From 3b9afb35284fdc2a6be0c6e831a757d935fdca0d Mon Sep 17 00:00:00 2001 From: Sam Levenick Date: Tue, 22 Oct 2019 18:03:05 +0000 Subject: [PATCH] Add support for compute_router_nat to inspec Signed-off-by: Modular Magician --- docs/resources/google_compute_router_nat.md | 68 +++++++++++ docs/resources/google_compute_router_nats.md | 40 +++++++ .../compute/property/routernat_log_config.rb | 37 ++++++ .../compute/property/routernat_subnetwork.rb | 48 ++++++++ libraries/google_compute_router_nat.rb | 99 ++++++++++++++++ libraries/google_compute_router_nats.rb | 108 ++++++++++++++++++ test/integration/build/gcp-mm.tf | 19 +++ .../configuration/mm-attributes.yml | 10 +- .../controls/google_compute_router_nat.rb | 52 +++++++++ .../controls/google_compute_router_nats.rb | 43 +++++++ 10 files changed, 523 insertions(+), 1 deletion(-) create mode 100644 docs/resources/google_compute_router_nat.md create mode 100644 docs/resources/google_compute_router_nats.md create mode 100644 libraries/google/compute/property/routernat_log_config.rb create mode 100644 libraries/google/compute/property/routernat_subnetwork.rb create mode 100644 libraries/google_compute_router_nat.rb create mode 100644 libraries/google_compute_router_nats.rb create mode 100644 test/integration/verify/controls/google_compute_router_nat.rb create mode 100644 test/integration/verify/controls/google_compute_router_nats.rb diff --git a/docs/resources/google_compute_router_nat.md b/docs/resources/google_compute_router_nat.md new file mode 100644 index 000000000..e2fae89fe --- /dev/null +++ b/docs/resources/google_compute_router_nat.md @@ -0,0 +1,68 @@ +--- +title: About the google_compute_router_nat resource +platform: gcp +--- + +## Syntax +A `google_compute_router_nat` is used to test a Google RouterNat resource + +## Examples +``` +describe google_compute_router_nat(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router', name: 'inspec-router-nat') do + it { should exist } + its('nat_ip_allocate_option') { should cmp 'AUTO_ONLY' } + its('source_subnetwork_ip_ranges_to_nat') { should cmp 'ALL_SUBNETWORKS_ALL_IP_RANGES' } + its('min_ports_per_vm') { should cmp '2' } + its('log_config.enable') { should cmp 'true' } + its('log_config.filter') { should cmp 'ERRORS_ONLY' } +end + +describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'nonexistent', name: 'nonexistent') do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_router_nat` resource: + + + * `name`: Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035. + + * `nat_ip_allocate_option`: How external IPs should be allocated for this NAT. Valid values are `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses. + + * `nat_ips`: Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY. + + * `source_subnetwork_ip_ranges_to_nat`: How NAT should be configured per Subnetwork. If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the IP ranges in every Subnetwork are allowed to Nat. If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP ranges in every Subnetwork are allowed to Nat. `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. + + * `subnetwork`: One or more subnetwork NAT configurations. Only used if `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS` + + * `name`: Self-link of subnetwork to NAT + + * `source_ip_ranges_to_nat`: List of options for which source IPs in the subnetwork should have NAT enabled. Supported values include: `ALL_IP_RANGES`, `LIST_OF_SECONDARY_IP_RANGES`, `PRIMARY_IP_RANGE`. + + * `secondary_ip_range_names`: List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only if `LIST_OF_SECONDARY_IP_RANGES` is one of the values in sourceIpRangesToNat + + * `min_ports_per_vm`: Minimum number of ports allocated to a VM from this NAT. + + * `udp_idle_timeout_sec`: Timeout (in seconds) for UDP connections. Defaults to 30s if not set. + + * `icmp_idle_timeout_sec`: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. + + * `tcp_established_idle_timeout_sec`: Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set. + + * `tcp_transitory_idle_timeout_sec`: Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set. + + * `log_config`: Configuration for logging on NAT + + * `enable`: Indicates whether or not to export logs. + + * `filter`: Specifies the desired filtering of logs on this NAT. Valid values are: `"ERRORS_ONLY"`, `"TRANSLATIONS_ONLY"`, `"ALL"` + + * `router`: The name of the Cloud Router in which this NAT will be configured. + + * `region`: Region where the router and NAT reside. + + +## GCP Permissions + +Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_compute_router_nats.md