Add HTTPS health check to InSpec (#1305)

Merged PR #1305.
GoogleCloudPlatform · Jan 25, 2019 · a487049 · a487049
1 parent 74d2bbd
commit a487049
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 4 deletions.
diff --git a/build/inspec b/build/inspec
diff --git a/products/compute/inspec.yaml b/products/compute/inspec.yaml
@@ -35,8 +35,6 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   GlobalForwardingRule: !ruby/object:Overrides::Inspec::ResourceOverride
     exclude: true
-  HttpsHealthCheck: !ruby/object:Overrides::Inspec::ResourceOverride
-    exclude: true
   Image: !ruby/object:Overrides::Inspec::ResourceOverride
     exclude: true
   Instance: !ruby/object:Overrides::Inspec::ResourceOverride

diff --git a/templates/inspec/examples/attributes/google_compute_https_health_check.erb b/templates/inspec/examples/attributes/google_compute_https_health_check.erb
@@ -0,0 +1,2 @@
+gcp_project_id = attribute(:gcp_project_id, default: '<%= external_attribute('gcp_project_id') -%>', description: 'The GCP project identifier.')
+https_health_check = attribute('https_health_check', default: <%= JSON.pretty_generate(grab_attributes['https_health_check']) -%>, description: 'HTTPS health check definition')
diff --git a/templates/inspec/examples/google_compute_https_health_check.erb b/templates/inspec/examples/google_compute_https_health_check.erb
@@ -0,0 +1,13 @@
+<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%>
+<% https_health_check = grab_attributes['https_health_check'] -%>
+describe google_compute_https_health_check(project: <%= doc_generation ? "#{gcp_project_id}" : "gcp_project_id" -%>, name: <%= doc_generation ? "'#{https_health_check['name']}'" : "https_health_check['name']" -%>) do
+  it { should exist }
+  its('timeout_sec') { should eq <%= doc_generation ? "'#{https_health_check['timeout_sec']}'" : "https_health_check['timeout_sec']" -%> }
+  its('request_path') { should eq <%= doc_generation ? "'#{https_health_check['request_path']}'" : "https_health_check['request_path']" -%> }
+  its('check_interval_sec') { should eq <%= doc_generation ? "'#{https_health_check['check_interval_sec']}'" : "https_health_check['check_interval_sec']" -%> }
+  its('unhealthy_threshold') { should eq <%= doc_generation ? "'#{https_health_check['unhealthy_threshold']}'" : "https_health_check['unhealthy_threshold']" -%> }
+end
+
+describe google_compute_https_health_check(project: <%= doc_generation ? "#{gcp_project_id}" : "gcp_project_id" -%>, name: 'nonexistent') do
+  it { should_not exist }
+end
diff --git a/templates/inspec/examples/google_compute_https_health_checks.erb b/templates/inspec/examples/google_compute_https_health_checks.erb
@@ -0,0 +1,7 @@
+<% gcp_project_id = "#{external_attribute('gcp_project_id', doc_generation)}" -%>
+<% https_health_check = grab_attributes['https_health_check'] -%>
+describe google_compute_https_health_checks(project: <%= doc_generation ? "#{gcp_project_id}" : "gcp_project_id" -%>) do
+  its('names') { should include <%= doc_generation ? "'#{https_health_check['name']}'" : "https_health_check['name']" -%> }
+  its('timeout_secs') { should include <%= doc_generation ? "'#{https_health_check['timeout_sec']}'" : "https_health_check['timeout_sec']" -%> }
+  its('check_interval_secs') { should include <%= doc_generation ? "'#{https_health_check['check_interval_sec']}'" : "https_health_check['check_interval_sec']" -%> }
+end
diff --git a/templates/inspec/tests/integration/build/gcp-mm.tf b/templates/inspec/tests/integration/build/gcp-mm.tf
@@ -46,6 +46,10 @@ variable "http_health_check" {
   type = "map"
 }
 
+variable "https_health_check" {
+  type = "map"
+}
+
 resource "google_compute_ssl_policy" "custom-ssl-policy" {
   name            = "${var.ssl_policy["name"]}"
   min_tls_version = "${var.ssl_policy["min_tls_version"]}"
@@ -173,4 +177,14 @@ resource "google_compute_http_health_check" "gcp-inspec-http-health-check" {
 
   timeout_sec        = "${var.http_health_check["timeout_sec"]}"
   check_interval_sec = "${var.http_health_check["check_interval_sec"]}"
+}
+
+resource "google_compute_https_health_check" "gcp-inspec-https-health-check" {
+  project      = "${var.gcp_project_id}"
+  name         = "${var.https_health_check["name"]}"
+  request_path = "${var.https_health_check["request_path"]}"
+
+  timeout_sec         = "${var.https_health_check["timeout_sec"]}"
+  check_interval_sec  = "${var.https_health_check["check_interval_sec"]}"
+  unhealthy_threshold = "${var.https_health_check["unhealthy_threshold"]}"
 }
diff --git a/templates/inspec/tests/integration/configuration/mm-attributes.yml b/templates/inspec/tests/integration/configuration/mm-attributes.yml
@@ -66,4 +66,11 @@ http_health_check:
   name: inspec-gcp-http-health-check
   request_path: /health_check
   timeout_sec: 20
-  check_interval_sec: 20
+  check_interval_sec: 20
+
+https_health_check:
+  name: inspec-gcp-https-health-check
+  request_path: /https_health_check
+  timeout_sec: 15
+  check_interval_sec: 15
+  unhealthy_threshold: 3
+48 −0		docs/resources/google_compute_https_health_check.md
+37 −0		docs/resources/google_compute_https_health_checks.md
+71 −0		libraries/google_compute_https_health_check.rb
+102 −0		libraries/google_compute_https_health_checks.rb
+14 −0		test/integration/build/gcp-mm.tf
+8 −1		test/integration/configuration/mm-attributes.yml
+40 −0		test/integration/verify/controls/google_compute_https_health_check.rb
+34 −0		test/integration/verify/controls/google_compute_https_health_checks.rb
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		gcp_project_id = attribute(:gcp_project_id, default: '<%= external_attribute('gcp_project_id') -%>', description: 'The GCP project identifier.')
		https_health_check = attribute('https_health_check', default: <%= JSON.pretty_generate(grab_attributes['https_health_check']) -%>, description: 'HTTPS health check definition')