From 41089f9329fc4d12ec22db98097306b6c8915ac1 Mon Sep 17 00:00:00 2001 From: durgesh-ninave-crest Date: Wed, 14 May 2025 18:36:58 +0530 Subject: [PATCH 1/2] Added support for global and regional parameter manager Signed-off-by: durgesh-ninave-crest --- README.md | 1 + .../google_parameter_manager_parameter.md | 47 +++++++++++ ...gle_parameter_manager_parameter_version.md | 58 +++++++++++++ ...le_parameter_manager_parameter_versions.md | 41 ++++++++++ .../google_parameter_manager_parameters.md | 37 +++++++++ .../parametermanager/property/payload.rb | 19 +++++ .../property/policy_member.rb | 19 +++++ .../google_parameter_manager_parameter.rb | 57 +++++++++++++ ...gle_parameter_manager_parameter_version.rb | 66 +++++++++++++++ ...le_parameter_manager_parameter_versions.rb | 77 +++++++++++++++++ .../google_parameter_manager_parameters.rb | 82 +++++++++++++++++++ .../google_parameter_manager_parameter.rb | 31 +++++++ ...gle_parameter_manager_parameter_version.rb | 48 +++++++++++ ...le_parameter_manager_parameter_versions.rb | 23 ++++++ .../google_parameter_manager_parameters.rb | 22 +++++ 15 files changed, 628 insertions(+) create mode 100644 docs/resources/google_parameter_manager_parameter.md create mode 100644 docs/resources/google_parameter_manager_parameter_version.md create mode 100644 docs/resources/google_parameter_manager_parameter_versions.md create mode 100644 docs/resources/google_parameter_manager_parameters.md create mode 100644 libraries/google/parametermanager/property/payload.rb create mode 100644 libraries/google/parametermanager/property/policy_member.rb create mode 100644 libraries/google_parameter_manager_parameter.rb create mode 100644 libraries/google_parameter_manager_parameter_version.rb create mode 100644 libraries/google_parameter_manager_parameter_versions.rb create mode 100644 libraries/google_parameter_manager_parameters.rb create mode 100644 test/integration/verify/controls/google_parameter_manager_parameter.rb create mode 100644 test/integration/verify/controls/google_parameter_manager_parameter_version.rb create mode 100644 test/integration/verify/controls/google_parameter_manager_parameter_versions.rb create mode 100644 test/integration/verify/controls/google_parameter_manager_parameters.rb diff --git a/README.md b/README.md index 59a0bab6..202feab6 100644 --- a/README.md +++ b/README.md @@ -340,6 +340,7 @@ The following resources are available in the InSpec GCP Profile | [google_organization_iam_binding](docs/resources/google_organization_iam_binding.md) | No Plural Resource | | [google_organization_iam_policy](docs/resources/google_organization_iam_policy.md) | No Plural Resource | | [google_organization_policy](docs/resources/google_organization_policy.md) | No Plural Resource | +| [google_parameter_manager_parameter](docs/resources/google_parameter_manager_parameter.md) | [google_parameter_manager_parameters](docs/resources/google_parameter_manager_parameters.md) | | [google_project](docs/resources/google_project.md) | [google_projects](docs/resources/google_projects.md) | | [google_project_alert_policy](docs/resources/google_project_alert_policy.md) | [google_project_alert_policies](docs/resources/google_project_alert_policies.md) | | [google_project_alert_policy_condition](docs/resources/google_project_alert_policy_condition.md) | No Plural Resource | diff --git a/docs/resources/google_parameter_manager_parameter.md b/docs/resources/google_parameter_manager_parameter.md new file mode 100644 index 00000000..0cb977f8 --- /dev/null +++ b/docs/resources/google_parameter_manager_parameter.md @@ -0,0 +1,47 @@ +--- +title: About the google_parameter_manager_parameter resource +platform: gcp +--- + +## Syntax +A `google_parameter_manager_parameter` is used to test a Google Parameter resource + +## Examples +``` +describe google_parameter_manager_parameter(name: 'projects//locations/global/parameters/') do + it { should exist } +end +describe google_parameter_manager_parameter(name: "does_not_exit") do + it { should_not exist } +end +describe google_parameter_manager_parameter(name: 'projects//locations//parameters/', region: ) do + it { should exist } +end +describe google_parameter_manager_parameter(name: "does_not_exit", region: ) do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_parameter_manager_parameter` resource: + + + * `name`: The resource name of the Parameter. Format: `projects/{{project_id}}/locations/global/parameters/{{parameter_id}}` or `projects/{{project_id}}/locations/{{location_id}}/parameters/{{parameter_id}}` + + * `create_time`: The time at which the Parameter was created. + + * `update_time`: The time at which the Parameter was updated. + + * `labels`: The labels assigned to this Parameter. