Inspec target pool

docs/resources/google_compute_target_pool.md

@@ -0,0 +1,44 @@
+---
+title: About the TargetPool resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_compute_target_pool` is used to test a Google TargetPool resource
+
+## Examples
+```
+describe google_compute_target_pool(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'inspec-gcp-target-pool') do
+  it { should exist }
+  its('session_affinity') { should eq 'CLIENT_IP' }
+  it { should has_target_instance('gcp_ext_vm_name', 'zone') }
+end
+
+describe google_compute_target_pool(project: 'chef-gcp-inspec', region: 'europe-west2', name: 'nonexistent') do
+  it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_target_pool` resource:
+
+  * `backup_pool`: This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool, and its failoverRatio field is properly set to a value between [0, 1].  backupPool and failoverRatio together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below failoverRatio, traffic arriving at the load-balanced IP will be directed to the backup pool.  In case where failoverRatio and backupPool are not set, or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the "force" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.
+
+  * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+  * `description`: An optional description of this resource.
+
+  * `failover_ratio`: This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool (i.e., not as a backup pool to some other target pool). The value of the field must be in [0, 1].  If set, backupPool must also be set. They together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below this number, traffic arriving at the load-balanced IP will be directed to the backup pool.  In case where failoverRatio is not set or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the "force" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.
+
+  * `health_check`: A reference to a HttpHealthCheck resource.  A member instance in this pool is considered healthy if and only if the health checks pass. If not specified it means all member instances will be considered healthy at all times.
+
+  * `id`: The unique identifier for the resource.
+
+  * `instances`: A list of virtual machine instances serving this pool.  They must live in zones contained in the same region as this pool.
+
+  * `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+  * `session_affinity`: Session affinity option. Must be one of these values:  - NONE: Connections from the same client IP may go to any instance in   the pool. - CLIENT_IP: Connections from the same client IP will go to the same   instance in the pool while that instance remains healthy. - CLIENT_IP_PROTO: Connections from the same client IP with the same   IP protocol will go to the same instance in the pool while that   instance remains healthy.
+
+  * `region`: The region where the target pool resides.

docs/resources/google_compute_target_pools.md

@@ -0,0 +1,35 @@
+---
+title: About the TargetPool resource
+platform: gcp
+---
+
+
+## Syntax
+A `google_compute_target_pools` is used to test a Google TargetPool resource
+
+## Examples
+```
+describe google_compute_target_pools(project: 'chef-gcp-inspec', region: 'europe-west2') do
+  its('names') { should include 'inspec-gcp-target-pool' }
+  its('session_affinities') { should include 'CLIENT_IP' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_target_pools` resource:
+
+See [google_compute_target_pool.md](google_compute_target_pool.md) for more detailed information
+  * `backup_pools`: an array of `google_compute_target_pool` backup_pool
+  * `creation_timestamps`: an array of `google_compute_target_pool` creation_timestamp
+  * `descriptions`: an array of `google_compute_target_pool` description
+  * `failover_ratios`: an array of `google_compute_target_pool` failover_ratio
+  * `health_checks`: an array of `google_compute_target_pool` health_check
+  * `ids`: an array of `google_compute_target_pool` id
+  * `instances`: an array of `google_compute_target_pool` instances
+  * `names`: an array of `google_compute_target_pool` name
+  * `session_affinities`: an array of `google_compute_target_pool` session_affinity
+  * `regions`: an array of `google_compute_target_pool` region
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.

