fix: deprecates the usage of gcp-inspec and replaces integration tests with gcloud

kitchen.yml

@@ -27,8 +27,7 @@ verifier:
   name: terraform
   systems:
     - name: system
-      backend: gcp
-      shell: true
+      backend: local
 
 suites:
   - name: mysql-public

modules/postgresql/README.md

@@ -12,13 +12,13 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
 | additional\_users | A list of users to be created in your cluster | <pre>list(object({<br>    name     = string<br>    password = string<br>  }))</pre> | `[]` | no |
 | availability\_type | The availability type for the master instance.This is only used to set up high availability for the PostgreSQL instance. Can be either `ZONAL` or `REGIONAL`. | `string` | `"ZONAL"` | no |
 | backup\_configuration | The backup\_configuration settings subblock for the database setings | <pre>object({<br>    enabled                        = bool<br>    start_time                     = string<br>    location                       = string<br>    point_in_time_recovery_enabled = bool<br>  })</pre> | <pre>{<br>  "enabled": false,<br>  "location": null,<br>  "point_in_time_recovery_enabled": false,<br>  "start_time": null<br>}</pre> | no |
-| create\_timeout | The optional timout that is applied to limit long database creates. | `string` | `"10m"` | no |
+| create\_timeout | The optional timout that is applied to limit long database creates. | `string` | `"15m"` | no |
 | database\_flags | The database flags for the master instance. See [more details](https://cloud.google.com/sql/docs/postgres/flags) | <pre>list(object({<br>    name  = string<br>    value = string<br>  }))</pre> | `[]` | no |
 | database\_version | The database version to use | `string` | n/a | yes |
 | db\_charset | The charset for the default database | `string` | `""` | no |
 | db\_collation | The collation for the default database. Example: 'en\_US.UTF8' | `string` | `""` | no |
 | db\_name | The name of the default database to create | `string` | `"default"` | no |
-| delete\_timeout | The optional timout that is applied to limit long database deletes. | `string` | `"10m"` | no |
+| delete\_timeout | The optional timout that is applied to limit long database deletes. | `string` | `"15m"` | no |
 | deletion\_protection | Used to block Terraform from deleting a SQL Instance. | `bool` | `true` | no |
 | disk\_autoresize | Configuration to increase storage size. | `bool` | `true` | no |
 | disk\_size | The disk size for the master instance. | `number` | `10` | no |
@@ -41,7 +41,7 @@ Note: CloudSQL provides [disk autoresize](https://cloud.google.com/sql/docs/mysq
 | read\_replicas | List of read replicas to create | <pre>list(object({<br>    name            = string<br>    tier            = string<br>    zone            = string<br>    disk_type       = string<br>    disk_autoresize = bool<br>    disk_size       = string<br>    user_labels     = map(string)<br>    database_flags = list(object({<br>      name  = string<br>      value = string<br>    }))<br>    ip_configuration = object({<br>      authorized_networks = list(map(string))<br>      ipv4_enabled        = bool<br>      private_network     = string<br>      require_ssl         = bool<br>    })<br>  }))</pre> | `[]` | no |
 | region | The region of the Cloud SQL resources | `string` | `"us-central1"` | no |
 | tier | The tier for the master instance. | `string` | `"db-f1-micro"` | no |
-| update\_timeout | The optional timout that is applied to limit long database updates. | `string` | `"10m"` | no |
+| update\_timeout | The optional timout that is applied to limit long database updates. | `string` | `"15m"` | no |
 | user\_labels | The key/value labels for the master instances. | `map(string)` | `{}` | no |
 | user\_name | The name of the default user | `string` | `"default"` | no |
 | user\_password | The password for the default user. If not set, a random one will be generated and available in the generated\_user\_password output variable. | `string` | `""` | no |

modules/postgresql/variables.tf

@@ -247,19 +247,19 @@ variable "additional_users" {
 variable "create_timeout" {
   description = "The optional timout that is applied to limit long database creates."
   type        = string
-  default     = "10m"
+  default     = "15m"
 }
 
 variable "update_timeout" {
   description = "The optional timout that is applied to limit long database updates."
   type        = string
-  default     = "10m"
+  default     = "15m"
 }
 
 variable "delete_timeout" {
   description = "The optional timout that is applied to limit long database deletes."
   type        = string
-  default     = "10m"
+  default     = "15m"
 }
 
