diff --git a/README.md b/README.md index 59a0bab6..202feab6 100644 --- a/README.md +++ b/README.md @@ -340,6 +340,7 @@ The following resources are available in the InSpec GCP Profile | [google_organization_iam_binding](docs/resources/google_organization_iam_binding.md) | No Plural Resource | | [google_organization_iam_policy](docs/resources/google_organization_iam_policy.md) | No Plural Resource | | [google_organization_policy](docs/resources/google_organization_policy.md) | No Plural Resource | +| [google_parameter_manager_parameter](docs/resources/google_parameter_manager_parameter.md) | [google_parameter_manager_parameters](docs/resources/google_parameter_manager_parameters.md) | | [google_project](docs/resources/google_project.md) | [google_projects](docs/resources/google_projects.md) | | [google_project_alert_policy](docs/resources/google_project_alert_policy.md) | [google_project_alert_policies](docs/resources/google_project_alert_policies.md) | | [google_project_alert_policy_condition](docs/resources/google_project_alert_policy_condition.md) | No Plural Resource | diff --git a/docs/resources/google_parameter_manager_parameter.md b/docs/resources/google_parameter_manager_parameter.md new file mode 100644 index 00000000..0cb977f8 --- /dev/null +++ b/docs/resources/google_parameter_manager_parameter.md @@ -0,0 +1,47 @@ +--- +title: About the google_parameter_manager_parameter resource +platform: gcp +--- + +## Syntax +A `google_parameter_manager_parameter` is used to test a Google Parameter resource + +## Examples +``` +describe google_parameter_manager_parameter(name: 'projects//locations/global/parameters/') do + it { should exist } +end +describe google_parameter_manager_parameter(name: "does_not_exit") do + it { should_not exist } +end +describe google_parameter_manager_parameter(name: 'projects//locations//parameters/', region: ) do + it { should exist } +end +describe google_parameter_manager_parameter(name: "does_not_exit", region: ) do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_parameter_manager_parameter` resource: + + + * `name`: The resource name of the Parameter. Format: `projects/{{project_id}}/locations/global/parameters/{{parameter_id}}` or `projects/{{project_id}}/locations/{{location_id}}/parameters/{{parameter_id}}` + + * `create_time`: The time at which the Parameter was created. + + * `update_time`: The time at which the Parameter was updated. + + * `labels`: The labels assigned to this Parameter. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be assigned to a given resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + + * `format`: The format of the Parameter. + + * `kms_key`: The resource name of the Cloud KMS CryptoKey used to encrypt parameter version payload. Format `projects/{{project_id}}/locations/global/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}` or `projects/{{project_id}}/locations/{{location_id}}/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}` + + * `policy_member`: The policy member of the Parameter. + + * `iam_policy_uid_principal`: IAM policy binding member referring to a Google Cloud resource by system-assigned unique identifier. + +## GCP Permissions + +Ensure the [Parameter Manager API](https://console.cloud.google.com/apis/library/parametermanager.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_parameter_manager_parameter_version.md b/docs/resources/google_parameter_manager_parameter_version.md new file mode 100644 index 00000000..f978b1f9 --- /dev/null +++ b/docs/resources/google_parameter_manager_parameter_version.md @@ -0,0 +1,58 @@ +--- +title: About the google_parameter_manager_parameter_version resource +platform: gcp +--- + +## Syntax +A `google_parameter_manager_parameter_version` is used to test a Google Parameter Version resource + +## Examples +``` +describe google_parameter_manager_parameter_version(name: 'projects//locations/global/parameters//versions/') do + it { should exist } +end +describe google_parameter_manager_parameter_version(name: "does_not_exit") do + it { should_not exist } +end +describe google_parameter_manager_parameter_version(name: 'projects//locations//parameters//versions/', region: ) do + it { should exist } +end +describe google_parameter_manager_parameter_version(name: "does_not_exit", region: ) do + it { should_not exist } +end +describe google_parameter_manager_parameter_version(name: 'projects//locations/global/parameters//versions/', render_secret: true) do + it { should exist } +end +describe google_parameter_manager_parameter_version(name: "does_not_exit", render_secret: true) do + it { should_not exist } +end +describe google_parameter_manager_parameter_version(name: 'projects//locations//parameters//versions/', region: , render_secret: true) do + it { should exist } +end +describe google_parameter_manager_parameter_version(name: "does_not_exit", region: , render_secret: true) do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_parameter_manager_parameter_version` resource: + + * `name`: The resource name of the Parameter Version. Format: `projects/{{project_id}}/locations/global/parameters/{{parameter_id}}/versions/{{parameter_version_id}}` or `projects/{{project_id}}/locations/{{location_id}}/parameters/{{parameter_id}}/versions/{{parameter_version_id}}` + + * `create_time`: The time at which the Parameter Version was created. + + * `update_time`: The time at which the Parameter Version was updated. + + * `disabled`: The state of Parameter Version. + + * `kms_key_version`: The resource name of the Cloud KMS CryptoKeyVersion used to decrypt parameter version payload. Format `projects/{{project_id}}/locations/global/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}/cryptoKeyVersions/{{crypto_key_version}}` or `projects/{{project_id}}/locations/{{location_id}}/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}/cryptoKeyVersions/{{crypto_key_version}}` + + * `rendered_payload`: The rendered payload of the Parameter Version. + + * `payload`: The payload of the ParameterVersion. + + * `data`: The parameter data. Must be no larger than 1MiB. + +## GCP Permissions + +Ensure the [Parameter Manager API](https://console.cloud.google.com/apis/library/parametermanager.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_parameter_manager_parameter_versions.md b/docs/resources/google_parameter_manager_parameter_versions.md new file mode 100644 index 00000000..4551867b --- /dev/null +++ b/docs/resources/google_parameter_manager_parameter_versions.md @@ -0,0 +1,41 @@ +--- +title: About the google_parameter_manager_parameter_versions resource +platform: gcp +--- + +## Syntax +A `google_parameter_manager_parameter_versions` is used to test a Google Parameter Version resource + +## Examples +``` +describe google_parameter_manager_parameter_versions(parent: 'projects//locations/global/parameters/') do + it { should exist } +end +describe google_parameter_manager_parameter_versions(parent: "does_not_exit") do + it { should_not exist } +end +describe google_parameter_manager_parameter_versions(parent: 'projects//locations//parameters/', region: ) do + it { should exist } +end +describe google_parameter_manager_parameter_versions(parent: "does_not_exit", region: ) do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_parameter_manager_parameter_versions` resource: + +See [google_parameter_manager_parameter_version.md](google_parameter_manager_parameter_version.md) for more detailed information + * `names`: an array of `google_parameter_manager_parameter_version` name + * `create_times`: an array of `google_parameter_manager_parameter_version` create_time + * `update_times`: an array of `google_parameter_manager_parameter_version` update_time + * `disabled_values`: an array of `google_parameter_manager_parameter_version` disabled + * `kms_key_versions`: an array of `google_parameter_manager_parameter_version` kms_key_version + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Parameter Manager API](https://console.cloud.google.com/apis/library/parametermanager.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_parameter_manager_parameters.md b/docs/resources/google_parameter_manager_parameters.md new file mode 100644 index 00000000..127c7033 --- /dev/null +++ b/docs/resources/google_parameter_manager_parameters.md @@ -0,0 +1,37 @@ +--- +title: About the google_parameter_manager_parameters resource +platform: gcp +--- + +## Syntax +A `google_parameter_manager_parameters` is used to test a Google Parameter resource + +## Examples +``` +describe google_parameter_manager_parameters(parent: 'projects//locations/global') do + it { should exist } +end +describe google_parameter_manager_parameters(parent: 'projects//locations/', region: ) do + it { should exist } +end +``` + +## Properties +Properties that can be accessed from the `google_parameter_manager_parameters` resource: + +See [google_parameter_manager_parameter.md](google_parameter_manager_parameter.md) for more detailed information + * `names`: an array of `google_parameter_manager_parameter` name + * `create_times`: an array of `google_parameter_manager_parameter` create_time + * `update_times`: an array of `google_parameter_manager_parameter` update_time + * `formats`: an array of `google_parameter_manager_parameter` format + * `labels`: an array of `google_parameter_manager_parameter` label + * `policy_members`: an array of `google_parameter_manager_parameter` policy_member + * `kms_keys`: an array of `google_parameter_manager_parameter` kms_key + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Parameter Manager API](https://console.cloud.google.com/apis/library/parametermanager.