diff --git a/build/inspec/Gemfile b/build/inspec/Gemfile deleted file mode 100644 index 1af5bd5d6..000000000 --- a/build/inspec/Gemfile +++ /dev/null @@ -1,20 +0,0 @@ -# frozen_string_literal: true - -source 'https://rubygems.org' - -gem 'bundle' -gem 'faraday', '>= 0.16.2' -gem 'google-api-client' -gem 'googleauth' -gem 'google-cloud' -gem 'inifile' -gem 'inspec-bin', '4.16.0' -gem 'rubocop', '>= 0.77.0' - -group :development do - gem 'github_changelog_generator' - gem 'pry-coolline' - gem 'rake' - gem 'vcr' - gem 'webmock' -end diff --git a/build/inspec/build/inspec/test/integration/build/gcp-mm.tf b/build/inspec/build/inspec/test/integration/build/gcp-mm.tf deleted file mode 100644 index 9036ca451..000000000 --- a/build/inspec/build/inspec/test/integration/build/gcp-mm.tf +++ /dev/null @@ -1,1347 +0,0 @@ -variable "ssl_policy" { - type = any -} - -variable "topic" { - type = any -} - -variable "subscription" { - type = any -} - -variable "managed_zone" { - type = any -} - -variable "record_set" { - type = any -} - -variable "instance_group_manager" { - type = any -} - -variable "autoscaler" { - type = any -} - -variable "target_pool" { - type = any -} - -variable "trigger" { - type = any -} - -variable "health_check" { - type = any -} - -variable "backend_service" { - type = any -} - -variable "http_health_check" { - type = any -} - -variable "https_health_check" { - type = any -} - -variable "instance_template" { - type = any -} - -variable "global_address" { - type = any -} - -variable "url_map" { - type = any -} - -variable "http_proxy" { - type = any -} - -variable "global_forwarding_rule" { - type = any -} - -variable "target_tcp_proxy" { - type = any -} - -variable "route" { - type = any -} - -variable "router" { - type = any -} - -variable "snapshot" { - type = any -} - -variable "https_proxy" { - type = any -} - -variable "ssl_certificate" { - type = any -} - -variable "dataset" { - type = any -} - -variable "bigquery_table" { - type = any -} - -variable "repository" { - type = any -} - -variable "folder" { - type = any -} - -variable "gcp_organization_id" { - type = string - default = "none" -} - -variable "cloudfunction" { - type = any -} - -variable "backend_bucket" { - type = any -} - -variable "gcp_cloud_function_region" {} - -variable "regional_node_pool" { - type = any -} - -variable "region_backend_service_health_check" { - type = any -} - -variable "region_backend_service" { - type = any -} - -variable "org_sink" { - type = any -} - -variable "standardappversion" { - type = any -} - -variable "ml_model" { - type = any -} - -variable "dataproc_cluster" { - type = any -} - -variable "folder_exclusion" { - type = any -} - -variable "filestore_instance" { - type = any -} - -variable "folder_sink" { - type = any -} - -variable "runtimeconfig_config" { - type = any -} - -variable "runtimeconfig_variable" { - type = any -} - -variable "redis" { - type = any -} - -variable "network_endpoint_group" { - type = any -} - -variable "node_template" { - type = any -} - -variable "node_group" { - type = any -} - -variable "router_nat" { - type = any -} - -variable "service" { - type = any -} - -variable "spannerinstance" { - type = any -} - -variable "spannerdatabase" { - type = any -} - -variable "scheduler_job" { - type = any -} - - -resource "google_compute_ssl_policy" "custom-ssl-policy" { - name = var.ssl_policy["name"] - min_tls_version = var.ssl_policy["min_tls_version"] - profile = var.ssl_policy["profile"] - custom_features = [var.ssl_policy["custom_feature"], var.ssl_policy["custom_feature2"]] - project = var.gcp_project_id -} - -resource "google_pubsub_topic" "topic" { - project = var.gcp_project_id - name = var.topic["name"] -} - -resource "google_pubsub_subscription" "default" { - project = var.gcp_project_id - name = var.subscription["name"] - topic = google_pubsub_topic.topic.name - ack_deadline_seconds = var.subscription["ack_deadline_seconds"] -} - -resource "google_dns_managed_zone" "prod" { - name = var.managed_zone["name"] - dns_name = var.managed_zone["dns_name"] - description = var.managed_zone["description"] - - labels = { - key = var.managed_zone["label_value"] - } - project = var.gcp_project_id -} - -resource "google_dns_record_set" "a" { - name = var.record_set["name"] - managed_zone = google_dns_managed_zone.prod.name - type = var.record_set["type"] - ttl = var.record_set["ttl"] - - rrdatas = [var.record_set["rrdatas1"], var.record_set["rrdatas2"]] - project = var.gcp_project_id -} - -resource "google_compute_instance_group_manager" "gcp-inspec-igm" { - project = var.gcp_project_id - zone = var.gcp_zone - name = var.instance_group_manager["name"] - version { - instance_template = google_compute_instance_template.default.self_link - } - base_instance_name = var.instance_group_manager["base_instance_name"] - target_pools = [] - target_size = 0 - named_port { - name = var.instance_group_manager["named_port_name"] - port = var.instance_group_manager["named_port_port"] - } -} - -resource "google_compute_autoscaler" "gcp-inspec-autoscaler" { - project = var.gcp_project_id - name = var.autoscaler["name"] - zone = var.gcp_zone - target = google_compute_instance_group_manager.gcp-inspec-igm.self_link - - autoscaling_policy { - max_replicas = var.autoscaler["max_replicas"] - min_replicas = var.autoscaler["min_replicas"] - cooldown_period = var.autoscaler["cooldown_period"] - - cpu_utilization { - target = var.autoscaler["cpu_utilization_target"] - } - } -} - -resource "google_compute_target_pool" "gcp-inspec-target-pool" { - project = var.gcp_project_id - name = var.target_pool["name"] - session_affinity = var.target_pool["session_affinity"] - - instances = [ - "${var.gcp_zone}/${var.gcp_ext_vm_name}", - ] -} - -resource "google_cloudbuild_trigger" "gcp-inspec-cloudbuild-trigger" { - project = var.gcp_project_id - trigger_template { - branch_name = var.trigger["trigger_template_branch"] - project_id = var.trigger["trigger_template_project"] - repo_name = var.trigger["trigger_template_repo"] - } - filename = var.trigger["filename"] -} - -resource "google_compute_health_check" "gcp-inspec-health-check" { -project = var.gcp_project_id -name = var.health_check["name"] - -timeout_sec = var.health_check["timeout_sec"] -check_interval_sec = var.health_check["check_interval_sec"] - -tcp_health_check { - port = var.health_check["tcp_health_check_port"] -} -} - -resource "google_compute_backend_service" "gcp-inspec-backend-service" { - project = var.gcp_project_id - name = var.backend_service["name"] - description = var.backend_service["description"] - port_name = var.backend_service["port_name"] - protocol = var.backend_service["protocol"] - timeout_sec = var.backend_service["timeout_sec"] - enable_cdn = var.backend_service["enable_cdn"] - - backend { - group = google_compute_instance_group_manager.gcp-inspec-igm.instance_group - } - - health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] -} - -resource "google_compute_health_check" "gcp-inspec-region-backend-service-hc" { -project = var.gcp_project_id -name = var.region_backend_service_health_check["name"] - -timeout_sec = var.region_backend_service_health_check["timeout_sec"] -check_interval_sec = var.region_backend_service_health_check["check_interval_sec"] - -tcp_health_check { - port = var.region_backend_service_health_check["tcp_health_check_port"] -} -} - -resource "google_compute_region_backend_service" "gcp-inspec-region-backend-service" { - project = var.gcp_project_id - region = var.gcp_location - name = var.region_backend_service["name"] - description = var.region_backend_service["description"] - protocol = var.region_backend_service["protocol"] - timeout_sec = var.region_backend_service["timeout_sec"] - - health_checks = [google_compute_health_check.gcp-inspec-region-backend-service-hc.self_link] -} - -resource "google_compute_http_health_check" "gcp-inspec-http-health-check" { - project = var.gcp_project_id - name = var.http_health_check["name"] - request_path = var.http_health_check["request_path"] - - timeout_sec = var.http_health_check["timeout_sec"] - check_interval_sec = var.http_health_check["check_interval_sec"] -} - -resource "google_compute_https_health_check" "gcp-inspec-https-health-check" { - project = var.gcp_project_id - name = var.https_health_check["name"] - request_path = var.https_health_check["request_path"] - - timeout_sec = var.https_health_check["timeout_sec"] - check_interval_sec = var.https_health_check["check_interval_sec"] - unhealthy_threshold = var.https_health_check["unhealthy_threshold"] -} - -resource "google_compute_instance_template" "gcp-inspec-instance-template" { - project = var.gcp_project_id - name = var.instance_template["name"] - description = var.instance_template["description"] - - tags = [var.instance_template["tag"]] - - instance_description = var.instance_template["instance_description"] - machine_type = var.instance_template["machine_type"] - can_ip_forward = var.instance_template["can_ip_forward"] - - scheduling { - automatic_restart = var.instance_template["scheduling_automatic_restart"] - on_host_maintenance = var.instance_template["scheduling_on_host_maintenance"] - } - - // Create a new boot disk from an image - disk { - source_image = var.instance_template["disk_source_image"] - auto_delete = var.instance_template["disk_auto_delete"] - boot = var.instance_template["disk_boot"] - } - - network_interface { - network = var.instance_template["network_interface_network"] - } - - service_account { - scopes = [var.instance_template["service_account_scope"]] - } -} - -resource "google_compute_global_address" "gcp-inspec-global-address" { - project = var.gcp_project_id - name = var.global_address["name"] - ip_version = var.global_address["ip_version"] -} - -resource "google_compute_url_map" "gcp-inspec-url-map" { - project = var.gcp_project_id - name = var.url_map["name"] - description = var.url_map["description"] - - default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link - - host_rule { - hosts = [var.url_map["host_rule_host"]] - path_matcher = var.url_map["path_matcher_name"] - } - - path_matcher { - name = var.url_map["path_matcher_name"] - default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link - - path_rule { - paths = [var.url_map["path_rule_path"]] - service = google_compute_backend_service.gcp-inspec-backend-service.self_link - } - } - - test { - service = google_compute_backend_service.gcp-inspec-backend-service.self_link - host = var.url_map["test_host"] - path = var.url_map["test_path"] - } -} - -resource "google_compute_target_http_proxy" "gcp-inspec-http-proxy" { - project = var.gcp_project_id - name = var.http_proxy["name"] - url_map = google_compute_url_map.gcp-inspec-url-map.self_link - description = var.http_proxy["description"] -} - -resource "google_compute_global_forwarding_rule" "gcp-inspec-global-forwarding-rule" { - project = var.gcp_project_id - name = var.global_forwarding_rule["name"] - target = google_compute_target_http_proxy.gcp-inspec-http-proxy.self_link - port_range = var.global_forwarding_rule["port_range"] -} - -resource "google_compute_backend_service" "gcp-inspec-tcp-backend-service" { - project = var.gcp_project_id - name = var.target_tcp_proxy["tcp_backend_service_name"] - protocol = "TCP" - timeout_sec = 10 - - health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] -} - -resource "google_compute_target_tcp_proxy" "gcp-inspec-target-tcp-proxy" { - project = var.gcp_project_id - name = var.target_tcp_proxy["name"] - proxy_header = var.target_tcp_proxy["proxy_header"] - backend_service = google_compute_backend_service.gcp-inspec-tcp-backend-service.self_link -} - -resource "google_compute_route" "gcp-inspec-route" { - project = var.gcp_project_id - name = var.route["name"] - dest_range = var.route["dest_range"] - network = google_compute_network.inspec-gcp-network.name - next_hop_ip = var.route["next_hop_ip"] - priority = var.route["priority"] - # google_compute_route depends on next_hop_ip belonging to a subnetwork - # of the named network in this block. Since inspec-gcp-network does not - # automatically create subnetworks, we need to create a dependency so - # the route is not created before the subnetwork - depends_on = [google_compute_subnetwork.inspec-gcp-subnetwork] -} - -resource "google_compute_router" "gcp-inspec-router" { - project = var.gcp_project_id - name = var.router["name"] - network = google_compute_network.inspec-gcp-network.name - bgp { - asn = var.router["bgp_asn"] - advertise_mode = var.router["bgp_advertise_mode"] - advertised_groups = [var.router["bgp_advertised_group"]] - advertised_ip_ranges { - range = var.router["bgp_advertised_ip_range1"] - } - advertised_ip_ranges { - range = var.router["bgp_advertised_ip_range2"] - } - } -} - -resource "google_compute_disk" "snapshot-disk" { - project = var.gcp_project_id - name = var.snapshot["disk_name"] - type = var.snapshot["disk_type"] - zone = var.gcp_zone - image = var.snapshot["disk_image"] - labels = { - environment = "generic_compute_disk_label" - } -} - -resource "google_compute_snapshot" "gcp-inspec-snapshot" { - project = var.gcp_project_id - name = var.snapshot["name"] - source_disk = google_compute_disk.snapshot-disk.name - zone = var.gcp_zone -} - -resource "google_compute_ssl_certificate" "gcp-inspec-ssl-certificate" { - project = var.gcp_project_id - name = var.ssl_certificate["name"] - private_key = var.ssl_certificate["private_key"] - certificate = var.ssl_certificate["certificate"] - description = var.ssl_certificate["description"] -} - -resource "google_compute_target_https_proxy" "gcp-inspec-https-proxy" { - project = var.gcp_project_id - name = var.https_proxy["name"] - url_map = google_compute_url_map.gcp-inspec-url-map.self_link - description = var.https_proxy["description"] - ssl_certificates = [google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link] -} - -resource "google_bigquery_dataset" "gcp-inspec-dataset" { - project = var.gcp_project_id - dataset_id = var.dataset["dataset_id"] - friendly_name = var.dataset["friendly_name"] - description = var.dataset["description"] - location = var.dataset["location"] - default_table_expiration_ms = var.dataset["default_table_expiration_ms"] - - access { - role = var.dataset["access_writer_role"] - special_group = var.dataset["access_writer_special_group"] - } - - access { - role = "OWNER" - special_group = "projectOwners" - } -} - -resource "google_bigquery_table" "gcp-inspec-bigquery-table" { - project = var.gcp_project_id - dataset_id = google_bigquery_dataset.gcp-inspec-dataset.dataset_id - table_id = var.bigquery_table["table_id"] - - time_partitioning { - type = var.bigquery_table["time_partitioning_type"] - } - - description = var.bigquery_table["description"] - expiration_time = var.bigquery_table["expiration_time"] -} - -resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" { - project = var.gcp_project_id - name = var.repository["name"] -} - -resource "google_folder" "inspec-gcp-folder" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - display_name = var.folder["display_name"] - parent = "organizations/${var.gcp_organization_id}" -} - -resource "google_storage_bucket_object" "archive" { - name = "index.js.zip" - bucket = google_storage_bucket.generic-storage-bucket.name - source = "../configuration/index.js.zip" -} - -resource "google_cloudfunctions_function" "function" { - project = var.gcp_project_id - region = var.gcp_cloud_function_region - name = var.cloudfunction["name"] - description = var.cloudfunction["description"] - available_memory_mb = var.cloudfunction["available_memory_mb"] - source_archive_bucket = google_storage_bucket.generic-storage-bucket.name - source_archive_object = google_storage_bucket_object.archive.name - trigger_http = var.cloudfunction["trigger_http"] - timeout = var.cloudfunction["timeout"] - entry_point = var.cloudfunction["entry_point"] - runtime = "nodejs8" - - environment_variables = { - MY_ENV_VAR = var.cloudfunction["env_var_value"] - } -} - -resource "google_compute_backend_bucket" "image_backend" { - project = var.gcp_project_id - name = var.backend_bucket["name"] - description = var.backend_bucket["description"] - bucket_name = google_storage_bucket.generic-storage-bucket.name - enable_cdn = var.backend_bucket["enable_cdn"] -} - -resource "google_container_node_pool" "inspec-gcp-node-pool" { - project = var.gcp_project_id - name = var.regional_node_pool["name"] - location = google_container_cluster.primary.location - cluster = google_container_cluster.primary.name - node_count = var.regional_node_pool["node_count"] -} - -resource "google_logging_organization_sink" "my-sink" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - name = var.org_sink.name - org_id = var.gcp_organization_id - - # Can export to pubsub, cloud storage, or bigquery - destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" - - # Log all WARN or higher severity messages relating to instances - filter = var.org_sink.filter -} - -variable "project_sink" { - type = any -} - -resource "google_logging_project_sink" "project-logging-sink" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - project = var.gcp_project_id - - name = var.project_sink.name - destination = "storage.googleapis.com/${google_storage_bucket.project-logging-bucket[0].name}" - - filter = var.project_sink.filter - - unique_writer_identity = true -} - -resource "google_storage_bucket" "bucket" { - name = "inspec-gcp-static-${var.gcp_project_id}" - project = var.gcp_project_id - location = var.gcp_location - force_destroy = true - - labels = { - "key" = "value" - } - - retention_policy { - retention_period = 1000 - } -} - -resource "google_storage_bucket_object" "object" { - name = "hello-world.zip" - bucket = google_storage_bucket.bucket.name - source = "../configuration/hello-world.zip" -} - -resource "google_app_engine_standard_app_version" "default" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - project = var.gcp_project_id - version_id = var.standardappversion["version_id"] - service = var.standardappversion["service"] - runtime = var.standardappversion["runtime"] - noop_on_destroy = true - entrypoint { - shell = var.standardappversion["entrypoint"] - } - - deployment { - zip { - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" - } - } - - env_variables = { - port = var.standardappversion["port"] - } -} - -resource "google_ml_engine_model" "inspec-gcp-model" { - project = var.gcp_project_id - name = var.ml_model["name"] - description = var.ml_model["description"] - regions = [var.ml_model["region"]] - online_prediction_logging = var.ml_model["online_prediction_logging"] - online_prediction_console_logging = var.ml_model["online_prediction_console_logging"] -} - -resource "google_compute_firewall" "dataproc" { - project = var.gcp_project_id - name = "dataproc-firewall" - network = google_compute_network.dataproc.name - - source_ranges = ["10.128.0.0/9"] - allow { - protocol = "icmp" - } - - allow { - protocol = "tcp" - ports = ["0-65535"] - } - allow { - protocol = "udp" - ports = ["0-65535"] - } -} - -resource "google_compute_network" "dataproc" { - project = var.gcp_project_id - name = "dataproc-network" -} - -resource "google_dataproc_cluster" "mycluster" { - project = var.gcp_project_id - region = var.gcp_location - name = var.dataproc_cluster["name"] - - labels = { - "${var.dataproc_cluster["label_key"]}" = var.dataproc_cluster["label_value"] - } - - cluster_config { - master_config { - num_instances = var.dataproc_cluster["config"]["master_config"]["num_instances"] - machine_type = var.dataproc_cluster["config"]["master_config"]["machine_type"] - disk_config { - boot_disk_type = var.dataproc_cluster["config"]["master_config"]["boot_disk_type"] - boot_disk_size_gb = var.dataproc_cluster["config"]["master_config"]["boot_disk_size_gb"] - } - } - - worker_config { - num_instances = var.dataproc_cluster["config"]["worker_config"]["num_instances"] - machine_type = var.dataproc_cluster["config"]["worker_config"]["machine_type"] - disk_config { - boot_disk_size_gb = var.dataproc_cluster["config"]["worker_config"]["boot_disk_size_gb"] - num_local_ssds = var.dataproc_cluster["config"]["worker_config"]["num_local_ssds"] - } - } - - # Override or set some custom properties - software_config { - override_properties = { - "${var.dataproc_cluster["config"]["software_config"]["prop_key"]}" = var.dataproc_cluster["config"]["software_config"]["prop_value"] - } - } - - gce_cluster_config { - network = google_compute_network.dataproc.self_link - tags = [var.dataproc_cluster["config"]["gce_cluster_config"]["tag"]] - } - } -} - -resource "google_logging_folder_exclusion" "my-exclusion" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - name = var.folder_exclusion["name"] - folder = google_folder.inspec-gcp-folder.0.name - - description = var.folder_exclusion["description"] - - filter = var.folder_exclusion["filter"] -} - -variable "project_exclusion" { - type = any -} - -resource "google_logging_project_exclusion" "project-exclusion" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - name = var.project_exclusion["name"] - project = var.gcp_project_id - - description = var.project_exclusion["description"] - - filter = var.project_exclusion["filter"] -} - -resource "google_filestore_instance" "instance" { - project = var.gcp_project_id - name = var.filestore_instance["name"] - zone = var.filestore_instance["zone"] - tier = var.filestore_instance["tier"] - - file_shares { - capacity_gb = var.filestore_instance["fileshare_capacity_gb"] - name = var.filestore_instance["fileshare_name"] - } - - networks { - network = var.filestore_instance["network_name"] - modes = [var.filestore_instance["network_mode"]] - } -} - -resource "google_logging_folder_sink" "folder-sink" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - name = var.folder_sink.name - folder = google_folder.inspec-gcp-folder.0.name - - destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" - - filter = var.folder_sink.filter -} - -resource "google_runtimeconfig_config" "inspec-runtime-config" { - project = var.gcp_project_id - name = var.runtimeconfig_config["name"] - description = var.runtimeconfig_config["description"] -} - -resource "google_runtimeconfig_variable" "inspec-runtime-variable" { - project = var.gcp_project_id - parent = google_runtimeconfig_config.inspec-runtime-config.name - name = var.runtimeconfig_variable["name"] - text = var.runtimeconfig_variable["text"] -} - -resource "google_redis_instance" "inspec-redis" { - project = var.gcp_project_id - name = var.redis["name"] - tier = var.redis["tier"] - memory_size_gb = var.redis["memory_size_gb"] - - location_id = var.redis["location_id"] - alternative_location_id = var.redis["alternative_location_id"] - - redis_version = var.redis["redis_version"] - display_name = var.redis["display_name"] - reserved_ip_range = var.redis["reserved_ip_range"] - - labels = { - "${var.redis["label_key"]}" = var.redis["label_value"] - } -} - -resource "google_compute_network_endpoint_group" "inspec-endpoint-group" { - project = var.gcp_project_id - name = var.network_endpoint_group["name"] - network = google_compute_subnetwork.inspec-gcp-subnetwork.network - subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link - default_port = var.network_endpoint_group["default_port"] - zone = var.gcp_zone -} - -data "google_compute_node_types" "zone-node-type" { - project = var.gcp_project_id - zone = var.gcp_zone -} - -resource "google_compute_node_template" "inspec-template" { - project = var.gcp_project_id - region = var.gcp_location - - name = var.node_template["name"] - node_type = data.google_compute_node_types.zone-node-type.names[0] - - node_affinity_labels = { - "${var.node_template["label_key"]}" = var.node_template["label_value"] - } -} - -resource "google_compute_node_group" "inspec-node-group" { - project = var.gcp_project_id - name = var.node_group["name"] - zone = var.gcp_zone - description = var.node_group["description"] - - size = var.node_group["size"] - node_template = google_compute_node_template.inspec-template.self_link -} - -resource "google_compute_router_nat" "inspec-nat" { - project = var.gcp_project_id - name = var.router_nat["name"] - router = google_compute_router.gcp-inspec-router.name - region = google_compute_router.gcp-inspec-router.region - nat_ip_allocate_option = var.router_nat["nat_ip_allocate_option"] - source_subnetwork_ip_ranges_to_nat = var.router_nat["source_subnetwork_ip_ranges_to_nat"] - min_ports_per_vm = var.router_nat["min_ports_per_vm"] - - log_config { - enable = var.router_nat["log_config_enable"] - filter = var.router_nat["log_config_filter"] - } -} - -resource "google_project_service" "project" { - project = var.gcp_project_id - service = var.service["name"] -} - -resource "google_service_account" "spanner_service_account" { - project = var.gcp_project_id - account_id = "${var.gcp_service_account_display_name}-sp" - display_name = "${var.gcp_service_account_display_name}-sp" -} - -resource "google_service_account_key" "userkey" { - service_account_id = google_service_account.spanner_service_account.name - public_key_type = "TYPE_X509_PEM_FILE" -} - -resource "google_spanner_instance" "spanner_instance" { - project = var.gcp_project_id - config = var.spannerinstance["config"] - name = var.spannerinstance["name"] - display_name = var.spannerinstance["display_name"] - num_nodes = var.spannerinstance["num_nodes"] - labels = { - "${var.spannerinstance["label_key"]}" = var.spannerinstance["label_value"] - } -} - -resource "google_spanner_instance_iam_binding" "instance" { - project = var.gcp_project_id - instance = google_spanner_instance.spanner_instance.name - role = "roles/editor" - - members = [ - "serviceAccount:${google_service_account.spanner_service_account.email}", - ] -} - -resource "google_spanner_database" "database" { - project = var.gcp_project_id - instance = google_spanner_instance.spanner_instance.name - name = var.spannerdatabase["name"] - ddl = [var.spannerdatabase["ddl"]] -} - -resource "google_cloud_scheduler_job" "job" { - project = var.gcp_project_id - region = var.scheduler_job["region"] - name = var.scheduler_job["name"] - description = var.scheduler_job["description"] - schedule = var.scheduler_job["schedule"] - time_zone = var.scheduler_job["time_zone"] - - http_target { - http_method = var.scheduler_job["http_method"] - uri = var.scheduler_job["http_target_uri"] - } -} - -variable "service_perimeter" { - type = any -} - -resource "google_access_context_manager_service_perimeter" "service-perimeter" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" - name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/servicePerimeters/${var.service_perimeter["name"]}" - title = var.service_perimeter["title"] - status { - restricted_services = [var.service_perimeter["restricted_service"]] - } -} - -resource "google_access_context_manager_access_policy" "access-policy" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - parent = "organizations/${var.gcp_organization_id}" - title = var.service_perimeter["policy_title"] -} - -resource "google_access_context_manager_access_level" "access-level" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" - name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/accessLevels/os_lock" - title = "os_lock" - basic { - conditions { - device_policy { - require_screen_lock = true - } - regions = [ - "CH", - "IT", - "US", - ] - } - } -} - -variable "firewall" { - type = any -} - -resource "google_compute_firewall" "mm-firewall" { - project = var.gcp_project_id - name = var.firewall["name"] - enable_logging = true - network = google_compute_network.inspec-gcp-network.name - - allow { - protocol = "tcp" - ports = ["80", "8080", "1000-2000"] - } - - source_tags = [var.firewall["source_tag"]] -} - -variable "address" { - type = any -} - -resource "google_compute_address" "internal_with_subnet_and_address" { - project = var.gcp_project_id - name = var.address["name"] - subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link - address_type = var.address["address_type"] - address = var.address["address"] - region = var.gcp_location -} - -variable "instance_group" { - type = any -} - -resource "google_compute_instance_group" "inspec-instance-group" { - project = var.gcp_project_id - zone = var.gcp_zone - name = var.instance_group["name"] - description = var.instance_group["description"] - - named_port { - name = var.instance_group["named_port_name"] - port = var.instance_group["named_port_port"] - } -} - -variable "instance" { - type = any -} - -resource "google_compute_instance" "inspec-instance" { - project = var.gcp_project_id - zone = var.gcp_zone - name = var.instance["name"] - machine_type = var.instance["machine_type"] - - tags = [var.instance["tag_1"], var.instance["tag_2"]] - - boot_disk { - initialize_params { - image = "debian-cloud/debian-9" - } - } - - network_interface { - network = "default" - - access_config { - // Ephemeral IP - } - } - - metadata = { - "${var.instance["metadata_key"]}" = var.instance["metadata_value"] - } - - metadata_startup_script = var.instance["startup_script"] - - service_account { - scopes = [var.instance["sa_scope"]] - } -} - -variable "network" { - type = any -} - -resource "google_compute_network" "inspec-network" { - project = var.gcp_project_id - name = var.network["name"] - routing_mode = var.network["routing_mode"] -} - -variable "subnetwork" { - type = any -} - -resource "google_compute_subnetwork" "subnet-with-logging" { - project = var.gcp_project_id - region = var.gcp_location - name = var.subnetwork["name"] - ip_cidr_range = var.subnetwork["ip_cidr_range"] - network = google_compute_network.inspec-network.self_link - - log_config { - aggregation_interval = var.subnetwork["log_interval"] - flow_sampling = var.subnetwork["log_sampling"] - metadata = var.subnetwork["log_metadata"] - } -} - -variable "rigm" { - type = any -} - -variable "sql_connect" { - type = any -} - -resource "google_compute_region_instance_group_manager" "inspec-rigm" { - project = var.gcp_project_id - region = var.gcp_location - name = var.rigm["name"] - - base_instance_name = var.rigm["base_instance_name"] - - version { - instance_template = google_compute_instance_template.gcp-inspec-instance-template.self_link - } - - target_pools = [google_compute_target_pool.gcp-inspec-target-pool.self_link] - target_size = var.rigm["target_size"] - - named_port { - name = var.rigm["named_port_name"] - port = var.rigm["named_port_port"] - } - - auto_healing_policies { - health_check = google_compute_health_check.gcp-inspec-health-check.self_link - initial_delay_sec = var.rigm["healing_delay"] - } -} - -variable "vpn_tunnel" { - type = any -} - -resource "google_compute_vpn_tunnel" "tunnel1" { - project = var.gcp_project_id - name = var.vpn_tunnel["name"] - peer_ip = var.vpn_tunnel["peer_ip"] - shared_secret = var.vpn_tunnel["shared_secret"] - - remote_traffic_selector = ["0.0.0.0/0"] - local_traffic_selector = ["0.0.0.0/0"] - target_vpn_gateway = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link - - depends_on = [ - google_compute_forwarding_rule.inspec-gcp-fr-esp, - google_compute_forwarding_rule.inspec-gcp-fr-udp500, - google_compute_forwarding_rule.inspec-gcp-fr-udp4500, - ] -} - -variable "alert_policy" { - type = any -} - -resource "google_monitoring_alert_policy" "alert_policy" { - project = var.gcp_project_id - display_name = var.alert_policy["display_name"] - combiner = var.alert_policy["combiner"] - conditions { - display_name = var.alert_policy["condition_display_name"] - condition_threshold { - filter = var.alert_policy["condition_filter"] - duration = var.alert_policy["condition_duration"] - comparison = var.alert_policy["condition_comparison"] - aggregations { - alignment_period = "60s" - per_series_aligner = "ALIGN_RATE" - } - } - } -} - -variable "dns_managed_zone" { - type = any -} - -variable "gcp_dns_zone_name" {} - -resource "google_dns_managed_zone" "example-zone" { - project = var.gcp_project_id - name = var.dns_managed_zone["name"] - dns_name = "${var.gcp_dns_zone_name}" - description = var.dns_managed_zone["description"] - dnssec_config { - state = var.dns_managed_zone["dnssec_config_state"] - default_key_specs { - algorithm = "rsasha256" - key_type = "zoneSigning" - key_length = 2048 - } - default_key_specs { - algorithm = "rsasha512" - key_type = "keySigning" - key_length = 2048 - } - } -} - -variable "logging_metric" { - type = any -} - -resource "google_logging_metric" "logging_metric" { - project = var.gcp_project_id - name = var.logging_metric["name"] - filter = var.logging_metric["filter"] - metric_descriptor { - metric_kind = var.logging_metric["metric_kind"] - value_type = var.logging_metric["value_type"] - } -} - -variable "compute_image" { - type = any -} - -resource "google_compute_image" "example" { - project = var.gcp_project_id - name = var.compute_image["name"] - - raw_disk { - source = var.compute_image["source"] - } -} - -variable "gcp_organization_iam_custom_role_id" {} - -resource "google_organization_iam_custom_role" "generic_org_iam_custom_role" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - org_id = var.gcp_organization_id - role_id = var.gcp_organization_iam_custom_role_id - title = "GCP Inspec Generic Organization IAM Custom Role" - description = "Custom role allowing to list IAM roles only" - permissions = ["iam.roles.list"] -} - -variable "security_policy" { - type = any -} - -resource "google_compute_security_policy" "policy" { - project = var.gcp_project_id - name = var.security_policy["name"] - - rule { - action = var.security_policy["action"] - priority = var.security_policy["priority"] - match { - versioned_expr = "SRC_IPS_V1" - config { - src_ip_ranges = [var.security_policy["ip_range"]] - } - } - description = var.security_policy["description"] - } - - rule { - action = "allow" - priority = "2147483647" - match { - versioned_expr = "SRC_IPS_V1" - config { - src_ip_ranges = ["*"] - } - } - description = "default rule" - } -} - -variable "memcache_instance" { - type = any -} - -resource "google_compute_network" "memcache_network" { - provider = google-beta - project = var.gcp_project_id - name = "inspec-gcp-memcache" -} - -resource "google_compute_global_address" "service_range" { - provider = google-beta - project = var.gcp_project_id - name = "inspec-gcp-memcache" - purpose = "VPC_PEERING" - address_type = "INTERNAL" - prefix_length = 16 - network = google_compute_network.memcache_network.id -} - -resource "google_service_networking_connection" "private_service_connection" { - provider = google-beta - network = google_compute_network.memcache_network.id - service = "servicenetworking.googleapis.com" - reserved_peering_ranges = [google_compute_global_address.service_range.name] -} - -resource "google_memcache_instance" "instance" { - provider = google-beta - name = var.memcache_instance["name"] - project = var.gcp_project_id - region = var.gcp_location - authorized_network = google_service_networking_connection.private_service_connection.network - - node_config { - cpu_count = 1 - memory_size_mb = 1024 - } - node_count = 1 -} - -resource "google_compute_interconnect_attachment" "on_prem" { - name = "on-prem-attachment" - edge_availability_domain = "AVAILABILITY_DOMAIN_1" - type = "PARTNER" - router = google_compute_router.gcp-inspec-router.id - mtu = 1500 -} - -resource "google_sql_ssl_cert" "client_cert" { - common_name = var.sql_connect["common_name"] - instance = var.gcp_db_instance_name -} - -resource "google_data_loss_prevention_stored_info_type" "basic" { - parent = "projects/my-project-name" - description = "Description" - display_name = "Displayname" - - regex { - pattern = "patient" - group_indexes = [2] - } -} diff --git a/build/inspec/build/inspec/test/integration/configuration/hello-world.zip b/build/inspec/build/inspec/test/integration/configuration/hello-world.zip deleted file mode 100644 index 34c746dd3..000000000 Binary files a/build/inspec/build/inspec/test/integration/configuration/hello-world.zip and /dev/null differ diff --git a/build/inspec/build/inspec/test/integration/configuration/index.js.zip b/build/inspec/build/inspec/test/integration/configuration/index.js.zip deleted file mode 100644 index a9e89ba30..000000000 Binary files a/build/inspec/build/inspec/test/integration/configuration/index.js.zip and /dev/null differ diff --git a/build/inspec/build/inspec/test/integration/configuration/mm-attributes.yml b/build/inspec/build/inspec/test/integration/configuration/mm-attributes.yml deleted file mode 100644 index c37367af8..000000000 --- a/build/inspec/build/inspec/test/integration/configuration/mm-attributes.yml +++ /dev/null @@ -1,536 +0,0 @@ -ssl_policy: - name: 'inspec-gcp-ssl-policy' - min_tls_version: 'TLS_1_2' - profile: 'CUSTOM' - custom_feature: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' - custom_feature2: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' - -topic: - name: 'inspec-gcp-topic' - -subscription: - name: 'inspec-gcp-subscription' - ack_deadline_seconds: 20 - -managed_zone: - name: 'inspec-gcp-managed-zone' - dns_name: 'my.domain.com.' - description: 'A test DNS zone' - label_key: key - label_value: 'value' - -record_set: - name: 'backend.my.domain.com.' - type: 'A' - ttl: 300 - rrdatas1: '8.8.8.8' - rrdatas2: '8.8.4.4' - -instance_group_manager: - name: 'inspec-gcp-igm' - base_instance_name: 'igm' - named_port_name: 'port' - named_port_port: 80 - -autoscaler: - name: 'inspec-gcp-autoscaler' - max_replicas: 5 - min_replicas: 1 - cooldown_period: 60 - cpu_utilization_target: 0.5 - -target_pool: - name: 'inspec-gcp-target-pool' - session_affinity: CLIENT_IP - -trigger: - trigger_template_project: trigger-project - trigger_template_branch: trigger-branch - trigger_template_repo: trigger-repo - filename: cloudbuild.yaml - -health_check: - name: inspec-gcp-health-check - timeout_sec: 10 - check_interval_sec: 10 - tcp_health_check_port: 80 - -backend_service: - name: inspec-gcp-backend-service - description: A description - port_name: http - protocol: HTTP - timeout_sec: 10 - enable_cdn: true - -region_backend_service_health_check: - name: inspec-gcp-region-health-check - timeout_sec: 15 - check_interval_sec: 15 - tcp_health_check_port: 81 - -region_backend_service: - name: inspec-gcp-region-backend-service - description: A regional description - protocol: TCP - timeout_sec: 15 - -http_health_check: - name: inspec-gcp-http-health-check - request_path: /health_check - timeout_sec: 20 - check_interval_sec: 20 - -https_health_check: - name: inspec-gcp-https-health-check - request_path: /https_health_check - timeout_sec: 15 - check_interval_sec: 15 - unhealthy_threshold: 3 - -instance_template: - name: inspec-gcp-instance-template - description: A description of the instance template - instance_description: A description of the instance itself - machine_type: f1-micro - tag: foo - can_ip_forward: false - scheduling_automatic_restart: true - scheduling_on_host_maintenance: MIGRATE - disk_source_image: debian-cloud/debian-9 - disk_auto_delete: true - disk_boot: true - network_interface_network: default - service_account_scope: storage-ro - -global_address: - name: inspec-gcp-global-address - ip_version: IPV6 - -url_map: - name: inspec-gcp-url-map - description: URL map description - host_rule_host: site.com - path_matcher_name: allpaths - path_rule_path: /home - test_host: test.com - test_path: /home - -http_proxy: - name: inspec-gcp-http-proxy - description: A HTTP proxy - -global_forwarding_rule: - name: inspec-gcp-global-forwarding-rule - port_range: 80-80 - -target_tcp_proxy: - name: inspec-gcp-target-tcp-proxy - proxy_header: NONE - tcp_backend_service_name: gcp-inspec-tcp-backend-service - -route: - name: inspec-gcp-route - dest_range: 15.0.0.0/24 - next_hop_ip: 10.2.0.1 - priority: 100 - -router: - name: inspec-gcp-router - bgp_asn: 64514 - bgp_advertise_mode: CUSTOM - bgp_advertised_group: "ALL_SUBNETS" - bgp_advertised_ip_range1: "1.2.3.4" - bgp_advertised_ip_range2: "6.7.0.0/16" - -snapshot: - name: inspec-gcp-disk-snapshot - disk_name: inspec-snapshot-disk - disk_type: pd-standard - disk_image: debian-cloud/debian-10-buster-v20191014 - -https_proxy: - name: inspec-gcp-https-proxy - description: A HTTPS target proxy - -ssl_certificate: - name: inspec-gcp-ssl-certificate - description: A fake ssl certificate (DO NOT USE) - certificate: | - -----BEGIN CERTIFICATE----- - MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG - EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT - BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm - b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN - AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 - MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP - BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM - FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z - aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH - KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ - 4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O - BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn - 0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O - M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ - zqGNhIPGq2ULqXKK8BY= - -----END CERTIFICATE----- - private_key: | - -----BEGIN EC PRIVATE KEY----- - MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49 - AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f - OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ== - -----END EC PRIVATE KEY----- - -dataset: - dataset_id: inspec_gcp_dataset - friendly_name: A BigQuery dataset test - description: Test BigQuery dataset description - location: EU - default_table_expiration_ms: 3600000 - access_writer_role: WRITER - access_writer_special_group: projectWriters - -bigquery_table: - table_id: inspec_gcp_bigquery_table - description: A BigQuery table - expiration_time: 1738882264000 - time_partitioning_type: DAY - -repository: - name: inspec-gcp-repository - -folder: - display_name: inspec-gcp-folder - -cloudfunction: - name: inspec-gcp-function - description: A description of the function - available_memory_mb: 128 - trigger_http: true - timeout: 60 - entry_point: hello - env_var_value: val1 - -backend_bucket: - name: inspec-gcp-backend-bucket - description: Backend bucket example - enable_cdn: true - -regional_node_pool: - name: inspec-gcp-regional-node-pool - cluster_name: inspec-gcp-regional-node-pool-cluster - node_count: 1 - initial_node_count: 1 - -org_sink: - name: inspec-gcp-org-sink - filter: resource.type = gce_instance - -standardappversion: - version_id: v2 - service: default - runtime: nodejs10 - entrypoint: "node ./app.js" - port: "8080" - -ml_model: - name: ml_model - region: us-central1 - description: My awesome ML model - online_prediction_logging: true - online_prediction_console_logging: true - -dataproc_cluster: - name: inspec-dataproc-cluster - label_key: label - label_value: value - config: - master_config: - num_instances: 1 - machine_type: n1-standard-1 - boot_disk_type: pd-ssd - boot_disk_size_gb: 30 - worker_config: - num_instances: 2 - machine_type: n1-standard-1 - boot_disk_size_gb: 40 - num_local_ssds: 1 - preemptible_worker_config: - num_instances: 0 - software_config: - prop_key: "dataproc:dataproc.allow.zero.workers" - prop_value: "true" - gce_cluster_config: - tag: foo - -folder_exclusion: - name: inspec-folder-exclusion - description: My folder exclusion description - filter: "resource.type = gce_instance AND severity <= DEBUG" - -filestore_instance: - name: inspecgcp - zone: us-central1-b - tier: PREMIUM - fileshare_capacity_gb: 2660 - fileshare_name: inspecgcp - network_name: default - network_mode: MODE_IPV4 - -folder_sink: - name: inspec-gcp-folder-sink - filter: resource.type = gce_instance AND severity >= ERROR - -runtimeconfig_config: - name: inspec-gcp-runtime-config - description: My runtime configurations - -runtimeconfig_variable: - name: prod-variables/hostname - text: example.com - -redis: - name: my-redis-cache - tier: STANDARD_HA - memory_size_gb: 1 - region: us-central1 - location_id: us-central1-a - alternative_location_id: us-central1-f - redis_version: REDIS_3_2 - display_name: InSpec test instance - reserved_ip_range: "192.168.0.0/29" - label_key: key - label_value: value - -network_endpoint_group: - name: inspec-gcp-endpoint-group - default_port: 90 - -node_template: - name: inspec-node-template - label_key: key - label_value: value - -node_group: - name: inspec-node-group - description: A description of the node group - size: 0 - -router_nat: - name: inspec-router-nat - nat_ip_allocate_option: AUTO_ONLY - source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES - min_ports_per_vm: 2 - log_config_enable: true - log_config_filter: ERRORS_ONLY - -service: - name: maps-android-backend.googleapis.com - -spannerinstance: - config: regional-us-east1 - name: spinstance - display_name: inspectest - num_nodes: 1 - label_key: env - label_value: test - -spannerdatabase: - name: spdatabase - instance: spinstance - ddl: "CREATE TABLE test (test STRING(MAX),) PRIMARY KEY (test)" - -scheduler_job: - # region must match where the appengine instance is deployed - region: us-central1 - name: job-name - description: A description - schedule: "*/8 * * * *" - time_zone: America/New_York - http_method: POST - http_target_uri: https://example.com/ping - -service_perimeter: - name: restrict_all - title: restrict_all - restricted_service: storage.googleapis.com - policy_title: policytitle - -firewall: - name: inspec-gcp-firewall - source_tag: some-tag - -address: - name: inspec-gcp-global-address - address_type: INTERNAL - address: "10.2.0.3" - -instance_group: - name: inspec-instance-group - description: My instance group for testing - named_port_name: https - named_port_port: 8080 - -instance: - name: inspec-instance - machine_type: n1-standard-1 - tag_1: foo - tag_2: bar - metadata_key: '123' - metadata_value: asdf - sa_scope: https://www.googleapis.com/auth/compute.readonly - startup_script: "echo hi > /test.txt" - -network: - name: inspec-network - routing_mode: REGIONAL - -subnetwork: - name: inspec-subnet - ip_cidr_range: "10.2.0.0/16" - log_interval: INTERVAL_10_MIN - log_sampling: .5 - log_metadata: INCLUDE_ALL_METADATA - -rigm: - name: inspec-rigm - base_instance_name: rigm1 - target_size: 1 - named_port_name: https - named_port_port: 8888 - healing_delay: 300 - -vpn_tunnel: - name: inspec-vpn-tunnel - peer_ip: "15.0.0.120" - shared_secret: super secret - -project_sink: - name: inspec-gcp-org-sink - filter: resource.type = gce_instance AND severity = DEBUG - -project_exclusion: - name: inspec-project-exclusion - description: My project exclusion description - filter: resource.type = gce_instance AND severity <= DEBUG - -alert_policy: - display_name: Display - combiner: OR - condition_display_name: condition - condition_filter: "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"" - condition_duration: 60s - condition_comparison: COMPARISON_GT - -dns_managed_zone: - # managed zone dns_name must be randomly generated, so it happens in the other script - name: example-zone - description: example description - dnssec_config_state: 'on' - -logging_metric: - name: some/metric - filter: 'resource.type=gae_app AND severity>=ERROR' - metric_kind: DELTA - value_type: INT64 - -compute_image: - name: inspec-image - source: https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-97.98-google-kvm-ubuntu-xenial-go_agent-raw-1557960142.tar.gz - -security_policy: - name: sec-policy - action: deny(403) - priority: "1000" - ip_range: "9.9.9.0/24" - description: my description - -memcache_instance: - name: mem-instance - -accelerator_type: - name: accelerator_id - -global_operation: - name: operation-1635274037755-5cf45e8217d56-c081cd9a-c3ea7346 - operationType: "compute.externalVpnGateways.insert" - -interconnect_location: - name: akl-zone1-1353 - facility_provider_facility_id: 'Auckland - Albany' - facility_provider: Vocus - -image_family_views: - zone: us-central1-c - name: image-1 - source_type: RAW - status: READY - archive_size_bytes: 539099200 - disk_size_gb: 3 - family: test - -license_code: - name: akl-zone1-1353 - -region_instance_group: - name: instance-group-2 - region: us-central1 - size: 1 - named_port_name: 'port' - named_port_port: 80 - -region_operation: - name: operation-1641188435323-5d4a6f5b26934-9281422c-dce238f5 - region: us-central1 - operation_type: "compute.instanceGroupManagers.insert" - status: DONE - progress: 100 - -sql_database_flag: - name : audit_log - type : STRING - applies_to: MYSQL_5_6 - allowed_string_values: ON - requires_restart: true - -sql_connect: - region: us-central1 - database_version: POSTGRES_13 - backend_type: SECOND_GEN - cert_serial_number: 0 - common_name: "test_gcp_1" - sha1_fingerprint: "80c5c611c0a591db967c7dda3467e23127288fed" - instance: test-pg - -sql_operation: - name: e5c522f1-8391-4830-a8ff-ff1cc4a7b2a5 - status: DONE - operation_type: CREATE -public_delegated_prefix: - name: test - -region_health_check: - name: inspec-gcp-region-health-check - region: us-central1 - timeout_sec: 10 - check_interval_sec: 10 - tcp_health_check_port: 80 - -dlp: - name: "i-inspec-gcp-dlp" - location: "us-east-2" - type: "INSPECT_JOB" - state: "ACTIVE" - inspectDetails: - requestedOptions: - snapshotInspectTemplate: "" - jobConfig: - storageConfig: - hybridOptions: - description: "test" - tableOptions: "" - description: "Description" - display_name: "Displayname" - - - diff --git a/build/inspec/docs/resources/google_data_loss_prevention_stored_info_type.md b/build/inspec/docs/resources/google_data_loss_prevention_stored_info_type.md deleted file mode 100644 index 2b7237908..000000000 --- a/build/inspec/docs/resources/google_data_loss_prevention_stored_info_type.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: About the google_data_loss_prevention_stored_info_type resource -platform: gcp ---- - -## Syntax -A `google_data_loss_prevention_stored_info_type` is used to test a Google StoredInfoType resource - -## Examples -``` - -describe google_data_loss_prevention_stored_info_type(parent: "projects/#{'chef-gcp-inspec'}/locations/#{'us-east-2'}",name: '') do -it { should exist } -its('name') { should cmp 'i-inspec-gcp-dlp' } -end - -describe google_data_loss_prevention_stored_info_type(parent: "projects/#{'chef-gcp-inspec'}/locations/#{'us-east-2'}", name: 'nonexistent') do -it { should_not exist } -end -``` - -## Properties -Properties that can be accessed from the `google_data_loss_prevention_stored_info_type` resource: - - - * `name`: The resource name of the info type. Set by the server. - - * `description`: A description of the info type. - - * `display_name`: User set display name of the info type. - - * `regex`: Regular expression which defines the rule. - - * `pattern`: Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub. - - * `group_indexes`: The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included. - - * `dictionary`: Dictionary which defines the rule. - - * `word_list`: List of words or phrases to search for. - - * `words`: Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. - - * `cloud_storage_path`: Newline-delimited file of words in Cloud Storage. Only a single file is accepted. - - * `path`: A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` - - * `large_custom_dictionary`: Dictionary which defines the rule. - - * `output_path`: Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API. If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used. - - * `path`: A url representing a file or path (no wildcards) in Cloud Storage. Example: `gs://[BUCKET_NAME]/dictionary.txt` - - * `cloud_storage_file_set`: Set of files containing newline-delimited lists of dictionary phrases. - - * `url`: The url, in the format `gs:///`. Trailing wildcard in the path is allowed. - - * `big_query_field`: Field in a BigQuery table where each cell represents a dictionary phrase. - - * `table`: Field in a BigQuery table where each cell represents a dictionary phrase. - - * `project_id`: The Google Cloud Platform project ID of the project containing the table. - - * `dataset_id`: The dataset ID of the table. - - * `table_id`: The name of the table. - - * `field`: Designated field in the BigQuery table. - - * `name`: Name describing the field. - - * `parent`: The parent of the info type in any of the following formats: * `projects/{{project}}` * `projects/{{project}}/locations/{{location}}` * `organizations/{{organization_id}}` * `organizations/{{organization_id}}/locations/{{location}}` - - -## GCP Permissions diff --git a/build/inspec/docs/resources/google_data_loss_prevention_stored_info_types.md b/build/inspec/docs/resources/google_data_loss_prevention_stored_info_types.md deleted file mode 100644 index 1cfcc5094..000000000 --- a/build/inspec/docs/resources/google_data_loss_prevention_stored_info_types.