inspec · soumyo13 · Mar 12, 2022 · Mar 12, 2022 · Mar 12, 2022 · Mar 12, 2022
@@ -1,16 +1,14 @@
 title 'GKE Container Cluster Properties'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_kube_cluster_name = attribute(:gcp_kube_cluster_name, default: '', description: 'The GKE cluster name.')
-gcp_kube_cluster_zone = attribute(:gcp_kube_cluster_zone, default: '', description: 'The GKE cluster zone.')
-gcp_kube_cluster_master_user = attribute(:gcp_kube_cluster_master_user, default: '', description: 'The GKE cluster master user.')
-gcp_kube_cluster_master_pass = attribute(:gcp_kube_cluster_master_pass, default: '', description: 'The GKE cluster master password.')
-gcp_kube_cluster_zone_extra1 = attribute(:gcp_kube_cluster_zone_extra1, default: '', description: 'The GKE cluster secondary zone.')
-gcp_kube_cluster_zone_extra2 = attribute(:gcp_kube_cluster_zone_extra2, default: '', description: 'The GKE cluster tertiary zone.')
-
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_kube_cluster_name = input(:gcp_kube_cluster_name, value: '', description: 'The GKE cluster name.')
+gcp_kube_cluster_zone = input(:gcp_kube_cluster_zone, value: '', description: 'The GKE cluster zone.')
+gcp_kube_cluster_master_user = input(:gcp_kube_cluster_master_user, value: '', description: 'The GKE cluster master user.')
+gcp_kube_cluster_master_pass = input(:gcp_kube_cluster_master_pass, value: '', description: 'The GKE cluster master password.')
+gcp_kube_cluster_zone_extra1 = input(:gcp_kube_cluster_zone_extra1, value: '', description: 'The GKE cluster secondary zone.')
+gcp_kube_cluster_zone_extra2 = input(:gcp_kube_cluster_zone_extra2, value: '', description: 'The GKE cluster tertiary zone.')
 
 control 'gcp-gke-container-cluster-1.0' do
-
   impact 1.0
   title 'Ensure GKE Container Cluster was built correctly'
 
@@ -36,8 +34,8 @@
     its('master_auth.password'){ should eq gcp_kube_cluster_master_pass}
 
     # no special network settings currently applied
-    its('network'){should eq "default"}
-    its('subnetwork'){should eq "default"}
+    its('network'){should eq "value"}
+    its('subnetwork'){should eq "value"}
 
     # check node configuration settings
     its('node_config.disk_size_gb'){should eq 100}

@@ -1,11 +1,10 @@
 title 'Retrieve  all GCP Container Clusters for a project and zone'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_kube_cluster_name = attribute(:gcp_kube_cluster_name, default: '', description: 'The GKE cluster name.')
-gcp_kube_cluster_zone = attribute(:gcp_kube_cluster_zone, default: '', description: 'The GKE cluster zone.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_kube_cluster_name = input(:gcp_kube_cluster_name, value: '', description: 'The GKE cluster name.')
+gcp_kube_cluster_zone = input(:gcp_kube_cluster_zone, value: '', description: 'The GKE cluster zone.')
 
 control 'gcp-container-clusters-1.0' do
-
   impact 1.0
   title 'Ensure container clusters have the correct properties in bulk.'
 

@@ -1,13 +1,12 @@
 title 'GKE Container Node Pool Properties'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_kube_cluster_name = attribute(:gcp_kube_cluster_name, default: '', description: 'The GKE cluster name.')
-gcp_kube_cluster_zone = attribute(:gcp_kube_cluster_zone, default: '', description: 'The GKE cluster zone.')
-gcp_kube_cluster_size = attribute(:gcp_kube_cluster_size, default: '', description: 'The GKE cluster initial size.')
-gcp_kube_nodepool_name = attribute(:gcp_kube_nodepool_name, default:'', description: 'The GKE cluster node pool name.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_kube_cluster_name = input(:gcp_kube_cluster_name, value: '', description: 'The GKE cluster name.')
+gcp_kube_cluster_zone = input(:gcp_kube_cluster_zone, value: '', description: 'The GKE cluster zone.')
+gcp_kube_cluster_size = input(:gcp_kube_cluster_size, value: '', description: 'The GKE cluster initial size.')
+gcp_kube_nodepool_name = input(:gcp_kube_nodepool_name, value: '', description: 'The GKE cluster node pool name.')
 
