Add support for InSpec disk snapshot

Signed-off-by: Modular Magician <[email protected]>
inspec · skpaterson · Mar 1, 2019 · Jan 25, 2019 · Jan 25, 2019 · Jan 25, 2019
commit 507ad5c32ae1139739356db433e6e7bc7f90a077
diff --git a/docs/resources/google_compute_snapshot.md b/docs/resources/google_compute_snapshot.md
@@ -0,0 +1,59 @@
+---
+title: About the google_compute_snapshot resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_snapshot` is used to test a Google Snapshot resource
+
+## Examples
+```
+
+describe google_compute_snapshot(project: 'chef-gcp-inspec', name: 'inspec-gcp-disk-snapshot') do
+  it { should exist }
+  its('source_disk') { should match 'my_disk' }
+end
+
+describe google_compute_snapshot(project: 'chef-gcp-inspec', name: 'nonexistent') do
+  it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_snapshot` resource:
+
+  * `creation_timestamp`: Creation timestamp in RFC3339 text format.
+
+  * `id`: The unique identifier for the resource.
+
+  * `disk_size_gb`: Size of the snapshot, specified in GB.
+
+  * `name`: Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+  * `description`: An optional description of this resource.
+
+  * `storage_bytes`: A size of the the storage used by the snapshot. As snapshots share storage, this number is expected to change with snapshot creation/deletion.
+
+  * `licenses`: A list of public visible licenses that apply to this snapshot. This can be because the original image had licenses attached (such as a Windows image).  snapshotEncryptionKey nested object Encrypts the snapshot using a customer-supplied encryption key.
+
+  * `labels`: Labels to apply to this Snapshot.
+
+  * `label_fingerprint`: The fingerprint used for optimistic locking of this resource. Used internally during updates.
+
+  * `source_disk`: A reference to the disk used to create this snapshot.
+
+  * `zone`: A reference to the zone where the disk is hosted.
+
+  * `snapshot_encryption_key`: The customer-supplied encryption key of the snapshot. Required if the source snapshot is protected by a customer-supplied encryption key.
+
+    * `rawKey`: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.
+
+    * `sha256`: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.
+
+    * `kmsKeyName`: The name of the encryption key that is stored in Google Cloud KMS.
+
+  * `source_disk_encryption_key`: The customer-supplied encryption key of the source snapshot. Required if the source snapshot is protected by a customer-supplied encryption key.
+
+    * `rawKey`: Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.
+
+    * `kmsKeyName`: The name of the encryption key that is stored in Google Cloud KMS.
diff --git a/docs/resources/google_compute_snapshots.md b/docs/resources/google_compute_snapshots.md
@@ -0,0 +1,45 @@
+---
+title: About the google_compute_snapshots resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_snapshots` is used to test a Google Snapshot resource
+
+## Examples
+```
+
+describe google_compute_snapshots(project: 'chef-gcp-inspec') do
+  its('count') { should be >= 1 }
+end
+
+describe.one do
+  google_compute_snapshots(project: 'chef-gcp-inspec').names do |snapshot_name|
+    describe google_compute_snapshot(project: 'chef-gcp-inspec', name: snapshot_name) do
+      its('source_disk') { should match 'my_disk' }
+    end
+  end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_snapshots` resource:
+
+See [google_compute_snapshot.md](google_compute_snapshot.md) for more detailed information
+  * `creation_timestamps`: an array of `google_compute_snapshot` creation_timestamp
+  * `ids`: an array of `google_compute_snapshot` id
+  * `disk_size_gbs`: an array of `google_compute_snapshot` disk_size_gb
+  * `names`: an array of `google_compute_snapshot` name
+  * `descriptions`: an array of `google_compute_snapshot` description
+  * `storage_bytes`: an array of `google_compute_snapshot` storage_bytes
+  * `licenses`: an array of `google_compute_snapshot` licenses
+  * `labels`: an array of `google_compute_snapshot` labels
+  * `label_fingerprints`: an array of `google_compute_snapshot` label_fingerprint
+  * `source_disks`: an array of `google_compute_snapshot` source_disk
+  * `zones`: an array of `google_compute_snapshot` zone
+  * `snapshot_encryption_keys`: an array of `google_compute_snapshot` snapshot_encryption_key
+  * `source_disk_encryption_keys`: an array of `google_compute_snapshot` source_disk_encryption_key
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
diff --git a/libraries/google/compute/property/snapshot_snapshot_encryption_key.rb b/libraries/google/compute/property/snapshot_snapshot_encryption_key.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module Compute
+    module Property
+      class SnapshotSnapshotencryptionkey
+        attr_reader :raw_key
+
+        attr_reader :sha256
+
+        attr_reader :kms_key_name
+
+        def initialize(args = nil)
+          return if args.nil?