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/parametermanager/property/payload.rb b/libraries/google/parametermanager/property/payload.rb new file mode 100644 index 00000000..3883db23 --- /dev/null +++ b/libraries/google/parametermanager/property/payload.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +module GoogleInSpec + module ParameterManager + module Property + class Payload + attr_reader :data + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @data = args['data'] + end + + def to_s + "#{@parent_identifier} PolicyMember" + end + end + end + end +end diff --git a/libraries/google/parametermanager/property/policy_member.rb b/libraries/google/parametermanager/property/policy_member.rb new file mode 100644 index 00000000..e7f489a8 --- /dev/null +++ b/libraries/google/parametermanager/property/policy_member.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +module GoogleInSpec + module ParameterManager + module Property + class PolicyMember + attr_reader :iam_policy_uid_principal + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @iam_policy_uid_principal = args['iamPolicyUidPrincipal'] + end + + def to_s + "#{@parent_identifier} PolicyMember" + end + end + end + end +end diff --git a/libraries/google_parameter_manager_parameter.rb b/libraries/google_parameter_manager_parameter.rb new file mode 100644 index 00000000..aecedd89 --- /dev/null +++ b/libraries/google_parameter_manager_parameter.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: false + +require 'gcp_backend' +require 'google/parametermanager/property/policy_member' + +# A provider to manage Parameter Manager resources. +class ParameterManagerParameter < GcpResourceBase + name 'google_parameter_manager_parameter' + desc 'Parameter' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :create_time + attr_reader :update_time + attr_reader :format + attr_reader :labels + attr_reader :policy_member + attr_reader :kms_key + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @name = @fetched['name'] + @create_time = @fetched['createTime'] + @labels = @fetched['labels'] + @update_time = @fetched['updateTime'] + @format = @fetched['format'] + @policy_member = GoogleInSpec::ParameterManager::Property::PolicyMember.new(@fetched['policyMember'], to_s) + @kms_key = @fetched['kmsKey'] + end + + def exists? + !@fetched.nil? + end + + def to_s + "Parameter #{@params[:name]}" + end + + private + + def product_url(_ = nil) + if @params[:region] && @params[:region] != 'global' + "https://parametermanager.#{@params[:region]}.rep.googleapis.com/v1/" + else + 'https://parametermanager.googleapis.com/v1/' + end + end + + def resource_base_url + '{{name}}' + end +end diff --git a/libraries/google_parameter_manager_parameter_version.rb b/libraries/google_parameter_manager_parameter_version.rb new file mode 100644 index 00000000..7f22bda9 --- /dev/null +++ b/libraries/google_parameter_manager_parameter_version.rb @@ -0,0 +1,68 @@ +# frozen_string_literal: false + +require 'gcp_backend' +require 'google/parametermanager/property/payload' + +class ParameterManagerParameterVersion < GcpResourceBase + name 'google_parameter_manager_parameter_version' + desc 'ParameterVersion' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :payload + attr_reader :rendered_payload + attr_reader :create_time + attr_reader :update_time + attr_reader :disabled + attr_reader :kms_key_version + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @payload = GoogleInSpec::ParameterManager::Property::Payload.new(@fetched['payload'], to_s) + + # Conditionally set if they exist + if @params[:render_secret] == true + @rendered_payload = @fetched['renderedPayload'] + @name = @fetched['parameterVersion'] + else + @name = @fetched['name'] + @create_time = @fetched['createTime'] if @fetched.key?('createTime') + @update_time = @fetched['updateTime'] if @fetched.key?('updateTime') + end + @disabled = @fetched['disabled'] if @fetched.key?('disabled') + @kms_key_version = @fetched['kmsKeyVersion'] if @fetched.key?('kmsKeyVersion') + end + + def exists? + !@fetched.nil? + end + + def to_s + "ParameterVersion #{@params[:name]}" + end + + private + + def product_url(_ = nil) + if @params[:region] && @params[:region] != 'global' + "https://parametermanager.