diff --git a/CHANGELOG.md b/CHANGELOG.md index e1b6bc587..51cb536b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,36 @@ # Change Log - + +## [v1.11.74](https://github.com/inspec/inspec-gcp/tree/v1.11.74) (2024-01-22) + +#### Merged Pull Requests +- CHEF-7362-Inspec-gcp-cloud-kms-key-rings-crypto-keys-crypto-key-versions [#428](https://github.com/inspec/inspec-gcp/pull/428) ([sa-progress](https://github.com/sa-progress)) + + +## [v1.11.73](https://github.com/inspec/inspec-gcp/tree/v1.11.73) (2024-01-19) + +#### Merged Pull Requests +- CHEF-7375: SecretManager - Project Secrets [#569](https://github.com/inspec/inspec-gcp/pull/569) ([balasubramanian-s](https://github.com/balasubramanian-s)) + +## [v1.11.72](https://github.com/inspec/inspec-gcp/tree/v1.11.72) (2024-01-18) + +#### Merged Pull Requests +- CHEF-7386-compute-RegionNetworkEndpointGroup - Resource Implementation [#537](https://github.com/inspec/inspec-gcp/pull/537) ([sa-progress](https://github.com/sa-progress)) + +## [v1.11.71](https://github.com/inspec/inspec-gcp/tree/v1.11.71) (2024-01-18) + +#### Merged Pull Requests +- CHEF-8912- MAGIC-MODULE-apigee-Organizations__api - Resource Implementation [#542](https://github.com/inspec/inspec-gcp/pull/542) ([sa-progress](https://github.com/sa-progress)) + +## [v1.11.70](https://github.com/inspec/inspec-gcp/tree/v1.11.70) (2024-01-18) + +#### Merged Pull Requests +- CHEF-3309-InSpec GCP Http error fixes [#568](https://github.com/inspec/inspec-gcp/pull/568) ([balasubramanian-s](https://github.com/balasubramanian-s)) + ## [v1.11.69](https://github.com/inspec/inspec-gcp/tree/v1.11.69) (2024-01-11) #### Merged Pull Requests - Refactor Long to Short Name Conversion [#565](https://github.com/inspec/inspec-gcp/pull/565) ([sa-progress](https://github.com/sa-progress)) - ## [v1.11.68](https://github.com/inspec/inspec-gcp/tree/v1.11.68) (2024-01-08) diff --git a/README.md b/README.md index 908d58322..446f45386 100644 --- a/README.md +++ b/README.md @@ -280,6 +280,7 @@ The following resources are available in the InSpec GCP Profile | [google_kms_crypto_key](docs/resources/google_kms_crypto_key.md) | [google_kms_crypto_keys](docs/resources/google_kms_crypto_keys.md) | | [google_kms_crypto_key_iam_binding](docs/resources/google_kms_crypto_key_iam_binding.md) | [google_kms_crypto_key_iam_bindings](docs/resources/google_kms_crypto_key_iam_bindings.md) | | [google_kms_crypto_key_iam_policy](docs/resources/google_kms_crypto_key_iam_policy.md) | No Plural Resource | +| [google_kms_crypto_key_version](docs/resources/google_kms_crypto_key_version.md) | [google_kms_crypto_key_versions](docs/resources/google_kms_crypto_key_versions.md) | | [google_kms_ekm_connection](docs/resources/google_kms_ekm_connection.md) | [google_kms_ekm_connections](docs/resources/google_kms_ekm_connections.md) | | [google_kms_key_ring](docs/resources/google_kms_key_ring.md) | [google_kms_key_rings](docs/resources/google_kms_key_rings.md) | | [google_kms_key_ring_iam_binding](docs/resources/google_kms_key_ring_iam_binding.md) | [google_kms_key_ring_iam_bindings](docs/resources/google_kms_key_ring_iam_bindings.md) | @@ -377,6 +378,7 @@ The following resources are available in the InSpec GCP Profile | [google_vertex_ai_training_pipeline](docs/resources/google_vertex_ai_training_pipeline.md) | [google_vertex_ai_training_pipelines](docs/resources/google_vertex_ai_training_pipelines.md) | | [google_composer_project_location_environment](docs/resources/google_composer_project_location_environment.md) | [google_composer_project_location_environments](docs/resources/google_composer_project_location_environments.md) | | [google_compute_service_attachment](docs/resources/google_compute_service_attachment.md) | [google_compute_service_attachments](docs/resources/google_compute_service_attachments.md) | +| [google_secret_manager_secret](docs/resources/google_secret_manager_secret.md) | [google_secret_manager_secrets](docs/resources/google_secret_manager_secrets.md) | ## Examples @@ -426,6 +428,23 @@ control 'gcp-projects-zones-vm-label-loop-1.0' do end end ``` +This example verifies there are sufficient privileges to list all regions. + +``` +next unless google_compute_regions(project: gcp_project_id).resource_failed? +google_compute_regions(project: gcp_project_id).region_names.each do |region_name| + describe google_compute_region(project: gcp_project_id, region: region_name) do + it { should be_up } + end +end + +if google_compute_regions(project: gcp_project_id).resource_failed? + puts google_compute_regions(project: gcp_project_id).resource_exception_message + puts google_compute_regions(project: gcp_project_id,name: region_name).pretty_inspect +end +``` + + This example assumes there are sufficient privileges to list all GCP projects. diff --git a/VERSION b/VERSION index 4927ecb79..fcffd4911 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.69 \ No newline at end of file +1.11.74 \ No newline at end of file diff --git a/docs/resources/google_apigee_organization_api.md b/docs/resources/google_apigee_organization_api.md new file mode 100644 index 000000000..d7ad9462b --- /dev/null +++ b/docs/resources/google_apigee_organization_api.md @@ -0,0 +1,57 @@ +--- +title: About the google_apigee_organization_api resource +platform: gcp +--- + +## Syntax +A `google_apigee_organization_api` is used to test a Google OrganizationApi resource + +## Examples +``` +describe google_apigee_organization_api(parent: ' value_parent', name: ' value_name') do + it { should exist } + its('latest_revision_id') { should cmp 'value_latestrevisionid' } + its('api_proxy_type') { should cmp 'value_apiproxytype' } + its('name') { should cmp 'value_name' } + +end + +describe google_apigee_organization_api(parent: ' value_parent', name: "does_not_exit") do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_apigee_organization_api` resource: + + + * `revision`: Output only. List of revisions defined for the API proxy. + + * `latest_revision_id`: Output only. The id of the most recently created revision for this api proxy. + + * `meta_data`: Metadata common to many entities in this API. + + * `last_modified_at`: Time at which the API proxy was most recently modified, in milliseconds since epoch. + + * `created_at`: Time at which the API proxy was created, in milliseconds since epoch. + + * `sub_type`: The type of entity described + + * `api_proxy_type`: Output only. The type of the API proxy. + Possible values: + * API_PROXY_TYPE_UNSPECIFIED + * PROGRAMMABLE + * CONFIGURABLE + + * `read_only`: Output only. Whether this proxy is read-only. A read-only proxy cannot have new revisions created through calls to CreateApiProxyRevision. A proxy is read-only if it was generated by an archive. + + * `labels`: User labels applied to this API Proxy. + + * `additional_properties`: + + * `name`: Output only. Name of the API proxy. + + +## GCP Permissions + +Ensure the [Apigee API](https://console.cloud.google.com/apis/library/apigee.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_apigee_organization_apis.md b/docs/resources/google_apigee_organization_apis.md new file mode 100644 index 000000000..a5cbbe8cf --- /dev/null +++ b/docs/resources/google_apigee_organization_apis.md @@ -0,0 +1,34 @@ +--- +title: About the google_apigee_organization_apis resource +platform: gcp +--- + +## Syntax +A `google_apigee_organization_apis` is used to test a Google OrganizationApi resource + +## Examples +``` + describe google_apigee_organization_apis(parent: ' value_parent') do + it { should exist } + end +``` + +## Properties +Properties that can be accessed from the `google_apigee_organization_apis` resource: + +See [google_apigee_organization_api.md](google_apigee_organization_api.md) for more detailed information + * `revisions`: an array of `google_apigee_organization_api` revision + * `latest_revision_ids`: an array of `google_apigee_organization_api` latest_revision_id + * `meta_data`: an array of `google_apigee_organization_api` meta_data + * `api_proxy_types`: an array of `google_apigee_organization_api` api_proxy_type + * `read_onlies`: an array of `google_apigee_organization_api` read_only + * `labels`: an array of `google_apigee_organization_api` labels + * `names`: an array of `google_apigee_organization_api` name + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Apigee API](https://console.cloud.google.com/apis/library/apigee.