 variable "encryption_key_name" {

test/integration/mssql-ha/controls/mssql.rb

@@ -12,46 +12,118 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'json'
+
 project_id = attribute('project_id')
 basename   = attribute('name')
 authorized_network = attribute('authorized_network')
+region = "us-central1"
+
+activation_policy = "ALWAYS"
+availability_type = "REGIONAL"
+data_disk_size_gb = 10
+data_disk_type = "PD_SSD"
+kind = "sql#settings"
+pricing_plan = "PER_USE"
+replication_type = "SYNCHRONOUS"
+storage_auto_resize = true
+storage_auto_resize_limit = 0
+tier = "db-custom-2-13312"
+
+describe command("gcloud --project='#{project_id}' sql instances describe #{basename} --format=json") do
+  its(:exit_status) { should eq 0 }
+  its(:stderr) { should eq '' }
+
+  let!(:data) do
+    if subject.exit_status == 0
+      JSON.parse(subject.stdout)
+    else
+      {}
+    end
+  end
+
+  describe "mssql_ha_database" do
+    it "global settings are valid" do
+      expect(data['settings']['activationPolicy']).to eq "#{activation_policy}"
+      expect(data['settings']['availabilityType']).to eq "#{availability_type}"
+      expect(data['settings']['dataDiskSizeGb']).to eq "#{data_disk_size_gb}"
+      expect(data['settings']['dataDiskType']).to eq "#{data_disk_type}"
+      expect(data['settings']['kind']).to eq "#{kind}"
+      expect(data['settings']['pricingPlan']).to eq "#{pricing_plan}"
+      expect(data['settings']['replicationType']).to eq "#{replication_type}"
+      expect(data['settings']['storageAutoResize']).to eq storage_auto_resize
+      expect(data['settings']['storageAutoResizeLimit']).to eq "#{storage_auto_resize_limit}"
+      expect(data['settings']['tier']).to eq "#{tier}"
+    end
+
+    it "backend type is valid" do
+      expect(data['backendType']).to eq 'SECOND_GEN'
+    end
+
+    it "database versions is valid" do
+      expect(data['databaseVersion']).to eq 'SQLSERVER_2017_STANDARD'
+    end
+
+    it "state is valid" do
+      expect(data['state']).to eq 'RUNNABLE'
+    end
 
-describe google_sql_database_instance(project: project_id, database: basename) do
-  let(:expected_settings) {
-    {
-      activation_policy: "ALWAYS",
-      availability_type: "REGIONAL",
-      data_disk_size_gb: 10,
-      data_disk_type: "PD_SSD",
-      kind: "sql#settings",
-      pricing_plan: "PER_USE",
-      replication_type: "SYNCHRONOUS",
-      storage_auto_resize: true,
-      storage_auto_resize_limit: 0,
-      tier: "db-custom-2-13312",
-    }
-  }
-  let(:settings)                { subject.settings.item }
-  let(:backup_configuration)    { settings[:backup_configuration] }
-  let(:ip_configuration)        { settings[:ip_configuration] }
-  let(:location_preference)     { settings[:location_preference] }
-  let(:maintenance_window)      { settings[:maintenance_window] }
-  let(:user_labels)             { settings[:user_labels] }
-
-  its(:backend_type)     { should eq 'SECOND_GEN' }
-  its(:database_version) { should eq 'SQLSERVER_2017_STANDARD' }
-  its(:state)            { should eq 'RUNNABLE' }
-  its(:region)           { should eq 'us-central1' }
-  its(:gce_zone)         { should eq 'us-central1-a' }
-
-  it { expect(settings).to include(expected_settings) }
-  it { expect(ip_configuration).to include(authorized_networks: [{kind: 'sql#aclEntry', name: "#{project_id}-cidr", value: authorized_network}], ipv4_enabled: true, require_ssl: true) }
-  it { expect(location_preference).to include(kind: "sql#locationPreference", zone: "us-central1-a") }
-  it { expect(maintenance_window).to include(kind: "sql#maintenanceWindow", day: 7, hour: 12, update_track: "stable") }
-  it { expect(user_labels).to include(foo: "bar") }
+    it "region is valid" do
+      expect(data['region']).to eq region
+    end
+
+    it "gce zone is valid" do
+      expect(data['gceZone']).to eq "#{region}-a"
+    end
+
+    it "location preference is valid" do
+      expect(data['settings']['locationPreference']).to include(
+        "kind" => "sql#locationPreference",
+        "zone" => "#{region}-a")
+    end
+
+    it "maintenance window is valid" do
+      expect(data['settings']['maintenanceWindow']).to include(
+      "kind" => "sql#maintenanceWindow",
+      "day" => 7,
+      "hour" => 12,
+      "updateTrack" => "stable")
+    end
+
+    it "ip configuration and authorized networks are valid" do
+      expect(data['settings']['ipConfiguration']).to include(
+        ["authorizedNetworks"][0] => [{
+          "kind" => "sql#aclEntry",
+          "name" => "#{project_id}-cidr",
+          "value" => authorized_network
+        }],
+        "ipv4Enabled" => true,
+        "requireSsl" => true,
+      )
+    end
+
+    it "user labels are set" do
+      expect(data['settings']['userLabels']).to include(
+        "foo" => "bar")
+    end
+  end
 end
 