#{@params[:region]}.rep.googleapis.com/v1/" + else + 'https://parametermanager.googleapis.com/v1/' + end + end + + def resource_base_url + if @params[:render_secret] == true + '{{name}}:render' + else + '{{name}}' + end + end +end diff --git a/libraries/google_parameter_manager_parameter_versions.rb b/libraries/google_parameter_manager_parameter_versions.rb new file mode 100644 index 00000000..634aa3f6 --- /dev/null +++ b/libraries/google_parameter_manager_parameter_versions.rb @@ -0,0 +1,79 @@ +# frozen_string_literal: false + +require 'gcp_backend' + +class ParameterManagerParameterVersions < GcpResourceBase + name 'google_parameter_manager_parameter_versions' + desc 'ParameterVersion plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:create_times, field: :create_time) + filter_table_config.add(:update_times, field: :update_time) + filter_table_config.add(:disabled_values, field: :disabled) + filter_table_config.add(:kms_key_versions, field: :kms_key_version) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('parameterVersions') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { [:name, obj['name']] }, + 'createTime' => ->(obj) { [:create_time, obj['createTime']] }, + 'updateTime' => ->(obj) { [:update_time, obj['updateTime']] }, + 'disabled' => ->(obj) { [:disabled, obj['disabled'] || {}] }, + 'kmsKeyVersion' => ->(obj) { [:kms_key_version, obj['kmsKeyVersion'] || {}] }, + } + end + + private + + def product_url(_ = nil) + if @params[:region] && @params[:region] != 'global' + "https://parametermanager.#{@params[:region]}.rep.googleapis.com/v1/" + else + 'https://parametermanager.googleapis.com/v1/' + end + end + + def resource_base_url + '{{parent}}/versions' + end +end diff --git a/libraries/google_parameter_manager_parameters.rb b/libraries/google_parameter_manager_parameters.rb new file mode 100644 index 00000000..1aa6f730 --- /dev/null +++ b/libraries/google_parameter_manager_parameters.rb @@ -0,0 +1,84 @@ +# frozen_string_literal: false + +require 'gcp_backend' +require 'google/parametermanager/property/policy_member' + +class ParameterManagerParameters < GcpResourceBase + name 'google_parameter_manager_parameters' + desc 'Parameter plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:create_times, field: :create_time) + filter_table_config.add(:update_times, field: :update_time) + filter_table_config.add(:labels, field: :labels) + filter_table_config.add(:formats, field: :format) + filter_table_config.add(:policy_members, field: :policy_member) + filter_table_config.add(:kms_keys, field: :kms_key) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('parameters') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { [:name, obj['name']] }, + 'createTime' => ->(obj) { [:create_time, obj['createTime']] }, + 'labels' => ->(obj) { [:labels, obj['labels'] || {}] }, + 'kmsKey' => ->(obj) { [:kms_key, obj['kmsKey'] || {}] }, + 'updateTime' => ->(obj) { [:update_time, obj['updateTime']] }, + 'format' => ->(obj) { [:format, obj['format']] }, + 'policyMember' => ->(obj) { [:policy_member, GoogleInSpec::ParameterManager::Property::PolicyMember.new(obj['policyMember'], to_s)] }, + } + end + + private + + def product_url(_ = nil) + if @params[:region] && @params[:region] != 'global' + "https://parametermanager.#{@params[:region]}.rep.googleapis.com/v1/" + else + 'https://parametermanager.googleapis.com/v1/' + end + end + + def resource_base_url + '{{parent}}/parameters' + end +end diff --git a/test/integration/verify/controls/google_parameter_manager_parameter.rb b/test/integration/verify/controls/google_parameter_manager_parameter.rb new file mode 100644 index 00000000..7b5981d3 --- /dev/null +++ b/test/integration/verify/controls/google_parameter_manager_parameter.rb @@ -0,0 +1,31 @@ +title 'Test GCP google_parameter_manager_parameter resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_parameter_id = input(:gcp_parameter_id, value: 'gcp_parameter_id', description: 'The GCP parameter identifier.') +region = input(:region, value: 'gcp_region', description: 'The GCP project region.') + +project_parameter = input('project_parameter', value: { + "name": "projects/#{gcp_project_id}/locations/global/parameters/#{gcp_parameter_id}", + "regional_name": "projects/#{gcp_project_id}/locations/#{region}/parameters/#{gcp_parameter_id}" +}, description: 'project_parameter description') + +control 'google_parameter_manager_parameter-1.0' do + impact 1.0 + title 'google_parameter_manager_parameter resource test' + + describe google_parameter_manager_parameter(name: project_parameter['name']) do + it { should exist } + end + + describe google_parameter_manager_parameter(name: "does_not_exit") do + it { should_not exist } + end + + describe google_parameter_manager_parameter(name: project_parameter['regional_name'], region: region) do + it { should exist } + end + + describe google_parameter_manager_parameter(name: "does_not_exit", region: region) do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_parameter_manager_parameter_version.rb b/test/integration/verify/controls/google_parameter_manager_parameter_version.rb