 control 'gcp-gke-container-node-pool-1.0' do
-
   impact 1.0
   title 'Ensure GKE Container Node Pool was built correctly'
 

@@ -1,12 +1,11 @@
 title 'Retrieve  all GCP Container Cluster Node Pools for a project, cluster and zone'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_kube_cluster_name = attribute(:gcp_kube_cluster_name, default: '', description: 'The GKE cluster name.')
-gcp_kube_cluster_zone = attribute(:gcp_kube_cluster_zone, default: '', description: 'The GKE cluster zone.')
-gcp_kube_nodepool_name = attribute(:gcp_kube_nodepool_name, default:'', description: 'The GKE cluster node pool name.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_kube_cluster_name = input(:gcp_kube_cluster_name, value: '', description: 'The GKE cluster name.')
+gcp_kube_cluster_zone = input(:gcp_kube_cluster_zone, value: '', description: 'The GKE cluster zone.')
+gcp_kube_nodepool_name = input(:gcp_kube_nodepool_name, value:'', description: 'The GKE cluster node pool name.')
 
 control 'gcp-container-cluster-node-pools-1.0' do
-
   impact 1.0
   title 'Ensure container cluster node pools have the correct properties in bulk.'
 

@@ -1,8 +1,8 @@
 title 'Project Properties'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_project_name = attribute(:gcp_project_name, default: '', description: 'The GCP project name.')
-gcp_project_number = attribute(:gcp_project_number, default: '', description: 'The GCP project number.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_project_name = input(:gcp_project_name, value: '', description: 'The GCP project name.')
+gcp_project_number = input(:gcp_project_number, value: '', description: 'The GCP project number.')
 
 control 'gcp-project' do
 

@@ -1,13 +1,12 @@
 title 'External Virtual Machine Properties'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_zone = attribute(:gcp_zone, default: '', description: 'The GCP zone being used.')
-gcp_ext_vm_name = attribute(:gcp_ext_vm_name, default: '', description: 'The GCP VM name.')
-gcp_ext_vm_size = attribute(:gcp_ext_vm_size, default: '', description: 'The GCP VM machine type or size.')
-#gcp_int_vm_image = attribute(:gcp_ext_vm_image, default: '', description: 'The GCP VM image.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_zone = input(:gcp_zone, value: '', description: 'The GCP zone being used.')
+gcp_ext_vm_name = input(:gcp_ext_vm_name, value: '', description: 'The GCP VM name.')
+gcp_ext_vm_size = input(:gcp_ext_vm_size, value: '', description: 'The GCP VM machine type or size.')
+#gcp_int_vm_image = input(:gcp_ext_vm_image, value: '', description: 'The GCP VM image.')
 
 control 'gcp-generic-vm-linux-external-1.0' do
-
   impact 1.0
   title 'Ensure External VM was built and has the correct properties'
 

@@ -1,13 +1,12 @@
 title 'External Virtual Machine Properties'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_zone = attribute(:gcp_zone, default: '', description: 'The GCP zone being used.')
-gcp_ext_vm_data_disk_name = attribute(:gcp_ext_vm_data_disk_name, default: '', description: 'The GCP VM name.')
-gcp_ext_vm_data_disk_size = attribute(:gcp_ext_vm_size, default: '', description: 'The GCP VM machine type or size.')
-gcp_compute_disk_name = attribute(:gcp_compute_disk_name, default: '', description: 'The GCP VM attached disk name.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_zone = input(:gcp_zone, value: '', description: 'The GCP zone being used.')
+gcp_ext_vm_data_disk_name = input(:gcp_ext_vm_data_disk_name, value: '', description: 'The GCP VM name.')
+gcp_ext_vm_data_disk_size = input(:gcp_ext_vm_size, value: '', description: 'The GCP VM machine type or size.')
+gcp_compute_disk_name = input(:gcp_compute_disk_name, value: '', description: 'The GCP VM attached disk name.')
 