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} No more than 64 labels can be assigned to a given resource. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + + * `format`: The format of the Parameter. + + * `kms_key`: The resource name of the Cloud KMS CryptoKey used to encrypt parameter version payload. Format `projects/{{project_id}}/locations/global/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}` or `projects/{{project_id}}/locations/{{location_id}}/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}` + + * `policy_member`: The policy member of the Parameter. + + * `iam_policy_uid_principal`: IAM policy binding member referring to a Google Cloud resource by system-assigned unique identifier. + +## GCP Permissions + +Ensure the [Parameter Manager API](https://console.cloud.google.com/apis/library/parametermanager.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_parameter_manager_parameter_version.md b/docs/resources/google_parameter_manager_parameter_version.md new file mode 100644 index 00000000..f978b1f9 --- /dev/null +++ b/docs/resources/google_parameter_manager_parameter_version.md @@ -0,0 +1,58 @@ +--- +title: About the google_parameter_manager_parameter_version resource +platform: gcp +--- + +## Syntax +A `google_parameter_manager_parameter_version` is used to test a Google Parameter Version resource + +## Examples +``` +describe google_parameter_manager_parameter_version(name: 'projects//locations/global/parameters//versions/') do + it { should exist } +end +describe google_parameter_manager_parameter_version(name: "does_not_exit") do + it { should_not exist } +end +describe google_parameter_manager_parameter_version(name: 'projects//locations//parameters//versions/', region: ) do + it { should exist } +end +describe google_parameter_manager_parameter_version(name: "does_not_exit", region: ) do + it { should_not exist } +end +describe google_parameter_manager_parameter_version(name: 'projects//locations/global/parameters//versions/', render_secret: true) do + it { should exist } +end +describe google_parameter_manager_parameter_version(name: "does_not_exit", render_secret: true) do + it { should_not exist } +end +describe google_parameter_manager_parameter_version(name: 'projects//locations//parameters//versions/', region: , render_secret: true) do + it { should exist } +end +describe google_parameter_manager_parameter_version(name: "does_not_exit", region: , render_secret: true) do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_parameter_manager_parameter_version` resource: + + * `name`: The resource name of the Parameter Version. Format: `projects/{{project_id}}/locations/global/parameters/{{parameter_id}}/versions/{{parameter_version_id}}` or `projects/{{project_id}}/locations/{{location_id}}/parameters/{{parameter_id}}/versions/{{parameter_version_id}}` + + * `create_time`: The time at which the Parameter Version was created. + + * `update_time`: The time at which the Parameter Version was updated. + + * `disabled`: The state of Parameter Version. + + * `kms_key_version`: The resource name of the Cloud KMS CryptoKeyVersion used to decrypt parameter version payload. Format `projects/{{project_id}}/locations/global/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}/cryptoKeyVersions/{{crypto_key_version}}` or `projects/{{project_id}}/locations/{{location_id}}/keyRings/{{key_ring}}/cryptoKeys/{{crypto_key}}/cryptoKeyVersions/{{crypto_key_version}}` + + * `rendered_payload`: The rendered payload of the Parameter Version. + + * `payload`: The payload of the ParameterVersion. + + * `data`: The parameter data. Must be no larger than 1MiB. + +## GCP Permissions + +Ensure the [Parameter Manager API](https://console.cloud.google.com/apis/library/parametermanager.