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_compute_region_network_endpoint_group.md b/docs/resources/google_compute_region_network_endpoint_group.md new file mode 100644 index 000000000..ebb624c7d --- /dev/null +++ b/docs/resources/google_compute_region_network_endpoint_group.md @@ -0,0 +1,117 @@ +--- +title: About the google_compute_region_network_endpoint_group resource +platform: gcp +--- + +## Syntax +A `google_compute_region_network_endpoint_group` is used to test a Google RegionNetworkEndpointGroup resource + +## Examples +``` +describe google_compute_region_network_endpoint_group(network_endpoint_group: ' ', project: 'chef-gcp-inspec', region: ' value_region') do + it { should exist } + its('kind') { should cmp 'value_kind' } + its('id') { should cmp 'value_id' } + its('creation_timestamp') { should cmp 'value_creationtimestamp' } + its('self_link') { should cmp 'value_selflink' } + its('name') { should cmp 'value_name' } + its('description') { should cmp 'value_description' } + its('network_endpoint_type') { should cmp 'value_networkendpointtype' } + its('region') { should cmp 'value_region' } + its('zone') { should cmp 'value_zone' } + its('network') { should cmp 'value_network' } + its('subnetwork') { should cmp 'value_subnetwork' } + its('psc_target_service') { should cmp 'value_psctargetservice' } + +end + +describe google_compute_region_network_endpoint_group(network_endpoint_group: ' ', project: 'chef-gcp-inspec', region: ' value_region') do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_region_network_endpoint_group` resource: + + + * `kind`: [Output Only] Type of the resource. Always compute#networkEndpointGroup for network endpoint group. + + * `id`: [Output Only] The unique identifier for the resource. This identifier is defined by the server. + + * `creation_timestamp`: [Output Only] Creation timestamp in RFC3339 text format. + + * `self_link`: [Output Only] Server-defined URL for the resource. + + * `name`: Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. + + * `description`: An optional description of this resource. Provide this property when you create the resource. + + * `network_endpoint_type`: Type of network endpoints in this network endpoint group. Can be one of GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_FQDN_PORT, INTERNET_IP_PORT, SERVERLESS, PRIVATE_SERVICE_CONNECT. + Possible values: + * GCE_VM_IP + * GCE_VM_IP_PORT + * INTERNET_FQDN_PORT + * INTERNET_IP_PORT + * NON_GCP_PRIVATE_IP_PORT + * PRIVATE_SERVICE_CONNECT + * SERVERLESS + + * `size`: [Output only] Number of network endpoints in the network endpoint group. + + * `region`: [Output Only] The URL of the region where the network endpoint group is located. + + * `zone`: [Output Only] The URL of the zone where the network endpoint group is located. + + * `network`: The URL of the network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified. + + * `subnetwork`: Optional URL of the subnetwork to which all network endpoints in the NEG belong. + + * `default_port`: The default port used if the port number is not specified in the network endpoint. + + * `annotations`: Metadata defined as annotations on the network endpoint group. + + * `additional_properties`: + + * `cloud_run`: Configuration for a Cloud Run network endpoint group (NEG). The service must be provided explicitly or in the URL mask. The tag is optional, may be provided explicitly or in the URL mask. Note: Cloud Run service must be in the same project and located in the same region as the Serverless NEG. + + * `service`: Cloud Run service is the main resource of Cloud Run. The service must be 1-63 characters long, and comply with RFC1035. Example value: "run-service". + + * `tag`: Optional Cloud Run tag represents the "named-revision" to provide additional fine-grained traffic routing information. The tag must be 1-63 characters long, and comply with RFC1035. Example value: "revision-0010". + + * `url_mask`: A template to parse and fields from a request URL. URL mask allows for routing to multiple Run services without having to create multiple network endpoint groups and backend services. For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" can be backed by the same Serverless Network Endpoint Group (NEG) with URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } and { service="bar2", tag="foo2" } respectively. + + * `app_engine`: Configuration for an App Engine network endpoint group (NEG). The service is optional, may be provided explicitly or in the URL mask. The version is optional and can only be provided explicitly or in the URL mask when service is present. Note: App Engine service must be in the same project and located in the same region as the Serverless NEG. + + * `service`: Optional serving service. The service name is case-sensitive and must be 1-63 characters long. Example value: "default", "my-service". + + * `version`: Optional serving version. The version name is case-sensitive and must be 1-100 characters long. Example value: "v1", "v2". + + * `url_mask`: A template to parse service and version fields from a request URL. URL mask allows for routing to multiple App Engine services without having to create multiple Network Endpoint Groups and backend services. For example, the request URLs "foo1-dot-appname.appspot.com/v1" and "foo1-dot-appname.appspot.com/v2" can be backed by the same Serverless NEG with URL mask "-dot-appname.appspot.com/". The URL mask will parse them to { service = "foo1", version = "v1" } and { service = "foo1", version = "v2" } respectively. + + * `cloud_function`: Configuration for a Cloud Function network endpoint group (NEG). The function must be provided explicitly or in the URL mask. Note: Cloud Function must be in the same project and located in the same region as the Serverless NEG. + + * `function`: A user-defined name of the Cloud Function. The function name is case-sensitive and must be 1-63 characters long. Example value: "func1". + + * `url_mask`: A template to parse function field from a request URL. URL mask allows for routing to multiple Cloud Functions without having to create multiple Network Endpoint Groups and backend services. For example, request URLs " mydomain.com/function1" and "mydomain.com/function2" can be backed by the same Serverless NEG with URL mask "/". The URL mask will parse them to { function = "function1" } and { function = "function2" } respectively. + + * `psc_target_service`: The target service url used to set up private service connection to a Google API or a PSC Producer Service Attachment. An example value is: "asia-northeast3-cloudkms.googleapis.com" + + * `psc_data`: All data that is specifically relevant to only network endpoint groups of type PRIVATE_SERVICE_CONNECT. + + * `consumer_psc_address`: [Output Only] Address allocated from given subnetwork for PSC. This IP address acts as a VIP for a PSC NEG, allowing it to act as an endpoint in L7 PSC-XLB. + + * `psc_connection_id`: [Output Only] The PSC connection id of the PSC Network Endpoint Group Consumer. + + * `psc_connection_status`: [Output Only] The connection status of the PSC Forwarding Rule. + Possible values: + * ACCEPTED + * CLOSED + * NEEDS_ATTENTION + * PENDING + * REJECTED + * STATUS_UNSPECIFIED + + +## GCP Permissions + +Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_compute_region_network_endpoint_groups.md b/docs/resources/google_compute_region_network_endpoint_groups.md new file mode 100644 index 000000000..c4f232e83 --- /dev/null +++ b/docs/resources/google_compute_region_network_endpoint_groups.md @@ -0,0 +1,46 @@ +--- +title: About the google_compute_region_network_endpoint_groups resource +platform: gcp +--- + +## Syntax +A `google_compute_region_network_endpoint_groups` is used to test a Google RegionNetworkEndpointGroup resource + +## Examples +``` + describe google_compute_region_network_endpoint_groups(project: 'chef-gcp-inspec', region: ' value_region') do + it { should exist } + end +``` + +## Properties +Properties that can be accessed from the `google_compute_region_network_endpoint_groups` resource: + +See [google_compute_region_network_endpoint_group.md](google_compute_region_network_endpoint_group.md) for more detailed information + * `kinds`: an array of `google_compute_region_network_endpoint_group` kind + * `ids`: an array of `google_compute_region_network_endpoint_group` id + * `creation_timestamps`: an array of `google_compute_region_network_endpoint_group` creation_timestamp + * `self_links`: an array of `google_compute_region_network_endpoint_group` self_link + * `names`: an array of `google_compute_region_network_endpoint_group` name + * `descriptions`: an array of `google_compute_region_network_endpoint_group` description + * `network_endpoint_types`: an array of `google_compute_region_network_endpoint_group` network_endpoint_type + * `sizes`: an array of `google_compute_region_network_endpoint_group` size + * `regions`: an array of `google_compute_region_network_endpoint_group` region + * `zones`: an array of `google_compute_region_network_endpoint_group` zone + * `networks`: an array of `google_compute_region_network_endpoint_group` network + * `subnetworks`: an array of `google_compute_region_network_endpoint_group` subnetwork + * `default_ports`: an array of `google_compute_region_network_endpoint_group` default_port + * `annotations`: an array of `google_compute_region_network_endpoint_group` annotations + * `cloud_runs`: an array of `google_compute_region_network_endpoint_group` cloud_run + * `app_engines`: an array of `google_compute_region_network_endpoint_group` app_engine + * `cloud_functions`: an array of `google_compute_region_network_endpoint_group` cloud_function + * `psc_target_services`: an array of `google_compute_region_network_endpoint_group` psc_target_service + * `psc_data`: an array of `google_compute_region_network_endpoint_group` psc_data + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_kms_crypto_key_version.md b/docs/resources/google_kms_crypto_key_version.md new file mode 100644 index 000000000..fce8cb9aa --- /dev/null +++ b/docs/resources/google_kms_crypto_key_version.md @@ -0,0 +1,113 @@ +--- +title: About the google_kms_crypto_key_version resource +platform: gcp +--- + +## Syntax +A `google_kms_crypto_key_version` is used to test a Google CryptoKeyVersion resource + +## Examples +``` +describe google_kms_crypto_key_version(project: 'chef-gcp-inspec', location: 'europe-west2', key_ring: 'kms-key-ring', crypto_key: '', name: 'kms-key') do + it { should exist } + its('crypto_key_name') { should cmp 'kms-key' } + its('primary_state') { should eq "ENABLED" } + its('purpose') { should eq "ENCRYPT_DECRYPT" } + its('next_rotation_time') { should be > Time.now - 100000 } + its('create_time') { should be > Time.now - 365*60*60*24*10 } +end + +describe google_kms_crypto_key_version(project: 'chef-gcp-inspec', location: 'europe-west2', key_ring: 