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: About the google_data_loss_prevention_stored_info_types resource -platform: gcp ---- - -## Syntax -A `google_data_loss_prevention_stored_info_types` is used to test a Google StoredInfoType resource - -## Examples -``` - - -describe google_data_loss_prevention_stored_info_types(parent: "projects/#{'chef-gcp-inspec'}/locations/#{'us-east-2'}") do -it { should exist } -its('names') { should include 'i-inspec-gcp-dlp' } -end -``` - -## Properties -Properties that can be accessed from the `google_data_loss_prevention_stored_info_types` resource: - -See [google_data_loss_prevention_stored_info_type.md](google_data_loss_prevention_stored_info_type.md) for more detailed information - * `names`: an array of `google_data_loss_prevention_stored_info_type` name - * `descriptions`: an array of `google_data_loss_prevention_stored_info_type` description - * `display_names`: an array of `google_data_loss_prevention_stored_info_type` display_name - * `regexes`: an array of `google_data_loss_prevention_stored_info_type` regex - * `dictionaries`: an array of `google_data_loss_prevention_stored_info_type` dictionary - * `large_custom_dictionaries`: an array of `google_data_loss_prevention_stored_info_type` large_custom_dictionary - * `parents`: an array of `google_data_loss_prevention_stored_info_type` parent - -## Filter Criteria -This resource supports all of the above properties as filter criteria, which can be used -with `where` as a block or a method. - -## GCP Permissions diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_dictionary.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_dictionary.rb deleted file mode 100644 index 9dcb65ede..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_dictionary.rb +++ /dev/null @@ -1,39 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/datalossprevention/property/storedinfotype_dictionary_cloud_storage_path' -require 'google/datalossprevention/property/storedinfotype_dictionary_word_list' -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeDictionary - attr_reader :word_list - - attr_reader :cloud_storage_path - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @word_list = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeDictionaryWordList.new(args['wordList'], to_s) - @cloud_storage_path = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeDictionaryCloudStoragePath.new(args['cloudStoragePath'], to_s) - end - - def to_s - "#{@parent_identifier} StoredInfoTypeDictionary" - end - end - end - end -end diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_dictionary_cloud_storage_path.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_dictionary_cloud_storage_path.rb deleted file mode 100644 index 3c6ca4c19..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_dictionary_cloud_storage_path.rb +++ /dev/null @@ -1,34 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeDictionaryCloudStoragePath - attr_reader :path - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @path = args['path'] - end - - def to_s - "#{@parent_identifier} StoredInfoTypeDictionaryCloudStoragePath" - end - end - end - end -end diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_dictionary_word_list.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_dictionary_word_list.rb deleted file mode 100644 index b9fc370b4..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_dictionary_word_list.rb +++ /dev/null @@ -1,34 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeDictionaryWordList - attr_reader :words - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @words = args['words'] - end - - def to_s - "#{@parent_identifier} StoredInfoTypeDictionaryWordList" - end - end - end - end -end diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary.rb deleted file mode 100644 index 382a00ccb..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary.rb +++ /dev/null @@ -1,45 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_field' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_table' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_cloud_storage_file_set' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_output_path' -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeLargeCustomDictionary - attr_reader :output_path - - attr_reader :cloud_storage_file_set - - attr_reader :big_query_field - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @output_path = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeLargeCustomDictionaryOutputPath.new(args['outputPath'], to_s) - @cloud_storage_file_set = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeLargeCustomDictionaryCloudStorageFileSet.new(args['cloudStorageFileSet'], to_s) - @big_query_field = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeLargeCustomDictionaryBigQueryField.new(args['bigQueryField'], to_s) - end - - def to_s - "#{@parent_identifier} StoredInfoTypeLargeCustomDictionary" - end - end - end - end -end diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field.rb deleted file mode 100644 index 21f06fe2f..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field.rb +++ /dev/null @@ -1,39 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_field' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_table' -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeLargeCustomDictionaryBigQueryField - attr_reader :table - - attr_reader :field - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @table = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeLargeCustomDictionaryBigQueryFieldTable.new(args['table'], to_s) - @field = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeLargeCustomDictionaryBigQueryFieldField.new(args['field'], to_s) - end - - def to_s - "#{@parent_identifier} StoredInfoTypeLargeCustomDictionaryBigQueryField" - end - end - end - end -end diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_field.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_field.rb deleted file mode 100644 index 14028bfe2..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_field.rb +++ /dev/null @@ -1,34 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeLargeCustomDictionaryBigQueryFieldField - attr_reader :name - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @name = args['name'] - end - - def to_s - "#{@parent_identifier} StoredInfoTypeLargeCustomDictionaryBigQueryFieldField" - end - end - end - end -end diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_table.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_table.rb deleted file mode 100644 index 85cad9c08..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_table.rb +++ /dev/null @@ -1,40 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeLargeCustomDictionaryBigQueryFieldTable - attr_reader :project_id - - attr_reader :dataset_id - - attr_reader :table_id - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @project_id = args['projectId'] - @dataset_id = args['datasetId'] - @table_id = args['tableId'] - end - - def to_s - "#{@parent_identifier} StoredInfoTypeLargeCustomDictionaryBigQueryFieldTable" - end - end - end - end -end diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_cloud_storage_file_set.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_cloud_storage_file_set.rb deleted file mode 100644 index 99e6099d6..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_cloud_storage_file_set.rb +++ /dev/null @@ -1,34 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeLargeCustomDictionaryCloudStorageFileSet - attr_reader :url - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @url = args['url'] - end - - def to_s - "#{@parent_identifier} StoredInfoTypeLargeCustomDictionaryCloudStorageFileSet" - end - end - end - end -end diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_output_path.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_output_path.rb deleted file mode 100644 index 990736e25..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_large_custom_dictionary_output_path.rb +++ /dev/null @@ -1,34 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeLargeCustomDictionaryOutputPath - attr_reader :path - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @path = args['path'] - end - - def to_s - "#{@parent_identifier} StoredInfoTypeLargeCustomDictionaryOutputPath" - end - end - end - end -end diff --git a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_regex.rb b/build/inspec/libraries/google/datalossprevention/property/storedinfotype_regex.rb deleted file mode 100644 index 63e9eed71..000000000 --- a/build/inspec/libraries/google/datalossprevention/property/storedinfotype_regex.rb +++ /dev/null @@ -1,37 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -module GoogleInSpec - module DataLossPrevention - module Property - class StoredInfoTypeRegex - attr_reader :pattern - - attr_reader :group_indexes - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @pattern = args['pattern'] - @group_indexes = args['groupIndexes'] - end - - def to_s - "#{@parent_identifier} StoredInfoTypeRegex" - end - end - end - end -end diff --git a/build/inspec/libraries/google/iam/property/iam_binding_condition.rb b/build/inspec/libraries/google/iam/property/iam_binding_condition.rb deleted file mode 100644 index fcabcbe7a..000000000 --- a/build/inspec/libraries/google/iam/property/iam_binding_condition.rb +++ /dev/null @@ -1,40 +0,0 @@ -# frozen_string_literal: false - -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -module GoogleInSpec - module Iam - module Property - class IamBindingCondition - attr_reader :title - - attr_reader :description - - attr_reader :expression - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @title = args['title'] - @description = args['description'] - @expression = args['expression'] - end - - def to_s - "#{@parent_identifier} IamBindingCondition" - end - end - end - end -end diff --git a/build/inspec/libraries/google/iam/property/iam_policy_audit_configs.rb b/build/inspec/libraries/google/iam/property/iam_policy_audit_configs.rb deleted file mode 100644 index e960b9b1f..000000000 --- a/build/inspec/libraries/google/iam/property/iam_policy_audit_configs.rb +++ /dev/null @@ -1,46 +0,0 @@ -# frozen_string_literal: false - -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -require 'google/iam/property/iam_policy_audit_configs_audit_log_configs' -module GoogleInSpec - module Iam - module Property - class IamPolicyAuditConfigs - attr_reader :service - - attr_reader :audit_log_configs - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @service = args['service'] - @audit_log_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsAuditLogConfigsArray.parse(args['auditLogConfigs'], to_s) - end - - def to_s - "#{@parent_identifier} IamPolicyAuditConfigs" - end - end - - class IamPolicyAuditConfigsArray - def self.parse(value, parent_identifier) - return if value.nil? - return IamPolicyAuditConfigs.new(value, parent_identifier) unless value.is_a?(::Array) - value.map { |v| IamPolicyAuditConfigs.new(v, parent_identifier) } - end - end - end - end -end diff --git a/build/inspec/libraries/google/iam/property/iam_policy_audit_configs_audit_log_configs.rb b/build/inspec/libraries/google/iam/property/iam_policy_audit_configs_audit_log_configs.rb deleted file mode 100644 index 371e49b38..000000000 --- a/build/inspec/libraries/google/iam/property/iam_policy_audit_configs_audit_log_configs.rb +++ /dev/null @@ -1,45 +0,0 @@ -# frozen_string_literal: false - -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -module GoogleInSpec - module Iam - module Property - class IamPolicyAuditConfigsAuditLogConfigs - attr_reader :log_type - - attr_reader :exempted_members - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @log_type = args['logType'] - @exempted_members = args['exemptedMembers'] - end - - def to_s - "#{@parent_identifier} IamPolicyAuditConfigsAuditLogConfigs" - end - end - - class IamPolicyAuditConfigsAuditLogConfigsArray - def self.parse(value, parent_identifier) - return if value.nil? - return IamPolicyAuditConfigsAuditLogConfigs.new(value, parent_identifier) unless value.is_a?(::Array) - value.map { |v| IamPolicyAuditConfigsAuditLogConfigs.new(v, parent_identifier) } - end - end - end - end -end diff --git a/build/inspec/libraries/google/iam/property/iam_policy_bindings.rb b/build/inspec/libraries/google/iam/property/iam_policy_bindings.rb deleted file mode 100644 index 7277ae4cb..000000000 --- a/build/inspec/libraries/google/iam/property/iam_policy_bindings.rb +++ /dev/null @@ -1,49 +0,0 @@ -# frozen_string_literal: false - -# Copyright 2017 Google Inc. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -require 'google/iam/property/iam_binding_condition' -module GoogleInSpec - module Iam - module Property - class IamPolicyBindings - attr_reader :role - - attr_reader :members - - attr_reader :condition - - def initialize(args = nil, parent_identifier = nil) - return if args.nil? - @parent_identifier = parent_identifier - @role = args['role'] - @members = args['members'] - @condition = GoogleInSpec::Iam::Property::IamBindingCondition.new(args['condition'], to_s) - end - - def to_s - "#{@parent_identifier} IamPolicyBindings" - end - end - - class IamPolicyBindingsArray - def self.parse(value, parent_identifier) - return if value.nil? - return IamPolicyBindings.new(value, parent_identifier) unless value.is_a?(::Array) - value.map { |v| IamPolicyBindings.new(v, parent_identifier) } - end - end - end - end -end diff --git a/build/inspec/libraries/google_data_loss_prevention_stored_info_type.rb b/build/inspec/libraries/google_data_loss_prevention_stored_info_type.rb deleted file mode 100644 index e1b9e6f1a..000000000 --- a/build/inspec/libraries/google_data_loss_prevention_stored_info_type.rb +++ /dev/null @@ -1,77 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'gcp_backend' -require 'google/datalossprevention/property/storedinfotype_dictionary' -require 'google/datalossprevention/property/storedinfotype_dictionary_cloud_storage_path' -require 'google/datalossprevention/property/storedinfotype_dictionary_word_list' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_field' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_big_query_field_table' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_cloud_storage_file_set' -require 'google/datalossprevention/property/storedinfotype_large_custom_dictionary_output_path' -require 'google/datalossprevention/property/storedinfotype_regex' - -# A provider to manage Data loss prevention resources. -class DataLossPreventionStoredInfoType < GcpResourceBase - name 'google_data_loss_prevention_stored_info_type' - desc 'StoredInfoType' - supports platform: 'gcp' - - attr_reader :params - attr_reader :name - attr_reader :description - attr_reader :display_name - attr_reader :regex - attr_reader :dictionary - attr_reader :large_custom_dictionary - attr_reader :parent - - def initialize(params) - super(params.merge({ use_http_transport: true })) - @params = params - @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') - parse unless @fetched.nil? - end - - def parse - @name = @fetched['name'] - @description = @fetched['description'] - @display_name = @fetched['displayName'] - @regex = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeRegex.new(@fetched['regex'], to_s) - @dictionary = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeDictionary.new(@fetched['dictionary'], to_s) - @large_custom_dictionary = GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeLargeCustomDictionary.new(@fetched['largeCustomDictionary'], to_s) - @parent = @fetched['parent'] - end - - def exists? - !@fetched.nil? - end - - def to_s - "StoredInfoType #{@params[:name]}" - end - - private - - def product_url(_ = nil) - 'https://dlp.googleapis.com/v2/' - end - - def resource_base_url - '{{parent}}/storedInfoTypes/{{name}}' - end -end diff --git a/build/inspec/libraries/google_data_loss_prevention_stored_info_types.rb b/build/inspec/libraries/google_data_loss_prevention_stored_info_types.rb deleted file mode 100644 index fbd074ab1..000000000 --- a/build/inspec/libraries/google_data_loss_prevention_stored_info_types.rb +++ /dev/null @@ -1,91 +0,0 @@ -# frozen_string_literal: false - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- -require 'gcp_backend' -class DataLossPreventionStoredInfoTypes < GcpResourceBase - name 'google_data_loss_prevention_stored_info_types' - desc 'StoredInfoType plural resource' - supports platform: 'gcp' - - attr_reader :table - - filter_table_config = FilterTable.create - - filter_table_config.add(:names, field: :name) - filter_table_config.add(:descriptions, field: :description) - filter_table_config.add(:display_names, field: :display_name) - filter_table_config.add(:regexes, field: :regex) - filter_table_config.add(:dictionaries, field: :dictionary) - filter_table_config.add(:large_custom_dictionaries, field: :large_custom_dictionary) - filter_table_config.add(:parents, field: :parent) - - filter_table_config.connect(self, :table) - - def initialize(params = {}) - super(params.merge({ use_http_transport: true })) - @params = params - @table = fetch_wrapped_resource('storedInfoTypes') - end - - def fetch_wrapped_resource(wrap_path) - # fetch_resource returns an array of responses (to handle pagination) - result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') - return if result.nil? - - # Conversion of string -> object hash to symbol -> object hash that InSpec needs - converted = [] - result.each do |response| - next if response.nil? || !response.key?(wrap_path) - response[wrap_path].each do |hash| - hash_with_symbols = {} - hash.each_key do |key| - name, value = transform(key, hash) - hash_with_symbols[name] = value - end - converted.push(hash_with_symbols) - end - end - - converted - end - - def transform(key, value) - return transformers[key].call(value) if transformers.key?