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_parameter_manager_parameter_versions.md b/docs/resources/google_parameter_manager_parameter_versions.md new file mode 100644 index 00000000..4551867b --- /dev/null +++ b/docs/resources/google_parameter_manager_parameter_versions.md @@ -0,0 +1,41 @@ +--- +title: About the google_parameter_manager_parameter_versions resource +platform: gcp +--- + +## Syntax +A `google_parameter_manager_parameter_versions` is used to test a Google Parameter Version resource + +## Examples +``` +describe google_parameter_manager_parameter_versions(parent: 'projects//locations/global/parameters/') do + it { should exist } +end +describe google_parameter_manager_parameter_versions(parent: "does_not_exit") do + it { should_not exist } +end +describe google_parameter_manager_parameter_versions(parent: 'projects//locations//parameters/', region: ) do + it { should exist } +end +describe google_parameter_manager_parameter_versions(parent: "does_not_exit", region: ) do + it { should_not exist } +end +``` + +## Properties +Properties that can be accessed from the `google_parameter_manager_parameter_versions` resource: + +See [google_parameter_manager_parameter_version.md](google_parameter_manager_parameter_version.md) for more detailed information + * `names`: an array of `google_parameter_manager_parameter_version` name + * `create_times`: an array of `google_parameter_manager_parameter_version` create_time + * `update_times`: an array of `google_parameter_manager_parameter_version` update_time + * `disabled_values`: an array of `google_parameter_manager_parameter_version` disabled + * `kms_key_versions`: an array of `google_parameter_manager_parameter_version` kms_key_version + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Parameter Manager API](https://console.cloud.google.com/apis/library/parametermanager.googleapis.com/) is enabled for the current project. diff --git a/docs/resources/google_parameter_manager_parameters.md b/docs/resources/google_parameter_manager_parameters.md new file mode 100644 index 00000000..127c7033 --- /dev/null +++ b/docs/resources/google_parameter_manager_parameters.md @@ -0,0 +1,37 @@ +--- +title: About the google_parameter_manager_parameters resource +platform: gcp +--- + +## Syntax +A `google_parameter_manager_parameters` is used to test a Google Parameter resource + +## Examples +``` +describe google_parameter_manager_parameters(parent: 'projects//locations/global') do + it { should exist } +end +describe google_parameter_manager_parameters(parent: 'projects//locations/', region: ) do + it { should exist } +end +``` + +## Properties +Properties that can be accessed from the `google_parameter_manager_parameters` resource: + +See [google_parameter_manager_parameter.md](google_parameter_manager_parameter.md) for more detailed information + * `names`: an array of `google_parameter_manager_parameter` name + * `create_times`: an array of `google_parameter_manager_parameter` create_time + * `update_times`: an array of `google_parameter_manager_parameter` update_time + * `formats`: an array of `google_parameter_manager_parameter` format + * `labels`: an array of `google_parameter_manager_parameter` label + * `policy_members`: an array of `google_parameter_manager_parameter` policy_member + * `kms_keys`: an array of `google_parameter_manager_parameter` kms_key + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Parameter Manager API](https://console.cloud.google.com/apis/library/parametermanager.googleapis.com/) is enabled for the current project. diff --git a/libraries/google/parametermanager/property/payload.rb b/libraries/google/parametermanager/property/payload.rb new file mode 100644 index 00000000..7f78586d --- /dev/null +++ b/libraries/google/parametermanager/property/payload.rb @@ -0,0 +1,19 @@ +module GoogleInSpec + module ParameterManager + module Property + class Payload + attr_reader :data + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @data = args['data'] + end + + def to_s + "#{@parent_identifier} PolicyMember" + end + end + end + end +end diff --git a/libraries/google/parametermanager/property/policy_member.rb b/libraries/google/parametermanager/property/policy_member.rb new file mode 100644 index 00000000..0a9df37d --- /dev/null +++ b/libraries/google/parametermanager/property/policy_member.rb @@ -0,0 +1,19 @@ +module GoogleInSpec + module ParameterManager + module Property + class PolicyMember + attr_reader :iam_policy_uid_principal + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @iam_policy_uid_principal = args['iamPolicyUidPrincipal'] + end + + def to_s + "#{@parent_identifier} PolicyMember" + end + end + end + end +end diff --git a/libraries/google_parameter_manager_parameter.rb b/libraries/google_parameter_manager_parameter.rb new file mode 100644 index 00000000..ce14c99b --- /dev/null +++ b/libraries/google_parameter_manager_parameter.rb @@ -0,0 +1,57 @@ +require 'gcp_backend' +require 'google/parametermanager/property/policy_member' + +# A provider to manage Parameter Manager resources. +class ParameterManagerParameter < GcpResourceBase + name 'google_parameter_manager_parameter' + desc 'Parameter' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :create_time + attr_reader :update_time + attr_reader :format + attr_reader :labels + attr_reader :policy_member + attr_reader :kms_key + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @name = @fetched['name'] + @create_time = @fetched['createTime'] + @labels = @fetched['labels'] + @update_time = @fetched['updateTime'] + @format = @fetched['format'] + @policy_member = GoogleInSpec::ParameterManager::Property::PolicyMember.new(@fetched['policyMember'], to_s) + @kms_key = @fetched['kmsKey'] + end + + def exists? + !@fetched.nil? + end + + def to_s + "Parameter #{@params[:name]}" + end + + private + + def product_url(_ = nil) + if @params[:region] && @params[:region] != 'global' + "https://parametermanager.#{@params[:region]}.rep.googleapis.com/v1/" + else + 'https://parametermanager.googleapis.com/v1/' + end + end + + def resource_base_url + '{{name}}' + end +end diff --git a/libraries/google_parameter_manager_parameter_version.rb b/libraries/google_parameter_manager_parameter_version.rb new file mode 100644 index 00000000..1d912991 --- /dev/null +++ b/libraries/google_parameter_manager_parameter_version.rb @@ -0,0 +1,66 @@ +require 'gcp_backend' +require 'google/parametermanager/property/payload' + +class ParameterManagerParameterVersion < GcpResourceBase + name 'google_parameter_manager_parameter_version' + desc 'ParameterVersion' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :payload + attr_reader :rendered_payload + attr_reader :create_time + attr_reader :update_time + attr_reader :disabled + attr_reader :kms_key_version + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @payload = GoogleInSpec::ParameterManager::Property::Payload.new(@fetched['payload'], to_s) + + # Conditionally set if they exist + if @params[:render_secret] == true + @rendered_payload = @fetched['renderedPayload'] + @name = @fetched['parameterVersion'] + else + @name = @fetched['name'] + @create_time = @fetched['createTime'] if @fetched.key?('createTime') + @update_time = @fetched['updateTime'] if @fetched.key?('updateTime') + end + @disabled = @fetched['disabled'] if @fetched.key?('disabled') + @kms_key_version = @fetched['kmsKeyVersion'] if @fetched.key?('kmsKeyVersion') + end + + def exists? + !@fetched.nil? + end + + def to_s + "ParameterVersion #{@params[:name]}" + end + + private + + def product_url(_ = nil) + if @params[:region] && @params[:region] != 'global' + "https://parametermanager.