b/docs/resources/google_compute_router_nats.md new file mode 100644 index 000000000..5e5558c07 --- /dev/null +++ b/docs/resources/google_compute_router_nats.md @@ -0,0 +1,40 @@ +--- +title: About the google_compute_router_nats resource +platform: gcp +--- + +## Syntax +A `google_compute_router_nats` is used to test a Google RouterNat resource + +## Examples +``` +describe google_compute_router_nats(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router') do + its('names') { should include 'inspec-router-nat' } +end +``` + +## Properties +Properties that can be accessed from the `google_compute_router_nats` resource: + +See [google_compute_router_nat.md](google_compute_router_nat.md) for more detailed information + * `names`: an array of `google_compute_router_nat` name + * `nat_ip_allocate_options`: an array of `google_compute_router_nat` nat_ip_allocate_option + * `nat_ips`: an array of `google_compute_router_nat` nat_ips + * `source_subnetwork_ip_ranges_to_nats`: an array of `google_compute_router_nat` source_subnetwork_ip_ranges_to_nat + * `subnetworks`: an array of `google_compute_router_nat` subnetwork + * `min_ports_per_vms`: an array of `google_compute_router_nat` min_ports_per_vm + * `udp_idle_timeout_secs`: an array of `google_compute_router_nat` udp_idle_timeout_sec + * `icmp_idle_timeout_secs`: an array of `google_compute_router_nat` icmp_idle_timeout_sec + * `tcp_established_idle_timeout_secs`: an array of `google_compute_router_nat` tcp_established_idle_timeout_sec + * `tcp_transitory_idle_timeout_secs`: an array of `google_compute_router_nat` tcp_transitory_idle_timeout_sec + * `log_configs`: an array of `google_compute_router_nat` log_config + * `routers`: an array of `google_compute_router_nat` router + * `regions`: an array of `google_compute_router_nat` region + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/compute/property/routernat_log_config.rb b/libraries/google/compute/property/routernat_log_config.rb new file mode 100644 index 000000000..5b562a257 --- /dev/null +++ b/libraries/google/compute/property/routernat_log_config.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RouterNatLogConfig + attr_reader :enable + + attr_reader :filter + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @enable = args['enable'] + @filter = args['filter'] + end + + def to_s + "#{@parent_identifier} RouterNatLogConfig" + end + end + end + end +end diff --git a/libraries/google/compute/property/routernat_subnetwork.rb b/libraries/google/compute/property/routernat_subnetwork.rb new file mode 100644 index 000000000..43942822f --- /dev/null +++ b/libraries/google/compute/property/routernat_subnetwork.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module Compute + module Property + class RouterNatSubnetwork + attr_reader :name + + attr_reader :source_ip_ranges_to_nat + + attr_reader :secondary_ip_range_names + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @name = args['name'] + @source_ip_ranges_to_nat = args['sourceIpRangesToNat'] + @secondary_ip_range_names = args['secondaryIpRangeNames'] + end + + def to_s + "#{@parent_identifier} RouterNatSubnetwork" + end + end + + class RouterNatSubnetworkArray + def self.parse(value, parent_identifier) + return if value.nil? + return RouterNatSubnetwork.new(value, parent_identifier) unless value.is_a?(::Array) + value.map { |v| RouterNatSubnetwork.new(v, parent_identifier) } + end + end + end + end +end diff --git a/libraries/google_compute_router_nat.rb b/libraries/google_compute_router_nat.rb new file mode 100644 index 000000000..1396d6cae --- /dev/null +++ b/libraries/google_compute_router_nat.rb @@ -0,0 +1,99 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/compute/property/routernat_log_config' +require 'google/compute/property/routernat_subnetwork' + +# A provider to manage Compute Engine resources. +class ComputeRouterNat < GcpResourceBase + name 'google_compute_router_nat' + desc 'RouterNat' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :nat_ip_allocate_option + attr_reader :nat_ips + attr_reader :source_subnetwork_ip_ranges_to_nat + attr_reader :subnetwork + attr_reader :min_ports_per_vm + attr_reader :udp_idle_timeout_sec + attr_reader :icmp_idle_timeout_sec + attr_reader :tcp_established_idle_timeout_sec + attr_reader :tcp_transitory_idle_timeout_sec + attr_reader :log_config + attr_reader :router + attr_reader :region + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + fetched = @connection.fetch(product_url, resource_base_url, params, 'Get') + @fetched = unwrap(fetched, params) + parse unless @fetched.nil? + end + + def identity + %w{name} + end + + def