(key) - - [key.to_sym, value] - end - - def transformers - { - 'name' => ->(obj) { [:name, obj['name']] }, - 'description' => ->(obj) { [:description, obj['description']] }, - 'displayName' => ->(obj) { [:display_name, obj['displayName']] }, - 'regex' => ->(obj) { [:regex, GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeRegex.new(obj['regex'], to_s)] }, - 'dictionary' => ->(obj) { [:dictionary, GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeDictionary.new(obj['dictionary'], to_s)] }, - 'largeCustomDictionary' => ->(obj) { [:large_custom_dictionary, GoogleInSpec::DataLossPrevention::Property::StoredInfoTypeLargeCustomDictionary.new(obj['largeCustomDictionary'], to_s)] }, - 'parent' => ->(obj) { [:parent, obj['parent']] }, - } - end - - private - - def product_url(_ = nil) - 'https://dlp.googleapis.com/v2/' - end - - def resource_base_url - '{{parent}}/storedInfoTypes' - end -end diff --git a/build/inspec/test/integration/build/gcp-mm.tf b/build/inspec/test/integration/build/gcp-mm.tf deleted file mode 100644 index fa2bd84fc..000000000 --- a/build/inspec/test/integration/build/gcp-mm.tf +++ /dev/null @@ -1,1553 +0,0 @@ -variable "ssl_policy" { - type = any -} - -variable "topic" { - type = any -} - -variable "subscription" { - type = any -} - -variable "managed_zone" { - type = any -} - -variable "record_set" { - type = any -} - -variable "instance_group_manager" { - type = any -} - -variable "autoscaler" { - type = any -} - -variable "target_pool" { - type = any -} - -variable "trigger" { - type = any -} - -variable "health_check" { - type = any -} - -variable "backend_service" { - type = any -} - -variable "http_health_check" { - type = any -} - -variable "https_health_check" { - type = any -} - -variable "instance_template" { - type = any -} - -variable "global_address" { - type = any -} - -variable "url_map" { - type = any -} - -variable "http_proxy" { - type = any -} - -variable "global_forwarding_rule" { - type = any -} - -variable "target_tcp_proxy" { - type = any -} - -variable "route" { - type = any -} - -variable "router" { - type = any -} - -variable "snapshot" { - type = any -} - -variable "https_proxy" { - type = any -} - -variable "ssl_certificate" { - type = any -} - -variable "dataset" { - type = any -} - -variable "bigquery_table" { - type = any -} - -variable "repository" { - type = any -} - -variable "folder" { - type = any -} - -variable "gcp_organization_id" { - type = string - default = "none" -} - -variable "cloudfunction" { - type = any -} - -variable "backend_bucket" { - type = any -} - -variable "gcp_cloud_function_region" {} - -variable "regional_node_pool" { - type = any -} - -variable "region_backend_service_health_check" { - type = any -} - -variable "region_backend_service" { - type = any -} - -variable "org_sink" { - type = any -} - -variable "standardappversion" { - type = any -} - -variable "ml_model" { - type = any -} - -variable "dataproc_cluster" { - type = any -} - -variable "folder_exclusion" { - type = any -} - -variable "filestore_instance" { - type = any -} - -variable "folder_sink" { - type = any -} - -variable "runtimeconfig_config" { - type = any -} - -variable "runtimeconfig_variable" { - type = any -} - -variable "redis" { - type = any -} - -variable "network_endpoint_group" { - type = any -} - -variable "node_template" { - type = any -} - -variable "node_group" { - type = any -} - -variable "router_nat" { - type = any -} - -variable "service" { - type = any -} - -variable "spannerinstance" { - type = any -} - -variable "spannerdatabase" { - type = any -} - -variable "scheduler_job" { - type = any -} - - -resource "google_compute_ssl_policy" "custom-ssl-policy" { - name = var.ssl_policy["name"] - min_tls_version = var.ssl_policy["min_tls_version"] - profile = var.ssl_policy["profile"] - custom_features = [var.ssl_policy["custom_feature"], var.ssl_policy["custom_feature2"]] - project = var.gcp_project_id -} - -resource "google_pubsub_topic" "topic" { - project = var.gcp_project_id - name = var.topic["name"] -} - -resource "google_pubsub_subscription" "default" { - project = var.gcp_project_id - name = var.subscription["name"] - topic = google_pubsub_topic.topic.name - ack_deadline_seconds = var.subscription["ack_deadline_seconds"] -} - -resource "google_dns_managed_zone" "prod" { - name = var.managed_zone["name"] - dns_name = var.managed_zone["dns_name"] - description = var.managed_zone["description"] - - labels = { - key = var.managed_zone["label_value"] - } - project = var.gcp_project_id -} - -resource "google_dns_record_set" "a" { - name = var.record_set["name"] - managed_zone = google_dns_managed_zone.prod.name - type = var.record_set["type"] - ttl = var.record_set["ttl"] - - rrdatas = [var.record_set["rrdatas1"], var.record_set["rrdatas2"]] - project = var.gcp_project_id -} - -resource "google_compute_instance_group_manager" "gcp-inspec-igm" { - project = var.gcp_project_id - zone = var.gcp_zone - name = var.instance_group_manager["name"] - version { - instance_template = google_compute_instance_template.default.self_link - } - base_instance_name = var.instance_group_manager["base_instance_name"] - target_pools = [] - target_size = 0 - named_port { - name = var.instance_group_manager["named_port_name"] - port = var.instance_group_manager["named_port_port"] - } -} - -resource "google_compute_autoscaler" "gcp-inspec-autoscaler" { - project = var.gcp_project_id - name = var.autoscaler["name"] - zone = var.gcp_zone - target = google_compute_instance_group_manager.gcp-inspec-igm.self_link - - autoscaling_policy { - max_replicas = var.autoscaler["max_replicas"] - min_replicas = var.autoscaler["min_replicas"] - cooldown_period = var.autoscaler["cooldown_period"] - - cpu_utilization { - target = var.autoscaler["cpu_utilization_target"] - } - } -} - -resource "google_compute_target_pool" "gcp-inspec-target-pool" { - project = var.gcp_project_id - name = var.target_pool["name"] - session_affinity = var.target_pool["session_affinity"] - - instances = [ - "${var.gcp_zone}/${var.gcp_ext_vm_name}", - ] -} - -resource "google_cloudbuild_trigger" "gcp-inspec-cloudbuild-trigger" { - project = var.gcp_project_id - trigger_template { - branch_name = var.trigger["trigger_template_branch"] - project_id = var.trigger["trigger_template_project"] - repo_name = var.trigger["trigger_template_repo"] - } - filename = var.trigger["filename"] -} - -resource "google_compute_health_check" "gcp-inspec-health-check" { -project = var.gcp_project_id -name = var.health_check["name"] - -timeout_sec = var.health_check["timeout_sec"] -check_interval_sec = var.health_check["check_interval_sec"] - -tcp_health_check { - port = var.health_check["tcp_health_check_port"] -} -} - -resource "google_compute_backend_service" "gcp-inspec-backend-service" { - project = var.gcp_project_id - name = var.backend_service["name"] - description = var.backend_service["description"] - port_name = var.backend_service["port_name"] - protocol = var.backend_service["protocol"] - timeout_sec = var.backend_service["timeout_sec"] - enable_cdn = var.backend_service["enable_cdn"] - - backend { - group = google_compute_instance_group_manager.gcp-inspec-igm.instance_group - } - - health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] -} - -resource "google_compute_health_check" "gcp-inspec-region-backend-service-hc" { -project = var.gcp_project_id -name = var.region_backend_service_health_check["name"] - -timeout_sec = var.region_backend_service_health_check["timeout_sec"] -check_interval_sec = var.region_backend_service_health_check["check_interval_sec"] - -tcp_health_check { - port = var.region_backend_service_health_check["tcp_health_check_port"] -} -} - -resource "google_compute_region_backend_service" "gcp-inspec-region-backend-service" { - project = var.gcp_project_id - region = var.gcp_location - name = var.region_backend_service["name"] - description = var.region_backend_service["description"] - protocol = var.region_backend_service["protocol"] - timeout_sec = var.region_backend_service["timeout_sec"] - - health_checks = [google_compute_health_check.gcp-inspec-region-backend-service-hc.self_link] -} - -resource "google_compute_http_health_check" "gcp-inspec-http-health-check" { - project = var.gcp_project_id - name = var.http_health_check["name"] - request_path = var.http_health_check["request_path"] - - timeout_sec = var.http_health_check["timeout_sec"] - check_interval_sec = var.http_health_check["check_interval_sec"] -} - -resource "google_compute_https_health_check" "gcp-inspec-https-health-check" { - project = var.gcp_project_id - name = var.https_health_check["name"] - request_path = var.https_health_check["request_path"] - - timeout_sec = var.https_health_check["timeout_sec"] - check_interval_sec = var.https_health_check["check_interval_sec"] - unhealthy_threshold = var.https_health_check["unhealthy_threshold"] -} - -resource "google_compute_instance_template" "gcp-inspec-instance-template" { - project = var.gcp_project_id - name = var.instance_template["name"] - description = var.instance_template["description"] - - tags = [var.instance_template["tag"]] - - instance_description = var.instance_template["instance_description"] - machine_type = var.instance_template["machine_type"] - can_ip_forward = var.instance_template["can_ip_forward"] - - scheduling { - automatic_restart = var.instance_template["scheduling_automatic_restart"] - on_host_maintenance = var.instance_template["scheduling_on_host_maintenance"] - } - - // Create a new boot disk from an image - disk { - source_image = var.instance_template["disk_source_image"] - auto_delete = var.instance_template["disk_auto_delete"] - boot = var.instance_template["disk_boot"] - } - - network_interface { - network = var.instance_template["network_interface_network"] - } - - service_account { - scopes = [var.instance_template["service_account_scope"]] - } -} - -resource "google_compute_global_address" "gcp-inspec-global-address" { - project = var.gcp_project_id - name = var.global_address["name"] - ip_version = var.global_address["ip_version"] -} - -resource "google_compute_url_map" "gcp-inspec-url-map" { - project = var.gcp_project_id - name = var.url_map["name"] - description = var.url_map["description"] - - default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link - - host_rule { - hosts = [var.url_map["host_rule_host"]] - path_matcher = var.url_map["path_matcher_name"] - } - - path_matcher { - name = var.url_map["path_matcher_name"] - default_service = google_compute_backend_service.gcp-inspec-backend-service.self_link - - path_rule { - paths = [var.url_map["path_rule_path"]] - service = google_compute_backend_service.gcp-inspec-backend-service.self_link - } - } - - test { - service = google_compute_backend_service.gcp-inspec-backend-service.self_link - host = var.url_map["test_host"] - path = var.url_map["test_path"] - } -} - -resource "google_compute_target_http_proxy" "gcp-inspec-http-proxy" { - project = var.gcp_project_id - name = var.http_proxy["name"] - url_map = google_compute_url_map.gcp-inspec-url-map.self_link - description = var.http_proxy["description"] -} - -resource "google_compute_global_forwarding_rule" "gcp-inspec-global-forwarding-rule" { - project = var.gcp_project_id - name = var.global_forwarding_rule["name"] - target = google_compute_target_http_proxy.gcp-inspec-http-proxy.self_link - port_range = var.global_forwarding_rule["port_range"] -} - -resource "google_compute_backend_service" "gcp-inspec-tcp-backend-service" { - project = var.gcp_project_id - name = var.target_tcp_proxy["tcp_backend_service_name"] - protocol = "TCP" - timeout_sec = 10 - - health_checks = [google_compute_health_check.gcp-inspec-health-check.self_link] -} - -resource "google_compute_target_tcp_proxy" "gcp-inspec-target-tcp-proxy" { - project = var.gcp_project_id - name = var.target_tcp_proxy["name"] - proxy_header = var.target_tcp_proxy["proxy_header"] - backend_service = google_compute_backend_service.gcp-inspec-tcp-backend-service.self_link -} - -resource "google_compute_route" "gcp-inspec-route" { - project = var.gcp_project_id - name = var.route["name"] - dest_range = var.route["dest_range"] - network = google_compute_network.inspec-gcp-network.name - next_hop_ip = var.route["next_hop_ip"] - priority = var.route["priority"] - # google_compute_route depends on next_hop_ip belonging to a subnetwork - # of the named network in this block. Since inspec-gcp-network does not - # automatically create subnetworks, we need to create a dependency so - # the route is not created before the subnetwork - depends_on = [google_compute_subnetwork.inspec-gcp-subnetwork] -} - -resource "google_compute_router" "gcp-inspec-router" { - project = var.gcp_project_id - name = var.router["name"] - network = google_compute_network.inspec-gcp-network.name - bgp { - asn = var.router["bgp_asn"] - advertise_mode = var.router["bgp_advertise_mode"] - advertised_groups = [var.router["bgp_advertised_group"]] - advertised_ip_ranges { - range = var.router["bgp_advertised_ip_range1"] - } - advertised_ip_ranges { - range = var.router["bgp_advertised_ip_range2"] - } - } -} - -resource "google_compute_disk" "snapshot-disk" { - project = var.gcp_project_id - name = var.snapshot["disk_name"] - type = var.snapshot["disk_type"] - zone = var.gcp_zone - image = var.snapshot["disk_image"] - labels = { - environment = "generic_compute_disk_label" - } -} - -resource "google_compute_snapshot" "gcp-inspec-snapshot" { - project = var.gcp_project_id - name = var.snapshot["name"] - source_disk = google_compute_disk.snapshot-disk.name - zone = var.gcp_zone -} - -resource "google_compute_ssl_certificate" "gcp-inspec-ssl-certificate" { - project = var.gcp_project_id - name = var.ssl_certificate["name"] - private_key = var.ssl_certificate["private_key"] - certificate = var.ssl_certificate["certificate"] - description = var.ssl_certificate["description"] -} - -resource "google_compute_target_https_proxy" "gcp-inspec-https-proxy" { - project = var.gcp_project_id - name = var.https_proxy["name"] - url_map = google_compute_url_map.gcp-inspec-url-map.self_link - description = var.https_proxy["description"] - ssl_certificates = [google_compute_ssl_certificate.gcp-inspec-ssl-certificate.self_link] -} - -resource "google_bigquery_dataset" "gcp-inspec-dataset" { - project = var.gcp_project_id - dataset_id = var.dataset["dataset_id"] - friendly_name = var.dataset["friendly_name"] - description = var.dataset["description"] - location = var.dataset["location"] - default_table_expiration_ms = var.dataset["default_table_expiration_ms"] - - access { - role = var.dataset["access_writer_role"] - special_group = var.dataset["access_writer_special_group"] - } - - access { - role = "OWNER" - special_group = "projectOwners" - } -} - -resource "google_bigquery_table" "gcp-inspec-bigquery-table" { - project = var.gcp_project_id - dataset_id = google_bigquery_dataset.gcp-inspec-dataset.dataset_id - table_id = var.bigquery_table["table_id"] - - time_partitioning { - type = var.bigquery_table["time_partitioning_type"] - } - - description = var.bigquery_table["description"] - expiration_time = var.bigquery_table["expiration_time"] -} - -resource "google_sourcerepo_repository" "gcp-inspec-sourcerepo-repository" { - project = var.gcp_project_id - name = var.repository["name"] -} - -resource "google_folder" "inspec-gcp-folder" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - display_name = var.folder["display_name"] - parent = "organizations/${var.gcp_organization_id}" -} - -resource "google_storage_bucket_object" "archive" { - name = "index.js.zip" - bucket = google_storage_bucket.generic-storage-bucket.name - source = "../configuration/index.js.zip" -} - -resource "google_cloudfunctions_function" "function" { - project = var.gcp_project_id - region = var.gcp_cloud_function_region - name = var.cloudfunction["name"] - description = var.cloudfunction["description"] - available_memory_mb = var.cloudfunction["available_memory_mb"] - source_archive_bucket = google_storage_bucket.generic-storage-bucket.name - source_archive_object = google_storage_bucket_object.archive.name - trigger_http = var.cloudfunction["trigger_http"] - timeout = var.cloudfunction["timeout"] - entry_point = var.cloudfunction["entry_point"] - runtime = "nodejs8" - - environment_variables = { - MY_ENV_VAR = var.cloudfunction["env_var_value"] - } -} - -resource "google_compute_backend_bucket" "image_backend" { - project = var.gcp_project_id - name = var.backend_bucket["name"] - description = var.backend_bucket["description"] - bucket_name = google_storage_bucket.generic-storage-bucket.name - enable_cdn = var.backend_bucket["enable_cdn"] -} - -resource "google_container_node_pool" "inspec-gcp-node-pool" { - project = var.gcp_project_id - name = var.regional_node_pool["name"] - location = google_container_cluster.primary.location - cluster = google_container_cluster.primary.name - node_count = var.regional_node_pool["node_count"] -} - -resource "google_logging_organization_sink" "my-sink" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - name = var.org_sink.name - org_id = var.gcp_organization_id - - # Can export to pubsub, cloud storage, or bigquery - destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" - - # Log all WARN or higher severity messages relating to instances - filter = var.org_sink.filter -} - -variable "project_sink" { - type = any -} - -resource "google_logging_project_sink" "project-logging-sink" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - project = var.gcp_project_id - - name = var.project_sink.name - destination = "storage.googleapis.com/${google_storage_bucket.project-logging-bucket[0].name}" - - filter = var.project_sink.filter - - unique_writer_identity = true -} - -resource "google_storage_bucket" "bucket" { - name = "inspec-gcp-static-${var.gcp_project_id}" - project = var.gcp_project_id - location = var.gcp_location - force_destroy = true - - labels = { - "key" = "value" - } - - retention_policy { - retention_period = 1000 - } -} - -resource "google_storage_bucket_object" "object" { - name = "hello-world.zip" - bucket = google_storage_bucket.bucket.name - source = "../configuration/hello-world.zip" -} - -resource "google_app_engine_standard_app_version" "default" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - project = var.gcp_project_id - version_id = var.standardappversion["version_id"] - service = var.standardappversion["service"] - runtime = var.standardappversion["runtime"] - noop_on_destroy = true - entrypoint { - shell = var.standardappversion["entrypoint"] - } - - deployment { - zip { - source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/hello-world.zip" - } - } - - env_variables = { - port = var.standardappversion["port"] - } -} - -resource "google_ml_engine_model" "inspec-gcp-model" { - project = var.gcp_project_id - name = var.ml_model["name"] - description = var.ml_model["description"] - regions = [var.ml_model["region"]] - online_prediction_logging = var.ml_model["online_prediction_logging"] - online_prediction_console_logging = var.ml_model["online_prediction_console_logging"] -} - -resource "google_compute_firewall" "dataproc" { - project = var.gcp_project_id - name = "dataproc-firewall" - network = google_compute_network.dataproc.name - - source_ranges = ["10.128.0.0/9"] - allow { - protocol = "icmp" - } - - allow { - protocol = "tcp" - ports = ["0-65535"] - } - allow { - protocol = "udp" - ports = ["0-65535"] - } -} - -resource "google_compute_network" "dataproc" { - project = var.gcp_project_id - name = "dataproc-network" -} - -resource "google_dataproc_cluster" "mycluster" { - project = var.gcp_project_id - region = var.gcp_location - name = var.dataproc_cluster["name"] - - labels = { - "${var.dataproc_cluster["label_key"]}" = var.dataproc_cluster["label_value"] - } - - cluster_config { - master_config { - num_instances = var.dataproc_cluster["config"]["master_config"]["num_instances"] - machine_type = var.dataproc_cluster["config"]["master_config"]["machine_type"] - disk_config { - boot_disk_type = var.dataproc_cluster["config"]["master_config"]["boot_disk_type"] - boot_disk_size_gb = var.dataproc_cluster["config"]["master_config"]["boot_disk_size_gb"] - } - } - - worker_config { - num_instances = var.dataproc_cluster["config"]["worker_config"]["num_instances"] - machine_type = var.dataproc_cluster["config"]["worker_config"]["machine_type"] - disk_config { - boot_disk_size_gb = var.dataproc_cluster["config"]["worker_config"]["boot_disk_size_gb"] - num_local_ssds = var.dataproc_cluster["config"]["worker_config"]["num_local_ssds"] - } - } - - # Override or set some custom properties - software_config { - override_properties = { - "${var.dataproc_cluster["config"]["software_config"]["prop_key"]}" = var.dataproc_cluster["config"]["software_config"]["prop_value"] - } - } - - gce_cluster_config { - network = google_compute_network.dataproc.self_link - tags = [var.dataproc_cluster["config"]["gce_cluster_config"]["tag"]] - } - } -} - -resource "google_logging_folder_exclusion" "my-exclusion" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - name = var.folder_exclusion["name"] - folder = google_folder.inspec-gcp-folder.0.name - - description = var.folder_exclusion["description"] - - filter = var.folder_exclusion["filter"] -} - -variable "project_exclusion" { - type = any -} - -resource "google_logging_project_exclusion" "project-exclusion" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - name = var.project_exclusion["name"] - project = var.gcp_project_id - - description = var.project_exclusion["description"] - - filter = var.project_exclusion["filter"] -} - -resource "google_filestore_instance" "instance" { - project = var.gcp_project_id - name = var.filestore_instance["name"] - zone = var.filestore_instance["zone"] - tier = var.filestore_instance["tier"] - - file_shares { - capacity_gb = var.filestore_instance["fileshare_capacity_gb"] - name = var.filestore_instance["fileshare_name"] - } - - networks { - network = var.filestore_instance["network_name"] - modes = [var.filestore_instance["network_mode"]] - } -} - -resource "google_logging_folder_sink" "folder-sink" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - name = var.folder_sink.name - folder = google_folder.inspec-gcp-folder.0.name - - destination = "storage.googleapis.com/${google_storage_bucket.generic-storage-bucket.name}" - - filter = var.folder_sink.filter -} - -resource "google_runtimeconfig_config" "inspec-runtime-config" { - project = var.gcp_project_id - name = var.runtimeconfig_config["name"] - description = var.runtimeconfig_config["description"] -} - -resource "google_runtimeconfig_variable" "inspec-runtime-variable" { - project = var.gcp_project_id - parent = google_runtimeconfig_config.inspec-runtime-config.name - name = var.runtimeconfig_variable["name"] - text = var.runtimeconfig_variable["text"] -} - -resource "google_redis_instance" "inspec-redis" { - project = var.gcp_project_id - name = var.redis["name"] - tier = var.redis["tier"] - memory_size_gb = var.redis["memory_size_gb"] - - location_id = var.redis["location_id"] - alternative_location_id = var.redis["alternative_location_id"] - - redis_version = var.redis["redis_version"] - display_name = var.redis["display_name"] - reserved_ip_range = var.redis["reserved_ip_range"] - - labels = { - "${var.redis["label_key"]}" = var.redis["label_value"] - } -} - -resource "google_compute_network_endpoint_group" "inspec-endpoint-group" { - project = var.gcp_project_id - name = var.network_endpoint_group["name"] - network = google_compute_subnetwork.inspec-gcp-subnetwork.network - subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link - default_port = var.network_endpoint_group["default_port"] - zone = var.gcp_zone -} - -data "google_compute_node_types" "zone-node-type" { - project = var.gcp_project_id - zone = var.gcp_zone -} - -resource "google_compute_node_template" "inspec-template" { - project = var.gcp_project_id - region = var.gcp_location - - name = var.node_template["name"] - node_type = data.google_compute_node_types.zone-node-type.names[0] - - node_affinity_labels = { - "${var.node_template["label_key"]}" = var.node_template["label_value"] - } -} - -resource "google_compute_node_group" "inspec-node-group" { - project = var.gcp_project_id - name = var.node_group["name"] - zone = var.gcp_zone - description = var.node_group["description"] - - size = var.node_group["size"] - node_template = google_compute_node_template.inspec-template.self_link -} - -resource "google_compute_router_nat" "inspec-nat" { - project = var.gcp_project_id - name = var.router_nat["name"] - router = google_compute_router.gcp-inspec-router.name - region = google_compute_router.gcp-inspec-router.region - nat_ip_allocate_option = var.router_nat["nat_ip_allocate_option"] - source_subnetwork_ip_ranges_to_nat = var.router_nat["source_subnetwork_ip_ranges_to_nat"] - min_ports_per_vm = var.router_nat["min_ports_per_vm"] - - log_config { - enable = var.router_nat["log_config_enable"] - filter = var.router_nat["log_config_filter"] - } -} - -resource "google_project_service" "project" { - project = var.gcp_project_id - service = var.service["name"] -} - -resource "google_service_account" "spanner_service_account" { - project = var.gcp_project_id - account_id = "${var.gcp_service_account_display_name}-sp" - display_name = "${var.gcp_service_account_display_name}-sp" -} - -resource "google_service_account_key" "userkey" { - service_account_id = google_service_account.spanner_service_account.name - public_key_type = "TYPE_X509_PEM_FILE" -} - -resource "google_spanner_instance" "spanner_instance" { - project = var.gcp_project_id - config = var.spannerinstance["config"] - name = var.spannerinstance["name"] - display_name = var.spannerinstance["display_name"] - num_nodes = var.spannerinstance["num_nodes"] - labels = { - "${var.spannerinstance["label_key"]}" = var.spannerinstance["label_value"] - } -} - -resource "google_spanner_instance_iam_binding" "instance" { - project = var.gcp_project_id - instance = google_spanner_instance.spanner_instance.name - role = "roles/editor" - - members = [ - "serviceAccount:${google_service_account.spanner_service_account.email}", - ] -} - -resource "google_spanner_database" "database" { - project = var.gcp_project_id - instance = google_spanner_instance.spanner_instance.name - name = var.spannerdatabase["name"] - ddl = [var.spannerdatabase["ddl"]] -} - -resource "google_cloud_scheduler_job" "job" { - project = var.gcp_project_id - region = var.scheduler_job["region"] - name = var.scheduler_job["name"] - description = var.scheduler_job["description"] - schedule = var.scheduler_job["schedule"] - time_zone = var.scheduler_job["time_zone"] - - http_target { - http_method = var.scheduler_job["http_method"] - uri = var.scheduler_job["http_target_uri"] - } -} - -variable "service_perimeter" { - type = any -} - -resource "google_access_context_manager_service_perimeter" "service-perimeter" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" - name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/servicePerimeters/${var.service_perimeter["name"]}" - title = var.service_perimeter["title"] - status { - restricted_services = [var.service_perimeter["restricted_service"]] - } -} - -resource "google_access_context_manager_access_policy" "access-policy" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - parent = "organizations/${var.gcp_organization_id}" - title = var.service_perimeter["policy_title"] -} - -resource "google_access_context_manager_access_level" "access-level" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}" - name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.0.name}/accessLevels/os_lock" - title = "os_lock" - basic { - conditions { - device_policy { - require_screen_lock = true - } - regions = [ - "CH", - "IT", - "US", - ] - } - } -} - -variable "firewall" { - type = any -} - -resource "google_compute_firewall" "mm-firewall" { - project = var.gcp_project_id - name = var.firewall["name"] - enable_logging = true - network = google_compute_network.inspec-gcp-network.name - - allow { - protocol = "tcp" - ports = ["80", "8080", "1000-2000"] - } - - source_tags = [var.firewall["source_tag"]] -} - -variable "address" { - type = any -} - -resource "google_compute_address" "internal_with_subnet_and_address" { - project = var.gcp_project_id - name = var.address["name"] - subnetwork = google_compute_subnetwork.inspec-gcp-subnetwork.self_link - address_type = var.address["address_type"] - address = var.address["address"] - region = var.gcp_location -} - -variable "instance_group" { - type = any -} - -resource "google_compute_instance_group" "inspec-instance-group" { - project = var.gcp_project_id - zone = var.gcp_zone - name = var.instance_group["name"] - description = var.instance_group["description"] - - named_port { - name = var.instance_group["named_port_name"] - port = var.instance_group["named_port_port"] - } -} - -variable "instance" { - type = any -} - -resource "google_compute_instance" "inspec-instance" { - project = var.gcp_project_id - zone = var.gcp_zone - name = var.instance["name"] - machine_type = var.instance["machine_type"] - - tags = [var.instance["tag_1"], var.instance["tag_2"]] - - boot_disk { - initialize_params { - image = "debian-cloud/debian-9" - } - } - - network_interface { - network = "default" - - access_config { - // Ephemeral IP - } - } - - metadata = { - "${var.instance["metadata_key"]}" = var.instance["metadata_value"] - } - - metadata_startup_script = var.instance["startup_script"] - - service_account { - scopes = [var.instance["sa_scope"]] - } -} - -variable "network" { - type = any -} - -resource "google_compute_network" "inspec-network" { - project = var.gcp_project_id - name = var.network["name"] - routing_mode = var.network["routing_mode"] -} - -variable "subnetwork" { - type = any -} - -resource "google_compute_subnetwork" "subnet-with-logging" { - project = var.gcp_project_id - region = var.gcp_location - name = var.subnetwork["name"] - ip_cidr_range = var.subnetwork["ip_cidr_range"] - network = google_compute_network.inspec-network.self_link - - log_config { - aggregation_interval = var.subnetwork["log_interval"] - flow_sampling = var.subnetwork["log_sampling"] - metadata = var.subnetwork["log_metadata"] - } -} - -variable "rigm" { - type = any -} - -variable "sql_connect" { - type = any -} - -resource "google_compute_region_instance_group_manager" "inspec-rigm" { - project = var.gcp_project_id - region = var.gcp_location - name = var.rigm["name"] - - base_instance_name = var.rigm["base_instance_name"] - - version { - instance_template = google_compute_instance_template.gcp-inspec-instance-template.self_link - } - - target_pools = [google_compute_target_pool.gcp-inspec-target-pool.self_link] - target_size = var.rigm["target_size"] - - named_port { - name = var.rigm["named_port_name"] - port = var.rigm["named_port_port"] - } - - auto_healing_policies { - health_check = google_compute_health_check.gcp-inspec-health-check.self_link - initial_delay_sec = var.rigm["healing_delay"] - } -} - -variable "vpn_tunnel" { - type = any -} - -resource "google_compute_vpn_tunnel" "tunnel1" { - project = var.gcp_project_id - name = var.vpn_tunnel["name"] - peer_ip = var.vpn_tunnel["peer_ip"] - shared_secret = var.vpn_tunnel["shared_secret"] - - remote_traffic_selector = ["0.0.0.0/0"] - local_traffic_selector = ["0.0.0.0/0"] - target_vpn_gateway = google_compute_vpn_gateway.inspec-gcp-vpn-gateway.self_link - - depends_on = [ - google_compute_forwarding_rule.inspec-gcp-fr-esp, - google_compute_forwarding_rule.inspec-gcp-fr-udp500, - google_compute_forwarding_rule.inspec-gcp-fr-udp4500, - ] -} - -variable "alert_policy" { - type = any -} - -resource "google_monitoring_alert_policy" "alert_policy" { - project = var.gcp_project_id - display_name = var.alert_policy["display_name"] - combiner = var.alert_policy["combiner"] - conditions { - display_name = var.alert_policy["condition_display_name"] - condition_threshold { - filter = var.alert_policy["condition_filter"] - duration = var.alert_policy["condition_duration"] - comparison = var.alert_policy["condition_comparison"] - aggregations { - alignment_period = "60s" - per_series_aligner = "ALIGN_RATE" - } - } - } -} - -variable "dns_managed_zone" { - type = any -} - -variable "gcp_dns_zone_name" {} - -resource "google_dns_managed_zone" "example-zone" { - project = var.gcp_project_id - name = var.dns_managed_zone["name"] - dns_name = "${var.gcp_dns_zone_name}" - description = var.dns_managed_zone["description"] - dnssec_config { - state = var.dns_managed_zone["dnssec_config_state"] - default_key_specs { - algorithm = "rsasha256" - key_type = "zoneSigning" - key_length = 2048 - } - default_key_specs { - algorithm = "rsasha512" - key_type = "keySigning" - key_length = 2048 - } - } -} - -variable "logging_metric" { - type = any -} - -resource "google_logging_metric" "logging_metric" { - project = var.gcp_project_id - name = var.logging_metric["name"] - filter = var.logging_metric["filter"] - metric_descriptor { - metric_kind = var.logging_metric["metric_kind"] - value_type = var.logging_metric["value_type"] - } -} - -variable "compute_image" { - type = any -} - -resource "google_compute_image" "example" { - project = var.gcp_project_id - name = var.compute_image["name"] - - raw_disk { - source = var.compute_image["source"] - } -} - -variable "gcp_organization_iam_custom_role_id" {} - -resource "google_organization_iam_custom_role" "generic_org_iam_custom_role" { - count = "${var.gcp_organization_id == "" ? 