'kms-key-ring', crypto_key: '', name: "nonexistent") do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_kms_crypto_key_version` resource: + + + * `name`: The resource name for the CryptoKey. + + * `create_time`: The time that this resource was created on the server. This is in RFC3339 text format. + + * `generate_time`: The time that this resource was created on the server. This is in RFC3339 text format. + + * `destroy_time`: The time that this resource was created on the server. This is in RFC3339 text format. + + * `destroy_event_time`: The time that this resource was created on the server. This is in RFC3339 text format. + + * `state`: The state of a CryptoKeyVersion, indicating if it can be used. + Possible values: + * CRYPTO_KEY_VERSION_STATE_UNSPECIFIED + * PENDING_GENERATION + * ENABLED + * DISABLED + * DESTROYED + * DESTROY_SCHEDULED + * PENDING_IMPORT + * IMPORT_FAILED + + * `protection_level`: ProtectionLevel specifies how cryptographic operations are performed. For more information, see Protection levels. + Possible values: + * PROTECTION_LEVEL_UNSPECIFIED + * SOFTWARE + * HSM + * EXTERNAL + * EXTERNAL_VPC + + * `algorithm`: The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation. The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT. Algorithms beginning with "RSA_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. For PSS, the salt length used is equal to the length of digest algorithm. For example, RSA_SIGN_PSS_2048_SHA256 will use PSS with a salt length of 256 bits or 32 bytes. Algorithms beginning with "RSA_DECRYPT_" are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT. The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. Algorithms beginning with "EC_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm. Algorithms beginning with "HMAC_" are usable with CryptoKey.purpose MAC. The suffix following "HMAC_" corresponds to the hash algorithm being used (eg. SHA256). + Possible values: + * CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED + * GOOGLE_SYMMETRIC_ENCRYPTION + * RSA_SIGN_PSS_2048_SHA256 + * RSA_SIGN_PSS_3072_SHA256 + * RSA_SIGN_PSS_4096_SHA256 + * RSA_SIGN_PSS_4096_SHA512 + * RSA_SIGN_PKCS1_2048_SHA256 + * RSA_SIGN_PKCS1_3072_SHA256 + * RSA_SIGN_PKCS1_4096_SHA512 + * RSA_SIGN_PKCS1_4096_SHA256 + * RSA_SIGN_RAW_PKCS1_2048 + * RSA_SIGN_RAW_PKCS1_3072 + * RSA_SIGN_RAW_PKCS1_4096 + * RSA_DECRYPT_OAEP_2048_SHA256 + * RSA_DECRYPT_OAEP_3072_SHA256 + * RSA_DECRYPT_OAEP_4096_SHA256 + * RSA_DECRYPT_OAEP_4096_SHA512 + * RSA_DECRYPT_OAEP_2048_SHA1 + * RSA_DECRYPT_OAEP_3072_SHA1 + * RSA_DECRYPT_OAEP_4096_SHA1 + * EC_SIGN_P256_SHA256 + * EC_SIGN_P384_SHA384 + * EC_SIGN_SECP256K1_SHA256 + * HMAC_SHA256 + * EXTERNAL_SYMMETRIC_ENCRYPTION + + * `attestation`: Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM. + + * `format`: The format of the attestation data. + + * `content`: The attestation data provided by the HSM when the key operation was performed. A base64-encoded string. + + * `import_job`: Output only. The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported. + + * `import_time`: The time that this resource was created on the server. This is in RFC3339 text format. + + * `import_failure_reason`: Output only. The root cause of the most recent import failure. Only present if state is IMPORT_FAILED. + + * `external_protection_level_options`: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + + * `external_key_uri`: The URI for an external resource that this CryptoKeyVersion represents. + + * `ekm_connection_key_path`: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. + + * `reimport_eligible`: Output only. Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version. + + * `key_ring`: The KeyRing that this key belongs to. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'`. + + * `crypto_key`: The KeyRing that this key belongs to. Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`. + + +## GCP Permissions + +Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_kms_crypto_key_versions.md b/docs/resources/google_kms_crypto_key_versions.md new file mode 100644 index 000000000..9b1be4756 --- /dev/null +++ b/docs/resources/google_kms_crypto_key_versions.md @@ -0,0 +1,44 @@ +--- +title: About the google_kms_crypto_key_versions resource +platform: gcp +--- + +## Syntax +A `google_kms_crypto_key_versions` is used to test a Google CryptoKeyVersion resource + +## Examples +``` +describe google_kms_crypto_key_versions(project: 'chef-gcp-inspec', location: 'europe-west2', key_ring: 'kms-key-ring', crypto_key: '') do + its('count') { should be >= 1 } + its('crypto_key_names') { should include 'kms-key' } +end +``` + +## Properties +Properties that can be accessed from the `google_kms_crypto_key_versions` resource: + +See [google_kms_crypto_key_version.md](google_kms_crypto_key_version.md) for more detailed information + * `names`: an array of `google_kms_crypto_key_version` name + * `create_times`: an array of `google_kms_crypto_key_version` create_time + * `generate_times`: an array of `google_kms_crypto_key_version` generate_time + * `destroy_times`: an array of `google_kms_crypto_key_version` destroy_time + * `destroy_event_times`: an array of `google_kms_crypto_key_version` destroy_event_time + * `states`: an array of `google_kms_crypto_key_version` state + * `protection_levels`: an array of `google_kms_crypto_key_version` protection_level + * `algorithms`: an array of `google_kms_crypto_key_version` algorithm + * `attestations`: an array of `google_kms_crypto_key_version` attestation + * `import_jobs`: an array of `google_kms_crypto_key_version` import_job + * `import_times`: an array of `google_kms_crypto_key_version` import_time + * `import_failure_reasons`: an array of `google_kms_crypto_key_version` import_failure_reason + * `external_protection_level_options`: an array of `google_kms_crypto_key_version` external_protection_level_options + * `reimport_eligibles`: an array of `google_kms_crypto_key_version` reimport_eligible + * `key_rings`: an array of `google_kms_crypto_key_version` key_ring + * `crypto_keys`: an array of `google_kms_crypto_key_version` crypto_key + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Cloud Key Management Service (KMS) API](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_secret_manager_secret.md b/docs/resources/google_secret_manager_secret.md new file mode 100644 index 000000000..af731a7d9 --- /dev/null +++ b/docs/resources/google_secret_manager_secret.md @@ -0,0 +1,65 @@ +--- +title: About the google_secret_manager_secret resource +platform: gcp +--- + +## Syntax +A `google_secret_manager_secret` is used to test a Google Secret resource + +## Examples +``` +describe google_secret_manager_secret(name: ' value_name') do + it { should exist } + +end + +describe google_secret_manager_secret(name: "does_not_exit") do + it { should_not exist } +end + +``` + +## Properties +Properties that can be accessed from the `google_secret_manager_secret` resource: + + + * `name`: The resource name of the Secret. Format: `projects/{{project}}/secrets/{{secret_id}}` + + * `create_time`: The time at which the Secret was created. + + * `labels`: The labels assigned to this Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be assigned to a given resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + + * `replication`: The replication policy of the secret data attached to the Secret. It cannot be changed after the Secret has been created. + + * `automatic`: The Secret will automatically be replicated without any restrictions. + + * `user_managed`: The Secret will automatically be replicated without any restrictions. + + * `replicas`: The list of Replicas for this Secret. Cannot be empty. + + * `location`: The canonical IDs of the location to replicate data. For example: "us-east1". + + * `customer_managed_encryption`: Customer Managed Encryption for the secret. + + * `kms_key_name`: Describes the Cloud KMS encryption key that will be used to protect destination secret. + + * `topics`: A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions. + + * `name`: The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic. + + * `expire_time`: Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + + * `ttl`: The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + + * `rotation`: The rotation time and period for a Secret. At `next_rotation_time`, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. `topics` must be set to configure rotation. + + * `next_rotation_time`: Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + + * `rotation_period`: The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, `next_rotation_time` must be set. `next_rotation_time` will be advanced by this period when the service automatically sends rotation notifications. + + * `secret_id`: This must be unique within the project. + + +## GCP Permissions + +Ensure the [Secret Manager API](https://console.cloud.google.com/apis/library/secretmanager.