 control 'gcp-generic-vm-linux-external-data-disk-1.0' do
-
   impact 1.0
   title 'Ensure External VM was built with attached data disk and has the correct properties'
 

@@ -1,8 +1,8 @@
 title 'IAM Role Properties'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_project_iam_custom_role_id = attribute(:gcp_project_iam_custom_role_id, default: '', description: 'The GCP IAM custom role identifier.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_project_iam_custom_role_id = input(:gcp_project_iam_custom_role_id, value: '', description: 'The GCP IAM custom role identifier.')
+gcp_enable_privileged_resources = input(:gcp_enable_privileged_resources, value: 0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
 
 control 'gcp-generic-iam-role' do
   only_if { gcp_enable_privileged_resources.to_i == 1 }

@@ -1,14 +1,12 @@
 title 'Image Family'
 
-gcp_int_vm_image = attribute(:gcp_ext_vm_image, default: '', description: 'The GCP VM image.')
+gcp_int_vm_image = input(:gcp_ext_vm_image, value: '', description: 'The GCP VM image.')
 
 control 'gcp-generic-image-family-1.0' do
-
   impact 1.0
   title 'Ensure that the image is correct'
 
   describe google_compute_image(project: gcp_int_vm_image.split('/').first, name: gcp_int_vm_image.split('/').last ) do
-
     its('name') { should match "ubuntu" }
     its('family') { should match "ubuntu" }
     # the image should be available for use

@@ -1,10 +1,10 @@
 title 'Internal Virtual Machine Properties'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_zone = attribute(:gcp_zone, default: '', description: 'The GCP zone being used.')
-gcp_int_vm_name = attribute(:gcp_int_vm_name, default: '', description: 'The GCP VM name.')
-gcp_int_vm_size = attribute(:gcp_int_vm_size, default: '', description: 'The GCP VM size.')
-#gcp_int_vm_image = attribute(:gcp_int_vm_image, default: '', description: 'The GCP VM image.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_zone = input(:gcp_zone, value: '', description: 'The GCP zone being used.')
+gcp_int_vm_name = input(:gcp_int_vm_name, value: '', description: 'The GCP VM name.')
+gcp_int_vm_size = input(:gcp_int_vm_size, value: '', description: 'The GCP VM size.')
+#gcp_int_vm_image = input(:gcp_int_vm_image, value: '', description: 'The GCP VM image.')
 
 control 'gcp-generic-vm-linux-internal-1.0' do
 

@@ -1,9 +1,9 @@
 title 'Public IP Address Properties'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_ext_compute_address_name = attribute(:gcp_ext_compute_address_name,default: '',description:'The GCP compute address.')
-gcp_ext_vm_name = attribute(:gcp_ext_vm_name, default: '', description: 'The GCP generic external VM name.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_location = input(:gcp_location, value: '', description: 'The GCP region being used.')
+gcp_ext_compute_address_name = input(:gcp_ext_compute_address_name, value: '',description:'The GCP compute address.')
+gcp_ext_vm_name = input(:gcp_ext_vm_name, value: '', description: 'The GCP generic external VM name.')
 
 control 'gcp-generic-public-ip-address-1.0' do
 

@@ -1,10 +1,10 @@
 title 'Internal Windows Virtual Machine Properties'
 
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_zone = attribute(:gcp_zone, default: '', description: 'The GCP zone being used.')
-gcp_windows_int_vm_name = attribute(:gcp_windows_int_vm_name, default: '', description: 'The GCP VM name.')
-gcp_windows_int_vm_size = attribute(:gcp_windows_int_vm_size, default: '', description: 'The GCP VM size.')
-#gcp_windows_int_vm_image = attribute(:gcp_int_vm_size, default: '', description: 'The GCP VM size.')
+gcp_project_id = input(:gcp_project_id, value: '', description: 'The GCP project identifier.')
+gcp_zone = input(:gcp_zone, value: '', description: 'The GCP zone being used.')
+gcp_windows_int_vm_name = input(:gcp_windows_int_vm_name, value: '', description: 'The GCP VM name.')
+gcp_windows_int_vm_size = input(:gcp_windows_int_vm_size, value: '', description: 'The GCP VM size.')
+#gcp_windows_int_vm_image = input(:gcp_int_vm_size, value: '', description: 'The GCP VM size.')
 
