title | platform |
---|---|
About the google_compute_instance Resource |
gcp |
Use the google_compute_instance
InSpec audit resource to test properties of a single GCP compute instance.
A google_compute_instance
resource block declares the tests for a single GCP instance by project, zone and name.
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
it { should exist }
its('name') { should eq 'inspec-test-vm' }
its('zone') { should match 'us-east1-b' }
end
The following examples show how to use this InSpec audit resource.
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm-not-there') do
it { should_not exist }
end
Test that a GCP compute instance is in the expected state (explore possible states here)
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
its('status') { should eq 'RUNNING' }
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
its('machine_type') { should match "f1-micro" }
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
its('cpu_platform') { should match "Intel" }
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
its('disk_count'){should eq 2}
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
its('network_interfaces_count'){should eq 1}
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
its('tag_count'){should eq 1}
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
its('first_network_interface_nat_ip_exists'){ should be true }
its('first_network_interface_name'){ should eq "external-nat" }
its('first_network_interface_type'){ should eq "one_to_one_nat" }
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone: 'us-east1-b', name: 'inspec-test-vm') do
its('labels_keys') { should include 'my_favourite_label' }
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone:'us-east1-b', name:'inspec-test-vm').label_value_by_key('business-area') do
it {should match '^(marketing|research)$' }
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone:'us-east1-b', name:'inspec-test-vm') do
its('metadata_keys') {should include 'patching-type'}
end
describe google_compute_instance(project: 'chef-inspec-gcp', zone:'us-east1-b', name:'inspec-test-vm')metadata_value_by_key('patching-window') do
it {should match '^\d{1}-\d{2}$'}
end
cpu_platform
,creation_timestamp
,deletion_protection
,disks
,id
,kind
,label_fingerprint
,machine_type
,metadata
,name
,network_interfaces
,scheduling
,start_restricted
,status
,tags
,zone
,labels_keys
,labels_values
,label_value_by_key
,metadata_keys
,metadata_values
,metadata_value_by_key
Ensure the Compute Engine API is enabled for the project where the resource is located.