_attachments.rb create mode 100644 test/integration/verify/controls/google_compute_service_attachment.rb create mode 100644 test/integration/verify/controls/google_compute_service_attachments.rb diff --git a/docs/resources/google_compute_service_attachment.md b/docs/resources/google_compute_service_attachment.md new file mode 100644 index 000000000..cc4deb7cf --- /dev/null +++ b/docs/resources/google_compute_service_attachment.md @@ -0,0 +1,106 @@ +--- +title: About the google_compute_service_attachment resource +platform: gcp +--- + +## Syntax +A `google_compute_service_attachment` is used to test a Google ServiceAttachment resource + +## Examples +``` +describe google_compute_service_attachment(project: 'chef-gcp-inspec', region: ' value_region', serviceAttachment: ' ') do + it { should exist } + its('kind') { should cmp 'value_kind' } + its('id') { should cmp 'value_id' } + its('creation_timestamp') { should cmp 'value_creationtimestamp' } + its('name') { should cmp 'value_name' } + its('description') { should cmp 'value_description' } + its('self_link') { should cmp 'value_selflink' } + its('region') { should cmp 'value_region' } + its('producer_forwarding_rule') { should cmp 'value_producerforwardingrule' } + its('target_service') { should cmp 'value_targetservice' } + its('connection_preference') { should cmp 'value_connectionpreference' } + its('fingerprint') { should cmp 'value_fingerprint' } + +end + +describe google_compute_service_attachment(project: 'chef-gcp-inspec', region: ' value_region', serviceAttachment: ' ') do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_service_attachment` resource: + + + * `kind`: [Output Only] Type of the resource. Always compute#serviceAttachment for service attachments. + + * `id`: [Output Only] The unique identifier for the resource type. The server generates this identifier. + + * `creation_timestamp`: [Output Only] Creation timestamp in RFC3339 text format. + + * `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + + * `description`: An optional description of this resource. Provide this property when you create the resource. + + * `self_link`: [Output Only] Server-defined URL for the resource. + + * `region`: [Output Only] URL of the region where the service attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body. + + * `producer_forwarding_rule`: The URL of a forwarding rule with loadBalancingScheme INTERNAL* that is serving the endpoint identified by this service attachment. + + * `target_service`: The URL of a service serving the endpoint identified by this service attachment. + + * `connection_preference`: The connection preference of service attachment. The value can be set to ACCEPT_AUTOMATIC. An ACCEPT_AUTOMATIC service attachment is one that always accepts the connection from consumer forwarding rules. + Possible values: + * ACCEPT_AUTOMATIC + * ACCEPT_MANUAL + * CONNECTION_PREFERENCE_UNSPECIFIED + + * `connected_endpoints`: [Output Only] An array of connections for all the consumers connected to this service attachment. + + * `status`: The status of a connected endpoint to this service attachment. + Possible values: + * ACCEPTED + * CLOSED + * NEEDS_ATTENTION + * PENDING + * REJECTED + * STATUS_UNSPECIFIED + + * `psc_connection_id`: The PSC connection id of the connected endpoint. + + * `endpoint`: The url of a connected endpoint. + + * `consumer_network`: The url of the consumer network. + + * `nat_subnets`: An array of URLs where each entry is the URL of a subnet provided by the service producer to use for NAT in this service attachment. + + * `enable_proxy_protocol`: If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers. + + * `consumer_reject_lists`: Projects that are not allowed to connect to this service attachment. The project can be specified using its id or number. + + * `consumer_accept_lists`: Projects that are allowed to connect to this service attachment. + + * `project_id_or_num`: The project id or number for the project to set the limit for. + + * `network_url`: The network URL for the network to set the limit for. + + * `connection_limit`: The value of the limit to set. + + * `psc_service_attachment_id`: + + * `high`: + + * `low`: + + * `fingerprint`: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment. + + * `domain_names`: If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1. + + * `reconcile_connections`: This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints. - If false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified . - If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list. For newly created service attachment, this boolean defaults to false. + + +## GCP Permissions + +Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_compute_service_attachments.md b/docs/resources/google_compute_service_attachments.md new file mode 100644 index 000000000..ce50af9b5 --- /dev/null +++ b/docs/resources/google_compute_service_attachments.md @@ -0,0 +1,46 @@ +--- +title: About the google_compute_service_attachments resource +platform: gcp +--- + +## Syntax +A `google_compute_service_attachments` is used to test a Google ServiceAttachment resource + +## Examples +``` + describe google_compute_service_attachments(project: 'chef-gcp-inspec', region: ' value_region') do + it { should exist } + end +``` + +## Properties +Properties that can be accessed from the `google_compute_service_attachments` resource: + +See [google_compute_service_attachment.md](google_compute_service_attachment.md) for more detailed information + * `kinds`: an array of `google_compute_service_attachment` kind + * `ids`: an array of `google_compute_service_attachment` id + * `creation_timestamps`: an array of `google_compute_service_attachment` creation_timestamp + * `names`: an array of `google_compute_service_attachment` name + * `descriptions`: an array of `google_compute_service_attachment` description + * `self_links`: an array of `google_compute_service_attachment` self_link + * `regions`: an array of `google_compute_service_attachment` region + * `producer_forwarding_rules`: an array of `google_compute_service_attachment` producer_forwarding_rule + * `target_services`: an array of `google_compute_service_attachment` target_service + * `connection_preferences`: an array of `google_compute_service_attachment` connection_preference + * `connected_endpoints`: an array of `google_compute_service_attachment` connected_endpoints + * `nat_subnets`: an array of `google_compute_service_attachment` nat_subnets + * `enable_proxy_protocols`: an array of `google_compute_service_attachment` enable_proxy_protocol + * `consumer_reject_lists`: an array of `google_compute_service_attachment` consumer_reject_lists + * `consumer_accept_lists`: an array of `google_compute_service_attachment` consumer_accept_lists + * `psc_service_attachment_ids`: an array of `google_compute_service_attachment` psc_service_attachment_id + * `fingerprints`: an array of `google_compute_service_attachment` fingerprint + * `domain_names`: an array of `google_compute_service_attachment` domain_names + * `reconcile_connections`: an array of `google_compute_service_attachment` reconcile_connections + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/compute/property/serviceattachment_connected_endpoints.rb b/libraries/google/compute/property/serviceattachment_connected_endpoints.rb new file mode 100644 index 000000000..36f4fc710 --- /dev/null +++ b/libraries/google/compute/property/serviceattachment_connected_endpoints.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class ServiceAttachmentConnectedEndpoints + attr_reader :status + + attr_reader :psc_connection_id + + attr_reader :endpoint + + attr_reader :consumer_network + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @status = args['status'] + @psc_connection_id = args['pscConnectionId'] + @endpoint = args['endpoint'] + @consumer_network = args['consumerNetwork'] + end + + def to_s + "#{@parent_identifier} ServiceAttachmentConnectedEndpoints" + end + end + + class ServiceAttachmentConnectedEndpointsArray + def self.parse(value, parent_identifier) + return if value.nil? + return ServiceAttachmentConnectedEndpoints.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| ServiceAttachmentConnectedEndpoints.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/compute/property/serviceattachment_consumer_accept_lists.rb b/libraries/google/compute/property/serviceattachment_consumer_accept_lists.rb new file mode 100644 index 000000000..a7edc9c60 --- /dev/null +++ b/libraries/google/compute/property/serviceattachment_consumer_accept_lists.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class ServiceAttachmentConsumerAcceptLists + attr_reader :project_id_or_num + + attr_reader :network_url + + attr_reader :connection_limit + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @project_id_or_num = args['projectIdOrNum'] + @network_url = args['networkUrl'] + @connection_limit = args['connectionLimit'] + end + + def to_s + "#{@parent_identifier} ServiceAttachmentConsumerAcceptLists" + end + end + + class ServiceAttachmentConsumerAcceptListsArray + def self.parse(value, parent_identifier) + return if value.nil? + return ServiceAttachmentConsumerAcceptLists.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| ServiceAttachmentConsumerAcceptLists.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/compute/property/serviceattachment_psc_service_attachment_id.rb b/libraries/google/compute/property/serviceattachment_psc_service_attachment_id.rb new file mode 100644 index 000000000..a01521a07 --- /dev/null +++ b/libraries/google/compute/property/serviceattachment_psc_service_attachment_id.