+          @raw_key = args['rawKey']
+          @sha256 = args['sha256']
+          @kms_key_name = args['kmsKeyName']
+        end
+      end
+    end
+  end
+end
diff --git a/libraries/google/compute/property/snapshot_source_disk_encryption_key.rb b/libraries/google/compute/property/snapshot_source_disk_encryption_key.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module Compute
+    module Property
+      class SnapshotSourcediskencryptionkey
+        attr_reader :raw_key
+
+        attr_reader :kms_key_name
+
+        def initialize(args = nil)
+          return if args.nil?
+          @raw_key = args['rawKey']
+          @kms_key_name = args['kmsKeyName']
+        end
+      end
+    end
+  end
+end
diff --git a/libraries/google_compute_snapshot.rb b/libraries/google_compute_snapshot.rb
@@ -0,0 +1,77 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/compute/property/snapshot_snapshot_encryption_key'
+require 'google/compute/property/snapshot_source_disk_encryption_key'
+
+# A provider to manage Google Compute Engine resources.
+class Snapshot < GcpResourceBase
+  name 'google_compute_snapshot'
+  desc 'Snapshot'
+  supports platform: 'gcp'
+
+  attr_reader :creation_timestamp
+  attr_reader :id
+  attr_reader :disk_size_gb
+  attr_reader :name
+  attr_reader :description
+  attr_reader :storage_bytes
+  attr_reader :licenses
+  attr_reader :labels
+  attr_reader :label_fingerprint
+  attr_reader :source_disk
+  attr_reader :zone
+  attr_reader :snapshot_encryption_key
+  attr_reader :source_disk_encryption_key
+  def base
+    'https://www.googleapis.com/compute/v1/'
+  end
+
+  def url
+    'projects/{{project}}/global/snapshots/{{name}}'
+  end
+
+  def initialize(params)
+    super(params.merge({ use_http_transport: true }))
+    @fetched = @connection.fetch(base, url, params)
+    parse unless @fetched.nil?
+  end
+
+  def parse
+    @creation_timestamp = parse_time_string(@fetched['creationTimestamp'])
+    @id = @fetched['id']
+    @disk_size_gb = @fetched['diskSizeGb']
+    @name = @fetched['name']
+    @description = @fetched['description']
+    @storage_bytes = @fetched['storageBytes']
+    @licenses = @fetched['licenses']
+    @labels = @fetched['labels']
+    @label_fingerprint = @fetched['labelFingerprint']
+    @source_disk = @fetched['sourceDisk']
+    @zone = @fetched['zone']
+    @snapshot_encryption_key = GoogleInSpec::Compute::Property::SnapshotSnapshotencryptionkey.new(@fetched['snapshotEncryptionKey'])
+    @source_disk_encryption_key = GoogleInSpec::Compute::Property::SnapshotSourcediskencryptionkey.new(@fetched['sourceDiskEncryptionKey'])
+  end
+
+  # Handles parsing RFC3339 time string
+  def parse_time_string(time_string)
+    time_string ? Time.parse(time_string) : nil
+  end
+
+  def exists?
+    [email protected]?