-describe google_sql_users(project: project_id, database: basename).where(user_name: /\Atftest/) do
-  its(:count) { should be 3 }
-  it { should exist }
+describe command("gcloud --project='#{project_id}' sql users list --instance #{basename} --format=json") do
+  its(:exit_status) { should eq 0 }
+  its(:stderr) { should eq '' }
+
+  let!(:data) do
+    if subject.exit_status == 0
+      JSON.parse(subject.stdout)
+    else
+      {}
+    end
+  end
+
+  describe "mssql_ha_database" do
+    it "has 3 users" do
+      expect(data.select {|k,v| k['name'].start_with?("tftest")}.size).to eq 3
+    end
+  end
 end

test/integration/mssql-ha/inspec.yml

@@ -15,9 +15,6 @@
 name: cloud-sql
 title: Google Cloud SQL
 version: 0.1.0
-depends:
-  - name: inspec-gcp
-    url: https://github.com/inspec/inspec-gcp/archive/v0.21.4.tar.gz
 attributes:
   - name: project_id
     type: string

test/integration/mssql-public/controls/mssql.rb

@@ -12,33 +12,79 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'json'
+
 project_id = attribute('project_id')
 basename   = attribute('name')
+region = "us-central1"
+
+activation_policy = "ALWAYS"
+data_disk_size_gb = 10
+data_disk_type = "PD_SSD"
+kind = "sql#settings"
+pricing_plan = "PER_USE"
+replication_type = "SYNCHRONOUS"
+storage_auto_resize = true
+storage_auto_resize_limit = 0
+tier = "db-custom-2-3840"
+
+describe command("gcloud --project='#{project_id}' sql instances describe #{basename} --format=json") do
+  its(:exit_status) { should eq 0 }
+  its(:stderr) { should eq '' }
+
+  let!(:data) do
+    if subject.exit_status == 0
+      JSON.parse(subject.stdout)
+    else
+      {}
+    end
+  end
+
+  describe "mssql_public_database" do
+    it "global settings are valid" do
+      expect(data['settings']['activationPolicy']).to eq "#{activation_policy}"
+      expect(data['settings']['dataDiskSizeGb']).to eq "#{data_disk_size_gb}"
+      expect(data['settings']['dataDiskType']).to eq "#{data_disk_type}"
+      expect(data['settings']['kind']).to eq "#{kind}"
+      expect(data['settings']['pricingPlan']).to eq "#{pricing_plan}"
+      expect(data['settings']['replicationType']).to eq "#{replication_type}"
+      expect(data['settings']['storageAutoResize']).to eq storage_auto_resize
+      expect(data['settings']['storageAutoResizeLimit']).to eq "#{storage_auto_resize_limit}"
+      expect(data['settings']['tier']).to eq "#{tier}"
+    end
+
+    it "backend type is valid" do
+      expect(data['backendType']).to eq 'SECOND_GEN'
+    end
+
+    it "database versions is valid" do
+      expect(data['databaseVersion']).to eq 'SQLSERVER_2017_STANDARD'
+    end
+
+    it "state is valid" do
+      expect(data['state']).to eq 'RUNNABLE'
+    end
+
+    it "region is valid" do
+      expect(data['region']).to eq region
+    end
+
+    it "gce zone is valid" do
+      expect(data['gceZone']).to eq "#{region}-a"
+    end
+
+    it "location preference is valid" do
+      expect(data['settings']['locationPreference']).to include(
+        "kind" => "sql#locationPreference",
+        "zone" => "#{region}-a")
+    end
 
-describe google_sql_database_instance(project: project_id, database: basename) do
-  let(:expected_settings) {
-    {
-      activation_policy: "ALWAYS",
-      data_disk_size_gb: 10,
-      data_disk_type: "PD_SSD",
-      kind: "sql#settings",
-      pricing_plan: "PER_USE",
-      replication_type: "SYNCHRONOUS",
-      storage_auto_resize: true,
-      storage_auto_resize_limit: 0,
-      tier: "db-custom-2-3840",
-    }
-  }
-  let(:settings)                { subject.settings.item }
-  let(:location_preference)     { settings[:location_preference] }
-  let(:maintenance_window)      { settings[:maintenance_window] }
-
-  its(:backend_type)     { should eq 'SECOND_GEN' }
-  its(:database_version) { should eq 'SQLSERVER_2017_STANDARD' }
-  its(:state)            { should eq 'RUNNABLE' }
-  its(:region)           { should eq 'us-central1' }
-  its(:gce_zone)         { should eq 'us-central1-a' }
-  it { expect(settings).to include(expected_settings) }
-  it { expect(location_preference).to include(kind: "sql#locationPreference", zone: "us-central1-a") }
-  it { expect(maintenance_window).to include(kind: "sql#maintenanceWindow", day: 1, hour: 23, update_track: "canary") }
+    it "maintenance window is valid" do
+      expect(data['settings']['maintenanceWindow']).to include(
+      "kind" => "sql#maintenanceWindow",
+      "day" => 1,
+      "hour" => 23,
+      "updateTrack" => "canary")
+    end
+  end
 end

test/integration/mssql-public/inspec.yml

@@ -15,9 +15,6 @@
 name: cloud-sql
 title: Google Cloud SQL
 version: 0.1.0
-depends:
-  - name: inspec-gcp
-    url: https://github.com/inspec/inspec-gcp/archive/v0.21.4.tar.gz
 attributes:
   - name: project_id
     type: string