libraries/google_compute_target_pool.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+
+# A provider to manage Google Compute Engine resources.
+class TargetPool < GcpResourceBase
+  name 'google_compute_target_pool'
+  desc 'TargetPool'
+  supports platform: 'gcp'
+
+  attr_reader :backup_pool
+  attr_reader :creation_timestamp
+  attr_reader :description
+  attr_reader :failover_ratio
+  attr_reader :health_check
+  attr_reader :id
+  attr_reader :instances
+  attr_reader :name
+  attr_reader :session_affinity
+  attr_reader :region
+  def base
+    'https://www.googleapis.com/compute/v1/'
+  end
+
+  def url
+    'projects/{{project}}/regions/{{region}}/targetPools/{{name}}'
+  end
+
+  def initialize(params)
+    super(params.merge({ use_http_transport: true }))
+    @fetched = @connection.fetch(base, url, params)
+    parse unless @fetched.nil?
+  end
+
+  def parse
+    @backup_pool = @fetched['backupPool']
+    @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+    @description = @fetched['description']
+    @failover_ratio = @fetched['failoverRatio']
+    @health_check = @fetched['healthCheck']
+    @id = @fetched['id']
+    @instances = @fetched['instances']
+    @name = @fetched['name']
+    @session_affinity = @fetched['sessionAffinity']
+    @region = @fetched['region']
+  end
+
+  # Handles parsing RFC3339 time string
+  def parse_time_string(time_string)
+    time_string ? Time.parse(time_string) : nil
+  end
+
+  def exists?
+    !@fetched.nil?
+  end
+
+  RSpec::Matchers.alias_matcher :has_target_instance, :be_has_target_instance
+
+  def has_target_instance?(name, zone)
+    instances.any? { |instance_self_link| instance_self_link.end_with?("zones/#{zone}/instances/#{name}") }
+  end
+end

libraries/google_compute_target_pools.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+class TargetPools < GcpResourceBase
+  name 'google_compute_target_pools'
+  desc 'TargetPool plural resource'
+  supports platform: 'gcp'
+
+  attr_reader :table
+
+  filter_table_config = FilterTable.create
+
+  filter_table_config.add(:backup_pools, field: :backup_pool)
+  filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+  filter_table_config.add(:descriptions, field: :description)
+  filter_table_config.add(:failover_ratios, field: :failover_ratio)
+  filter_table_config.add(:health_checks, field: :health_check)
+  filter_table_config.add(:ids, field: :id)
+  filter_table_config.add(:instances, field: :instances)
+  filter_table_config.add(:names, field: :name)
+  filter_table_config.add(:session_affinities, field: :session_affinity)
+  filter_table_config.add(:regions, field: :region)
+
+  filter_table_config.connect(self, :table)
+
+  def base
+    'https://www.googleapis.com/compute/v1/'
+  end
+
+  def url
+    'projects/{{project}}/regions/{{region}}/targetPools'
+  end
+
+  def initialize(params = {})
+    super(params.merge({ use_http_transport: true }))
+    @params = params
+    @table = fetch_wrapped_resource('items')
+  end
+
+  def fetch_wrapped_resource(wrap_path)
+    # fetch_resource returns an array of responses (to handle pagination)
+    result = @connection.fetch_all(base, url, @params)
+    return if result.nil?
+
+    # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+    converted = []
+    result.each do |response|
+      next if response.nil? || !response.key?(wrap_path)
+      response[wrap_path].each do |hash|
+        hash_with_symbols = {}
+        hash.each_key do |key|
+          name, value = transform(key, hash)
+          hash_with_symbols[name] = value
+        end
+        converted.push(hash_with_symbols)
+      end
+    end
+
+    converted
+  end
+
+  def transform(key, value)
+    return transformers[key].call(value) if transformers.key?(key)
+
+    [key.to_sym, value]
+  end
+
+  def transformers
+    {
+      'backupPool' => ->(obj) { return :backup_pool, obj['backupPool'] },
+      'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+      'description' => ->(obj) { return :description, obj['description'] },
+      'failoverRatio' => ->(obj) { return :failover_ratio, obj['failoverRatio'] },
+      'healthCheck' => ->(obj) { return :health_check, obj['healthCheck'] },
+      'id' => ->(obj) { return :id, obj['id'] },
+      'instances' => ->(obj) { return :instances, obj['instances'] },
+      'name' => ->(obj) { return :name, obj['name'] },
+      'sessionAffinity' => ->(obj) { return :session_affinity, obj['sessionAffinity'] },
+      'region' => ->(obj) { return :region, obj['region'] },
+    }
+  end
+
+  # Handles parsing RFC3339 time string
+  def parse_time_string(time_string)
+    time_string ? Time.parse(time_string) : nil
+  end
+end