+  end
+end
diff --git a/libraries/google_compute_snapshots.rb b/libraries/google_compute_snapshots.rb
@@ -0,0 +1,106 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+class Snapshots < GcpResourceBase
+  name 'google_compute_snapshots'
+  desc 'Snapshot plural resource'
+  supports platform: 'gcp'
+
+  attr_reader :table
+
+  filter_table_config = FilterTable.create
+
+  filter_table_config.add(:creation_timestamps, field: :creation_timestamp)
+  filter_table_config.add(:ids, field: :id)
+  filter_table_config.add(:disk_size_gbs, field: :disk_size_gb)
+  filter_table_config.add(:names, field: :name)
+  filter_table_config.add(:descriptions, field: :description)
+  filter_table_config.add(:storage_bytes, field: :storage_bytes)
+  filter_table_config.add(:licenses, field: :licenses)
+  filter_table_config.add(:labels, field: :labels)
+  filter_table_config.add(:label_fingerprints, field: :label_fingerprint)
+  filter_table_config.add(:source_disks, field: :source_disk)
+  filter_table_config.add(:zones, field: :zone)
+  filter_table_config.add(:snapshot_encryption_keys, field: :snapshot_encryption_key)
+  filter_table_config.add(:source_disk_encryption_keys, field: :source_disk_encryption_key)
+
+  filter_table_config.connect(self, :table)
+
+  def base
+    'https://www.googleapis.com/compute/v1/'
+  end
+
+  def url
+    'projects/{{project}}/global/snapshots'
+  end
+
+  def initialize(params = {})
+    super(params.merge({ use_http_transport: true }))
+    @params = params
+    @table = fetch_wrapped_resource('items')
+  end
+
+  def fetch_wrapped_resource(wrap_path)
+    # fetch_resource returns an array of responses (to handle pagination)
+    result = @connection.fetch_all(base, url, @params)
+    return if result.nil?
+
+    # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+    converted = []
+    result.each do |response|
+      next if response.nil? || !response.key?(wrap_path)
+      response[wrap_path].each do |hash|
+        hash_with_symbols = {}
+        hash.each_key do |key|
+          name, value = transform(key, hash)
+          hash_with_symbols[name] = value
+        end
+        converted.push(hash_with_symbols)
+      end
+    end
+
+    converted
+  end
+
+  def transform(key, value)
+    return transformers[key].call(value) if transformers.key?(key)
+
+    [key.to_sym, value]
+  end
+
+  def transformers
+    {
+      'creationTimestamp' => ->(obj) { return :creation_timestamp, parse_time_string(obj['creationTimestamp']) },
+      'id' => ->(obj) { return :id, obj['id'] },
+      'diskSizeGb' => ->(obj) { return :disk_size_gb, obj['diskSizeGb'] },
+      'name' => ->(obj) { return :name, obj['name'] },
+      'description' => ->(obj) { return :description, obj['description'] },
+      'storageBytes' => ->(obj) { return :storage_bytes, obj['storageBytes'] },
+      'licenses' => ->(obj) { return :licenses, obj['licenses'] },
+      'labels' => ->(obj) { return :labels, obj['labels'] },
+      'labelFingerprint' => ->(obj) { return :label_fingerprint, obj['labelFingerprint'] },
+      'sourceDisk' => ->(obj) { return :source_disk, obj['sourceDisk'] },
+      'zone' => ->(obj) { return :zone, obj['zone'] },
+      'snapshotEncryptionKey' => ->(obj) { return :snapshot_encryption_key, GoogleInSpec::Compute::Property::SnapshotSnapshotencryptionkey.new(obj['snapshotEncryptionKey']) },
+      'sourceDiskEncryptionKey' => ->(obj) { return :source_disk_encryption_key, GoogleInSpec::Compute::Property::SnapshotSourcediskencryptionkey.new(obj['sourceDiskEncryptionKey']) },
+    }
+  end
+
+  # Handles parsing RFC3339 time string
+  def parse_time_string(time_string)
+    time_string ? Time.parse(time_string) : nil
+  end
+end
diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf
@@ -86,6 +86,10 @@ variable "router" {
   type = "map"
 }
 
+variable "snapshot" {
+  type = "map"
+}
+
 resource "google_compute_ssl_policy" "custom-ssl-policy" {
   name            = "${var.ssl_policy["name"]}"
   min_tls_version = "${var.ssl_policy["min_tls_version"]}"
@@ -358,4 +362,11 @@ resource "google_compute_router" "gcp-inspec-router" {
       range = "${var.router["bgp_advertised_ip_range2"]}"
     }
   }
+}
+
+resource "google_compute_snapshot" "gcp-inspec-snapshot" {
+  project = "${var.gcp_project_id}"
+  name = "${var.snapshot["name"]}"
+  source_disk = "${google_compute_disk.generic_compute_disk.name}"
+  zone = "${var.gcp_zone}"
 }
diff --git a/test/integration/configuration/mm-attributes.yml b/test/integration/configuration/mm-attributes.yml
@@ -134,3 +134,6 @@ router:
   bgp_advertised_group: "ALL_SUBNETS"
   bgp_advertised_ip_range1: "1.2.3.4"
   bgp_advertised_ip_range2: "6.7.0.0/16"
+
+snapshot:
+  name: inspec-gcp-disk-snapshot