collection_item + 'nats' + end + + def unwrap(fetched, params) + fetched[collection_item].find { |result| identity.all? { |id| result[id.to_sym] == params[id] } } + end + + def parse + @name = @fetched['name'] + @nat_ip_allocate_option = @fetched['natIpAllocateOption'] + @nat_ips = @fetched['natIps'] + @source_subnetwork_ip_ranges_to_nat = @fetched['sourceSubnetworkIpRangesToNat'] + @subnetwork = GoogleInSpec::Compute::Property::RouterNatSubnetworkArray.parse(@fetched['subnetworks'], to_s) + @min_ports_per_vm = @fetched['minPortsPerVm'] + @udp_idle_timeout_sec = @fetched['udpIdleTimeoutSec'] + @icmp_idle_timeout_sec = @fetched['icmpIdleTimeoutSec'] + @tcp_established_idle_timeout_sec = @fetched['tcpEstablishedIdleTimeoutSec'] + @tcp_transitory_idle_timeout_sec = @fetched['tcpTransitoryIdleTimeoutSec'] + @log_config = GoogleInSpec::Compute::Property::RouterNatLogConfig.new(@fetched['logConfig'], to_s) + @router = @fetched['router'] + @region = @fetched['region'] + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + def exists? + !@fetched.nil? + end + + def to_s + "RouterNat #{@params[:router]}" + end + + private + + def product_url + 'https://www.googleapis.com/compute/v1/' + end + + def resource_base_url + 'projects/{{project}}/regions/{{region}}/routers/{{router}}' + end +end diff --git a/libraries/google_compute_router_nats.rb b/libraries/google_compute_router_nats.rb new file mode 100644 index 000000000..c5ad08e36 --- /dev/null +++ b/libraries/google_compute_router_nats.rb @@ -0,0 +1,108 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class ComputeRouterNats < GcpResourceBase + name 'google_compute_router_nats' + desc 'RouterNat plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:nat_ip_allocate_options, field: :nat_ip_allocate_option) + filter_table_config.add(:nat_ips, field: :nat_ips) + filter_table_config.add(:source_subnetwork_ip_ranges_to_nats, field: :source_subnetwork_ip_ranges_to_nat) + filter_table_config.add(:subnetworks, field: :subnetwork) + filter_table_config.add(:min_ports_per_vms, field: :min_ports_per_vm) + filter_table_config.add(:udp_idle_timeout_secs, field: :udp_idle_timeout_sec) + filter_table_config.add(:icmp_idle_timeout_secs, field: :icmp_idle_timeout_sec) + filter_table_config.add(:tcp_established_idle_timeout_secs, field: :tcp_established_idle_timeout_sec) + filter_table_config.add(:tcp_transitory_idle_timeout_secs, field: :tcp_transitory_idle_timeout_sec) + filter_table_config.add(:log_configs, field: :log_config) + filter_table_config.add(:routers, field: :router) + filter_table_config.add(:regions, field: :region) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('nats') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { return :name, obj['name'] }, + 'natIpAllocateOption' => ->(obj) { return :nat_ip_allocate_option, obj['natIpAllocateOption'] }, + 'natIps' => ->(obj) { return :nat_ips, obj['natIps'] }, + 'sourceSubnetworkIpRangesToNat' => ->(obj) { return :source_subnetwork_ip_ranges_to_nat, obj['sourceSubnetworkIpRangesToNat'] }, + 'subnetworks' => ->(obj) { return :subnetwork, GoogleInSpec::Compute::Property::RouterNatSubnetworkArray.parse(obj['subnetworks'], to_s) }, + 'minPortsPerVm' => ->(obj) { return :min_ports_per_vm, obj['minPortsPerVm'] }, + 'udpIdleTimeoutSec' => ->(obj) { return :udp_idle_timeout_sec, obj['udpIdleTimeoutSec'] }, + 'icmpIdleTimeoutSec' => ->(obj) { return :icmp_idle_timeout_sec, obj['icmpIdleTimeoutSec'] }, + 'tcpEstablishedIdleTimeoutSec' => ->(obj) { return :tcp_established_idle_timeout_sec, obj['tcpEstablishedIdleTimeoutSec'] }, + 'tcpTransitoryIdleTimeoutSec' => ->(obj) { return :tcp_transitory_idle_timeout_sec, obj['tcpTransitoryIdleTimeoutSec'] }, + 'logConfig' => ->(obj) { return :log_config, GoogleInSpec::Compute::Property::RouterNatLogConfig.new(obj['logConfig'], to_s) }, + 'router' => ->(obj) { return :router, obj['router'] }, + 'region' => ->(obj) { return :region, obj['region'] }, + } + end + + # Handles parsing RFC3339 time string + def parse_time_string(time_string) + time_string ? Time.parse(time_string) : nil + end + + private + + def product_url + 'https://www.googleapis.com/compute/v1/' + end + + def resource_base_url + 'projects/{{project}}/regions/{{region}}/routers/{{router}}' + end +end diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index d03e10dce..4e9619e09 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -193,6 +193,10 @@ variable "node_group" { type = "map" } +variable "router_nat" { + type = "map" +} + resource "google_compute_ssl_policy" "custom-ssl-policy" { name = "${var.ssl_policy["name"]}" min_tls_version = "${var.ssl_policy["min_tls_version"]}" @@ -838,3 +842,18 @@ resource "google_compute_node_group" "inspec-node-group" { size = var.node_group["size"] node_template = "${google_compute_node_template.inspec-template.self_link}" } + +resource "google_compute_router_nat" "inspec-nat" { + project = var.gcp_project_id + name = var.router_nat["name"] + router = google_compute_router.gcp-inspec-router.name + region = google_compute_router.gcp-inspec-router.region + nat_ip_allocate_option = var.router_nat["nat_ip_allocate_option"] + source_subnetwork_ip_ranges_to_nat = var.router_nat["source_subnetwork_ip_ranges_to_nat"] + min_ports_per_vm = var.router_nat["min_ports_per_vm"] + + log_config { + enable = var.router_nat["log_config_enable"] + filter = var.router_nat["log_config_filter"] + } +} diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml index 92b6cfdcb..89aabf593 100644 --- a/test/integration/configuration/mm-attributes.yml +++ b/test/integration/configuration/mm-attributes.yml @@ -315,4 +315,12 @@ node_template: node_group: name: inspec-node-group description: A description of the node group - size: 0 \ No newline at end of file + size: 0 + +router_nat: + name: inspec-router-nat + nat_ip_allocate_option: AUTO_ONLY + source_subnetwork_ip_ranges_to_nat: ALL_SUBNETWORKS_ALL_IP_RANGES + min_ports_per_vm: 2 + log_config_enable: true + log_config_filter: ERRORS_ONLY \ No newline at end of file diff --git a/test/integration/verify/controls/google_compute_router_nat.rb b/test/integration/verify/controls/google_compute_router_nat.rb new file mode 100644 index 000000000..6bd07f2be --- /dev/null +++ b/test/integration/verify/controls/google_compute_router_nat.rb @@ -0,0 +1,52 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_router_nat resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.') +router = attribute('router', default: { + "name": "inspec-gcp-router", + "bgp_asn": 64514, + "bgp_advertise_mode": "CUSTOM", + "bgp_advertised_group": "ALL_SUBNETS", + "bgp_advertised_ip_range1": "1.2.3.4", + "bgp_advertised_ip_range2": "6.7.0.0/16" +}, description: 'Compute router description') +router_nat = attribute('router_nat', default: { + "name": "inspec-router-nat", + "nat_ip_allocate_option": "AUTO_ONLY", + "source_subnetwork_ip_ranges_to_nat": "ALL_SUBNETWORKS_ALL_IP_RANGES", + "min_ports_per_vm": 2, + "log_config_enable": true, + "log_config_filter": "ERRORS_ONLY" +}, description: 'Compute router NAT description') + +control 'google_compute_router_nat-1.0' do + impact 1.0 + title 'google_compute_router_nat resource test' + + describe google_compute_router_nat(project: gcp_project_id, region: gcp_location, router: router['name'], name: router_nat['name']) do + it { should exist } + its('nat_ip_allocate_option') { should cmp router_nat['nat_ip_allocate_option'] } + its('source_subnetwork_ip_ranges_to_nat') { should cmp router_nat['source_subnetwork_ip_ranges_to_nat'] } + its('min_ports_per_vm') { should cmp router_nat['min_ports_per_vm'] } + its('log_config.enable') { should cmp router_nat['log_config_enable'] } + its('log_config.filter') { should cmp router_nat['log_config_filter'] } + end + + describe google_compute_router(project: gcp_project_id, region: gcp_location, router: 'nonexistent', name: 'nonexistent') do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_compute_router_nats.rb b/test/integration/verify/controls/google_compute_router_nats.rb new file mode 100644 index 000000000..b0d46eaff --- /dev/null +++ b/test/integration/verify/controls/google_compute_router_nats.rb @@ -0,0 +1,43 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_compute_router_nats resource.' + +gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'The GCP project region.') +router = attribute('router', default: { + "name": "inspec-gcp-router", + "bgp_asn": 64514, + "bgp_advertise_mode": "CUSTOM", + "bgp_advertised_group": "ALL_SUBNETS", + "bgp_advertised_ip_range1": "1.2.3.4", + "bgp_advertised_ip_range2": "6.7.0.0/16" +}, description: 'Compute router description') +router_nat = attribute('router_nat', default: { + "name": "inspec-router-nat", + "nat_ip_allocate_option": "AUTO_ONLY", + "source_subnetwork_ip_ranges_to_nat": "ALL_SUBNETWORKS_ALL_IP_RANGES", + "min_ports_per_vm": 2, + "log_config_enable": true, + "log_config_filter": "ERRORS_ONLY" +}, description: 'Compute router NAT description') + +control 'google_compute_router_nats-1.0' do + impact 1.0 + title 'google_compute_router_nats resource test' + + describe google_compute_router_nats(project: gcp_project_id, region: gcp_location, router: router['name']) do + its('names') { should include router_nat['name'] } + end +end