Add product services resource, make disk tests work with VCR

Signed-off-by: Modular Magician <magic-modules@google.com>

docs/resources/google_compute_disk.md

@@ -9,17 +9,17 @@ A `google_compute_disk` is used to test a Google Disk resource
 ## Examples
 ```
 
-most_recent_image = google_compute_image(project: 'debian', name: 'debian-8-jessie-v20170523')
+most_recent_image = google_compute_image(project: 'debian-cloud', name: 'debian-10-buster-v20191014')
 
-describe google_compute_disk(project: 'chef-gcp-inspec', name: 'my_disk', zone: 'zone') do
+describe google_compute_disk(project: 'chef-gcp-inspec', name: 'inspec-snapshot-disk', zone: 'zone') do
   it { should exist }
   # Test that the image is the most recent image for the family
   its('source_image') { should match most_recent_image.self_link }
   its('type') { should match 'pd-standard' }
 end
 
 describe.one do
-  google_compute_disk(project: 'chef-gcp-inspec', name: 'my_disk', zone: 'zone').labels.each_pair do |key, value|
+  google_compute_disk(project: 'chef-gcp-inspec', name: 'inspec-snapshot-disk', zone: 'zone').labels.each_pair do |key, value|
     describe key do
       it { should cmp "environment" }
     end

docs/resources/google_compute_disks.md

@@ -8,10 +8,10 @@ A `google_compute_disks` is used to test a Google Disk resource
 
 ## Examples
 ```
-most_recent_image = google_compute_image(project: 'debian', name: 'debian-8-jessie-v20170523')
+most_recent_image = google_compute_image(project: 'debian-cloud', name: 'debian-10-buster-v20191014')
 describe google_compute_disks(project: 'chef-gcp-inspec', zone: 'zone') do
   it { should exist }
-  its('names') { should include 'my_disk' }
+  its('names') { should include 'inspec-snapshot-disk' }
   its('source_images') { should include most_recent_image.self_link }
 end
 ```

docs/resources/google_project_service.md

@@ -0,0 +1,30 @@
+---
+title: About the google_project_service resource
+platform: gcp
+---
+
+## Syntax
+A `google_project_service` is used to test a Google Service resource
+
+## Examples
+```
+describe google_project_service(project: 'chef-gcp-inspec', name: 'maps-android-backend.googleapis.com') do
+  it { should exist }
+  its('state') { should cmp "ENABLED" }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_project_service` resource:
+
+
+  * `name`: The resource name of the service
+
+  * `parent`: The name of the parent of this service. For example: `projects/123`
+
+  * `state`: Whether or not the service has been enabled for use by the consumer.
+
+
+## GCP Permissions
+
+Ensure the [Service Usage API](https://console.cloud.google.com/apis/library/serviceusage.googleapis.com/) is enabled for the current project.

docs/resources/google_project_services.md

@@ -0,0 +1,34 @@
+---
+title: About the google_project_services resource
+platform: gcp
+---
+
+## Syntax
+A `google_project_services` is used to test a Google Service resource
+
+## Examples
+```
+describe.one do
+  google_project_services(project: 'chef-gcp-inspec').names.each do |name|
+    describe name do
+      it { should match 'maps-android-backend.googleapis.com' }
+    end
+  end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_project_services` resource:
+
+See [google_project_service.md](google_project_service.md) for more detailed information
+  * `names`: an array of `google_project_service` name
+  * `parents`: an array of `google_project_service` parent
+  * `states`: an array of `google_project_service` state
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Service Usage API](https://console.cloud.google.com/apis/library/serviceusage.googleapis.com/) is enabled for the current project.

libraries/google_project_service.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+
+# A provider to manage Service Usage resources.
+class ServiceUsageService < GcpResourceBase
+  name 'google_project_service'
+  desc 'Service'
+  supports platform: 'gcp'
+
+  attr_reader :params
+  attr_reader :name
+  attr_reader :parent
+  attr_reader :state
+
+  def initialize(params)
+    super(params.merge({ use_http_transport: true }))
+    @params = params
+    @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+    parse unless @fetched.nil?
