Add memcache, gke release channel, sql ca cert (#3682)

* Add memcache, gke release channel, sql ca cert * Fixes * Revert extra ga version * Fixes
GoogleCloudPlatform · Jun 18, 2020 · 897f457 · 897f457
1 parent 4fc90d5
commit 897f457
Show file tree

Hide file tree

Showing 11 changed files with 139 additions and 6 deletions.
diff --git a/products/container/api.yaml b/products/container/api.yaml
@@ -687,6 +687,21 @@ objects:
           - !ruby/object:Api::Type::Boolean
             name: 'enabled'
             description: If enabled, all container images will be validated by Binary Authorization.
+      - !ruby/object:Api::Type::NestedObject
+        min_version: beta
+        name: 'releaseChannel'
+        description: |
+          ReleaseChannel indicates which release channel a cluster is subscribed to.
+          Release channels are arranged in order of risk and frequency of updates.
+        properties:
+          - !ruby/object:Api::Type::Enum
+            name: 'channel'
+            description: 'Which release channel the cluster is subscribed to.'
+            values: 
+              - UNSPECIFIED
+              - RAPID
+              - REGULAR
+              - STABLE
   - !ruby/object:Api::Resource
     name: 'NodePool'
     base_url: projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/nodePools

diff --git a/products/memcache/inspec.yaml b/products/memcache/inspec.yaml
@@ -0,0 +1,17 @@
+# Copyright 2019 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Provider::Inspec::Config
+overrides: !ruby/object:Overrides::ResourceOverrides
+  Instance: !ruby/object:Overrides::Inspec::ResourceOverride
+    collection_url_key: resources
diff --git a/products/sql/api.yaml b/products/sql/api.yaml
@@ -435,6 +435,34 @@ objects:
             name: 'kmsKeyVersionName'
             description: |
               The KMS key version used to encrypt the Cloud SQL instance
+      - !ruby/object:Api::Type::NestedObject
+        name: 'serverCaCert'
+        description: 'SSL configuration'
+        output: true
+        properties:
+          - !ruby/object:Api::Type::String
+            name: 'cert'
+            description: 'PEM representation of the X.509 certificate.'
+          - !ruby/object:Api::Type::String
+            name: 'certSerialNumber'
+            description: 'Serial number, as extracted from the certificate.'
+          - !ruby/object:Api::Type::String
+            name: 'commonName'
+            description: 'User supplied name. Constrained to [a-zA-Z.-_ ]+.'
+          - !ruby/object:Api::Type::Time
+            name: 'createTime'
+            description: |
+              The time when the certificate was created in RFC 3339 format, for
+              example 2012-11-15T16:19:00.094Z.
+          - !ruby/object:Api::Type::Time
+            name: 'expirationTime'
+            description: |
+              The time when the certificate expires in RFC 3339 format, for example
+              2012-11-15T16:19:00.094Z.
+          - !ruby/object:Api::Type::String
+            name: 'sha1Fingerprint'
+            description: |
+              SHA-1 fingerprint of the certificate.
   - !ruby/object:Api::Resource
     name: 'Database'
     kind: 'sql#database'

diff --git a/provider/inspec.rb b/provider/inspec.rb
@@ -393,8 +393,11 @@ def beta_api_url(object)
     end
 
     def ga_api_url(object)
-      ga_version = object.__product.version_obj_or_closest('ga')
-      object.product_url || ga_version.base_url
+      if object.__product.exists_at_version('ga')
+        ga_version = object.__product.version_obj_or_closest('ga')
+        return object.product_url || ga_version.base_url
+      end
+      beta_api_url(object)
     end
   end
 end
diff --git a/templates/inspec/examples/google_container_cluster/google_container_cluster.erb b/templates/inspec/examples/google_container_cluster/google_container_cluster.erb
@@ -14,4 +14,9 @@ end
 
