Add InSpec support for source repositories (#1411)

Merged PR #1411.
GoogleCloudPlatform · Feb 20, 2019 · abf1d64 · abf1d64
1 parent f396a11
commit abf1d64
Show file tree

Hide file tree

Showing 10 changed files with 79 additions and 24 deletions.
diff --git a/.ci/unit-tests/inspec.sh b/.ci/unit-tests/inspec.sh
@@ -33,7 +33,7 @@ bundle
 mkdir inspec-cassettes
 # Check if PR_ID folder exists
 set +e
-gsutil ls -m gs://magic-modules-inspec-bucket/$PR_ID
+gsutil ls gs://magic-modules-inspec-bucket/$PR_ID
 if [ $? -eq 0 ]; then
   gsutil -m cp gs://magic-modules-inspec-bucket/$PR_ID/inspec-cassettes/* inspec-cassettes/
 else

diff --git a/build/inspec b/build/inspec
diff --git a/products/sourcerepo/inspec.yaml b/products/sourcerepo/inspec.yaml
@@ -0,0 +1,19 @@
+# Copyright 2017 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Provider::Inspec::Config
+manifest: !ruby/object:Provider::Inspec::Manifest
+  summary: 'InSpec resources for verifying GCP infrastructure'
+  description: |
+    InSpec resources for verifying GCP infrastructure
+overrides: !ruby/object:Overrides::ResourceOverrides
diff --git a/templates/inspec/examples/google_sourcerepo_repository/google_sourcerepo_repositories.erb b/templates/inspec/examples/google_sourcerepo_repository/google_sourcerepo_repositories.erb
@@ -0,0 +1,10 @@
+<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%>
+<% repository = grab_attributes['repository'] -%>
+repo_name = <%= doc_generation ? "'#{repository['name']}'" : "repository['name']" %>
+describe.one do
+  google_sourcerepo_repositories(project: <%= gcp_project_id -%>).names.each do |name|
+    describe name do
+      it { should match /\/repos\/#{repo_name}$/ }
+    end
+  end
+end
diff --git a/templates/inspec/examples/google_sourcerepo_repository/google_sourcerepo_repository.erb b/templates/inspec/examples/google_sourcerepo_repository/google_sourcerepo_repository.erb
@@ -0,0 +1,9 @@
+<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%>
+<% repository = grab_attributes['repository'] -%>
+describe google_sourcerepo_repository(project: <%= gcp_project_id -%>, name: <%= doc_generation ? "'#{repository['name']}'" : "repository['name']" -%>) do
+  it { should exist }
+end
+
+describe google_sourcerepo_repository(project: <%= gcp_project_id -%>, name: 'nonexistent') do
+  it { should_not exist }
+end
diff --git a/.../inspec/examples/google_sourcerepo_repository/google_sourcerepo_repository_attributes.erb b/.../inspec/examples/google_sourcerepo_repository/google_sourcerepo_repository_attributes.erb
@@ -0,0 +1,2 @@
+gcp_project_id = attribute(:gcp_project_id, default: '<%= external_attribute('gcp_project_id') -%>', description: 'The GCP project identifier.')
+repository = attribute('repository', default: <%= JSON.pretty_generate(grab_attributes['repository']) -%>, description: 'Source Repository definition')
diff --git a/templates/inspec/plural_resource.erb b/templates/inspec/plural_resource.erb
@@ -35,17 +35,6 @@ name = "google_#{product_ns.downcase}_#{object.name.underscore}"
 
   filter_table_config.connect(self, :table)
 
-<%
-base = "'#{object.self_link_url[0].join}'"
--%>
-  def base
-    <%= base %>
-  end
-
-  def url
-    '<%= format_url(object.base_url) %>'
-  end
-
 <% 
 link_query = object.self_link_query || object.collection_url_response
 -%>
@@ -57,7 +46,7 @@ link_query = object.self_link_query || object.collection_url_response
 
   def fetch_wrapped_resource(wrap_path)
     # fetch_resource returns an array of responses (to handle pagination)
-    result = @connection.fetch_all(base, url, @params)
+    result = @connection.fetch_all(product_url, resource_base_url, @params)
     return if result.nil?
 
