This repository has been archived by the owner on Nov 14, 2024. It is now read-only.
forked from inspec/inspec-gcp
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Modular Magician <magic-modules@google.com>
- Loading branch information
Showing
112 changed files
with
6,343 additions
and
2,032 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
--- | ||
title: About the google_compute_addresses resource | ||
platform: gcp | ||
--- | ||
|
||
## Syntax | ||
A `google_compute_addresses` is used to test a Google Address resource | ||
|
||
## Examples | ||
``` | ||
describe google_compute_addresses(project: 'chef-gcp-inspec', location: 'europe-west2') do | ||
its('addresses') { should include '10.2.0.3' } | ||
its('names') { should include 'inspec-gcp-global-address' } | ||
end | ||
``` | ||
|
||
## Properties | ||
Properties that can be accessed from the `google_compute_addresses` resource: | ||
|
||
See [google_compute_address.md](google_compute_address.md) for more detailed information | ||
* `addresses`: an array of `google_compute_address` address | ||
* `address_types`: an array of `google_compute_address` address_type | ||
* `creation_timestamps`: an array of `google_compute_address` creation_timestamp | ||
* `descriptions`: an array of `google_compute_address` description | ||
* `ids`: an array of `google_compute_address` id | ||
* `names`: an array of `google_compute_address` name | ||
* `purposes`: an array of `google_compute_address` purpose | ||
* `network_tiers`: an array of `google_compute_address` network_tier | ||
* `subnetworks`: an array of `google_compute_address` subnetwork | ||
* `users`: an array of `google_compute_address` users | ||
* `statuses`: an array of `google_compute_address` status | ||
* `regions`: an array of `google_compute_address` region | ||
|
||
## Filter Criteria | ||
This resource supports all of the above properties as filter criteria, which can be used | ||
with `where` as a block or a method. | ||
|
||
## GCP Permissions | ||
|
||
Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,76 +1,46 @@ | ||
--- | ||
title: About the google_compute_firewalls Resource | ||
title: About the google_compute_firewalls resource | ||
platform: gcp | ||
--- | ||
|
||
# google\_compute\_firewalls | ||
|
||
Use the `google_compute_firewalls` InSpec audit resource to test properties of all, or a filtered group of, GCP compute firewalls for a project. | ||
|
||
<br> | ||
|
||
## Syntax | ||
|
||
A `google_compute_firewalls` resource block collects GCP firewalls by project then tests that group. | ||
|
||
describe google_compute_firewalls(project: 'chef-inspec-gcp') do | ||
it { should exist } | ||
end | ||
|
||
Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_firewall`. | ||
|
||
google_compute_firewalls(project: 'chef-inspec-gcp').firewall_names.each do |firewall_name| | ||
describe google_compute_firewall(project: 'chef-inspec-gcp', name: firewall_name) do | ||
it { should exist } | ||
its('kind') { should eq "compute#firewall" } | ||
end | ||
end | ||
|
||
<br> | ||
A `google_compute_firewalls` is used to test a Google Firewall resource | ||
|
||
## Examples | ||
|
||
The following examples show how to use this InSpec audit resource. | ||
|
||
### Test that there are no more than a specified number of firewalls available for the project | ||
|
||
describe google_compute_firewalls(project: 'chef-inspec-gcp') do | ||
its('count') { should be <= 100} | ||
end | ||
|
||
### Test that an expected firewall is available for the project | ||
|
||
describe google_compute_firewalls(project: 'chef-inspec-gcp') do | ||
its('firewall_names') { should include "my-app-firewall-rule" } | ||
end | ||
|
||
### Test that a particular named rule does not exist | ||
|
||
describe google_compute_firewalls(project: 'chef-inspec-gcp') do | ||
its('firewall_names') { should_not include "default-allow-ssh" } | ||
end | ||
|
||
### Test there are no firewalls for the "INGRESS" direction | ||
|
||
describe google_compute_firewalls(project: 'chef-inspec-gcp').where(firewall_direction: 'INGRESS') do | ||
it { should_not exist } | ||
end | ||
|
||
<br> | ||
|
||
## Filter Criteria | ||
|
||
This resource supports the following filter criteria: `firewall_id`; `firewall_name`; and `firewall_direction`. Any of these may be used with `where`, as a block or as a method. | ||
``` | ||
describe google_compute_firewalls(project: 'chef-gcp-inspec') do | ||
its('count') { should be >= 1 } | ||
its('firewall_names') { should include 'inspec-gcp-firewall' } | ||
its('firewall_directions') { should include 'INGRESS' } | ||
end | ||
``` | ||
|
||
## Properties | ||
Properties that can be accessed from the `google_compute_firewalls` resource: | ||
|
||
See [google_compute_firewall.md](google_compute_firewall.md) for more detailed information | ||
* `alloweds`: an array of `google_compute_firewall` allowed | ||
* `creation_timestamps`: an array of `google_compute_firewall` creation_timestamp | ||
* `denieds`: an array of `google_compute_firewall` denied | ||
* `descriptions`: an array of `google_compute_firewall` description | ||
* `destination_ranges`: an array of `google_compute_firewall` destination_ranges | ||
* `firewall_directions`: an array of `google_compute_firewall` direction | ||
* `disableds`: an array of `google_compute_firewall` disabled | ||
* `log_configs`: an array of `google_compute_firewall` log_config | ||
* `firewall_ids`: an array of `google_compute_firewall` id | ||
* `firewall_names`: an array of `google_compute_firewall` name | ||
* `networks`: an array of `google_compute_firewall` network | ||
* `priorities`: an array of `google_compute_firewall` priority | ||
* `source_ranges`: an array of `google_compute_firewall` source_ranges | ||
* `source_service_accounts`: an array of `google_compute_firewall` source_service_accounts | ||
* `source_tags`: an array of `google_compute_firewall` source_tags | ||
* `target_service_accounts`: an array of `google_compute_firewall` target_service_accounts | ||
* `target_tags`: an array of `google_compute_firewall` target_tags | ||
|
||
* `firewall_ids` - an array of google_compute_firewall identifier integers | ||
* `firewall_names` - an array of google_compute_firewall name strings | ||
* `firewall_directions`- an array of google_compute_firewall directions containing strings e.g. "INGRESS" or "EGRESS" | ||
|
||
<br> | ||
|
||
## Filter Criteria | ||
This resource supports all of the above properties as filter criteria, which can be used | ||
with `where` as a block or a method. | ||
|
||
## GCP Permissions | ||
|
||
Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located. | ||
Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. |
Oops, something went wrong.