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_secret_manager_secrets.md b/docs/resources/google_secret_manager_secrets.md new file mode 100644 index 000000000..9f3848e45 --- /dev/null +++ b/docs/resources/google_secret_manager_secrets.md @@ -0,0 +1,37 @@ +--- +title: About the google_secret_manager_secrets resource +platform: gcp +--- + +## Syntax +A `google_secret_manager_secrets` is used to test a Google Secret resource + +## Examples +``` + describe google_secret_manager_secrets(parent: ' value_parent') do + it { should exist } + end + +``` + +## Properties +Properties that can be accessed from the `google_secret_manager_secrets` resource: + +See [google_secret_manager_secret.md](google_secret_manager_secret.md) for more detailed information + * `names`: an array of `google_secret_manager_secret` name + * `create_times`: an array of `google_secret_manager_secret` create_time + * `labels`: an array of `google_secret_manager_secret` labels + * `replications`: an array of `google_secret_manager_secret` replication + * `topics`: an array of `google_secret_manager_secret` topics + * `expire_times`: an array of `google_secret_manager_secret` expire_time + * `ttls`: an array of `google_secret_manager_secret` ttl + * `rotations`: an array of `google_secret_manager_secret` rotation + * `secret_ids`: an array of `google_secret_manager_secret` secret_id + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Secret Manager API](https://console.cloud.google.com/apis/library/secretmanager.googleapis.com/) is enabled for the current project. diff --git a/inspec.yml b/inspec.yml index 622495be1..865024ce0 100644 --- a/inspec.yml +++ b/inspec.yml @@ -4,7 +4,7 @@ maintainer: spaterson@chef.io,russell.seymour@turtlesystems.co.uk summary: This resource pack provides compliance resources_old_ignore for Google Cloud Platform copyright: spaterson@chef.io,russell.seymour@turtlesystems.co.uk copyright_email: spaterson@chef.io,russell.seymour@turtlesystems.co.uk -version: 1.11.69 +version: 1.11.74 license: Apache-2.0 inspec_version: '>= 4.7.3' supports: diff --git a/libraries/gcp_backend.rb b/libraries/gcp_backend.rb index ca60cd4cb..2591f2308 100644 --- a/libraries/gcp_backend.rb +++ b/libraries/gcp_backend.rb @@ -22,7 +22,7 @@ def initialize(opts) # Magic Modules generated resources use an alternate transport method # In the future this will be moved into the train-gcp plugin itself - @connection = GcpApiConnection.new if opts[:use_http_transport] + @connection = GcpApiConnection.new(self) if opts[:use_http_transport] end def failed_resource? @@ -194,7 +194,10 @@ def camel_case(data) end class GcpApiConnection - def initialize + attr_reader :resource + + def initialize(resource) + @resource = resource config_name = Inspec::Config.cached.unpack_train_credentials[:host] ENV['CLOUDSDK_ACTIVE_CONFIG_NAME'] = config_name @google_application_credentials = config_name.blank? && ENV['GOOGLE_APPLICATION_CREDENTIALS'] @@ -237,7 +240,7 @@ def next_page(uri, request_type, token = nil) fetch_auth, request_type, ) - result = JSON.parse(get_request.send.body) + result = return_if_object(get_request.send) next_page_token = result['nextPageToken'] return [result] if next_page_token.nil? @@ -245,19 +248,26 @@ def next_page(uri, request_type, token = nil) end def return_if_object(response) - raise "Bad response: #{response.body}" \ - if response.is_a?(Net::HTTPBadRequest) - raise "Bad response: #{response}" \ - unless response.is_a?(Net::HTTPResponse) - return if response.is_a?(Net::HTTPNotFound) - return if response.is_a?(Net::HTTPNoContent) - result = JSON.parse(response.body) - raise_if_errors result, %w{error errors}, 'message' - raise "Bad response: #{response}" unless response.is_a?(Net::HTTPOK) + unless response.is_a?(Net::HTTPSuccess) + if response.is_a?(Net::HTTPResponse) + body = response.body + else + body = response + end + result = parser(body) + raise_if_errors result, %w{error errors}, 'message' + end + result = parser(response.body) fetch_id result result end + def parser(json) + JSON.parse(json) + rescue JSON::ParserError + raise StandardError, "Bad response: #{json}" \ + end + def fetch_id(result) @resource_id = if result.key?('id') result['id'] @@ -269,6 +279,8 @@ def fetch_id(result) def raise_if_errors(response, err_path, msg_field) errors = self.class.navigate(response, err_path) + resource.fail_resource errors + resource.failed_resource = true raise_error(errors, msg_field) unless errors.nil? end diff --git a/libraries/google/apigee/property/organizationapi_labels.rb b/libraries/google/apigee/property/organizationapi_labels.rb new file mode 100644 index 000000000..0cef0a987 --- /dev/null +++ b/libraries/google/apigee/property/organizationapi_labels.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Apigee + module Property + class OrganizationApiLabels + attr_reader :additional_properties + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @additional_properties = args['additionalProperties'] + end + + def to_s + "#{@parent_identifier} OrganizationApiLabels" + end + end + end + end +end diff --git a/libraries/google/apigee/property/organizationapi_meta_data.rb b/libraries/google/apigee/property/organizationapi_meta_data.rb new file mode 100644 index 000000000..df380f47b --- /dev/null +++ b/libraries/google/apigee/property/organizationapi_meta_data.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Apigee + module Property + class OrganizationApiMetaData + attr_reader :last_modified_at + + attr_reader :created_at + + attr_reader :sub_type + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @last_modified_at = args['lastModifiedAt'] + @created_at = args['createdAt'] + @sub_type = args['subType'] + end + + def to_s + "#{@parent_identifier} OrganizationApiMetaData" + end + end + end + end +end diff --git a/libraries/google/compute/property/regionnetworkendpointgroup_annotations.rb b/libraries/google/compute/property/regionnetworkendpointgroup_annotations.rb new file mode 100644 index 000000000..029f92d7c --- /dev/null +++ b/libraries/google/compute/property/regionnetworkendpointgroup_annotations.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RegionNetworkEndpointGroupAnnotations + attr_reader :additional_properties + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @additional_properties = args['additionalProperties'] + end + + def to_s + "#{@parent_identifier} RegionNetworkEndpointGroupAnnotations" + end + end + end + end +end diff --git a/libraries/google/compute/property/regionnetworkendpointgroup_app_engine.rb b/libraries/google/compute/property/regionnetworkendpointgroup_app_engine.rb new file mode 100644 index 000000000..9a3dcf292 --- /dev/null +++ b/libraries/google/compute/property/regionnetworkendpointgroup_app_engine.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RegionNetworkEndpointGroupAppEngine + attr_reader :service + + attr_reader :version + + attr_reader :url_mask + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @service = args['service'] + @version = args['version'] + @url_mask = args['urlMask'] + end + + def to_s + "#{@parent_identifier} RegionNetworkEndpointGroupAppEngine" + end + end + end + end +end diff --git a/libraries/google/compute/property/regionnetworkendpointgroup_cloud_function.rb b/libraries/google/compute/property/regionnetworkendpointgroup_cloud_function.rb new file mode 100644 index 000000000..39d3a8869 --- /dev/null +++ b/libraries/google/compute/property/regionnetworkendpointgroup_cloud_function.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RegionNetworkEndpointGroupCloudFunction + attr_reader :function + + attr_reader :url_mask + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @function = args['function'] + @url_mask = args['urlMask'] + end + + def to_s + "#{@parent_identifier} RegionNetworkEndpointGroupCloudFunction" + end + end + end + end +end diff --git a/libraries/google/compute/property/regionnetworkendpointgroup_cloud_run.rb b/libraries/google/compute/property/regionnetworkendpointgroup_cloud_run.rb new file mode 100644 index 000000000..6e3afe2a6 --- /dev/null +++ b/libraries/google/compute/property/regionnetworkendpointgroup_cloud_run.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RegionNetworkEndpointGroupCloudRun + attr_reader :service + + attr_reader :tag + + attr_reader :url_mask + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @service = args['service'] + @tag = args['tag'] + @url_mask = args['urlMask'] + end + + def to_s + "#{@parent_identifier} RegionNetworkEndpointGroupCloudRun" + end + end + end + end +end diff --git a/libraries/google/compute/property/regionnetworkendpointgroup_psc_data.rb b/libraries/google/compute/property/regionnetworkendpointgroup_psc_data.rb new file mode 100644 index 000000000..157ce91a1 --- /dev/null +++ b/libraries/google/compute/property/regionnetworkendpointgroup_psc_data.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RegionNetworkEndpointGroupPscData + attr_reader :consumer_psc_address + + attr_reader :psc_connection_id + + attr_reader :psc_connection_status + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @consumer_psc_address = args['consumerPscAddress'] + @psc_connection_id = args['pscConnectionId'] + @psc_connection_status = args['pscConnectionStatus'] + end + + def to_s + "#{@parent_identifier} RegionNetworkEndpointGroupPscData" + end + end + end + end +end diff --git a/libraries/google/kms/property/cryptokeyversion_attestation.rb b/libraries/google/kms/property/cryptokeyversion_attestation.rb new file mode 100644 index 000000000..dc6d4a011 --- /dev/null +++ b/libraries/google/kms/property/cryptokeyversion_attestation.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module KMS + module Property + class CryptoKeyVersionAttestation + attr_reader :format + + attr_reader :content + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @format = args['format'] + @content = args['content'] + end + + def to_s + "#{@parent_identifier} CryptoKeyVersionAttestation" + end + end + end + end +end diff --git a/libraries/google/kms/property/cryptokeyversion_external_protection_level_options.rb b/libraries/google/kms/property/cryptokeyversion_external_protection_level_options.rb new file mode 100644 index 000000000..94e53aecb --- /dev/null +++ b/libraries/google/kms/property/cryptokeyversion_external_protection_level_options.