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class ServiceAttachmentPscServiceAttachmentId + attr_reader :high + + attr_reader :low + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @high = args['high'] + @low = args['low'] + end + + def to_s + "#{@parent_identifier} ServiceAttachmentPscServiceAttachmentId" + end + end + end + end +end diff --git a/libraries/google_compute_service_attachment.rb b/libraries/google_compute_service_attachment.rb new file mode 100644 index 000000000..b3619472b --- /dev/null +++ b/libraries/google_compute_service_attachment.rb @@ -0,0 +1,94 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/compute/property/serviceattachment_connected_endpoints' +require 'google/compute/property/serviceattachment_consumer_accept_lists' +require 'google/compute/property/serviceattachment_psc_service_attachment_id' + +# A provider to manage Compute Engine resources. +class ComputeServiceAttachment < GcpResourceBase + name 'google_compute_service_attachment' + desc 'ServiceAttachment' + supports platform: 'gcp' + + attr_reader :params + attr_reader :kind + attr_reader :id + attr_reader :creation_timestamp + attr_reader :name + attr_reader :description + attr_reader :self_link + attr_reader :region + attr_reader :producer_forwarding_rule + attr_reader :target_service + attr_reader :connection_preference + attr_reader :connected_endpoints + attr_reader :nat_subnets + attr_reader :enable_proxy_protocol + attr_reader :consumer_reject_lists + attr_reader :consumer_accept_lists + attr_reader :psc_service_attachment_id + attr_reader :fingerprint + attr_reader :domain_names + attr_reader :reconcile_connections + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @kind = @fetched['kind'] + @id = @fetched['id'] + @creation_timestamp = @fetched['creationTimestamp'] + @name = @fetched['name'] + @description = @fetched['description'] + @self_link = @fetched['selfLink'] + @region = @fetched['region'] + @producer_forwarding_rule = @fetched['producerForwardingRule'] + @target_service = @fetched['targetService'] + @connection_preference = @fetched['connectionPreference'] + @connected_endpoints = GoogleInSpec::Compute::Property::ServiceAttachmentConnectedEndpointsArray.parse(@fetched['connectedEndpoints'], to_s) + @nat_subnets = @fetched['natSubnets'] + @enable_proxy_protocol = @fetched['enableProxyProtocol'] + @consumer_reject_lists = @fetched['consumerRejectLists'] + @consumer_accept_lists = GoogleInSpec::Compute::Property::ServiceAttachmentConsumerAcceptListsArray.parse(@fetched['consumerAcceptLists'], to_s) + @psc_service_attachment_id = GoogleInSpec::Compute::Property::ServiceAttachmentPscServiceAttachmentId.new(@fetched['pscServiceAttachmentId'], to_s) + @fingerprint = @fetched['fingerprint'] + @domain_names = @fetched['domainNames'] + @reconcile_connections = @fetched['reconcileConnections'] + end + + def exists? + !@fetched.nil? + end + + def to_s + "ServiceAttachment #{@params[:serviceAttachment]}" + end + + private + + def product_url(_ = nil) + 'https://compute.googleapis.com/compute/v1/' + end + + def resource_base_url + 'projects/{{project}}/regions/{{region}}/serviceAttachments/{{service_attachment}}' + end +end diff --git a/libraries/google_compute_service_attachments.rb b/libraries/google_compute_service_attachments.rb new file mode 100644 index 000000000..b3d623ae4 --- /dev/null +++ b/libraries/google_compute_service_attachments.rb @@ -0,0 +1,115 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class ComputeServiceAttachments < GcpResourceBase + name 'google_compute_service_attachments' + desc 'ServiceAttachment plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:kinds, field: :kind) + filter_table_config.add(:ids, field: :id) + filter_table_config.add(:creation_timestamps, field: :creation_timestamp) + filter_table_config.add(:names, field: :name) + filter_table_config.add(:descriptions, field: :description) + filter_table_config.add(:self_links, field: :self_link) + filter_table_config.add(:regions, field: :region) + filter_table_config.add(:producer_forwarding_rules, field: :producer_forwarding_rule) + filter_table_config.add(:target_services, field: :target_service) + filter_table_config.add(:connection_preferences, field: :connection_preference) + filter_table_config.add(:connected_endpoints, field: :connected_endpoints) + filter_table_config.add(:nat_subnets, field: :nat_subnets) + filter_table_config.add(:enable_proxy_protocols, field: :enable_proxy_protocol) + filter_table_config.add(:consumer_reject_lists, field: :consumer_reject_lists) + filter_table_config.add(:consumer_accept_lists, field: :consumer_accept_lists) + filter_table_config.add(:psc_service_attachment_ids, field: :psc_service_attachment_id) + filter_table_config.add(:fingerprints, field: :fingerprint) + filter_table_config.add(:domain_names, field: :domain_names) + filter_table_config.add(:reconcile_connections, field: :reconcile_connections) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('serviceAttachments') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'kind' => ->(obj) { return :kind, obj['kind'] }, + 'id' => ->(obj) { return :id, obj['id'] }, + 'creationTimestamp' => ->(obj) { return :creation_timestamp, obj['creationTimestamp'] }, + 'name' => ->(obj) { return :name, obj['name'] }, + 'description' => ->(obj) { return :description, obj['description'] }, + 'selfLink' => ->(obj) { return :self_link, obj['selfLink'] }, + 'region' => ->(obj) { return :region, obj['region'] }, + 'producerForwardingRule' => ->(obj) { return :producer_forwarding_rule, obj['producerForwardingRule'] }, + 'targetService' => ->(obj) { return :target_service, obj['targetService'] }, + 'connectionPreference' => ->(obj) { return :connection_preference, obj['connectionPreference'] }, + 'connectedEndpoints' => ->(obj) { return :connected_endpoints, GoogleInSpec::Compute::Property::ServiceAttachmentConnectedEndpointsArray.parse(obj['connectedEndpoints'], to_s) }, + 'natSubnets' => ->(obj) { return :nat_subnets, obj['natSubnets'] }, + 'enableProxyProtocol' => ->(obj) { return :enable_proxy_protocol, obj['enableProxyProtocol'] }, + 'consumerRejectLists' => ->(obj) { return :consumer_reject_lists, obj['consumerRejectLists'] }, + 'consumerAcceptLists' => ->(obj) { return :consumer_accept_lists, GoogleInSpec::Compute::Property::ServiceAttachmentConsumerAcceptListsArray.parse(obj['consumerAcceptLists'], to_s) }, + 'pscServiceAttachmentId' => ->(obj) { return :psc_service_attachment_id, GoogleInSpec::Compute::Property::ServiceAttachmentPscServiceAttachmentId.new(obj['pscServiceAttachmentId'], to_s) }, + 'fingerprint' => ->(obj) { return :fingerprint, obj['fingerprint'] }, + 'domainNames' => ->(obj) { return :domain_names, obj['domainNames'] }, + 'reconcileConnections' => ->(obj) { return :reconcile_connections, obj['reconcileConnections'] }, + } + end + + private + + def product_url(_ = nil) + 'https://compute.googleapis.com/compute/v1/' + end + + def resource_base_url + 'projects/{{project}}/regions/{{region}}/serviceAttachments' + end +end diff --git a/test/integration/verify/controls/google_compute_service_attachment.rb b/test/integration/verify/controls/google_compute_service_attachment.rb new file mode 100644 index 000000000..e7740f307 --- /dev/null +++ b/test/integration/verify/controls/google_compute_service_attachment.rb @@ -0,0 +1,57 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_service_attachment resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + service_attachment = input('service_attachment', value: { + "project": "value_project", + "region": "value_region", + "service_attachment": "value_serviceattachment", + "kind": "value_kind", + "id": "value_id", + "creation_timestamp": "value_creationtimestamp", + "name": "value_name", + "description": "value_description", + "self_link": "value_selflink", + "producer_forwarding_rule": "value_producerforwardingrule", + "target_service": "value_targetservice", + "connection_preference": "value_connectionpreference", + "fingerprint": "value_fingerprint" +}, description: 'service_attachment description') +control 'google_compute_service_attachment-1.0' do + impact 1.0 + title 'google_compute_service_attachment resource test' + + describe google_compute_service_attachment(project: gcp_project_id, region: service_attachment['region'], serviceAttachment: service_attachment['serviceAttachment']) do + it { should exist } + its('kind') { should cmp service_attachment['kind'] } + its('id') { should cmp service_attachment['id'] } + its('creation_timestamp') { should cmp service_attachment['creation_timestamp'] } + its('name') { should cmp service_attachment['name'] } + its('description') { should cmp service_attachment['description'] } + its('self_link') { should cmp service_attachment['self_link'] } + its('region') { should cmp service_attachment['region'] } + its('producer_forwarding_rule') { should cmp service_attachment['producer_forwarding_rule'] } + its('target_service') { should cmp service_attachment['target_service'] } + its('connection_preference') { should cmp service_attachment['connection_preference'] } + its('fingerprint') { should cmp service_attachment['fingerprint'] } + + end + + describe google_compute_service_attachment(project: gcp_project_id, region: service_attachment['region'], serviceAttachment: service_attachment['serviceAttachment']) do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_compute_service_attachments.rb b/test/integration/verify/controls/google_compute_service_attachments.rb new file mode 100644 index 000000000..085bd4e72 --- /dev/null +++ b/test/integration/verify/controls/google_compute_service_attachments.rb @@ -0,0 +1,41 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_service_attachments resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + service_attachment = input('service_attachment', value: { + "project": "value_project", + "region": "value_region", + "service_attachment": "value_serviceattachment", + "kind": "value_kind", + "id": "value_id", + "creation_timestamp": "value_creationtimestamp", + "name": "value_name", + "description": "value_description", + "self_link": "value_selflink", + "producer_forwarding_rule": "value_producerforwardingrule", + "target_service": "value_targetservice", + "connection_preference": "value_connectionpreference", + "fingerprint": "value_fingerprint" +}, description: 'service_attachment description') +control 'google_compute_service_attachments-1.0' do + impact 1.0 + title 'google_compute_service_attachments resource test' + + describe google_compute_service_attachments(project: gcp_project_id, region: service_attachment['region']) do + it { should exist } + end +end From b511edfddae70387daec0013a84c865a290aca7f Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Tue, 12 Dec 2023 14:59:27 +0530 Subject: [PATCH 2/7] fix: align variable naming convention with existing codebase conventions Signed-off-by: Sonu Saha --- libraries/google_compute_service_attachment.