| title | platform |
|---|---|
About the google_compute_firewalls Resource |
gcp |
Use the google_compute_firewalls InSpec audit resource to test properties of all, or a filtered group of, GCP compute firewalls for a project.
A google_compute_firewalls resource block collects GCP firewalls by project then tests that group.
describe google_compute_firewalls(project: 'chef-inspec-gcp') do
it { should exist }
end
Use this InSpec resource to enumerate IDs then test in-depth using google_compute_firewall.
google_compute_firewalls(project: 'chef-inspec-gcp').firewall_names.each do |firewall_name|
describe google_compute_firewall(project: 'chef-inspec-gcp', name: firewall_name) do
it { should exist }
its('kind') { should eq "compute#firewall" }
end
end
The following examples show how to use this InSpec audit resource.
describe google_compute_firewalls(project: 'chef-inspec-gcp') do
its('count') { should be <= 100}
end
describe google_compute_firewalls(project: 'chef-inspec-gcp') do
its('firewall_names') { should include "my-app-firewall-rule" }
end
describe google_compute_firewalls(project: 'chef-inspec-gcp') do
its('firewall_names') { should_not include "default-allow-ssh" }
end
describe google_compute_firewalls(project: 'chef-inspec-gcp').where(firewall_direction: 'INGRESS') do
it { should_not exist }
end
This resource supports the following filter criteria: firewall_id; firewall_name; and firewall_direction. Any of these may be used with where, as a block or as a method.
firewall_ids- an array of google_compute_firewall identifier integersfirewall_names- an array of google_compute_firewall name stringsfirewall_directions- an array of google_compute_firewall directions containing strings e.g. "INGRESS" or "EGRESS"
Ensure the Compute Engine API is enabled for the project where the resource is located.