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module KMS + module Property + class CryptoKeyVersionExternalProtectionLevelOptions + attr_reader :external_key_uri + + attr_reader :ekm_connection_key_path + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @external_key_uri = args['externalKeyUri'] + @ekm_connection_key_path = args['ekmConnectionKeyPath'] + end + + def to_s + "#{@parent_identifier} CryptoKeyVersionExternalProtectionLevelOptions" + end + end + end + end +end diff --git a/libraries/google/secretmanager/property/secret_replication.rb b/libraries/google/secretmanager/property/secret_replication.rb new file mode 100644 index 000000000..4a577374a --- /dev/null +++ b/libraries/google/secretmanager/property/secret_replication.rb @@ -0,0 +1,39 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/secretmanager/property/secret_replication_user_managed' +require 'google/secretmanager/property/secret_replication_user_managed_replicas' +module GoogleInSpec + module SecretManager + module Property + class SecretReplication + attr_reader :automatic + + attr_reader :user_managed + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @automatic = args['automatic'] + @user_managed = GoogleInSpec::SecretManager::Property::SecretReplicationUserManaged.new(args['userManaged'], to_s) + end + + def to_s + "#{@parent_identifier} SecretReplication" + end + end + end + end +end diff --git a/libraries/google/secretmanager/property/secret_replication_user_managed.rb b/libraries/google/secretmanager/property/secret_replication_user_managed.rb new file mode 100644 index 000000000..01ee84323 --- /dev/null +++ b/libraries/google/secretmanager/property/secret_replication_user_managed.rb @@ -0,0 +1,35 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/secretmanager/property/secret_replication_user_managed_replicas' +module GoogleInSpec + module SecretManager + module Property + class SecretReplicationUserManaged + attr_reader :replicas + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @replicas = GoogleInSpec::SecretManager::Property::SecretReplicationUserManagedReplicasArray.parse(args['replicas'], to_s) + end + + def to_s + "#{@parent_identifier} SecretReplicationUserManaged" + end + end + end + end +end diff --git a/libraries/google/secretmanager/property/secret_replication_user_managed_replicas.rb b/libraries/google/secretmanager/property/secret_replication_user_managed_replicas.rb new file mode 100644 index 000000000..4586c0154 --- /dev/null +++ b/libraries/google/secretmanager/property/secret_replication_user_managed_replicas.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'google/secretmanager/property/secret_replication_user_managed_replicas_customer_managed_encryption' +module GoogleInSpec + module SecretManager + module Property + class SecretReplicationUserManagedReplicas + attr_reader :location + + attr_reader :customer_managed_encryption + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @location = args['location'] + @customer_managed_encryption = GoogleInSpec::SecretManager::Property::SecretReplicationUserManagedReplicasCustomerManagedEncryption.new(args['customerManagedEncryption'], to_s) + end + + def to_s + "#{@parent_identifier} SecretReplicationUserManagedReplicas" + end + end + + class SecretReplicationUserManagedReplicasArray + def self.parse(value, parent_identifier) + return if value.nil? + return SecretReplicationUserManagedReplicas.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| SecretReplicationUserManagedReplicas.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/secretmanager/property/secret_replication_user_managed_replicas_customer_managed_encryption.rb b/libraries/google/secretmanager/property/secret_replication_user_managed_replicas_customer_managed_encryption.rb new file mode 100644 index 000000000..efa61cff5 --- /dev/null +++ b/libraries/google/secretmanager/property/secret_replication_user_managed_replicas_customer_managed_encryption.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module SecretManager + module Property + class SecretReplicationUserManagedReplicasCustomerManagedEncryption + attr_reader :kms_key_name + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @kms_key_name = args['kmsKeyName'] + end + + def to_s + "#{@parent_identifier} SecretReplicationUserManagedReplicasCustomerManagedEncryption" + end + end + end + end +end diff --git a/libraries/google/secretmanager/property/secret_rotation.rb b/libraries/google/secretmanager/property/secret_rotation.rb new file mode 100644 index 000000000..e5ca79e95 --- /dev/null +++ b/libraries/google/secretmanager/property/secret_rotation.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module SecretManager + module Property + class SecretRotation + attr_reader :next_rotation_time + + attr_reader :rotation_period + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @next_rotation_time = args['nextRotationTime'] + @rotation_period = args['rotationPeriod'] + end + + def to_s + "#{@parent_identifier} SecretRotation" + end + end + end + end +end diff --git a/libraries/google/secretmanager/property/secret_topics.rb b/libraries/google/secretmanager/property/secret_topics.rb new file mode 100644 index 000000000..f75335f75 --- /dev/null +++ b/libraries/google/secretmanager/property/secret_topics.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module SecretManager + module Property + class SecretTopics + attr_reader :name + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @name = args['name'] + end + + def to_s + "#{@parent_identifier} SecretTopics" + end + end + + class SecretTopicsArray + def self.parse(value, parent_identifier) + return if value.nil? + return SecretTopics.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| SecretTopics.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google/secretmanager/property/secretversion_payload.rb b/libraries/google/secretmanager/property/secretversion_payload.rb new file mode 100644 index 000000000..b62e4155b --- /dev/null +++ b/libraries/google/secretmanager/property/secretversion_payload.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module SecretManager + module Property + class SecretVersionPayload + attr_reader :data + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @data = args['data'] + end + + def to_s + "#{@parent_identifier} SecretVersionPayload" + end + end + end + end +end diff --git a/libraries/google_apigee_organization_api.rb b/libraries/google_apigee_organization_api.rb new file mode 100644 index 000000000..9959d886d --- /dev/null +++ b/libraries/google_apigee_organization_api.rb @@ -0,0 +1,69 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/apigee/property/organizationapi_labels' +require 'google/apigee/property/organizationapi_meta_data' + +# A provider to manage Apigee resources. +class ApigeeOrganizationApi < GcpResourceBase + name 'google_apigee_organization_api' + desc 'OrganizationApi' + supports platform: 'gcp' + + attr_reader :params + attr_reader :revision + attr_reader :latest_revision_id + attr_reader :meta_data + attr_reader :api_proxy_type + attr_reader :read_only + attr_reader :labels + attr_reader :name + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @revision = @fetched['revision'] + @latest_revision_id = @fetched['latestRevisionId'] + @meta_data = GoogleInSpec::Apigee::Property::OrganizationApiMetaData.new(@fetched['metaData'], to_s) + @api_proxy_type = @fetched['apiProxyType'] + @read_only = @fetched['readOnly'] + @labels = GoogleInSpec::Apigee::Property::OrganizationApiLabels.new(@fetched['labels'], to_s) + @name = @fetched['name'] + end + + def exists? + !@fetched.nil? + end + + def to_s + "OrganizationApi #{@params[:name]}" + end + + private + + def product_url(_ = nil) + 'https://apigee.googleapis.com/v1/' + end + + def resource_base_url + '{{parent}}/apis/{{name}}' + end +end diff --git a/libraries/google_apigee_organization_apis.rb b/libraries/google_apigee_organization_apis.rb new file mode 100644 index 000000000..92199c7fa --- /dev/null +++ b/libraries/google_apigee_organization_apis.rb @@ -0,0 +1,91 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class ApigeeOrganizationApis < GcpResourceBase + name 'google_apigee_organization_apis' + desc 'OrganizationApi plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:revisions, field: :revision) + filter_table_config.add(:latest_revision_ids, field: :latest_revision_id) + filter_table_config.add(:meta_data, field: :meta_data) + filter_table_config.add(:api_proxy_types, field: :api_proxy_type) + filter_table_config.add(:read_onlies, field: :read_only) + filter_table_config.add(:labels, field: :labels) + filter_table_config.add(:names, field: :name) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('proxies') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'revision' => ->(obj) { [:revision, obj['revision']] }, + 'latestRevisionId' => ->(obj) { [:latest_revision_id, obj['latestRevisionId']] }, + 'metaData' => ->(obj) { [:meta_data, GoogleInSpec::Apigee::Property::OrganizationApiMetaData.new(obj['metaData'], to_s)] }, + 'apiProxyType' => ->(obj) { [:api_proxy_type, obj['apiProxyType']] }, + 'readOnly' => ->(obj) { [:read_only, obj['readOnly']] }, + 'labels' => ->(obj) { [:labels, GoogleInSpec::Apigee::Property::OrganizationApiLabels.new(obj['labels'], to_s)] }, + 'name' => ->(obj) { [:name, obj['name']] }, + } + end + + private + + def product_url(_ = nil) + 'https://apigee.googleapis.com/v1/' + end + + def resource_base_url + '{{parent}}/apis' + end +end diff --git a/libraries/google_compute_region_network_endpoint_group.rb b/libraries/google_compute_region_network_endpoint_group.rb new file mode 100644 index 000000000..1b2151d4b --- /dev/null +++ b/libraries/google_compute_region_network_endpoint_group.rb @@ -0,0 +1,96 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/compute/property/regionnetworkendpointgroup_annotations' +require 'google/compute/property/regionnetworkendpointgroup_app_engine' +require 'google/compute/property/regionnetworkendpointgroup_cloud_function' +require 'google/compute/property/regionnetworkendpointgroup_cloud_run' +require 'google/compute/property/regionnetworkendpointgroup_psc_data' + +# A provider to manage Compute Engine resources. +class ComputeRegionNetworkEndpointGroup < GcpResourceBase + name 'google_compute_region_network_endpoint_group' + desc 'RegionNetworkEndpointGroup' + supports platform: 'gcp' + + attr_reader :params + attr_reader :kind + attr_reader :id + attr_reader :creation_timestamp + attr_reader :self_link + attr_reader :name + attr_reader :description + attr_reader :network_endpoint_type + attr_reader :size + attr_reader :region + attr_reader :zone + attr_reader :network + attr_reader :subnetwork + attr_reader :default_port + attr_reader :annotations + attr_reader :cloud_run + attr_reader :app_engine + attr_reader :cloud_function + attr_reader :psc_target_service + attr_reader :psc_data + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @kind = @fetched['kind'] + @id = @fetched['id'] + @creation_timestamp = @fetched['creationTimestamp'] + @self_link = @fetched['selfLink'] + @name = @fetched['name'] + @description = @fetched['description'] + @network_endpoint_type = @fetched['networkEndpointType'] + @size = @fetched['size'] + @region = @fetched['region'] + @zone = @fetched['zone'] + @network = @fetched['network'] + @subnetwork = @fetched['subnetwork'] + @default_port = @fetched['defaultPort'] + @annotations = GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupAnnotations.new(@fetched['annotations'], to_s) + @cloud_run = GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupCloudRun.new(@fetched['cloudRun'], to_s) + @app_engine = GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupAppEngine.new(@fetched['appEngine'], to_s) + @cloud_function = GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupCloudFunction.new(@fetched['cloudFunction'], to_s) + @psc_target_service = @fetched['pscTargetService'] + @psc_data = GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupPscData.new(@fetched['pscData'], to_s) + end + + def exists? + !@fetched.nil? + end + + def to_s + "RegionNetworkEndpointGroup #{@params[:networkEndpointGroup]}" + end + + private + + def product_url(_ = nil) + 'https://compute.googleapis.com/compute/v1/' + end + + def resource_base_url + 'projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{network_endpoint_group}}' + end +end diff --git a/libraries/google_compute_region_network_endpoint_groups.rb b/libraries/google_compute_region_network_endpoint_groups.rb new file mode 100644 index 000000000..cb7c4a7b6 --- /dev/null +++ b/libraries/google_compute_region_network_endpoint_groups.rb @@ -0,0 +1,115 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class ComputeRegionNetworkEndpointGroups < GcpResourceBase + name 'google_compute_region_network_endpoint_groups' + desc 'RegionNetworkEndpointGroup plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:kinds, field: :kind) + filter_table_config.add(:ids, field: :id) + filter_table_config.add(:creation_timestamps, field: :creation_timestamp) + filter_table_config.add(:self_links, field: :self_link) + filter_table_config.add(:names, field: :name) + filter_table_config.add(:descriptions, field: :description) + filter_table_config.add(:network_endpoint_types, field: :network_endpoint_type) + filter_table_config.add(:sizes, field: :size) + filter_table_config.add(:regions, field: :region) + filter_table_config.add(:zones, field: :zone) + filter_table_config.add(:networks, field: :network) + filter_table_config.add(:subnetworks, field: :subnetwork) + filter_table_config.add(:default_ports, field: :default_port) + filter_table_config.add(:annotations, field: :annotations) + filter_table_config.add(:cloud_runs, field: :cloud_run) + filter_table_config.add(:app_engines, field: :app_engine) + filter_table_config.add(:cloud_functions, field: :cloud_function) + filter_table_config.add(:psc_target_services, field: :psc_target_service) + filter_table_config.add(:psc_data, field: :psc_data) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('items') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'kind' => ->(obj) { [:kind, obj['kind']] }, + 'id' => ->(obj) { [:id, obj['id']] }, + 'creationTimestamp' => ->(obj) { [:creation_timestamp, obj['creationTimestamp']] }, + 'selfLink' => ->(obj) { [:self_link, obj['selfLink']] }, + 'name' => ->(obj) { [:name, obj['name']] }, + 'description' => ->(obj) { [:description, obj['description']] }, + 'networkEndpointType' => ->(obj) { [:network_endpoint_type, obj['networkEndpointType']] }, + 'size' => ->(obj) { [:size, obj['size']] }, + 'region' => ->(obj) { [:region, obj['region']] }, + 'zone' => ->(obj) { [:zone, obj['zone']] }, + 'network' => ->(obj) { [:network, obj['network']] }, + 'subnetwork' => ->(obj) { [:subnetwork, obj['subnetwork']] }, + 'defaultPort' => ->(obj) { [:default_port, obj['defaultPort']] }, + 'annotations' => ->(obj) { [:annotations, GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupAnnotations.new(obj['annotations'], to_s)] }, + 'cloudRun' => ->(obj) { [:cloud_run, GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupCloudRun.new(obj['cloudRun'], to_s)] }, + 'appEngine' => ->(obj) { [:app_engine, GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupAppEngine.new(obj['appEngine'], to_s)] }, + 'cloudFunction' => ->(obj) { [:cloud_function, GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupCloudFunction.new(obj['cloudFunction'], to_s)] }, + 'pscTargetService' => ->(obj) { [:psc_target_service, obj['pscTargetService']] }, + 'pscData' => ->(obj) { [:psc_data, GoogleInSpec::Compute::Property::RegionNetworkEndpointGroupPscData.new(obj['pscData'], to_s)] }, + } + end + + private + + def product_url(_ = nil) + 'https://compute.googleapis.com/compute/v1/' + end + + def resource_base_url + 'projects/{{project}}/regions/{{region}}/networkEndpointGroups' + end +end diff --git a/libraries/google_kms_crypto_key_version.rb b/libraries/google_kms_crypto_key_version.rb new file mode 100644 index 000000000..8498dc3c8 --- /dev/null +++ b/libraries/google_kms_crypto_key_version.rb @@ -0,0 +1,92 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/kms/property/cryptokeyversion_attestation' +require 'google/kms/property/cryptokeyversion_external_protection_level_options' + +# A provider to manage Cloud Key Management Service resources. +class KMSCryptoKeyVersion < GcpResourceBase + name 'google_kms_crypto_key_version' + desc 'CryptoKeyVersion' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :create_time + attr_reader :generate_time + attr_reader :destroy_time + attr_reader :destroy_event_time + attr_reader :state + attr_reader :protection_level + attr_reader :algorithm + attr_reader :attestation + attr_reader :import_job + attr_reader :import_time + attr_reader :import_failure_reason + attr_reader :external_protection_level_options + attr_reader :reimport_eligible + attr_reader :key_ring + attr_reader :crypto_key + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @name = @fetched['name'] + @create_time = parse_time_string(@fetched['createTime']) + @generate_time = parse_time_string(@fetched['generateTime']) + @destroy_time = parse_time_string(@fetched['destroyTime']) + @destroy_event_time = parse_time_string(@fetched['destroyEventTime']) + @state = @fetched['state'] + @protection_level = @fetched['protectionLevel'] + @algorithm = @fetched['algorithm'] + @attestation = GoogleInSpec::KMS::Property::CryptoKeyVersionAttestation.new(@fetched['attestation'], to_s) + @import_job = @fetched['importJob'] + @import_time = parse_time_string(@fetched['importTime']) + @import_failure_reason = @fetched['importFailureReason'] + @external_protection_level_options = GoogleInSpec::KMS::Property::CryptoKeyVersionExternalProtectionLevelOptions.new(@fetched['externalProtectionLevelOptions'], to_s) + @reimport_eligible = @fetched['reimportEligible'] + @key_ring = @fetched['keyRing'] + @crypto_key = @fetched['cryptoKey'] + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + def exists? + !