+  end
+
+  def parse
+    @name = @fetched['name']
+    @parent = @fetched['parent']
+    @state = @fetched['state']
+  end
+
+  # Handles parsing RFC3339 time string
+  def parse_time_string(time_string)
+    time_string ? Time.parse(time_string) : nil
+  end
+
+  def exists?
+    !@fetched.nil?
+  end
+
+  def to_s
+    "Service #{@params[:name]}"
+  end
+
+  private
+
+  def product_url
+    'https://serviceusage.googleapis.com/v1/'
+  end
+
+  def resource_base_url
+    'projects/{{project}}/services/{{name}}'
+  end
+end

libraries/google_project_services.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+class ServiceUsageServices < GcpResourceBase
+  name 'google_project_services'
+  desc 'Service plural resource'
+  supports platform: 'gcp'
+
+  attr_reader :table
+
+  filter_table_config = FilterTable.create
+
+  filter_table_config.add(:names, field: :name)
+  filter_table_config.add(:parents, field: :parent)
+  filter_table_config.add(:states, field: :state)
+
+  filter_table_config.connect(self, :table)
+
+  def initialize(params = {})
+    super(params.merge({ use_http_transport: true }))
+    @params = params
+    @table = fetch_wrapped_resource('services')
+  end
+
+  def fetch_wrapped_resource(wrap_path)
+    # fetch_resource returns an array of responses (to handle pagination)
+    result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+    return if result.nil?
+
+    # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+    converted = []
+    result.each do |response|
+      next if response.nil? || !response.key?(wrap_path)
+      response[wrap_path].each do |hash|
+        hash_with_symbols = {}
+        hash.each_key do |key|
+          name, value = transform(key, hash)
+          hash_with_symbols[name] = value
+        end
+        converted.push(hash_with_symbols)
+      end
+    end
+
+    converted
+  end
+
+  def transform(key, value)
+    return transformers[key].call(value) if transformers.key?(key)
+
+    [key.to_sym, value]
+  end
+
+  def transformers
+    {
+      'name' => ->(obj) { return :name, obj['name'] },
+      'parent' => ->(obj) { return :parent, obj['parent'] },
+      'state' => ->(obj) { return :state, obj['state'] },
+    }
+  end
+
+  # Handles parsing RFC3339 time string
+  def parse_time_string(time_string)
+    time_string ? Time.parse(time_string) : nil
+  end
+
+  private
+
+  def product_url
+    'https://serviceusage.googleapis.com/v1/'
+  end
+
+  def resource_base_url
+    'projects/{{project}}/services'
+  end
+end

test/integration/build/gcp-mm.tf

@@ -197,6 +197,10 @@ variable "router_nat" {
   type = "map"
 }
 
+variable "service" {
+  type = "map"
+}
+
 resource "google_compute_ssl_policy" "custom-ssl-policy" {
   name            = "${var.ssl_policy["name"]}"
   min_tls_version = "${var.ssl_policy["min_tls_version"]}"
@@ -504,9 +508,9 @@ resource "google_compute_router" "gcp-inspec-router" {
 resource "google_compute_disk" "snapshot-disk" {
   project = "${var.gcp_project_id}"
   name  = var.snapshot["disk_name"]
-  type  = "${var.gcp_compute_disk_type}"
+  type  = var.snapshot["disk_type"]
   zone  = "${var.gcp_zone}"
-  image = "${var.gcp_compute_disk_image}"
+  image = var.snapshot["disk_image"]
   labels = {
     environment = "generic_compute_disk_label"
   }
@@ -857,3 +861,8 @@ resource "google_compute_router_nat" "inspec-nat" {
     filter = var.router_nat["log_config_filter"]
   }
 }
+
+resource "google_project_service" "project" {
+  project = var.gcp_project_id
+  service = var.service["name"]
+}

test/integration/configuration/mm-attributes.yml

@@ -149,6 +149,8 @@ router:
 snapshot:
   name: inspec-gcp-disk-snapshot
   disk_name: inspec-snapshot-disk
+  disk_type: pd-standard
+  disk_image: debian-cloud/debian-10-buster-v20191014
 
 https_proxy:
   name: inspec-gcp-https-proxy
@@ -323,4 +325,7 @@ router_nat:
   source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES
   min_ports_per_vm: 2
   log_config_enable: true
-  log_config_filter: ERRORS_ONLY
+  log_config_filter: ERRORS_ONLY
+
+service:
+  name: maps-android-backend.googleapis.com

test/integration/verify/controls/google_compute_disk.rb

@@ -16,9 +16,15 @@
 
 gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
 gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'The GCP project zone.')
