diff --git a/docs/resources/google_cloudidentity_group.md b/docs/resources/google_cloudidentity_group.md new file mode 100644 index 000000000..b7ab75fe7 --- /dev/null +++ b/docs/resources/google_cloudidentity_group.md @@ -0,0 +1,50 @@ +--- +title: About the google_cloudidentity_group resource +platform: gcp +--- + +## Syntax +A `google_cloudidentity_group` is used to test a Google Group resource + +## Examples +``` +describe google_cloudidentity_group(project: 'chef-gcp-inspec', name: '') do + it { should exist } + it { should be_up } +end +``` + +## Properties +Properties that can be accessed from the `google_cloudidentity_group` resource: + + + * `name`: Resource name of the Group in the format: groups/{group_id}, where group_id is the unique ID assigned to the Group. + + * `group_key`: EntityKey of the Group. + + * `id`: The ID of the entity. For Google-managed entities, the id must be the email address of an existing group or user. For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements. Must be unique within a namespace. + + * `namespace`: The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group. If specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + + * `parent`: The resource name of the entity under which this Group resides in the Cloud Identity resource hierarchy. Must be of the form identitysources/{identity_source_id} for external-identity-mapped groups or customers/{customer_id} for Google Groups. + + * `display_name`: The display name of the Group. + + * `description`: An extended description to help users determine the purpose of a Group. Must not be longer than 4,096 characters. + + * `create_time`: The time when the Group was created. + + * `update_time`: The time when the Group was last updated. + + * `labels`: The labels that apply to the Group. Must not contain more than one entry. Must contain the entry 'cloudidentity.googleapis.com/groups.discussion_forum': '' if the Group is a Google Group or 'system/groups/external': '' if the Group is an external-identity-mapped group. + + * `initial_group_config`: The initial configuration options for creating a Group. See the [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) for possible values. + Possible values: + * INITIAL_GROUP_CONFIG_UNSPECIFIED + * WITH_INITIAL_OWNER + * EMPTY + + +## GCP Permissions + +Ensure the [Cloud Identity API](https://console.cloud.google.com/apis/api/cloudidentity.googleapis.com/overview) is enabled for the current project. diff --git a/docs/resources/google_cloudidentity_groups.md b/docs/resources/google_cloudidentity_groups.md new file mode 100644 index 000000000..179600722 --- /dev/null +++ b/docs/resources/google_cloudidentity_groups.md @@ -0,0 +1,37 @@ +--- +title: About the google_cloudidentity_groups resource +platform: gcp +--- + +## Syntax +A `google_cloudidentity_groups` is used to test a Google Group resource + +## Examples +``` +describe google_cloudidentity_groups(project: 'chef-gcp-inspec') do +it { should exist } +it { should be_up } +end +``` + +## Properties +Properties that can be accessed from the `google_cloudidentity_groups` resource: + +See [google_cloudidentity_group.md](google_cloudidentity_group.md) for more detailed information + * `names`: an array of `google_cloudidentity_group` name + * `group_keys`: an array of `google_cloudidentity_group` group_key + * `parents`: an array of `google_cloudidentity_group` parent + * `display_names`: an array of `google_cloudidentity_group` display_name + * `descriptions`: an array of `google_cloudidentity_group` description + * `create_times`: an array of `google_cloudidentity_group` create_time + * `update_times`: an array of `google_cloudidentity_group` update_time + * `labels`: an array of `google_cloudidentity_group` labels + * `initial_group_configs`: an array of `google_cloudidentity_group` initial_group_config + +## Filter Criteria +This resource supports all of the above properties as filter criteria, which can be used +with `where` as a block or a method. + +## GCP Permissions + +Ensure the [Cloud Identity API](https://console.cloud.google.com/apis/api/cloudidentity.googleapis.com/overview) is enabled for the current project. diff --git a/libraries/google/cloudidentity/property/group_group_key.rb b/libraries/google/cloudidentity/property/group_group_key.rb new file mode 100644 index 000000000..f90173d44 --- /dev/null +++ b/libraries/google/cloudidentity/property/group_group_key.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module CloudIdentity + module Property + class GroupGroupKey + attr_reader :id + + attr_reader :namespace + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @id = args['id'] + @namespace = args['namespace'] + end + + def to_s + "#{@parent_identifier} GroupGroupKey" + end + end + end + end +end diff --git a/libraries/google_cloudidentity_group.rb b/libraries/google_cloudidentity_group.rb new file mode 100644 index 000000000..1260f11ac --- /dev/null +++ b/libraries/google_cloudidentity_group.rb @@ -0,0 +1,72 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +require 'google/cloudidentity/property/group_group_key' + +# A provider to manage Cloud Identity resources. +class CloudIdentityGroup < GcpResourceBase + name 'google_cloudidentity_group' + desc 'Group' + supports platform: 'gcp' + + attr_reader :params + attr_reader :name + attr_reader :group_key + attr_reader :parent + attr_reader :display_name + attr_reader :description + attr_reader :create_time + attr_reader :update_time + attr_reader :labels + attr_reader :initial_group_config + + def initialize(params) + super(params.merge({ use_http_transport: true })) + @params = params + @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get') + parse unless @fetched.nil? + end + + def parse + @name = @fetched['name'] + @group_key = GoogleInSpec::CloudIdentity::Property::GroupGroupKey.new(@fetched['groupKey'], to_s) + @parent = @fetched['parent'] + @display_name = @fetched['displayName'] + @description = @fetched['description'] + @create_time = @fetched['createTime'] + @update_time = @fetched['updateTime'] + @labels = @fetched['labels'] + @initial_group_config = @fetched['initialGroupConfig'] + end + + def exists? + !