@fetched.nil? + end + + def to_s + "CryptoKeyVersion #{@params[:name]}" + end + + private + + def product_url(_ = nil) + 'https://cloudkms.googleapis.com/v1/' + end + + def resource_base_url + 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}/cryptoKeyVersions/{{name}}' + end +end diff --git a/libraries/google_kms_crypto_key_versions.rb b/libraries/google_kms_crypto_key_versions.rb new file mode 100644 index 000000000..f73057bf2 --- /dev/null +++ b/libraries/google_kms_crypto_key_versions.rb @@ -0,0 +1,114 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class KMSCryptoKeyVersions < GcpResourceBase + name 'google_kms_crypto_key_versions' + desc 'CryptoKeyVersion plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:create_times, field: :create_time) + filter_table_config.add(:generate_times, field: :generate_time) + filter_table_config.add(:destroy_times, field: :destroy_time) + filter_table_config.add(:destroy_event_times, field: :destroy_event_time) + filter_table_config.add(:states, field: :state) + filter_table_config.add(:protection_levels, field: :protection_level) + filter_table_config.add(:algorithms, field: :algorithm) + filter_table_config.add(:attestations, field: :attestation) + filter_table_config.add(:import_jobs, field: :import_job) + filter_table_config.add(:import_times, field: :import_time) + filter_table_config.add(:import_failure_reasons, field: :import_failure_reason) + filter_table_config.add(:external_protection_level_options, field: :external_protection_level_options) + filter_table_config.add(:reimport_eligibles, field: :reimport_eligible) + filter_table_config.add(:key_rings, field: :key_ring) + filter_table_config.add(:crypto_keys, field: :crypto_key) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('cryptoKeyVersions') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { [:name, obj['name']] }, + 'createTime' => ->(obj) { [:create_time, parse_time_string(obj['createTime'])] }, + 'generateTime' => ->(obj) { [:generate_time, parse_time_string(obj['generateTime'])] }, + 'destroyTime' => ->(obj) { [:destroy_time, parse_time_string(obj['destroyTime'])] }, + 'destroyEventTime' => ->(obj) { [:destroy_event_time, parse_time_string(obj['destroyEventTime'])] }, + 'state' => ->(obj) { [:state, obj['state']] }, + 'protectionLevel' => ->(obj) { [:protection_level, obj['protectionLevel']] }, + 'algorithm' => ->(obj) { [:algorithm, obj['algorithm']] }, + 'attestation' => ->(obj) { [:attestation, GoogleInSpec::KMS::Property::CryptoKeyVersionAttestation.new(obj['attestation'], to_s)] }, + 'importJob' => ->(obj) { [:import_job, obj['importJob']] }, + 'importTime' => ->(obj) { [:import_time, parse_time_string(obj['importTime'])] }, + 'importFailureReason' => ->(obj) { [:import_failure_reason, obj['importFailureReason']] }, + 'externalProtectionLevelOptions' => ->(obj) { [:external_protection_level_options, GoogleInSpec::KMS::Property::CryptoKeyVersionExternalProtectionLevelOptions.new(obj['externalProtectionLevelOptions'], to_s)] }, + 'reimportEligible' => ->(obj) { [:reimport_eligible, obj['reimportEligible']] }, + 'keyRing' => ->(obj) { [:key_ring, obj['keyRing']] }, + 'cryptoKey' => ->(obj) { [:crypto_key, obj['cryptoKey']] }, + } + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + private + + def product_url(_ = nil) + 'https://cloudkms.googleapis.com/v1/' + end + + def resource_base_url + 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}/cryptoKeyVersions' + end +end diff --git a/libraries/google_secret_manager_secret.rb b/libraries/google_secret_manager_secret.rb new file mode 100644 index 000000000..1340ad06c --- /dev/null +++ b/libraries/google_secret_manager_secret.rb @@ -0,0 +1,76 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/secretmanager/property/secret_replication' +require 'google/secretmanager/property/secret_replication_user_managed' +require 'google/secretmanager/property/secret_replication_user_managed_replicas' +require 'google/secretmanager/property/secret_rotation' +require 'google/secretmanager/property/secret_topics' + +# A provider to manage Secret Manager resources. +class SecretManagerSecret < GcpResourceBase + name 'google_secret_manager_secret' + desc 'Secret' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :create_time + attr_reader :labels + attr_reader :replication + attr_reader :topics + attr_reader :expire_time + attr_reader :ttl + attr_reader :rotation + attr_reader :secret_id + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @name = @fetched['name'] + @create_time = @fetched['createTime'] + @labels = @fetched['labels'] + @replication = GoogleInSpec::SecretManager::Property::SecretReplication.new(@fetched['replication'], to_s) + @topics = GoogleInSpec::SecretManager::Property::SecretTopicsArray.parse(@fetched['topics'], to_s) + @expire_time = @fetched['expireTime'] + @ttl = @fetched['ttl'] + @rotation = GoogleInSpec::SecretManager::Property::SecretRotation.new(@fetched['rotation'], to_s) + @secret_id = @fetched['secretId'] + end + + def exists? + !@fetched.nil? + end + + def to_s + "Secret #{@params[:secret_id]}" + end + + private + + def product_url(_ = nil) + 'https://secretmanager.googleapis.com/v1/' + end + + def resource_base_url + '{{name}}' + end +end diff --git a/libraries/google_secret_manager_secrets.rb b/libraries/google_secret_manager_secrets.rb new file mode 100644 index 000000000..ebb6dff99 --- /dev/null +++ b/libraries/google_secret_manager_secrets.rb @@ -0,0 +1,95 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class SecretManagerSecrets < GcpResourceBase + name 'google_secret_manager_secrets' + desc 'Secret plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:create_times, field: :create_time) + filter_table_config.add(:labels, field: :labels) + filter_table_config.add(:replications, field: :replication) + filter_table_config.add(:topics, field: :topics) + filter_table_config.add(:expire_times, field: :expire_time) + filter_table_config.add(:ttls, field: :ttl) + filter_table_config.add(:rotations, field: :rotation) + filter_table_config.add(:secret_ids, field: :secret_id) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('secrets') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { [:name, obj['name']] }, + 'createTime' => ->(obj) { [:create_time, obj['createTime']] }, + 'labels' => ->(obj) { [:labels, obj['labels']] }, + 'replication' => ->(obj) { [:replication, GoogleInSpec::SecretManager::Property::SecretReplication.new(obj['replication'], to_s)] }, + 'topics' => ->(obj) { [:topics, GoogleInSpec::SecretManager::Property::SecretTopicsArray.parse(obj['topics'], to_s)] }, + 'expireTime' => ->(obj) { [:expire_time, obj['expireTime']] }, + 'ttl' => ->(obj) { [:ttl, obj['ttl']] }, + 'rotation' => ->(obj) { [:rotation, GoogleInSpec::SecretManager::Property::SecretRotation.new(obj['rotation'], to_s)] }, + 'secretId' => ->(obj) { [:secret_id, obj['secretId']] }, + } + end + + private + + def product_url(_ = nil) + 'https://secretmanager.googleapis.com/v1/' + end + + def resource_base_url + '{{parent}}/secrets' + end +end diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index 0d3d82d67..634fe6a6c 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -239,6 +239,12 @@ variable "organization_envgroup" { variable "vpn_gateway" { type = any } +variable "region_network_endpoint_group" { + type = any +} +variable "secrets_manager_v1" { + type = any +} resource "google_compute_ssl_policy" "custom-ssl-policy" { name = var.ssl_policy["name"] @@ -1692,3 +1698,36 @@ resource "google_apigee_envgroup_attachment" "engroup_attachment" { envgroup_id = var.apigee_organization_envgroup_attachment.envgroup_id environment = var.apigee_organization_envgroup_attachment.environment } +resource "google_compute_region_network_endpoint_group" "region_network_endpoint_group" { + name = var.region_network_endpoint_group.name + network_endpoint_type = var.region_network_endpoint_group.network_endpoint_type + region = var.region_network_endpoint_group.region + psc_target_service = var.region_network_endpoint_group.target_service +} + +resource "google_secret_manager_secret" "test-secret" { + secret_id = var.secrets_manager_v1["secret_id"] + + replication { + auto {} + } +} + +variable "crypto_key_version" { + type = any +} + +resource "google_kms_key_ring" "keyring" { + name = var.crypto_key_version.key_ring + location = var.crypto_key_version.region +} + +resource "google_kms_crypto_key" "cryptokey" { + name = var.crypto_key_version.crypto_key + key_ring = google_kms_key_ring.keyring.id + rotation_period = "100000s" +} + +resource "google_kms_crypto_key_version" "example-key" { + crypto_key = google_kms_crypto_key.cryptokey.id +} diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index 8c37d5494..54499a479 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -621,3 +621,22 @@ vpn_gateway: self_link : "value_selflink" label_fingerprint : "value_labelfingerprint" stack_type : "IPV4_ONLY" + +region_network_endpoint_group: + name: "inspec" + region: "us-central1" + network_endpoint_type: "PRIVATE_SERVICE_CONNECT" + target_service: "us-central1-logging.googleapis.com" + +apigee_organization_apis: + name : "firstproxy", + parent : "organizations/ppradhan", + api_proxy_type : "PROGRAMMABLE" + +secrets_manager_v1: + secret_id: "inspec-gcp-secret" + +crypto_key_version: + key_ring: "gcp-inspec-kms-key-ring" + crypto_key: "gcp-inspec-kms-crypto-key-policy" + region: "us-central-1" diff --git a/test/integration/verify/controls/google_apigee_organization_api.rb b/test/integration/verify/controls/google_apigee_organization_api.rb new file mode 100644 index 000000000..2b6ab89df --- /dev/null +++ b/test/integration/verify/controls/google_apigee_organization_api.rb @@ -0,0 +1,39 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_apigee_organization_api resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + organization_api = input('organization_api', value: { + "name": "firstproxy", + "parent": "organizations/ppradhan", + "latest_revision_id": "value_latestrevisionid", + "api_proxy_type": "PROGRAMMABLE" +}, description: 'organization_api description') +control 'google_apigee_organization_api-1.0' do + impact 1.0 + title 'google_apigee_organization_api resource test' + + describe google_apigee_organization_api(parent: organization_api['parent'],name: organization_api['name']) do + it { should exist } + its('latest_revision_id') { should cmp organization_api['latest_revision_id'] } + its('api_proxy_type') { should cmp organization_api['api_proxy_type'] } + its('name') { should cmp organization_api['name'] } + end + + describe google_apigee_organization_api(parent: organization_api['parent'],name: "does_not_exit") do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_apigee_organization_apis.rb b/test/integration/verify/controls/google_apigee_organization_apis.rb new file mode 100644 index 000000000..7b051f00e --- /dev/null +++ b/test/integration/verify/controls/google_apigee_organization_apis.rb @@ -0,0 +1,32 