#{@params[:region]}.rep.googleapis.com/v1/" + else + 'https://parametermanager.googleapis.com/v1/' + end + end + + def resource_base_url + if @params[:render_secret] == true + '{{name}}:render' + else + '{{name}}' + end + end +end diff --git a/libraries/google_parameter_manager_parameter_versions.rb b/libraries/google_parameter_manager_parameter_versions.rb new file mode 100644 index 00000000..dcb057d6 --- /dev/null +++ b/libraries/google_parameter_manager_parameter_versions.rb @@ -0,0 +1,77 @@ +require 'gcp_backend' + +class ParameterManagerParameterVersions < GcpResourceBase + name 'google_parameter_manager_parameter_versions' + desc 'ParameterVersion plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:create_times, field: :create_time) + filter_table_config.add(:update_times, field: :update_time) + filter_table_config.add(:disabled_values, field: :disabled) + filter_table_config.add(:kms_key_versions, field: :kms_key_version) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('parameterVersions') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { [:name, obj['name']] }, + 'createTime' => ->(obj) { [:create_time, obj['createTime']] }, + 'updateTime' => ->(obj) { [:update_time, obj['updateTime']] }, + 'disabled' => ->(obj) { [:disabled, obj['disabled'] || {}] }, + 'kmsKeyVersion' => ->(obj) { [:kms_key_version, obj['kmsKeyVersion'] || {}] }, + } + end + + private + + def product_url(_ = nil) + if @params[:region] && @params[:region] != 'global' + "https://parametermanager.#{@params[:region]}.rep.googleapis.com/v1/" + else + 'https://parametermanager.googleapis.com/v1/' + end + end + + def resource_base_url + '{{parent}}/versions' + end +end diff --git a/libraries/google_parameter_manager_parameters.rb b/libraries/google_parameter_manager_parameters.rb new file mode 100644 index 00000000..8defcdc2 --- /dev/null +++ b/libraries/google_parameter_manager_parameters.rb @@ -0,0 +1,82 @@ +require 'gcp_backend' +require 'google/parametermanager/property/policy_member' + +class ParameterManagerParameters < GcpResourceBase + name 'google_parameter_manager_parameters' + desc 'Parameter plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:create_times, field: :create_time) + filter_table_config.add(:update_times, field: :update_time) + filter_table_config.add(:labels, field: :labels) + filter_table_config.add(:formats, field: :format) + filter_table_config.add(:policy_members, field: :policy_member) + filter_table_config.add(:kms_keys, field: :kms_key) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('parameters') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { [:name, obj['name']] }, + 'createTime' => ->(obj) { [:create_time, obj['createTime']] }, + 'labels' => ->(obj) { [:labels, obj['labels'] || {}] }, + 'kmsKey' => ->(obj) { [:kms_key, obj['kmsKey'] || {}] }, + 'updateTime' => ->(obj) { [:update_time, obj['updateTime']] }, + 'format' => ->(obj) { [:format, obj['format']] }, + 'policyMember' => ->(obj) { [:policy_member, GoogleInSpec::ParameterManager::Property::PolicyMember.new(obj['policyMember'], to_s)] }, + } + end + + private + + def product_url(_ = nil) + if @params[:region] && @params[:region] != 'global' + "https://parametermanager.#{@params[:region]}.rep.googleapis.com/v1/" + else + 'https://parametermanager.googleapis.com/v1/' + end + end + + def resource_base_url + '{{parent}}/parameters' + end +end diff --git a/test/integration/verify/controls/google_parameter_manager_parameter.rb b/test/integration/verify/controls/google_parameter_manager_parameter.rb new file mode 100644 index 00000000..7b5981d3 --- /dev/null +++ b/test/integration/verify/controls/google_parameter_manager_parameter.rb @@ -0,0 +1,31 @@ +title 'Test GCP google_parameter_manager_parameter resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_parameter_id = input(:gcp_parameter_id, value: 'gcp_parameter_id', description: 'The GCP parameter identifier.') +region = input(:region, value: 'gcp_region', description: 'The GCP project region.') + +project_parameter = input('project_parameter', value: { + "name": "projects/#{gcp_project_id}/locations/global/parameters/#{gcp_parameter_id}", + "regional_name": "projects/#{gcp_project_id}/locations/#{region}/parameters/#{gcp_parameter_id}" +}, description: 'project_parameter description') + +control 'google_parameter_manager_parameter-1.0' do + impact 1.0 + title 'google_parameter_manager_parameter resource test' + + describe google_parameter_manager_parameter(name: project_parameter['name']) do + it { should exist } + end + + describe