-gcp_compute_disk_name = attribute(:gcp_compute_disk_name, default: 'gcp_compute_disk_name', description: 'GCP Compute disk name.')
-gcp_compute_disk_image = attribute(:gcp_compute_disk_image, default: 'gcp_compute_disk_image', description: 'GCP Compute image identifier.')
-gcp_compute_disk_type = attribute(:gcp_compute_disk_type, default: 'gcp_compute_disk_type', description: 'GCP Compute disk type.')
+snapshot = attribute('snapshot', default: {
+  "name": "inspec-gcp-disk-snapshot",
+  "disk_name": "inspec-snapshot-disk",
+  "disk_type": "pd-standard",
+  "disk_image": "debian-cloud/debian-10-buster-v20191014"
+}, description: 'Disk snapshot description')
+gcp_compute_disk_name = snapshot["disk_name"]
+gcp_compute_disk_image = snapshot["disk_image"]
+gcp_compute_disk_type = snapshot["disk_type"]
 control 'google_compute_disk-1.0' do
   impact 1.0
   title 'google_compute_disk resource test'

test/integration/verify/controls/google_compute_disks.rb

@@ -16,17 +16,23 @@
 
 gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
 gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'The GCP project zone.')
-gcp_compute_disk_name = attribute(:gcp_compute_disk_name, default: 'gcp_compute_disk_name', description: 'GCP Compute disk name.')
-gcp_compute_disk_image = attribute(:gcp_compute_disk_image, default: 'gcp_compute_disk_image', description: 'GCP Compute image identifier.')
-gcp_compute_disk_type = attribute(:gcp_compute_disk_type, default: 'gcp_compute_disk_type', description: 'GCP Compute disk type.')
+snapshot = attribute('snapshot', default: {
+  "name": "inspec-gcp-disk-snapshot",
+  "disk_name": "inspec-snapshot-disk",
+  "disk_type": "pd-standard",
+  "disk_image": "debian-cloud/debian-10-buster-v20191014"
+}, description: 'Disk snapshot description')
+gcp_compute_disk_name = snapshot["disk_name"]
+gcp_compute_disk_image = snapshot["disk_image"]
+gcp_compute_disk_type = snapshot["disk_type"]
 control 'google_compute_disks-1.0' do
   impact 1.0
   title 'google_compute_disks resource test'
 
   most_recent_image = google_compute_image(project: gcp_compute_disk_image.split('/').first, name: gcp_compute_disk_image.split('/').last)
   describe google_compute_disks(project: gcp_project_id, zone: gcp_zone) do
     it { should exist }
-    its('names') { should include gcp_compute_disk_name }
+    its('names') { should include snapshot['disk_name'] }
     its('source_images') { should include most_recent_image.self_link }
   end
 end

test/integration/verify/controls/google_compute_snapshot.rb

@@ -18,7 +18,9 @@
 gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'GCP zone name of the compute disk')
 snapshot = attribute('snapshot', default: {
   "name": "inspec-gcp-disk-snapshot",
-  "disk_name": "inspec-snapshot-disk"
+  "disk_name": "inspec-snapshot-disk",
+  "disk_type": "pd-standard",
+  "disk_image": "debian-cloud/debian-10-buster-v20191014"
 }, description: 'Compute disk snapshot description')
 control 'google_compute_snapshot-1.0' do
   impact 1.0

test/integration/verify/controls/google_compute_snapshots.rb

@@ -18,7 +18,9 @@
 gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'GCP zone name of the compute disk')
 snapshot = attribute('snapshot', default: {
   "name": "inspec-gcp-disk-snapshot",
-  "disk_name": "inspec-snapshot-disk"
+  "disk_name": "inspec-snapshot-disk",
+  "disk_type": "pd-standard",
+  "disk_image": "debian-cloud/debian-10-buster-v20191014"
 }, description: 'Compute disk snapshot description')
 control 'google_compute_snapshots-1.0' do
   impact 1.0