 control 'gcp-generic-vm-windows-internal-1.0' do
 

@@ -1,27 +1,13 @@
-# ----------------------------------------------------------------------------
-#
-#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
-#
-# ----------------------------------------------------------------------------
-#
-#     This file is automatically generated by Magic Modules and manual
-#     changes will be clobbered when the file is regenerated.
-#
-#     Please read more about how to change this file in README.md and
-#     CONTRIBUTING.md located at the root of this package.
-#
-# ----------------------------------------------------------------------------
-
 title 'Test GCP google_access_context_manager_access_level resource.'
 
-gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of the perimeter')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
-service_perimeter = attribute('service_perimeter', default: {
-  "name": "restrict_all",
-  "title": "restrict_all",
-  "restricted_service": "storage.googleapis.com",
-  "policy_title": "policytitle"
-}, description: 'Service perimeter definition')
+gcp_organization_id = input(:gcp_organization_id, value: '', description: 'The identifier of the organization that is the parent of the perimeter')
+gcp_enable_privileged_resources = input(:gcp_enable_privileged_resources, value: 0, description: 'Flag to enable privileged resources requiring elevated privileges in GCP.')
+# service_perimeter = input('service_perimeter', value: {
+#   "name": "restrict_all",
+#   "title": "restrict_all",
+#   "restricted_service": "storage.googleapis.com",
+#   "policy_title": "policytitle"
+# }, description: 'Service perimeter definition')
 
 control 'google_access_context_manager_access_level-1.0' do
   impact 1.0

@@ -1,22 +1,8 @@
-# ----------------------------------------------------------------------------
-#
-#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
-#
-# ----------------------------------------------------------------------------
-#
-#     This file is automatically generated by Magic Modules and manual
-#     changes will be clobbered when the file is regenerated.
-#
-#     Please read more about how to change this file in README.md and
-#     CONTRIBUTING.md located at the root of this package.
-#
-# ----------------------------------------------------------------------------
-
 title 'Test GCP google_access_context_manager_access_levels resource.'
 
-gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of the perimeter')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
-service_perimeter = attribute('service_perimeter', default: {
+gcp_organization_id = input(:gcp_organization_id, value: '', description: 'The identifier of the organization that is the parent of the perimeter')
+gcp_enable_privileged_resources = input(:gcp_enable_privileged_resources, value: 0, description: 'Flag to enable privileged resources requiring elevated privileges in GCP.')
+service_perimeter = input('service_perimeter', value: {
   "name": "restrict_all",
   "title": "restrict_all",
   "restricted_service": "storage.googleapis.com",

@@ -1,27 +1,14 @@
-# ----------------------------------------------------------------------------
-#
-#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
-#
-# ----------------------------------------------------------------------------
-#
-#     This file is automatically generated by Magic Modules and manual
-#     changes will be clobbered when the file is regenerated.
-#
-#     Please read more about how to change this file in README.md and
-#     CONTRIBUTING.md located at the root of this package.
-#
-# ----------------------------------------------------------------------------
-
 title 'Test GCP google_access_context_manager_access_policies resource.'
 
-gcp_organization_id = attribute(:gcp_organization_id, default: gcp_organization_id, description: 'The identifier of the organization that is the parent of the perimeter')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default:0, description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
-service_perimeter = attribute('service_perimeter', default: {
+gcp_organization_id = input(:gcp_organization_id, value: '', description: 'The identifier of the organization that is the parent of the perimeter')
+gcp_enable_privileged_resources = input(:gcp_enable_privileged_resources, value: 0, description: 'Flag to enable privileged resources requiring elevated privileges in GCP.')
+service_perimeter = input('service_perimeter', value: {
   "name": "restrict_all",
   "title": "restrict_all",
   "restricted_service": "storage.googleapis.com",
   "policy_title": "policytitle"
 }, description: 'Service perimeter definition')
+
 control 'google_access_context_manager_access_policies-1.0' do
   impact 1.0
   title 'google_access_context_manager_access_policies resource test'