google_parameter_manager_parameter(name: "does_not_exit") do + it { should_not exist } + end + + describe google_parameter_manager_parameter(name: project_parameter['regional_name'], region: region) do + it { should exist } + end + + describe google_parameter_manager_parameter(name: "does_not_exit", region: region) do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_parameter_manager_parameter_version.rb b/test/integration/verify/controls/google_parameter_manager_parameter_version.rb new file mode 100644 index 00000000..1f8f1dc2 --- /dev/null +++ b/test/integration/verify/controls/google_parameter_manager_parameter_version.rb @@ -0,0 +1,48 @@ +title 'Test GCP google_parameter_manager_parameter_version resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_parameter_id = input(:gcp_parameter_id, value: 'gcp_parameter_id', description: 'The GCP parameter identifier.') +gcp_parameter_version_id = input(:gcp_parameter_version_id, value: 'gcp_parameter_version_id', description: 'The GCP parameter version identifier.') +region = input(:region, value: 'gcp_region', description: 'The GCP project region.') + +project_parameter = input('project_parameter', value: { + "name": "projects/#{gcp_project_id}/locations/global/parameters/#{gcp_parameter_id}/versions/#{gcp_parameter_version_id}", + "regional_name": "projects/#{gcp_project_id}/locations/#{region}/parameters/#{gcp_parameter_id}/versions/#{gcp_parameter_version_id}" +}, description: 'project_parameter description') + +control 'google_parameter_manager_parameter_version-1.0' do + impact 1.0 + title 'google_parameter_manager_parameter_version resource test' + + describe google_parameter_manager_parameter_version(name: project_parameter['name']) do + it { should exist } + end + + describe google_parameter_manager_parameter_version(name: "does_not_exit") do + it { should_not exist } + end + + describe google_parameter_manager_parameter_version(name: project_parameter['regional_name'], region: region) do + it { should exist } + end + + describe google_parameter_manager_parameter_version(name: "does_not_exit", region: region) do + it { should_not exist } + end + + describe google_parameter_manager_parameter_version(name: project_parameter['name'], render_secret: true) do + it { should exist } + end + + describe google_parameter_manager_parameter_version(name: "does_not_exit", render_secret: true) do + it { should_not exist } + end + + describe google_parameter_manager_parameter_version(name: project_parameter['regional_name'], region: region, render_secret: true) do + it { should exist } + end + + describe google_parameter_manager_parameter_version(name: "does_not_exit", region: region, render_secret: true) do + it { should_not exist } + end +end diff --git a/test/integration/verify/controls/google_parameter_manager_parameter_versions.rb b/test/integration/verify/controls/google_parameter_manager_parameter_versions.rb new file mode 100644 index 00000000..ff3bdbd3 --- /dev/null +++ b/test/integration/verify/controls/google_parameter_manager_parameter_versions.rb @@ -0,0 +1,23 @@ +title 'Test GCP google_parameter_manager_parameter_versions resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +gcp_parameter_id = input(:gcp_parameter_id, value: 'gcp_parameter_id', description: 'The GCP parameter identifier.') +region = input(:region, value: 'gcp_region', description: 'The GCP project region.') + +project_parameter = input('project_parameter', value: { + "parent": "projects/#{gcp_project_id}/locations/global/parameters/#{gcp_parameter_id}", + "regional_parent": "projects/#{gcp_project_id}/locations/#{region}/parameters/#{gcp_parameter_id}" +}, description: 'project_parameter description') + +control 'google_parameter_manager_parameter_versions-1.0' do + impact 1.0 + title 'google_parameter_manager_parameter_versions resource test' + + describe google_parameter_manager_parameter_versions(parent: project_parameter['parent']) do + it { should exist } + end + + describe google_parameter_manager_parameter_versions(parent: project_parameter['regional_parent'], region: region) do + it { should exist } + end +end diff --git