     # Conversion of string -> object hash to symbol -> object hash that InSpec needs
@@ -95,4 +84,15 @@ link_query = object.self_link_query || object.collection_url_response
   def parse_time_string(time_string)
     time_string ? Time.parse(time_string) : nil
   end
+
+<% base = "'#{object.self_link_url[0].join}'" -%>
+  private
+
+  def product_url
+    <%= base %>
+  end
+
+  def resource_base_url
+    '<%= format_url(object.base_url) %>'
+  end
 end
diff --git a/templates/inspec/singular_resource.erb b/templates/inspec/singular_resource.erb
@@ -36,24 +36,17 @@ class <%= object.name -%> < GcpResourceBase
   <%= "attr_reader :#{prop.out_name}" -%>
 
 <% end -%>
-  def base
-    '<%= object.self_link_url[0].join %>'
-  end
-
-  def url
-    '<%= format_url(object.self_link_url[1]) %>'
-  end
 
 <% if object.self_link_query.nil? -%>
   def initialize(params)
     super(params.merge({ use_http_transport: true }))
-<%= indent('@fetched = @connection.fetch(base, url, params)', 4) %>
+<%= indent('@fetched = @connection.fetch(product_url, resource_base_url, params)', 4) %>
     parse unless @fetched.nil?
   end
 <% else # object.self_link_query.nil? -%>
   def initialize(params)
     super(params.merge({ use_http_transport: true }))
-<%= indent('fetched = @connection.fetch(base, url, params)', 4) %>
+<%= indent('fetched = @connection.fetch(product_url, resource_base_url, params)', 4) %>
 <%= indent('@fetched = unwrap(fetched, params)', 4) %>
     parse unless @fetched.nil?
   end
@@ -93,4 +86,14 @@ class <%= object.name -%> < GcpResourceBase
 
 <%= lines(indent(object.additional_functions, 2)) -%>
 <% end -%>
+
+  private
+
+  def product_url
+    '<%= object.self_link_url[0].join %>'
+  end
+
+  def resource_base_url
+    '<%= format_url(object.self_link_url[1]) %>'
+  end
 end
diff --git a/templates/inspec/tests/integration/build/gcp-mm.tf b/templates/inspec/tests/integration/build/gcp-mm.tf
@@ -106,6 +106,10 @@ variable "bigquery_table" {
   type = "map"
 }
 
+variable "repository" {
+  type = "map"
+}
+
 resource "google_compute_ssl_policy" "custom-ssl-policy" {
   name            = "${var.ssl_policy["name"]}"
   min_tls_version = "${var.ssl_policy["min_tls_version"]}"
@@ -433,4 +437,9 @@ resource "google_bigquery_table" "gcp-inspec-bigquery-table" {
 