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/google_compute_service_attachment.rb b/libraries/google_compute_service_attachment.rb index b3619472b..20b0ac7f5 100644 --- a/libraries/google_compute_service_attachment.rb +++ b/libraries/google_compute_service_attachment.rb @@ -79,7 +79,7 @@ def exists? end def to_s - "ServiceAttachment #{@params[:serviceAttachment]}" + "ServiceAttachment #{@params[:service_attachment]}" end private From 950b412c2901d66ea21134f828e2242d22459923 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Tue, 12 Dec 2023 15:00:48 +0530 Subject: [PATCH 3/7] fix: update wrap_path for ComputeServiceAttachments as per response from API Signed-off-by: Sonu Saha --- libraries/google_compute_service_attachments.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/google_compute_service_attachments.rb b/libraries/google_compute_service_attachments.rb index b3d623ae4..6705780eb 100644 --- a/libraries/google_compute_service_attachments.rb +++ b/libraries/google_compute_service_attachments.rb @@ -48,7 +48,7 @@ class ComputeServiceAttachments < GcpResourceBase def initialize(params = {}) super(params.merge({ use_http_transport: true })) @params = params - @table = fetch_wrapped_resource('serviceAttachments') + @table = fetch_wrapped_resource('items') end def fetch_wrapped_resource(wrap_path) From 4b2f6e1cacefdf59f29c950c25b11ed743b20f28 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Tue, 12 Dec 2023 15:02:02 +0530 Subject: [PATCH 4/7] chore: remove redundant returns to fix rubocop lint offense Signed-off-by: Sonu Saha --- .../google_compute_service_attachments.rb | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/libraries/google_compute_service_attachments.rb b/libraries/google_compute_service_attachments.rb index 6705780eb..13bec2868 100644 --- a/libraries/google_compute_service_attachments.rb +++ b/libraries/google_compute_service_attachments.rb @@ -81,25 +81,25 @@ def transform(key, value) def transformers { - 'kind' => ->(obj) { return :kind, obj['kind'] }, - 'id' => ->(obj) { return :id, obj['id'] }, - 'creationTimestamp' => ->(obj) { return :creation_timestamp, obj['creationTimestamp'] }, - 'name' => ->(obj) { return :name, obj['name'] }, - 'description' => ->(obj) { return :description, obj['description'] }, - 'selfLink' => ->(obj) { return :self_link, obj['selfLink'] }, - 'region' => ->(obj) { return :region, obj['region'] }, - 'producerForwardingRule' => ->(obj) { return :producer_forwarding_rule, obj['producerForwardingRule'] }, - 'targetService' => ->(obj) { return :target_service, obj['targetService'] }, - 'connectionPreference' => ->(obj) { return :connection_preference, obj['connectionPreference'] }, - 'connectedEndpoints' => ->(obj) { return :connected_endpoints, GoogleInSpec::Compute::Property::ServiceAttachmentConnectedEndpointsArray.parse(obj['connectedEndpoints'], to_s) }, - 'natSubnets' => ->(obj) { return :nat_subnets, obj['natSubnets'] }, - 'enableProxyProtocol' => ->(obj) { return :enable_proxy_protocol, obj['enableProxyProtocol'] }, - 'consumerRejectLists' => ->(obj) { return :consumer_reject_lists, obj['consumerRejectLists'] }, - 'consumerAcceptLists' => ->(obj) { return :consumer_accept_lists, GoogleInSpec::Compute::Property::ServiceAttachmentConsumerAcceptListsArray.parse(obj['consumerAcceptLists'], to_s) }, - 'pscServiceAttachmentId' => ->(obj) { return :psc_service_attachment_id, GoogleInSpec::Compute::Property::ServiceAttachmentPscServiceAttachmentId.new(obj['pscServiceAttachmentId'], to_s) }, - 'fingerprint' => ->(obj) { return :fingerprint, obj['fingerprint'] }, - 'domainNames' => ->(obj) { return :domain_names, obj['domainNames'] }, - 'reconcileConnections' => ->(obj) { return :reconcile_connections, obj['reconcileConnections'] }, + 'kind' => ->(obj) { [:kind, obj['kind']] }, + 'id' => ->(obj) { [:id, obj['id']] }, + 'creationTimestamp' => ->(obj) { [:creation_timestamp, obj['creationTimestamp']] }, + 'name' => ->(obj) { [:name, obj['name']] }, + 'description' => ->(obj) { [:description, obj['description']] }, + 'selfLink' => ->(obj) { [:self_link, obj['selfLink']] }, + 'region' => ->(obj) { [:region, obj['region']] }, + 'producerForwardingRule' => ->(obj) { [:producer_forwarding_rule, obj['producerForwardingRule']] }, + 'targetService' => ->(obj) { [:target_service, obj['targetService']] }, + 'connectionPreference' => ->(obj) { [:connection_preference, obj['connectionPreference']] }, + 'connectedEndpoints' => ->(obj) { [:connected_endpoints, GoogleInSpec::Compute::Property::ServiceAttachmentConnectedEndpointsArray.parse(obj['connectedEndpoints'], to_s)] }, + 'natSubnets' => ->(obj) { [:nat_subnets, obj['natSubnets']] }, + 'enableProxyProtocol' => ->(obj) { [:enable_proxy_protocol, obj['enableProxyProtocol']] }, + 'consumerRejectLists' => ->(obj) { [:consumer_reject_lists, obj['consumerRejectLists']] }, + 'consumerAcceptLists' => ->(obj) { [:consumer_accept_lists, GoogleInSpec::Compute::Property::ServiceAttachmentConsumerAcceptListsArray.parse(obj['consumerAcceptLists'], to_s)] }, + 'pscServiceAttachmentId' => ->(obj) { [:psc_service_attachment_id, GoogleInSpec::Compute::Property::ServiceAttachmentPscServiceAttachmentId.new(obj['pscServiceAttachmentId'], to_s)] }, + 