test/integration/build/gcp-mm.tf

@@ -26,6 +26,10 @@ variable "autoscaler" {
   type = "map"
 }
 
+variable "target_pool" {
+  type = "map"
+}
+
 resource "google_compute_ssl_policy" "custom-ssl-policy" {
   name            = "${var.ssl_policy["name"]}"
   min_tls_version = "${var.ssl_policy["min_tls_version"]}"
@@ -96,4 +100,14 @@ resource "google_compute_autoscaler" "gcp-inspec-autoscaler" {
       target = "${var.autoscaler["cpu_utilization_target"]}"
     }
   }
+}
+
+resource "google_compute_target_pool" "gcp-inspec-target-pool" {
+  project = "${var.gcp_project_id}"
+  name = "${var.target_pool["name"]}"
+  session_affinity = "${var.target_pool["session_affinity"]}"
+
+  instances = [
+    "${var.gcp_zone}/${var.gcp_ext_vm_name}",
+  ]
 }

test/integration/configuration/mm-attributes.yml

@@ -36,4 +36,8 @@ autoscaler:
   max_replicas: 5
   min_replicas: 1
   cooldown_period: 60
-  cpu_utilization_target: 0.5
+  cpu_utilization_target: 0.5
+
+target_pool:
+  name: 'inspec-gcp-target-pool'
+  session_affinity: CLIENT_IP

test/integration/verify/controls/google_compute_target_pool.rb

@@ -0,0 +1,38 @@
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_compute_target_pool resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+gcp_ext_vm_name = attribute(:gcp_ext_vm_name, default: 'gcp_ext_vm_name', description: 'The name of a VM instance.')
+target_pool = attribute('target_pool', default: {
+  "name": "inspec-gcp-target-pool",
+  "session_affinity": "CLIENT_IP"
+}, description: 'Target pool definition')
+gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'The GCP zone.')
+control 'google_compute_target_pool-1.0' do
+  impact 1.0
+  title 'google_compute_target_pool resource test'
+
+  describe google_compute_target_pool(project: gcp_project_id, region: gcp_location, name: target_pool['name']) do
+    it { should exist }
+    its('session_affinity') { should eq target_pool['session_affinity'] }
+    it { should has_target_instance(gcp_ext_vm_name, gcp_zone) }
+  end
+
+  describe google_compute_target_pool(project: gcp_project_id, region: gcp_location, name: 'nonexistent') do
+    it { should_not exist }
+  end
+end

test/integration/verify/controls/google_compute_target_pools.rb

@@ -0,0 +1,33 @@
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+
+title 'Test GCP google_compute_target_pools resource.'
+
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.')
+gcp_ext_vm_name = attribute(:gcp_ext_vm_name, default: 'gcp_ext_vm_name', description: 'The name of a VM instance.')
+target_pool = attribute('target_pool', default: {
+  "name": "inspec-gcp-target-pool",
+  "session_affinity": "CLIENT_IP"
+}, description: 'Target pool definition')
+gcp_zone = attribute(:gcp_zone, default: 'gcp_zone', description: 'The GCP zone.')
+control 'google_compute_target_pools-1.0' do
+  impact 1.0
+  title 'google_compute_target_pools resource test'
+
+  describe google_compute_target_pools(project: gcp_project_id, region: gcp_location) do
+    its('names') { should include target_pool['name'] }
+    its('session_affinities') { should include target_pool['session_affinity'] }
+  end
+end