   description = "${var.bigquery_table["description"]}"
   expiration_time = "${var.bigquery_table["expiration_time"]}"
+}
+
+resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" {
+  project = "${var.gcp_project_id}"
+  name = "${var.repository["name"]}"
 }
diff --git a/templates/inspec/tests/integration/configuration/mm-attributes.yml b/templates/inspec/tests/integration/configuration/mm-attributes.yml
@@ -183,4 +183,7 @@ bigquery_table:
   table_id: inspec_gcp_bigquery_table
   description: A BigQuery table
   expiration_time: 1738882264000
-  time_partitioning_type: DAY
+  time_partitioning_type: DAY
+
+repository:
+  name: inspec-gcp-repository
+31 −0		docs/resources/google_sourcerepo_repositories.md
+27 −0		docs/resources/google_sourcerepo_repository.md
+11 −8		libraries/google_bigquery_dataset.rb
+11 −9		libraries/google_bigquery_datasets.rb
+11 −8		libraries/google_bigquery_table.rb
+11 −9		libraries/google_bigquery_tables.rb
+11 −8		libraries/google_cloudbuild_trigger.rb
+11 −9		libraries/google_cloudbuild_triggers.rb
+11 −8		libraries/google_compute_autoscaler.rb
+11 −9		libraries/google_compute_autoscalers.rb
+11 −8		libraries/google_compute_backend_service.rb
+11 −9		libraries/google_compute_backend_services.rb
+11 −8		libraries/google_compute_disk.rb
+11 −9		libraries/google_compute_disks.rb
+11 −8		libraries/google_compute_global_address.rb
+11 −9		libraries/google_compute_global_addresses.rb
+11 −8		libraries/google_compute_global_forwarding_rule.rb
+11 −9		libraries/google_compute_global_forwarding_rules.rb
+11 −8		libraries/google_compute_health_check.rb
+11 −9		libraries/google_compute_health_checks.rb
+11 −8		libraries/google_compute_http_health_check.rb
+11 −9		libraries/google_compute_http_health_checks.rb
+11 −8		libraries/google_compute_https_health_check.rb
+11 −9		libraries/google_compute_https_health_checks.rb
+11 −8		libraries/google_compute_instance_group_manager.rb
+11 −9		libraries/google_compute_instance_group_managers.rb
+11 −8		libraries/google_compute_instance_template.rb
+11 −9		libraries/google_compute_instance_templates.rb
+11 −8		libraries/google_compute_route.rb
+11 −8		libraries/google_compute_router.rb
+11 −9		libraries/google_compute_routers.rb
+11 −9		libraries/google_compute_routes.rb
+11 −8		libraries/google_compute_snapshot.rb
+11 −9		libraries/google_compute_snapshots.rb
+11 −8		libraries/google_compute_ssl_certificate.rb
+11 −9		libraries/google_compute_ssl_certificates.rb
+11 −9		libraries/google_compute_ssl_policies.rb
+11 −8		libraries/google_compute_ssl_policy.rb
+11 −9		libraries/google_compute_target_http_proxies.rb
+11 −8		libraries/google_compute_target_http_proxy.rb
+11 −9		libraries/google_compute_target_https_proxies.rb
+11 −8		libraries/google_compute_target_https_proxy.rb
+11 −8		libraries/google_compute_target_pool.rb
+11 −9		libraries/google_compute_target_pools.rb
+11 −9		libraries/google_compute_target_tcp_proxies.rb
+11 −8		libraries/google_compute_target_tcp_proxy.rb
+11 −8		libraries/google_compute_url_map.rb
+11 −9		libraries/google_compute_url_maps.rb
+11 −8		libraries/google_container_regional_cluster.rb
+11 −9		libraries/google_container_regional_clusters.rb
+11 −8		libraries/google_dns_resource_record_set.rb
+11 −9		libraries/google_dns_resource_record_sets.rb
+11 −8		libraries/google_pubsub_subscription.rb
+11 −9		libraries/google_pubsub_subscriptions.rb
+12 −9		libraries/google_pubsub_topic.rb
+11 −9		libraries/google_pubsub_topics.rb
+88 −0		libraries/google_sourcerepo_repositories.rb
+58 −0		libraries/google_sourcerepo_repository.rb
+9 −0		test/integration/build/gcp-mm.tf
+4 −1		test/integration/configuration/mm-attributes.yml
+33 −0		test/integration/verify/controls/google_sourcerepo_repositories.rb
+32 −0		test/integration/verify/controls/google_sourcerepo_repository.rb
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		gcp_project_id = attribute(:gcp_project_id, default: '<%= external_attribute('gcp_project_id') -%>', description: 'The GCP project identifier.')
		repository = attribute('repository', default: <%= JSON.pretty_generate(grab_attributes['repository']) -%>, description: 'Source Repository definition')