a/test/integration/verify/controls/google_parameter_manager_parameters.rb b/test/integration/verify/controls/google_parameter_manager_parameters.rb new file mode 100644 index 00000000..ab7548ae --- /dev/null +++ b/test/integration/verify/controls/google_parameter_manager_parameters.rb @@ -0,0 +1,22 @@ +title 'Test GCP google_parameter_manager_parameters resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +region = input(:region, value: 'gcp_region', description: 'The GCP project region.') + +project_parameter = input('project_parameter', value: { + "parent": "projects/#{gcp_project_id}/locations/global", + "regional_parent": "projects/#{gcp_project_id}/locations/#{region}" +}, description: 'project_parameter description') + +control 'google_parameter_manager_parameters-1.0' do + impact 1.0 + title 'google_parameter_manager_parameters resource test' + + describe google_parameter_manager_parameters(parent: project_parameter['parent']) do + it { should exist } + end + + describe google_parameter_manager_parameters(parent: project_parameter['regional_parent'], region: region) do + it { should exist } + end +end From 5c98367bfdf83d7143cb2792cf54671daff7aea2 Mon Sep 17 00:00:00 2001 From: durgesh-ninave-crest Date: Wed, 14 May 2025 22:20:36 +0530 Subject: [PATCH 2/2] fix linting issue Signed-off-by: durgesh-ninave-crest --- libraries/google/parametermanager/property/payload.rb | 2 ++ libraries/google/parametermanager/property/policy_member.rb | 2 ++ libraries/google_parameter_manager_parameter.rb | 2 ++ libraries/google_parameter_manager_parameter_version.rb | 2 ++ libraries/google_parameter_manager_parameter_versions.rb | 2 ++ libraries/google_parameter_manager_parameters.rb | 2 ++ 6 files changed, 12 insertions(+) diff --git a/libraries/google/parametermanager/property/payload.rb b/libraries/google/parametermanager/property/payload.rb index 7f78586d..3883db23 100644 --- a/libraries/google/parametermanager/property/payload.rb +++ b/libraries/google/parametermanager/property/payload.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module GoogleInSpec module ParameterManager module Property diff --git a/libraries/google/parametermanager/property/policy_member.rb b/libraries/google/parametermanager/property/policy_member.rb index 0a9df37d..e7f489a8 100644 --- a/libraries/google/parametermanager/property/policy_member.rb +++ b/libraries/google/parametermanager/property/policy_member.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module GoogleInSpec module ParameterManager module Property diff --git a/libraries/google_parameter_manager_parameter.rb b/libraries/google_parameter_manager_parameter.rb index ce14c99b..aecedd89 100644 --- a/libraries/google_parameter_manager_parameter.rb +++ b/libraries/google_parameter_manager_parameter.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: false + require 'gcp_backend' require 'google/parametermanager/property/policy_member' diff --git a/libraries/google_parameter_manager_parameter_version.rb b/libraries/google_parameter_manager_parameter_version.rb index 1d912991..7f22bda9 100644 --- a/libraries/google_parameter_manager_parameter_version.rb +++ b/libraries/google_parameter_manager_parameter_version.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: false + require 'gcp_backend' require 'google/parametermanager/property/payload' diff --git a/libraries/google_parameter_manager_parameter_versions.rb b/libraries/google_parameter_manager_parameter_versions.rb index dcb057d6..634aa3f6 100644 --- a/libraries/google_parameter_manager_parameter_versions.rb +++ b/libraries/google_parameter_manager_parameter_versions.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: false + require 'gcp_backend' class ParameterManagerParameterVersions < GcpResourceBase diff --git a/libraries/google_parameter_manager_parameters.rb b/libraries/google_parameter_manager_parameters.rb index 8defcdc2..1aa6f730 100644 --- a/libraries/google_parameter_manager_parameters.rb +++ b/libraries/google_parameter_manager_parameters.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: false + require 'gcp_backend' require 'google/parametermanager/property/policy_member'