'fingerprint' => ->(obj) { [:fingerprint, obj['fingerprint']] }, + 'domainNames' => ->(obj) { [:domain_names, obj['domainNames']] }, + 'reconcileConnections' => ->(obj) { [:reconcile_connections, obj['reconcileConnections']] }, } end From 40d2e3a4265a58c07110cc227cc4132b391cdeb6 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Tue, 12 Dec 2023 16:10:31 +0530 Subject: [PATCH 5/7] iac: add terraform scripts to create required resources for service attachment Signed-off-by: Sonu Saha --- test/integration/build/gcp-mm.tf | 84 +++++++++++++++++++ .../configuration/mm-attributes.yml | 25 ++++++ 2 files changed, 109 insertions(+) diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index 02e4b7abc..7339d9bf2 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -220,6 +220,11 @@ variable "cloud_composer_v1" { type = any } +variable "compute_service_attachment_conf" { + type = any +} + + resource "google_compute_ssl_policy" "custom-ssl-policy" { name = var.ssl_policy["name"] min_tls_version = var.ssl_policy["min_tls_version"] @@ -1565,3 +1570,82 @@ resource "google_composer_v1_environment" "test" { } } } + +resource "google_compute_service_attachment" "psc_ilb_service_attachment" { + name = var.compute_service_attachment_conf["compute_service_attachment_name"] + region = var.compute_service_attachment_conf["region"] + description = var.compute_service_attachment_conf["description"] + + enable_proxy_protocol = var.compute_service_attachment_conf["enable_proxy_protocol"] + connection_preference = var.compute_service_attachment_conf["connection_preference"] + nat_subnets = [google_compute_subnetwork.psc_ilb_nat.id] + target_service = google_compute_forwarding_rule.psc_ilb_target_service.id +} + +resource "google_compute_address" "psc_ilb_consumer_address" { + name = var.compute_service_attachment_conf["psc_ilb_consumer_address_name"] + region = var.compute_service_attachment_conf["region"] + + subnetwork = var.compute_service_attachment_conf["subnetwork_id"] + address_type = var.compute_service_attachment_conf["address_type"] +} + +resource "google_compute_forwarding_rule" "psc_ilb_consumer" { + name = var.compute_service_attachment_conf["psc_ilb_consumer_name"] + region = var.compute_service_attachment_conf["region"] + + target = google_compute_service_attachment.psc_ilb_service_attachment.id + load_balancing_scheme = "" # need to override EXTERNAL default when target is a service attachment + network = var.compute_service_attachment_conf["network_id"] + ip_address = google_compute_address.psc_ilb_consumer_address.id +} + +resource "google_compute_forwarding_rule" "psc_ilb_target_service" { + name = var.compute_service_attachment_conf["psc_ilb_target_service_name"] + region = var.compute_service_attachment_conf["region"] + + load_balancing_scheme = var.compute_service_attachment_conf["load_balancing_scheme"] + backend_service = google_compute_region_backend_service.producer_service_backend.id + all_ports = var.compute_service_attachment_conf["all_ports"] + network = google_compute_network.psc_ilb_network.name + subnetwork = google_compute_subnetwork.psc_ilb_producer_subnetwork.name +} + +resource "google_compute_region_backend_service" "producer_service_backend" { + name = var.compute_service_attachment_conf["producer_service_backend_name"] + region = var.compute_service_attachment_conf["region"] + + health_checks = [google_compute_health_check.producer_service_health_check.id] +} + +resource "google_compute_health_check" "producer_service_health_check" { + name = var.compute_service_attachment_conf["producer_service_health_check_name"] + + check_interval_sec = 1 + timeout_sec = 1 + tcp_health_check { + port = var.compute_service_attachment_conf["producer_service_health_check_port"] + } +} + +resource "google_compute_network" "psc_ilb_network" { + name = var.compute_service_attachment_conf["psc_ilb_network_name"] + auto_create_subnetworks = var.compute_service_attachment_conf["auto_create_subnetworks"] +} + +resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" { + name = var.compute_service_attachment_conf["psc_ilb_producer_subnetwork_name"] + region = var.compute_service_attachment_conf["region"] + + network = google_compute_network.psc_ilb_network.id + ip_cidr_range = var.compute_service_attachment_conf["subnetwork_ip_cidr_range"] +} + +resource "google_compute_subnetwork" "psc_ilb_nat" { + name = var.compute_service_attachment_conf["psc_ilb_nat_name"] + region = var.compute_service_attachment_conf["region"] + + network = google_compute_network.psc_ilb_network.id + purpose = var.compute_service_attachment_conf["purpose"] + ip_cidr_range = var.compute_service_attachment_conf["nat_ip_cidr_range"] +} diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index 37074e018..6b2327720 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -562,3 +562,28 @@ cloud_composer_v1: name : "example-composer-env" region : "us-central1" image_version : "composer-1.20.12-airflow-2.4.3" + +compute_service_attachment_conf: + compute_service_attachment_name: "my-psc-ilb" + description: "my-psc-ilb is a private service connection for the internal load balancer" + region: "us-central1" + enable_proxy_protocol: true + connection_preference: "ACCEPT_AUTOMATIC" + psc_ilb_consumer_address_name: "my-psc-ilb-consumer-address" + subnetwork_id: "default" + address_type: "INTERNAL" + psc_ilb_consumer_name: "my-psc-ilb-consumer-forwarding-rule" + network_id: "default" + psc_ilb_target_service_name: "producer-forwarding-rule" + load_balancing_scheme: "INTERNAL" + all_ports: true + producer_service_backend_name: "producer-backend-service" + producer_service_health_check_name: "producer-health-check" + producer_service_health_check_port: "80" + psc_ilb_network_name: "psc-ilb-network" + auto_create_subnetworks: false + psc_ilb_producer_subnetwork_name: "psc-ilb-producer-subnetwork" + subnetwork_ip_cidr_range: "10.0.0.0/16" + psc_ilb_nat_name: "psc-ilb-nat" + purpose: "PRIVATE_SERVICE_CONNECT" + nat_ip_cidr_range: "10.1.0.0/16" From 06b0fbe997290ac11cc956e80078dc765ca32bcc Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Tue, 12 Dec 2023 16:18:16 +0530 Subject: [PATCH 6/7] specs: update specs to match with deployed service attachment with terraform Signed-off-by: Sonu Saha --- .../google_compute_service_attachment.rb | 36 +++++++--------- .../google_compute_service_attachments.rb | 41 +++++++++++-------- 2 files changed, 39 insertions(+), 38 deletions(-) diff --git a/test/integration/verify/controls/google_compute_service_attachment.rb b/test/integration/verify/controls/google_compute_service_attachment.rb index e7740f307..5820774b0 100644 --- a/test/integration/verify/controls/google_compute_service_attachment.rb +++ b/test/integration/verify/controls/google_compute_service_attachment.rb @@ -16,42 +16,36 @@ gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') - service_attachment = input('service_attachment', value: { - "project": "value_project", - "region": "value_region", - "service_attachment": "value_serviceattachment", - "kind": "value_kind", - "id": "value_id", - "creation_timestamp": "value_creationtimestamp", - "name": "value_name", - "description": "value_description", - "self_link": "value_selflink", - "producer_forwarding_rule": "value_producerforwardingrule", - "target_service": "value_targetservice", - "connection_preference": "value_connectionpreference", - "fingerprint": "value_fingerprint" +service_attachment = input('service_attachment', value: { + "project": "ppradhan", + "region": "us-central1", + "service_attachment": "my-psc-ilb", + "service_attachment_2": "my-psc-ilb-2", + "kind": "compute#serviceAttachment", + "name": "my-psc-ilb", + "description": "my-psc-ilb is a private service connection for the internal load balancer", + "self_link": "https://www.googleapis.com/compute/v1/projects/ppradhan/regions/us-central1/serviceAttachments/my-psc-ilb", + "target_service": "https://www.googleapis.com/compute/v1/projects/ppradhan/regions/us-central1/forwardingRules/producer-forwarding-rule", + "connection_preference": "ACCEPT_AUTOMATIC", }, description: 'service_attachment description') + control 'google_compute_service_attachment-1.0' do impact 1.0 title 'google_compute_service_attachment resource test' - describe google_compute_service_attachment(project: gcp_project_id, region: service_attachment['region'], serviceAttachment: service_attachment['serviceAttachment']) do + describe google_compute_service_attachment(project: gcp_project_id, region: service_attachment['region'], service_attachment: service_attachment['service_attachment']) do it { should exist } its('kind') { should cmp service_attachment['kind'] } - its('id') { should cmp service_attachment['id'] } - its('creation_timestamp') { should cmp service_attachment['creation_timestamp'] } its('name') { should cmp service_attachment['name'] } its('description') { should cmp service_attachment['description'] } its('self_link') { should cmp service_attachment['self_link'] } - its('region') { should cmp service_attachment['region'] } + its('region') { should include service_attachment['region'] } its('producer_forwarding_rule') { should cmp service_attachment['producer_forwarding_rule'] } its('target_service') { should cmp service_attachment['target_service'] } its('connection_preference') { should cmp service_attachment['connection_preference'] } - its('fingerprint') { should cmp service_attachment['fingerprint'] } - end - describe google_compute_service_attachment(project: gcp_project_id, region: service_attachment['region'], serviceAttachment: service_attachment['serviceAttachment']) do + describe google_compute_service_attachment(project: gcp_project_id, region: service_attachment['region'], service_attachment: service_attachment['service_attachment_2']) do it { should_not exist } end end diff --git a/test/integration/verify/controls/google_compute_service_attachments.rb b/test/integration/verify/controls/google_compute_service_attachments.rb index 085bd4e72..01dce8261 100644 --- a/test/integration/verify/controls/google_compute_service_attachments.rb +++ b/test/integration/verify/controls/google_compute_service_attachments.rb @@ -16,26 +16,33 @@ gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') - service_attachment = input('service_attachment', value: { - "project": "value_project", - "region": "value_region", - "service_attachment": "value_serviceattachment", - "kind": "value_kind", - "id": "value_id", - "creation_timestamp": "value_creationtimestamp", - "name": "value_name", - "description": "value_description", - "self_link": "value_selflink", - "producer_forwarding_rule": "value_producerforwardingrule", - "target_service": "value_targetservice", - "connection_preference": "value_connectionpreference", - "fingerprint": "value_fingerprint" +service_attachment = input('service_attachment', value: { + "project": "ppradhan", + "region": "us-central1", + "service_attachment": "my-psc-ilb", + "kind": "compute#serviceAttachment", + "name": "my-psc-ilb", + "description": "my-psc-ilb is a private service connection for the internal load balancer", + "self_link": "https://www.googleapis.com/compute/v1/projects/ppradhan/regions/us-central1/serviceAttachments/my-psc-ilb", + "target_service": "https://www.googleapis.com/compute/v1/projects/ppradhan/regions/us-central1/forwardingRules/producer-forwarding-rule", + "connection_preference": "ACCEPT_AUTOMATIC", }, description: 'service_attachment description') + control 'google_compute_service_attachments-1.0' do impact 1.0 title 'google_compute_service_attachments resource test' - describe google_compute_service_attachments(project: gcp_project_id, region: service_attachment['region']) do - it { should exist } - end + describe google_compute_service_attachments(project: gcp_project_id, region: service_attachment['region']) do + it { should exist } + its("names") { should include service_attachment['name'] } + its("self_links") { should include service_attachment['self_link'] } + its("kinds") { should include service_attachment['kind'] } + its("descriptions") { should include service_attachment['description'] } + its("target_services") { should include service_attachment['target_service'] } + its("connection_preferences") { should include service_attachment['connection_preference'] } + end + + describe google_compute_service_attachments(project: gcp_project_id, region: "us-west2") do + it { should_not exist } + end end From 899fd979d254ae2c305ecf37caf4a5d3373f81d8 Mon Sep 17 00:00:00 2001 From: Sonu Saha Date: Tue, 12 Dec 2023 16:29:49 +0530 Subject: [PATCH 7/7] docs: update docs for google_compute_service_attachment Signed-off-by: Sonu Saha --- README.md | 1 + docs/resources/google_compute_service_attachment.md | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index fa1392260..d3e614a6f 100644 --- a/README.md +++ b/README.md @@ -376,6 +376,7 @@ The following resources are available in the InSpec GCP Profile | [google_vertex_ai_tensorboard_experiment_run_time_series_resource](docs/resources/google_vertex_ai_tensorboard_experiment_run_time_series_resource.md) | [google_vertex_ai_tensorboard_experiment_run_time_series_resources](docs/resources/google_vertex_ai_tensorboard_experiment_run_time_series_resources.md) | | [google_vertex_ai_training_pipeline](docs/resources/google_vertex_ai_training_pipeline.md) | [google_vertex_ai_training_pipelines](docs/resources/google_vertex_ai_training_pipelines.md) | | [google_composer_project_location_environment](docs/resources/google_composer_project_location_environment.md) | [google_composer_project_location_environments](docs/resources/google_composer_project_location_environment.md) | +| [google_compute_service_attachment](docs/resources/google_compute_service_attachment.md) | [google_compute_service_attachments](docs/resources/google_compute_service_attachments.md) | ## Examples diff --git a/docs/resources/google_compute_service_attachment.md b/docs/resources/google_compute_service_attachment.md index cc4deb7cf..534a81b39 100644 --- a/docs/resources/google_compute_service_attachment.md +++ b/docs/resources/google_compute_service_attachment.md @@ -8,7 +8,7 @@ A `google_compute_service_attachment` is used to test a Google ServiceAttachment ## Examples ``` -describe google_compute_service_attachment(project: 'chef-gcp-inspec', region: ' value_region', serviceAttachment: ' ') do +describe google_compute_service_attachment(project: 'chef-gcp-inspec', region: ' value_region', service_attachment: ' ') do it { should exist } its('kind') { should cmp 'value_kind' } its('id') { should cmp 'value_id' } @@ -24,7 +24,7 @@ describe google_compute_service_attachment(project: 'chef-gcp-inspec', region: ' end -describe google_compute_service_attachment(project: 'chef-gcp-inspec', region: ' value_region', serviceAttachment: ' ') do +describe google_compute_service_attachment(project: 'chef-gcp-inspec', region: ' value_region', service_attachment: ' ') do it { should_not exist } end ``` @@ -88,11 +88,11 @@ Properties that can be accessed from the `google_compute_service_attachment` res * `connection_limit`: The value of the limit to set. - * `psc_service_attachment_id`: + * `psc_service_attachment_id`: - * `high`: + * `high`: - * `low`: + * `low`: * `fingerprint`: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ServiceAttachment. An up-to-date fingerprint must be provided in order to patch/update the ServiceAttachment; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the ServiceAttachment.