@fetched.nil? + end + + def to_s + "Group #{@params[:name]}" + end + + private + + def product_url(_ = nil) + 'https://cloudidentity.googleapis.com/v1/' + end + + def resource_base_url + '{{name}}' + end +end diff --git a/libraries/google_cloudidentity_groups.rb b/libraries/google_cloudidentity_groups.rb new file mode 100644 index 000000000..22d6300a9 --- /dev/null +++ b/libraries/google_cloudidentity_groups.rb @@ -0,0 +1,96 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +require 'gcp_backend' +class CloudIdentityGroups < GcpResourceBase + name 'google_cloudidentity_groups' + desc 'Group plural resource' + supports platform: 'gcp' + + attr_reader :table + + filter_table_config = FilterTable.create + + filter_table_config.add(:names, field: :name) + filter_table_config.add(:group_keys, field: :group_key) + filter_table_config.add(:parents, field: :parent) + filter_table_config.add(:display_names, field: :display_name) + filter_table_config.add(:descriptions, field: :description) + filter_table_config.add(:create_times, field: :create_time) + filter_table_config.add(:update_times, field: :update_time) + filter_table_config.add(:labels, field: :labels) + filter_table_config.add(:initial_group_configs, field: :initial_group_config) + + filter_table_config.connect(self, :table) + + def initialize(params = {}) + super(params.merge({ use_http_transport: true })) + @params = params + @table = fetch_wrapped_resource('groups') + end + + def fetch_wrapped_resource(wrap_path) + # fetch_resource returns an array of responses (to handle pagination) + require 'byebug'; byebug + result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get') + return if result.nil? + + # Conversion of string -> object hash to symbol -> object hash that InSpec needs + converted = [] + result.each do |response| + next if response.nil? || !response.key?(wrap_path) + response[wrap_path].each do |hash| + hash_with_symbols = {} + hash.each_key do |key| + name, value = transform(key, hash) + hash_with_symbols[name] = value + end + converted.push(hash_with_symbols) + end + end + + converted + end + + def transform(key, value) + return transformers[key].call(value) if transformers.key?(key) + + [key.to_sym, value] + end + + def transformers + { + 'name' => ->(obj) { return :name, obj['name'] }, + 'groupKey' => ->(obj) { return :group_key, GoogleInSpec::CloudIdentity::Property::GroupGroupKey.new(obj['groupKey'], to_s) }, + 'parent' => ->(obj) { return :parent, obj['parent'] }, + 'displayName' => ->(obj) { return :display_name, obj['displayName'] }, + 'description' => ->(obj) { return :description, obj['description'] }, + 'createTime' => ->(obj) { return :create_time, obj['createTime'] }, + 'updateTime' => ->(obj) { return :update_time, obj['updateTime'] }, + 'labels' => ->(obj) { return :labels, obj['labels'] }, + 'initialGroupConfig' => ->(obj) { return :initial_group_config, obj['initialGroupConfig'] }, + } + end + + private + + def product_url(_ = nil) + 'https://cloudidentity.googleapis.com/v1/' + end + + def resource_base_url + 'groups?initialGroupConfig={{initial_group_config}}' + end +end diff --git a/test/integration/verify/controls/google_cloudidentity_group.rb b/test/integration/verify/controls/google_cloudidentity_group.rb new file mode 100644 index 000000000..f770fdf78 --- /dev/null +++ b/test/integration/verify/controls/google_cloudidentity_group.rb @@ -0,0 +1,29 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_cloudidentity_group resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +cloudidentity = input('cloudidentity', value: { + "name": "cloudidentity_group" +}, description: 'The cloudidentity') +control 'google_cloudidentity_group-1.0' do + impact 1.0 + title 'google_cloudidentity_group resource test' + + describe google_cloudidentity_group(project: gcp_project_id, name: cloudidentity['name']) do + it { should exist } + it { should be_up } + end +end diff --git a/test/integration/verify/controls/google_cloudidentity_groups.rb b/test/integration/verify/controls/google_cloudidentity_groups.rb new file mode 100644 index 000000000..74f7be607 --- /dev/null +++ b/test/integration/verify/controls/google_cloudidentity_groups.rb @@ -0,0 +1,29 @@ +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- + +title 'Test GCP google_cloudidentity_groups resource.' + +gcp_project_id = input(:gcp_project_id, value: 'gcp_project_id', description: 'The GCP project identifier.') +cloudidentity = input('cloudidentity', value: { + "name": "cloudidentity_group" +}, description: 'The cloudidentity') +control 'google_cloudidentity_groups-1.0' do + impact 1.0 + title 'google_cloudidentity_groups resource test' + + describe google_cloudidentity_groups(project: gcp_project_id) do + it { should exist } + it { should be_up } + end +end