new file mode 100644 index 00000000..1f8f1dc2 --- /dev/null +++ b/test/integration/verify/controls/google_parameter_manager_parameter_version.rb @@ -0,0 +1,48 @@ +title 'Test GCP google_parameter_manager_parameter_version resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_parameter_id = input(:gcp_parameter_id, value: 'gcp_parameter_id', description: 'The GCP parameter identifier.') +gcp_parameter_version_id = input(:gcp_parameter_version_id, value: 'gcp_parameter_version_id', description: 'The GCP parameter version identifier.') +region = input(:region, value: 'gcp_region', description: 'The GCP project region.') + +project_parameter = input('project_parameter', value: { + "name": "projects/#{gcp_project_id}/locations/global/parameters/#{gcp_parameter_id}/versions/#{gcp_parameter_version_id}", + "regional_name": "projects/#{gcp_project_id}/locations/#{region}/parameters/#{gcp_parameter_id}/versions/#{gcp_parameter_version_id}" +}, description: 'project_parameter description') + +control 'google_parameter_manager_parameter_version-1.0' do + impact 1.0 + title 'google_parameter_manager_parameter_version resource test' + + describe google_parameter_manager_parameter_version(name: project_parameter['name']) do + it { should exist } + end + + describe google_parameter_manager_parameter_version(name: "does_not_exit") do + it { should_not exist } + end + + describe google_parameter_manager_parameter_version(name: project_parameter['regional_name'], region: region) do + it { should exist } + end + + describe google_parameter_manager_parameter_version(name: "does_not_exit", region: region) do + it { should_not exist } + end + + describe google_parameter_manager_parameter_version(name: project_parameter['name'], render_secret: true) do + it { should exist } + end + + describe google_parameter_manager_parameter_version(name: "does_not_exit", render_secret: true) do + it { should_not exist } + end + + describe google_parameter_manager_parameter_version(name: project_parameter['regional_name'], region: region, render_secret: true) do + it { should exist } + end + + describe google_parameter_manager_parameter_version(name: "does_not_exit", region: region, render_secret: true) do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_parameter_manager_parameter_versions.rb b/test/integration/verify/controls/google_parameter_manager_parameter_versions.rb new file mode 100644 index 00000000..ff3bdbd3 --- /dev/null +++ b/test/integration/verify/controls/google_parameter_manager_parameter_versions.rb @@ -0,0 +1,23 @@ +title 'Test GCP google_parameter_manager_parameter_versions resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_parameter_id = input(:gcp_parameter_id, value: 'gcp_parameter_id', description: 'The GCP parameter identifier.') +region = input(:region, value: 'gcp_region', description: 'The GCP project region.') + +project_parameter = input('project_parameter', value: { + "parent": "projects/#{gcp_project_id}/locations/global/parameters/#{gcp_parameter_id}", + "regional_parent": "projects/#{gcp_project_id}/locations/#{region}/parameters/#{gcp_parameter_id}" +}, description: 'project_parameter description') + +control 'google_parameter_manager_parameter_versions-1.0' do + impact 1.0 + title 'google_parameter_manager_parameter_versions resource test' + + describe google_parameter_manager_parameter_versions(parent: project_parameter['parent']) do + it { should exist } + end + + describe google_parameter_manager_parameter_versions(parent: project_parameter['regional_parent'], region: region) do + it { should exist } + end +end diff --git a/test/integration/verify/controls/google_parameter_manager_parameters.rb b/test/integration/verify/controls/google_parameter_manager_parameters.rb new file mode 100644 index 00000000..ab7548ae --- /dev/null +++ b/test/integration/verify/controls/google_parameter_manager_parameters.rb @@ -0,0 +1,22 @@ +title 'Test GCP google_parameter_manager_parameters resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +region = input(:region, value: 'gcp_region', description: 'The GCP project region.') + +project_parameter = input('project_parameter', value: { + "parent": "projects/#{gcp_project_id}/locations/global", + "regional_parent": "projects/#{gcp_project_id}/locations/#{region}" +}, description: 'project_parameter description') + +control 'google_parameter_manager_parameters-1.0' do + impact 1.0 + title 'google_parameter_manager_parameters resource test' + + describe google_parameter_manager_parameters(parent: project_parameter['parent']) do + it { should exist } + end + + describe google_parameter_manager_parameters(parent: project_parameter['regional_parent'], region: region) do + it { should exist } + end +end