 describe google_container_cluster(project: <%= gcp_project_id -%>, location: <%= gcp_kube_cluster_zone -%>, name: 'nonexistent') do
   it { should_not exist }
+end
+
+describe google_container_cluster(project: <%= gcp_project_id -%>, location: <%= gcp_kube_cluster_zone -%>, name: <%= gcp_kube_cluster_name -%>, beta: true) do
+  it { should exist }
+  its('release_channel.channel') { should cmp "RAPID" }
 end
diff --git a/templates/inspec/examples/google_memcache_instance/google_memcache_instance.erb b/templates/inspec/examples/google_memcache_instance/google_memcache_instance.erb
@@ -0,0 +1,11 @@
+<% gcp_project_id = "#{external_attribute(pwd, 'gcp_project_id', doc_generation)}" -%>
+<% gcp_location = "#{external_attribute(pwd, 'gcp_location', doc_generation)}" -%>
+<% memcache_instance = grab_attributes(pwd)['memcache_instance'] -%>
+describe google_memcache_instance(project: <%= gcp_project_id -%>, region: <%= gcp_location %>, name: <%= doc_generation ? "'#{memcache_instance['name']}'" : "memcache_instance['name']" -%>) do
+  it { should exist }
+  its('node_count') { should cmp 1 }
+end
+
+describe google_memcache_instance(project: <%= gcp_project_id -%>, region: <%= gcp_location %>, name: "nonexistent") do
+  it { should_not exist }
+end
diff --git a/templates/inspec/examples/google_memcache_instance/google_memcache_instance_attributes.erb b/templates/inspec/examples/google_memcache_instance/google_memcache_instance_attributes.erb
@@ -0,0 +1,3 @@
+gcp_project_id = attribute(:gcp_project_id, default: '<%= external_attribute(pwd, 'gcp_project_id') -%>', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: '<%= external_attribute(pwd, 'gcp_location') -%>', description: 'The GCP project region.')
+memcache_instance = attribute('memcache_instance', default: <%= JSON.pretty_generate(grab_attributes(pwd)['memcache_instance']) -%>, description: 'Memcache settings')
diff --git a/templates/inspec/examples/google_memcache_instance/google_memcache_instances.erb b/templates/inspec/examples/google_memcache_instance/google_memcache_instances.erb
@@ -0,0 +1,7 @@
+<% gcp_project_id = "#{external_attribute(pwd, 'gcp_project_id', doc_generation)}" -%>
+<% gcp_location = "#{external_attribute(pwd, 'gcp_location', doc_generation)}" -%>
+<% memcache_instance = grab_attributes(pwd)['memcache_instance'] -%>
+describe google_memcache_instances(project: <%= gcp_project_id -%>, region: <%= gcp_location %>) do
+	its('count') { should be >= 1 }
+  its('node_counts') { should include 1 }
+end
diff --git a/templates/inspec/tests/integration/build/gcp-mm.tf b/templates/inspec/tests/integration/build/gcp-mm.tf
@@ -1257,3 +1257,44 @@ resource "google_compute_security_policy" "policy" {
     description = "default rule"
   }
 }
+
+variable "memcache_instance" {
+  type = any
+}
+
+resource "google_compute_network" "memcache_network" {
+  provider = google-beta
+  project = var.gcp_project_id
+  name = "inspec-gcp-memcache"
+}
+
+resource "google_compute_global_address" "service_range" {
+  provider = google-beta
+  project = var.gcp_project_id
+  name          = "inspec-gcp-memcache"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.memcache_network.id
+}
+
+resource "google_service_networking_connection" "private_service_connection" {
+  provider = google-beta
+  network                 = google_compute_network.memcache_network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.service_range.name]
+}
+
+resource "google_memcache_instance" "instance" {
+  provider = google-beta
+  name = var.memcache_instance["name"]
+  project = var.gcp_project_id
+  region = var.gcp_location
+  authorized_network = google_service_networking_connection.private_service_connection.network
+
+  node_config {
+    cpu_count      = 1
+    memory_size_mb = 1024
+  }
+  node_count = 1
+}
diff --git a/templates/inspec/tests/integration/configuration/mm-attributes.yml b/templates/inspec/tests/integration/configuration/mm-attributes.yml
@@ -444,3 +444,6 @@ security_policy:
   priority: "1000"
   ip_range: "9.9.9.0/24"
   description: my description
+
+memcache_instance:
+  name: mem-instance
diff --git a/third_party/inspec/custom_functions/google_compute_instance.erb b/third_party/inspec/custom_functions/google_compute_instance.erb
@@ -107,17 +107,17 @@ def service_account_scopes
 end
 
 def block_project_ssh_keys
-  return false if !defined?(@metadata.items) || @metadata.items.nil?
-  @metadata.items.each do |element|
+  return false if !defined?(@metadata['items']) || @metadata['items'].nil?
+  @metadata['items'].each do |element|
     return true if element.key=='block-project-ssh-keys' and element.value.casecmp('true').zero?
     return true if element.key=='block-project-ssh-keys' and element.value=='1'
   end
   false
 end
 
 def has_serial_port_disabled?
-  return false if !defined?(@metadata.items) || @metadata.items.nil?
-  @metadata.items.each do |element|
+  return false if !defined?(@metadata['items']) || @metadata['items'].nil?
+  @metadata['items'].each do |element|
     return true if element.key=='serial-port-enable' and element.value.casecmp('false').zero?
     return true if element.key=='serial-port-enable' and element.value=='0'
   end