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_apigee_organization_apis resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + organization_api = input('organization_api', value: { + "name": "firstproxy", + "parent": "organizations/ppradhan", + "latest_revision_id": "value_latestrevisionid", + "api_proxy_type": "PROGRAMMABLE" +}, description: 'organization_api description') +control 'google_apigee_organization_apis-1.0' do + impact 1.0 + title 'google_apigee_organization_apis resource test' + + describe google_apigee_organization_apis(parent: organization_api['parent']) do + it { should exist } + end +end diff --git a/test/integration/verify/controls/google_compute_region_network_endpoint_group.rb b/test/integration/verify/controls/google_compute_region_network_endpoint_group.rb new file mode 100644 index 000000000..428f33cc6 --- /dev/null +++ b/test/integration/verify/controls/google_compute_region_network_endpoint_group.rb @@ -0,0 +1,59 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_region_network_endpoint_group resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + region_network_endpoint_group = input('region_network_endpoint_group', value: { + "network_endpoint_group": "apigee-us-west1-xw8iaictllv4", + "project": "value_project", + "kind": "value_kind", + "id": "value_id", + "creation_timestamp": "value_creationtimestamp", + "self_link": "value_selflink", + "name": "value_name", + "description": "value_description", + "network_endpoint_type": "value_networkendpointtype", + "region": "us-west1", + "zone": "value_zone", + "network": "value_network", + "subnetwork": "value_subnetwork", + "psc_target_service": "value_psctargetservice" +}, description: 'region_network_endpoint_group description') +control 'google_compute_region_network_endpoint_group-1.0' do + impact 1.0 + title 'google_compute_region_network_endpoint_group resource test' + + describe google_compute_region_network_endpoint_group(network_endpoint_group: region_network_endpoint_group['network_endpoint_group'], project: gcp_project_id, region: region_network_endpoint_group['region']) do + it { should exist } + its('kind') { should cmp region_network_endpoint_group['kind'] } + its('id') { should cmp region_network_endpoint_group['id'] } + its('creation_timestamp') { should cmp region_network_endpoint_group['creation_timestamp'] } + its('self_link') { should cmp region_network_endpoint_group['self_link'] } + its('name') { should cmp region_network_endpoint_group['name'] } + its('description') { should cmp region_network_endpoint_group['description'] } + its('network_endpoint_type') { should cmp region_network_endpoint_group['network_endpoint_type'] } + its('region') { should cmp region_network_endpoint_group['region'] } + its('zone') { should cmp region_network_endpoint_group['zone'] } + its('network') { should cmp region_network_endpoint_group['network'] } + its('subnetwork') { should cmp region_network_endpoint_group['subnetwork'] } + its('psc_target_service') { should cmp region_network_endpoint_group['psc_target_service'] } + + end + + describe google_compute_region_network_endpoint_group(network_endpoint_group: region_network_endpoint_group['network_endpoint_group'], project: gcp_project_id, region: region_network_endpoint_group['region']) do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_compute_region_network_endpoint_groups.rb b/test/integration/verify/controls/google_compute_region_network_endpoint_groups.rb new file mode 100644 index 000000000..fd21b3c1e --- /dev/null +++ b/test/integration/verify/controls/google_compute_region_network_endpoint_groups.rb @@ -0,0 +1,42 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_region_network_endpoint_groups resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + + region_network_endpoint_group = input('region_network_endpoint_group', value: { + "network_endpoint_group": "apigee-us-west1-xw8iaictllv4", + "project": "value_project", + "kind": "value_kind", + "id": "value_id", + "creation_timestamp": "value_creationtimestamp", + "self_link": "value_selflink", + "name": "value_name", + "description": "value_description", + "network_endpoint_type": "value_networkendpointtype", + "region": "us-west1", + "zone": "value_zone", + "network": "value_network", + "subnetwork": "value_subnetwork", + "psc_target_service": "value_psctargetservice" +}, description: 'region_network_endpoint_group description') +control 'google_compute_region_network_endpoint_groups-1.0' do + impact 1.0 + title 'google_compute_region_network_endpoint_groups resource test' + + describe google_compute_region_network_endpoint_groups(project: gcp_project_id, region: region_network_endpoint_group['region']) do + it { should exist } + end +end diff --git a/test/integration/verify/controls/google_kms_crypto_key_version.rb b/test/integration/verify/controls/google_kms_crypto_key_version.rb new file mode 100644 index 000000000..8a4bd376c --- /dev/null +++ b/test/integration/verify/controls/google_kms_crypto_key_version.rb @@ -0,0 +1,38 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_kms_crypto_key_version resource.' + +gcp_project_id = input(:gcp_project_id, value: 'ppradhan', description: 'The GCP project identifier.') +gcp_location = input(:gcp_location, value: 'us-central1', description: 'GCP location') +gcp_kms_key_ring_policy_name = input(:gcp_kms_key_ring_policy_name, value: 'gcp-inspec-kms-key-ring-aytsuncucfsfrvochsuubyovf', description: 'Key ring name') +gcp_kms_crypto_key = input(:gcp_kms_crypto_key, value: 'gcp-inspec-kms-crypto-key-policy-rbgvmohbidtgdzfatbzwckttd', description: 'Key name') +gcp_kms_crypto_key_version = input(:gcp_kms_crypto_key_version, value: '1', description: 'Version name') +control 'google_kms_crypto_key_version-1.0' do + impact 1.0 + title 'google_kms_crypto_key_version resource test' + + describe google_kms_crypto_key_version(project: gcp_project_id, location: gcp_location, key_ring: gcp_kms_key_ring_policy_name, crypto_key: gcp_kms_crypto_key, name: gcp_kms_crypto_key_version) do + it { should exist } + its('crypto_key_name') { should cmp gcp_kms_crypto_key } + its('primary_state') { should eq "ENABLED" } + its('purpose') { should eq "ENCRYPT_DECRYPT" } + its('next_rotation_time') { should be > Time.now - 100000 } + its('create_time') { should be > Time.now - 365*60*60*24*10 } + end + + describe google_kms_crypto_key_version(project: gcp_project_id, location: gcp_location, key_ring: gcp_kms_key_ring_policy_name, crypto_key: gcp_kms_crypto_key, name: gcp_kms_crypto_key_version) do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_kms_crypto_key_versions.rb b/test/integration/verify/controls/google_kms_crypto_key_versions.rb new file mode 100644 index 000000000..0fe3cdfb4 --- /dev/null +++ b/test/integration/verify/controls/google_kms_crypto_key_versions.rb @@ -0,0 +1,31 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_kms_crypto_key_versions resource.' + +gcp_project_id = input(:gcp_project_id, value: 'ppradhan', description: 'The GCP project identifier.') +gcp_location = input(:gcp_location, value: 'us-central1', description: 'GCP location') +gcp_kms_key_ring_policy_name = input(:gcp_kms_key_ring_policy_name, value: 'gcp-inspec-kms-key-ring-aytsuncucfsfrvochsuubyovf', description: 'Key ring name') +gcp_kms_crypto_key = input(:gcp_kms_crypto_key, value: 'gcp-inspec-kms-crypto-key-policy-rbgvmohbidtgdzfatbzwckttd', description: 'Key name') +gcp_kms_crypto_key_version = input(:gcp_kms_crypto_key_version, value: '1', description: 'Version name') + +control 'google_kms_crypto_key_versions-1.0' do + impact 1.0 + title 'google_kms_crypto_key_versions resource test' + + describe google_kms_crypto_key_versions(project: gcp_project_id, location: gcp_location, key_ring: gcp_kms_key_ring_policy_name, crypto_key: gcp_kms_crypto_key) do + its('count') { should be >= 1 } + its('crypto_key_names') { should include gcp_kms_crypto_key_name_policy } + end +end diff --git a/test/integration/verify/controls/google_secret_manager_secret.rb b/test/integration/verify/controls/google_secret_manager_secret.rb new file mode 100644 index 000000000..23328e088 --- /dev/null +++ b/test/integration/verify/controls/google_secret_manager_secret.rb @@ -0,0 +1,36 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_secret_manager_secret resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + +project_secret = input('project_secret', value: { + "name": "projects/ppradhan/secrets/inspec-gcp-secret", + "parent": "projects/ppradhan", +}, description: 'project_secret description') + +control 'google_secret_manager_secret-1.0' do + impact 1.0 + title 'google_secret_manager_secret resource test' + + describe google_secret_manager_secret(name: project_secret['name']) do + it { should exist } + + end + + describe google_secret_manager_secret(name: "does_not_exit") do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_secret_manager_secrets.rb b/test/integration/verify/controls/google_secret_manager_secrets.rb new file mode 100644 index 000000000..9d43c705c --- /dev/null +++ b/test/integration/verify/controls/google_secret_manager_secrets.rb @@ -0,0 +1,31 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_secret_manager_secrets resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') + +project_secret = input('project_secret', value: { + "name": "projects/ppradhan/secrets/inspec-gcp-secret", + "parent": "projects/ppradhan", +}, description: 'project_secret description') + +control 'google_secret_manager_secrets-1.0' do + impact 1.0 + title 'google_secret_manager_secrets resource test' + + describe google_secret_manager_secrets(parent: project_secret['parent']) do + it { should exist } + end +end