0 : var.gcp_enable_privileged_resources}" - org_id = var.gcp_organization_id - role_id = var.gcp_organization_iam_custom_role_id - title = "GCP Inspec Generic Organization IAM Custom Role" - description = "Custom role allowing to list IAM roles only" - permissions = ["iam.roles.list"] -} - -variable "security_policy" { - type = any -} - -resource "google_compute_security_policy" "policy" { - project = var.gcp_project_id - name = var.security_policy["name"] - - rule { - action = var.security_policy["action"] - priority = var.security_policy["priority"] - match { - versioned_expr = "SRC_IPS_V1" - config { - src_ip_ranges = [var.security_policy["ip_range"]] - } - } - description = var.security_policy["description"] - } - - rule { - action = "allow" - priority = "2147483647" - match { - versioned_expr = "SRC_IPS_V1" - config { - src_ip_ranges = ["*"] - } - } - description = "default rule" - } -} - -variable "memcache_instance" { - type = any -} - -resource "google_compute_network" "memcache_network" { - provider = google-beta - project = var.gcp_project_id - name = "inspec-gcp-memcache" -} - -resource "google_compute_global_address" "service_range" { - provider = google-beta - project = var.gcp_project_id - name = "inspec-gcp-memcache" - purpose = "VPC_PEERING" - address_type = "INTERNAL" - prefix_length = 16 - network = google_compute_network.memcache_network.id -} - -resource "google_service_networking_connection" "private_service_connection" { - provider = google-beta - network = google_compute_network.memcache_network.id - service = "servicenetworking.googleapis.com" - reserved_peering_ranges = [google_compute_global_address.service_range.name] -} - -resource "google_memcache_instance" "instance" { - provider = google-beta - name = var.memcache_instance["name"] - project = var.gcp_project_id - region = var.gcp_location - authorized_network = google_service_networking_connection.private_service_connection.network - - node_config { - cpu_count = 1 - memory_size_mb = 1024 - } - node_count = 1 -} - -resource "google_compute_interconnect_attachment" "on_prem" { - name = "on-prem-attachment" - edge_availability_domain = "AVAILABILITY_DOMAIN_1" - type = "PARTNER" - router = google_compute_router.gcp-inspec-router.id - mtu = 1500 -} - -resource "google_sql_ssl_cert" "client_cert" { - common_name = var.sql_connect["common_name"] - instance = var.gcp_db_instance_name -} - -resource "google_data_loss_prevention_stored_info_type" "basic" { - parent = "projects/my-project-name" - description = "Description" - display_name = "Displayname" - - regex { - pattern = "patient" - group_indexes = [2] - } -} - - - - -resource "google_vertex_ai_tensorboard" "tensorboard" { - display_name = "terraform-${local.name_suffix}" - description = "sample description" - labels = { - "key1" : "value1", - "key2" : "value2" - } - region = "us-central1" -} - - -resource "google_ml_engine_model" "default" { - name = "default-${local.name_suffix}" - description = "My model" - regions = ["us-central1"] -} - - -resource "google_vertex_ai_featurestore" "featurestore" { - name = "terraform-${local.name_suffix}" - labels = { - foo = "bar" - } - region = "us-central1" - online_serving_config { - fixed_node_count = 2 - } -} - -resource "google_vertex_ai_featurestore_entitytype" "entity" { - name = "terraform-${local.name_suffix}" - labels = { - foo = "bar" - } - featurestore = google_vertex_ai_featurestore.featurestore.id -} - -resource "google_vertex_ai_featurestore_entitytype_feature" "feature" { - name = "terraform-${local.name_suffix}" - labels = { - foo = "bar" - } - entitytype = google_vertex_ai_featurestore_entitytype.entity.id - - value_type = "INT64_ARRAY" -} - - -resource "google_vertex_ai_index_endpoint" "index_endpoint" { - display_name = "sample-endpoint" - description = "A sample vertex endpoint" - region = "us-central1" - labels = { - label-one = "value-one" - } - network = "projects/${data.google_project.project.number}/global/networks/${data.google_compute_network.vertex_network.name}" - depends_on = [ - google_service_networking_connection.vertex_vpc_connection - ] -} - -resource "google_service_networking_connection" "vertex_vpc_connection" { - network = data.google_compute_network.vertex_network.id - service = "servicenetworking.googleapis.com" - reserved_peering_ranges = [google_compute_global_address.vertex_range.name] -} - -resource "google_compute_global_address" "vertex_range" { - name = "address-name-${local.name_suffix}" - purpose = "VPC_PEERING" - address_type = "INTERNAL" - prefix_length = 24 - network = data.google_compute_network.vertex_network.id -} - -data "google_compute_network" "vertex_network" { - name = "network-name-${local.name_suffix}" -} - -data "google_project" "project" {} - - -resource "google_service_directory_namespace" "example" { - provider = google-beta - namespace_id = "example-namespace-${local.name_suffix}" - location = "us-central1" -} - -resource "google_service_directory_service" "example" { - provider = google-beta - service_id = "example-service-${local.name_suffix}" - namespace = google_service_directory_namespace.example.id -} - -resource "google_service_directory_endpoint" "example" { - provider = google-beta - endpoint_id = "example-endpoint-${local.name_suffix}" - service = google_service_directory_service.example.id - - metadata = { - stage = "prod" - region = "us-central1" - } - - address = "1.2.3.4" - port = 5353 -} - - -resource "google_service_directory_namespace" "example" { - provider = google-beta - namespace_id = "example-namespace-${local.name_suffix}" - location = "us-central1" -} - -resource "google_service_directory_service" "example" { - provider = google-beta - service_id = "example-service-${local.name_suffix}" - namespace = google_service_directory_namespace.example.id -} - -resource "google_service_directory_endpoint" "example" { - provider = google-beta - endpoint_id = "example-endpoint-${local.name_suffix}" - service = google_service_directory_service.example.id - - metadata = { - stage = "prod" - region = "us-central1" - } - - address = "1.2.3.4" - port = 5353 -} - - -resource "google_service_directory_namespace" "example" { - provider = google-beta - namespace_id = "example-namespace-${local.name_suffix}" - location = "us-central1" -} - -resource "google_service_directory_service" "example" { - provider = google-beta - service_id = "example-service-${local.name_suffix}" - namespace = google_service_directory_namespace.example.id -} - -resource "google_service_directory_endpoint" "example" { - provider = google-beta - endpoint_id = "example-endpoint-${local.name_suffix}" - service = google_service_directory_service.example.id - - metadata = { - stage = "prod" - region = "us-central1" - } - - address = "1.2.3.4" - port = 5353 -} - - -resource "google_service_directory_namespace" "example" { - provider = google-beta - namespace_id = "example-namespace-${local.name_suffix}" - location = "us-central1" -} - -resource "google_service_directory_service" "example" { - provider = google-beta - service_id = "example-service-${local.name_suffix}" - namespace = google_service_directory_namespace.example.id -} - -resource "google_service_directory_endpoint" "example" { - provider = google-beta - endpoint_id = "example-endpoint-${local.name_suffix}" - service = google_service_directory_service.example.id - - metadata = { - stage = "prod" - region = "us-central1" - } - - address = "1.2.3.4" - port = 5353 -} - - -resource "google_datastore_index" "default" { - kind = "foo" - properties { - name = "property_a-${local.name_suffix}" - direction = "ASCENDING" - } - properties { - name = "property_b-${local.name_suffix}" - direction = "ASCENDING" - } -} - diff --git a/build/inspec/test/integration/configuration/hello-world.zip b/build/inspec/test/integration/configuration/hello-world.zip deleted file mode 100644 index 34c746dd3..000000000 Binary files a/build/inspec/test/integration/configuration/hello-world.zip and /dev/null differ diff --git a/build/inspec/test/integration/configuration/index.js.zip b/build/inspec/test/integration/configuration/index.js.zip deleted file mode 100644 index a9e89ba30..000000000 Binary files a/build/inspec/test/integration/configuration/index.js.zip and /dev/null differ diff --git a/build/inspec/test/integration/configuration/mm-attributes.yml b/build/inspec/test/integration/configuration/mm-attributes.yml deleted file mode 100644 index 1f230f45f..000000000 --- a/build/inspec/test/integration/configuration/mm-attributes.yml +++ /dev/null @@ -1,929 +0,0 @@ -ssl_policy: - name: 'inspec-gcp-ssl-policy' - min_tls_version: 'TLS_1_2' - profile: 'CUSTOM' - custom_feature: 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384' - custom_feature2: 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384' - -topic: - name: 'inspec-gcp-topic' - -subscription: - name: 'inspec-gcp-subscription' - ack_deadline_seconds: 20 - -managed_zone: - name: 'inspec-gcp-managed-zone' - dns_name: 'my.domain.com.' - description: 'A test DNS zone' - label_key: key - label_value: 'value' - -record_set: - name: 'backend.my.domain.com.' - type: 'A' - ttl: 300 - rrdatas1: '8.8.8.8' - rrdatas2: '8.8.4.4' - -instance_group_manager: - name: 'inspec-gcp-igm' - base_instance_name: 'igm' - named_port_name: 'port' - named_port_port: 80 - -autoscaler: - name: 'inspec-gcp-autoscaler' - max_replicas: 5 - min_replicas: 1 - cooldown_period: 60 - cpu_utilization_target: 0.5 - -target_pool: - name: 'inspec-gcp-target-pool' - session_affinity: CLIENT_IP - -trigger: - trigger_template_project: trigger-project - trigger_template_branch: trigger-branch - trigger_template_repo: trigger-repo - filename: cloudbuild.yaml - -health_check: - name: inspec-gcp-health-check - timeout_sec: 10 - check_interval_sec: 10 - tcp_health_check_port: 80 - -backend_service: - name: inspec-gcp-backend-service - description: A description - port_name: http - protocol: HTTP - timeout_sec: 10 - enable_cdn: true - -region_backend_service_health_check: - name: inspec-gcp-region-health-check - timeout_sec: 15 - check_interval_sec: 15 - tcp_health_check_port: 81 - -region_backend_service: - name: inspec-gcp-region-backend-service - description: A regional description - protocol: TCP - timeout_sec: 15 - -http_health_check: - name: inspec-gcp-http-health-check - request_path: /health_check - timeout_sec: 20 - check_interval_sec: 20 - -https_health_check: - name: inspec-gcp-https-health-check - request_path: /https_health_check - timeout_sec: 15 - check_interval_sec: 15 - unhealthy_threshold: 3 - -instance_template: - name: inspec-gcp-instance-template - description: A description of the instance template - instance_description: A description of the instance itself - machine_type: f1-micro - tag: foo - can_ip_forward: false - scheduling_automatic_restart: true - scheduling_on_host_maintenance: MIGRATE - disk_source_image: debian-cloud/debian-9 - disk_auto_delete: true - disk_boot: true - network_interface_network: default - service_account_scope: storage-ro - -global_address: - name: inspec-gcp-global-address - ip_version: IPV6 - -url_map: - name: inspec-gcp-url-map - description: URL map description - host_rule_host: site.com - path_matcher_name: allpaths - path_rule_path: /home - test_host: test.com - test_path: /home - -http_proxy: - name: inspec-gcp-http-proxy - description: A HTTP proxy - -global_forwarding_rule: - name: inspec-gcp-global-forwarding-rule - port_range: 80-80 - -target_tcp_proxy: - name: inspec-gcp-target-tcp-proxy - proxy_header: NONE - tcp_backend_service_name: gcp-inspec-tcp-backend-service - -route: - name: inspec-gcp-route - dest_range: 15.0.0.0/24 - next_hop_ip: 10.2.0.1 - priority: 100 - -router: - name: inspec-gcp-router - bgp_asn: 64514 - bgp_advertise_mode: CUSTOM - bgp_advertised_group: "ALL_SUBNETS" - bgp_advertised_ip_range1: "1.2.3.4" - bgp_advertised_ip_range2: "6.7.0.0/16" - -snapshot: - name: inspec-gcp-disk-snapshot - disk_name: inspec-snapshot-disk - disk_type: pd-standard - disk_image: debian-cloud/debian-10-buster-v20191014 - -https_proxy: - name: inspec-gcp-https-proxy - description: A HTTPS target proxy - -ssl_certificate: - name: inspec-gcp-ssl-certificate - description: A fake ssl certificate (DO NOT USE) - certificate: | - -----BEGIN CERTIFICATE----- - MIICqjCCAk+gAwIBAgIJAIuJ+0352Kq4MAoGCCqGSM49BAMCMIGwMQswCQYDVQQG - EwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjERMA8GA1UEBwwIS2lya2xhbmQxFTAT - BgNVBAoMDEdvb2dsZSwgSW5jLjEeMBwGA1UECwwVR29vZ2xlIENsb3VkIFBsYXRm - b3JtMR8wHQYDVQQDDBZ3d3cubXktc2VjdXJlLXNpdGUuY29tMSEwHwYJKoZIhvcN - AQkBFhJuZWxzb25hQGdvb2dsZS5jb20wHhcNMTcwNjI4MDQ1NjI2WhcNMjcwNjI2 - MDQ1NjI2WjCBsDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xETAP - BgNVBAcMCEtpcmtsYW5kMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xHjAcBgNVBAsM - FUdvb2dsZSBDbG91ZCBQbGF0Zm9ybTEfMB0GA1UEAwwWd3d3Lm15LXNlY3VyZS1z - aXRlLmNvbTEhMB8GCSqGSIb3DQEJARYSbmVsc29uYUBnb29nbGUuY29tMFkwEwYH - KoZIzj0CAQYIKoZIzj0DAQcDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ - 4mzkzTv0dXyB750fOGN02HtkpBOZzzvUARTR10JQoSe2/5PIwaNQME4wHQYDVR0O - BBYEFKIQC3A2SDpxcdfn0YLKineDNq/BMB8GA1UdIwQYMBaAFKIQC3A2SDpxcdfn - 0YLKineDNq/BMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhALs4vy+O - M3jcqgA4fSW/oKw6UJxp+M6a+nGMX+UJR3YgAiEAvvl39QRVAiv84hdoCuyON0lJ - zqGNhIPGq2ULqXKK8BY= - -----END CERTIFICATE----- - private_key: | - -----BEGIN EC PRIVATE KEY----- - MHcCAQEEIObtRo8tkUqoMjeHhsOh2ouPpXCgBcP+EDxZCB/tws15oAoGCCqGSM49 - AwEHoUQDQgAEHGzpcRJ4XzfBJCCPMQeXQpTXwlblimODQCuQ4mzkzTv0dXyB750f - OGN02HtkpBOZzzvUARTR10JQoSe2/5PIwQ== - -----END EC PRIVATE KEY----- - -dataset: - dataset_id: inspec_gcp_dataset - friendly_name: A BigQuery dataset test - description: Test BigQuery dataset description - location: EU - default_table_expiration_ms: 3600000 - access_writer_role: WRITER - access_writer_special_group: projectWriters - -bigquery_table: - table_id: inspec_gcp_bigquery_table - description: A BigQuery table - expiration_time: 1738882264000 - time_partitioning_type: DAY - -repository: - name: inspec-gcp-repository - -folder: - display_name: inspec-gcp-folder - -cloudfunction: - name: inspec-gcp-function - description: A description of the function - available_memory_mb: 128 - trigger_http: true - timeout: 60 - entry_point: hello - env_var_value: val1 - -backend_bucket: - name: inspec-gcp-backend-bucket - description: Backend bucket example - enable_cdn: true - -regional_node_pool: - name: inspec-gcp-regional-node-pool - cluster_name: inspec-gcp-regional-node-pool-cluster - node_count: 1 - initial_node_count: 1 - -org_sink: - name: inspec-gcp-org-sink - filter: resource.type = gce_instance - -standardappversion: - version_id: v2 - service: default - runtime: nodejs10 - entrypoint: "node ./app.js" - port: "8080" - -ml_model: - name: ml_model - region: us-central1 - description: My awesome ML model - online_prediction_logging: true - online_prediction_console_logging: true - -dataproc_cluster: - name: inspec-dataproc-cluster - label_key: label - label_value: value - config: - master_config: - num_instances: 1 - machine_type: n1-standard-1 - boot_disk_type: pd-ssd - boot_disk_size_gb: 30 - worker_config: - num_instances: 2 - machine_type: n1-standard-1 - boot_disk_size_gb: 40 - num_local_ssds: 1 - preemptible_worker_config: - num_instances: 0 - software_config: - prop_key: "dataproc:dataproc.allow.zero.workers" - prop_value: "true" - gce_cluster_config: - tag: foo - -folder_exclusion: - name: inspec-folder-exclusion - description: My folder exclusion description - filter: "resource.type = gce_instance AND severity <= DEBUG" - -filestore_instance: - name: inspecgcp - zone: us-central1-b - tier: PREMIUM - fileshare_capacity_gb: 2660 - fileshare_name: inspecgcp - network_name: default - network_mode: MODE_IPV4 - -folder_sink: - name: inspec-gcp-folder-sink - filter: resource.type = gce_instance AND severity >= ERROR - -runtimeconfig_config: - name: inspec-gcp-runtime-config - description: My runtime configurations - -runtimeconfig_variable: - name: prod-variables/hostname - text: example.com - -redis: - name: my-redis-cache - tier: STANDARD_HA - memory_size_gb: 1 - region: us-central1 - location_id: us-central1-a - alternative_location_id: us-central1-f - redis_version: REDIS_3_2 - display_name: InSpec test instance - reserved_ip_range: "192.168.0.0/29" - label_key: key - label_value: value - -network_endpoint_group: - name: inspec-gcp-endpoint-group - default_port: 90 - -global_network_endpoint_group: - name: inspec-gcp-global-endpoint-group - network_endpoint_type: INTERNET_IP_PORT - default_port: 90 - -node_template: - name: inspec-node-template - label_key: key - label_value: value - -node_group: - name: inspec-node-group - description: A description of the node group - size: 0 - -router_nat: - name: inspec-router-nat - nat_ip_allocate_option: AUTO_ONLY - source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES - min_ports_per_vm: 2 - log_config_enable: true - log_config_filter: ERRORS_ONLY - -service: - name: maps-android-backend.googleapis.com - -spannerinstance: - config: regional-us-east1 - name: spinstance - display_name: inspectest - num_nodes: 1 - label_key: env - label_value: test - -spannerdatabase: - name: spdatabase - instance: spinstance - ddl: "CREATE TABLE test (test STRING(MAX),) PRIMARY KEY (test)" - -scheduler_job: - # region must match where the appengine instance is deployed - region: us-central1 - name: job-name - description: A description - schedule: "*/8 * * * *" - time_zone: America/New_York - http_method: POST - http_target_uri: https://example.com/ping - -service_perimeter: - name: restrict_all - title: restrict_all - restricted_service: storage.googleapis.com - policy_title: policytitle - -firewall: - name: inspec-gcp-firewall - source_tag: some-tag - -address: - name: inspec-gcp-global-address - address_type: INTERNAL - address: "10.2.0.3" - -instance_group: - name: inspec-instance-group - description: My instance group for testing - named_port_name: https - named_port_port: 8080 - -instance: - name: inspec-instance - machine_type: n1-standard-1 - tag_1: foo - tag_2: bar - metadata_key: '123' - metadata_value: asdf - sa_scope: https://www.googleapis.com/auth/compute.readonly - startup_script: "echo hi > /test.txt" - -network: - name: inspec-network - routing_mode: REGIONAL - -subnetwork: - name: inspec-subnet - ip_cidr_range: "10.2.0.0/16" - log_interval: INTERVAL_10_MIN - log_sampling: .5 - log_metadata: INCLUDE_ALL_METADATA - -rigm: - name: inspec-rigm - base_instance_name: rigm1 - target_size: 1 - named_port_name: https - named_port_port: 8888 - healing_delay: 300 - -vpn_tunnel: - name: inspec-vpn-tunnel - peer_ip: "15.0.0.120" - shared_secret: super secret - -project_sink: - name: inspec-gcp-org-sink - filter: resource.type = gce_instance AND severity = DEBUG - -project_exclusion: - name: inspec-project-exclusion - description: My project exclusion description - filter: resource.type = gce_instance AND severity <= DEBUG - -alert_policy: - display_name: Display - combiner: OR - condition_display_name: condition - condition_filter: "metric.type=\"compute.googleapis.com/instance/disk/write_bytes_count\" AND resource.type=\"gce_instance\"" - condition_duration: 60s - condition_comparison: COMPARISON_GT - -dns_managed_zone: - # managed zone dns_name must be randomly generated, so it happens in the other script - name: example-zone - description: example description - dnssec_config_state: 'on' - -logging_metric: - name: some/metric - filter: 'resource.type=gae_app AND severity>=ERROR' - metric_kind: DELTA - value_type: INT64 - -compute_image: - name: inspec-image - source: https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-97.98-google-kvm-ubuntu-xenial-go_agent-raw-1557960142.tar.gz - -security_policy: - name: sec-policy - action: deny(403) - priority: "1000" - ip_range: "9.9.9.0/24" - description: my description - -memcache_instance: - name: mem-instance - -accelerator_type: - name: accelerator_id - -global_operation: - name: operation-1635274037755-5cf45e8217d56-c081cd9a-c3ea7346 - operationType: "compute.externalVpnGateways.insert" - -interconnect_location: - name: akl-zone1-1353 - facility_provider_facility_id: 'Auckland - Albany' - facility_provider: Vocus - -image_family_views: - zone: us-central1-c - name: image-1 - source_type: RAW - status: READY - archive_size_bytes: 539099200 - disk_size_gb: 3 - family: test - -license_code: - name: akl-zone1-1353 - -region_instance_group: - name: instance-group-2 - region: us-central1 - size: 1 - named_port_name: 'port' - named_port_port: 80 - -region_operation: - name: operation-1641188435323-5d4a6f5b26934-9281422c-dce238f5 - region: us-central1 - operation_type: "compute.instanceGroupManagers.insert" - status: DONE - progress: 100 - -sql_database_flag: - name : audit_log - type : STRING - applies_to: MYSQL_5_6 - allowed_string_values: ON - requires_restart: true - -sql_connect: - region: us-central1 - database_version: POSTGRES_13 - backend_type: SECOND_GEN - cert_serial_number: 0 - common_name: "test_gcp_1" - sha1_fingerprint: "80c5c611c0a591db967c7dda3467e23127288fed" - instance: test-pg - -sql_operation: - name: e5c522f1-8391-4830-a8ff-ff1cc4a7b2a5 - status: DONE - operation_type: CREATE -public_delegated_prefix: - name: test - -region_health_check: - name: inspec-gcp-region-health-check - region: us-central1 - timeout_sec: 10 - check_interval_sec: 10 - tcp_health_check_port: 80 - -dlp: - name: "i-inspec-gcp-dlp" - location: "us-east-2" - type: "INSPECT_JOB" - state: "ACTIVE" - inspectDetails: - requestedOptions: - snapshotInspectTemplate: "" - jobConfig: - storageConfig: - hybridOptions: - description: "test" - tableOptions: "" - description: "Description" - display_name: "Displayname" - job_attribute_name: "job_attribute-1" - job_trigger_status: "HEALTHY" - job_trigger_name: "name1" - job_trigger_display_name: "dp" - job_trigger_description: "description" - deidentify_templates: - name: "dlp-template-inspec" - location: "europe-west2" - type: "Infotype" - -featurestore: - name : "value_name" - region : "value_region" - parent : "value_parent" - state : "value_state" - create_time : "value_createtime" - etag : "value_etag" - update_time : "value_updatetime" - -training_pipeline: - name : "value_name" - job_id: "job_id" - region : "value_region" - parent : "value_parent" - - -nas_job: - name : "value_name" - region : "value_region" - parent : "value_parent" - end_time : "value_endtime" - state : "value_state" - create_time : "value_createtime" - display_name : "value_displayname" - start_time : "value_starttime" - update_time : "value_updatetime" - -batch_prediction_job: - name : "value_name" - region : "value_region" - parent : "value_parent" - create_time : "value_createtime" - model_version_id : "value_modelversionid" - end_time : "value_endtime" - start_time : "value_starttime" - update_time : "value_updatetime" - state : "value_state" - model : "value_model" - display_name : "value_displayname" - service_account : "value_serviceaccount" - -custom_job: - name : "value_name" - job_id: "job_id" - region : "value_region" - parent : "value_parent" - -index: - name : "value_name" - region : "value_region" - parent : "value_parent" - description : "value_description" - display_name : "value_displayname" - metadata_schema_uri : "value_metadataschemauri" - index_update_method : "value_indexupdatemethod" - update_time : "value_updatetime" - create_time : "value_createtime" - etag : "value_etag" - -tensorboard: - name : "value_name" - region : "value_region" - parent : "value_parent" - update_time : "value_updatetime" - blob_storage_path_prefix : "value_blobstoragepathprefix" - etag : "value_etag" - create_time : "value_createtime" - display_name : "value_displayname" - description : "value_description" - -model: - name : "value_name" - region : "value_region" - parent : "value_parent" - update_time : "value_updatetime" - etag : "value_etag" - description : "value_description" - create_time : "value_createtime" - pipeline_job : "value_pipelinejob" - version_update_time : "value_versionupdatetime" - metadata_artifact : "value_metadataartifact" - metadata_schema_uri : "value_metadataschemauri" - version_id : "value_versionid" - artifact_uri : "value_artifacturi" - training_pipeline : "value_trainingpipeline" - display_name : "value_displayname" - version_create_time : "value_versioncreatetime" - version_description : "value_versiondescription" - -index_endpoint: - name : "value_name" - region : "value_region" - parent : "value_parent" - display_name : "value_displayname" - create_time : "value_createtime" - network : "value_network" - update_time : "value_updatetime" - public_endpoint_domain_name : "value_publicendpointdomainname" - etag : "value_etag" - description : "value_description" - -featurestores_entity_type: - name : "value_name" - region : "value_region" - parent : "value_parent" - description : "value_description" - create_time : "value_createtime" - etag : "value_etag" - update_time : "value_updatetime" - - -tensorboard_experiment_run: - name : "sklearn-2023-09-22-17-16-16-a25b0" - tensorboard: "1976367752880848896" - experiment: "autologging-experiment-fyc24zb2" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/tensorboards/1976367752880848896/experiments/autologging-experiment-fyc24zb2/runs/" - -studies_trial: - name : "1" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/studies/2975668570413/trials/" - study: "890385007008" - start_time : "value_starttime" - end_time : "value_endtime" - infeasible_reason : "value_infeasiblereason" - client_id : "value_clientid" - custom_job : "value_customjob" - state : "value_state" - id : "value_id" - -hyperparameter_tuning_job: - name : "9200900561803673600" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/hyperparameterTuningJobs/" - state : "JOB_STATE_RUNNING" - end_time : "value_endtime" - update_time : "value_updatetime" - start_time : "value_starttime" - create_time : "value_createtime" - display_name : "inspec-hyper-test-hyperparameter-tuning-job" - -models_evaluation: - name : "value_name" - region : "value_region" - parent : "value_parent" - data_item_schema_uri : "value_dataitemschemauri" - metrics_schema_uri : "value_metricsschemauri" - create_time : "value_createtime" - annotation_schema_uri : "value_annotationschemauri" - display_name : "value_displayname" - -tensorboards_experiment: - name : "inspec-tensor-experiment" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/tensorboards/6346548241290493952/experiments/" - description : "value_description" - tensorboard: "6346548241290493952" - source : "value_source" - display_name : "inspec-tensor-experiment" - create_time : "value_createtime" - update_time : "value_updatetime" - etag : "value_etag" - -featurestore_entity_type_feature: - parent : "value_parent" - region : "value_region" - description : "value_description" - create_time : "value_createtime" - etag : "value_etag" - name : "value_name" - update_time : "value_updatetime" - value_type : "value_valuetype" - -dataset_data_item_annotation: - name: "1746031646898913280" - region: "us-central1" - dataset: "1044994542735982592" - dataItem: "75173735366921" - parent: "projects/165434197229/locations/us-central1/datasets/1044994542735982592/dataItems/75173735366921/annotations/" - -model_deployment_monitoring_job: - name : "4965515800912855040" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/modelDeploymentMonitoringJobs/" - state : "value_state" - analysis_instance_schema_uri : "value_analysisinstanceschemauri" - endpoint : "projects/165434197229/locations/us-central1/endpoints/5787303642054787072" - display_name : "churn" - schedule_state : "value_schedulestate" - predict_instance_schema_uri : "value_predictinstanceschemauri" - next_schedule_time : "value_nextscheduletime" - create_time : "value_createtime" - log_ttl : "value_logttl" - update_time : "value_updatetime" - -metadata_stores_metadata_schema: - name : "system-dag-execution-v0-0-1" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/metadataStores/default/metadataSchemas/" - metadataStore: "default" - schema_type : "EXECUTION_TYPE" - description : "value_description" - schema_version : "value_schemaversion" - create_time : "value_createtime" - schema : "value_schema" - -metadata_stores_execution: - name : "12528100122877440041" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/metadataStores/default/executions/" - metadataStore: "default" - create_time : "value_createtime" - schema_version : "value_schemaversion" - state : "value_state" - etag : "value_etag" - display_name : "endpoint-create-20230918054541-20230918054500491" - schema_title : "value_schematitle" - description : "value_description" - update_time : "value_updatetime" - -metadata_stores_context: - name : "autologging-experiment-w0apl7la-autologging-tf-experiment-w0apl7la" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/metadataStores/default/contexts/" - metadataStore: "default" - schema_title : "value_schematitle" - etag : "value_etag" - description : "value_description" - display_name : "autologging-tf-experiment-w0apl7la" - schema_version : "value_schemaversion" - create_time : "value_createtime" - update_time : "value_updatetime" - -metadata_stores_artifact: - name : "2811503570633325756" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/metadataStores/default/artifacts/" - metadataStore: "default" - schema_version : "value_schemaversion" - display_name : "value_displayname" - etag : "value_etag" - update_time : "value_updatetime" - state : "value_state" - uri : "value_uri" - create_time : "value_createtime" - schema_title : "value_schematitle" - description : "value_description" - -datasets_saved_query: - parent : "projects/165434197229/locations/us-central1/datasets/1044994542735982592/savedQueries/" - region : "us-central1" - dataset: "1044994542735982592" - update_time : "value_updatetime" - problem_type : "value_problemtype" - name : "2236927819407949824" - create_time : "value_createtime" - etag : "value_etag" - display_name : "inspec-annotation-test" - annotation_filter : "value_annotationfilter" - -datasets_annotation_spec: - name : "5438527833485869056" - region : "us-central1" - dataset: "1044994542735982592" - parent: "projects/165434197229/locations/us-central1/datasets/1044994542735982592/annotationSpecs/" - display_name : "InSpec" - etag : "value_etag" - create_time : "value_createtime" - update_time : "value_updatetime" - -nas_jobs_nas_trial_detail: - name : "1" - region : "us-central1" - nasJob: "3217974009958236160" - parent : "projects/ppradhan/locations/us-central1/nasJobs/3217974009958236160/nasTrialDetails/" - parameters : "value_parameters" - -metadata_store: - name : "default" - region : "us-central1" - parent : "projects/165434197229/locations/us-central1/metadataStores/" - description : "value_description" - create_time : "value_createtime" - update_time : "value_updatetime" - -endpoint: - name : "value_name" - region : "value_region" - parent : "value_parent" - update_time : "value_updatetime" - model_deployment_monitoring_job : "value_modeldeploymentmonitoringjob" - description : "value_description" - network : "value_network" - display_name : "value_displayname" - etag : "value_etag" - create_time : "value_createtime" - -models_evaluations_slice: - name : "value_name" - region : "value_region" - parent : "value_parent" - create_time : "value_createtime" - metrics_schema_uri : "value_metricsschemauri" - -datasets_data_item: - parent : "value_parent" - region : "value_region" - update_time : "value_updatetime" - etag : "value_etag" - name : "value_name" - create_time : "value_createtime" - -study: - name : "value_name" - region : "value_region" - parent : "value_parent" - display_name : "value_displayname" - state : "value_state" - create_time : "value_createtime" - inactive_reason : "value_inactivereason" - -tensorboard_experiment_run_time_series_resource: - name : "value_name" - region : "value_region" - parent : "value_parent" - plugin_name : "value_pluginname" - plugin_data : "value_plugindata" - description : "value_description" - etag : "value_etag" - display_name : "value_displayname" - update_time : "value_updatetime" - create_time : "value_createtime" - value_type : "value_valuetype" - -project_location_image_version: - parent : "value_parent" -vpn_gateway: - project : "value_project" - region : "value_region" - vpn_gateway : "value_vpngateway" - kind : "value_kind" - id : "value_id" - creation_timestamp : "value_creationtimestamp" - name : "value_name" - description : "value_description" - network : "value_network" - self_link : "value_selflink" - label_fingerprint : "value_labelfingerprint" - stack_type : "value_stacktype" -organization: - name : "value_name" - parent : "value_parent" - api_consumer_data_encryption_key_name : "value_apiconsumerdataencryptionkeyname" - runtime_database_encryption_key_name : "value_runtimedatabaseencryptionkeyname" - runtime_type : "value_runtimetype" - type : "value_type" - authorized_network : "value_authorizednetwork" - project_id : "value_projectid" - description : "value_description" - ca_certificate : "value_cacertificate" - subscription_type : "value_subscriptiontype" - customer_name : "value_customername" - created_at : "value_createdat" - last_modified_at : "value_lastmodifiedat" - subscription_plan : "value_subscriptionplan" - state : "value_state" - control_plane_encryption_key_name : "value_controlplaneencryptionkeyname" - analytics_region : "value_analyticsregion" - api_consumer_data_location : "value_apiconsumerdatalocation" - display_name : "value_displayname" - apigee_project_id : "value_apigeeprojectid" - expires_at : "value_expiresat" - billing_type : "value_billingtype" -project_location_environment: - name : "value_name" - parent : "value_parent" - uuid : "value_uuid" - state : "value_state" - create_time : "value_createtime" - update_time : "value_updatetime" \ No newline at end of file diff --git a/build/inspec/test/integration/verify/controls/google_data_loss_prevention_stored_info_type.rb b/build/inspec/test/integration/verify/controls/google_data_loss_prevention_stored_info_type.rb deleted file mode 100644 index 268023f59..000000000 --- a/build/inspec/test/integration/verify/controls/google_data_loss_prevention_stored_info_type.rb +++ /dev/null @@ -1,53 +0,0 @@ -# frozen_string_literal: true - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- - -title 'Test GCP google_data_loss_prevention_stored_info_type resource.' - -gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') -dlp = input('dlp', value: { - "name": 'i-inspec-gcp-dlp', - "location": 'us-east-2', - "type": 'INSPECT_JOB', - "state": 'ACTIVE', - "inspectDetails": { - "requestedOptions": { - "snapshotInspectTemplate": '', - "jobConfig": { - "storageConfig": { - "hybridOptions": { - "description": 'test', - "tableOptions": '', - }, - }, - }, - }, - }, - "description": 'Description', - "display_name": 'Displayname', - }, description: 'DLP ') -control 'google_data_loss_prevention_stored_info_type-1.0' do - impact 1.0 - title 'google_data_loss_prevention_stored_info_type resource test' - - describe google_data_loss_prevention_stored_info_type(parent: "projects/#{gcp_project_id}/locations/#{dlp['location']}", name: dlp['stored_info_type_name']) do - it { should exist } - its('name') { should cmp dlp['name'] } - end - - describe google_data_loss_prevention_stored_info_type(parent: "projects/#{gcp_project_id}/locations/#{dlp['location']}", name: 'nonexistent') do - it { should_not exist } - end -end diff --git a/build/inspec/test/integration/verify/controls/google_data_loss_prevention_stored_info_types.rb b/build/inspec/test/integration/verify/controls/google_data_loss_prevention_stored_info_types.rb deleted file mode 100644 index ae0bdff7e..000000000 --- a/build/inspec/test/integration/verify/controls/google_data_loss_prevention_stored_info_types.rb +++ /dev/null @@ -1,49 +0,0 @@ -# frozen_string_literal: true - -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: MMv1 *** -# -# ---------------------------------------------------------------------------- -# -# This file is automatically generated by Magic Modules and manual -# changes will be clobbered when the file is regenerated. -# -# Please read more about how to change this file in README.md and -# CONTRIBUTING.md located at the root of this package. -# -# ---------------------------------------------------------------------------- - -title 'Test GCP google_data_loss_prevention_stored_info_types resource.' - -gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') -dlp = input('dlp', value: { - "name": 'i-inspec-gcp-dlp', - "location": 'us-east-2', - "type": 'INSPECT_JOB', - "state": 'ACTIVE', - "inspectDetails": { - "requestedOptions": { - "snapshotInspectTemplate": '', - "jobConfig": { - "storageConfig": { - "hybridOptions": { - "description": 'test', - "tableOptions": '', - }, - }, - }, - }, - }, - "description": 'Description', - "display_name": 'Displayname', - }, description: 'DLP ') -control 'google_data_loss_prevention_stored_info_types-1.0' do - impact 1.0 - title 'google_data_loss_prevention_stored_info_types resource test' - - describe google_data_loss_prevention_stored_info_types(parent: "projects/#{gcp_project_id}/locations/#{dlp['location']}") do - it { should exist } - its('names') { should include dlp['name'] } - end -end