diff --git a/.changelog/2938.txt b/.changelog/2938.txt
new file mode 100644
index 000000000..830f8d05a
--- /dev/null
+++ b/.changelog/2938.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+compute: Fixed errors from concurrent creation/deletion of overlapping `google_compute_network_peering` resources.
+```
diff --git a/docs/resources/google_compute_subnetwork_iam_binding.md b/docs/resources/google_compute_subnetwork_iam_binding.md
new file mode 100644
index 000000000..eaa9b8af6
--- /dev/null
+++ b/docs/resources/google_compute_subnetwork_iam_binding.md
@@ -0,0 +1,27 @@
+---
+title: About the google_compute_subnetwork_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_subnetwork_iam_binding` is used to test a Google Subnetwork Iam Bindings
+
+## Examples
+```
+describe google_compute_subnetwork_iam_binding(project: "project", region: "region", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_subnetwork_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_pubsub_subscription_iam_binding.md b/docs/resources/google_pubsub_subscription_iam_binding.md
new file mode 100644
index 000000000..266c43d75
--- /dev/null
+++ b/docs/resources/google_pubsub_subscription_iam_binding.md
@@ -0,0 +1,27 @@
+---
+title: About the google_pubsub_subscription_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_pubsub_subscription_iam_binding` is used to test a Google Subscription Iam Bindings
+
+## Examples
+```
+describe google_pubsub_subscription_iam_binding(project: "project", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_pubsub_subscription_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_pubsub_topic_iam_binding.md b/docs/resources/google_pubsub_topic_iam_binding.md
new file mode 100644
index 000000000..eefeab9da
--- /dev/null
+++ b/docs/resources/google_pubsub_topic_iam_binding.md
@@ -0,0 +1,27 @@
+---
+title: About the google_pubsub_topic_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_pubsub_topic_iam_binding` is used to test a Google Topic Iam Bindings
+
+## Examples
+```
+describe google_pubsub_topic_iam_binding(project: "project", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_pubsub_topic_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Pub/Sub API](https://console.cloud.google.com/apis/library/pubsub.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_resourcemanager_project_iam_binding.md b/docs/resources/google_resourcemanager_project_iam_binding.md
new file mode 100644
index 000000000..637b12738
--- /dev/null
+++ b/docs/resources/google_resourcemanager_project_iam_binding.md
@@ -0,0 +1,27 @@
+---
+title: About the google_resourcemanager_project_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_resourcemanager_project_iam_binding` is used to test a Google Project Iam Bindings
+
+## Examples
+```
+describe google_resourcemanager_project_iam_binding(project_id: "projectId", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_resourcemanager_project_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_runtime_config_config_iam_binding.md b/docs/resources/google_runtime_config_config_iam_binding.md
new file mode 100644
index 000000000..3806fcc51
--- /dev/null
+++ b/docs/resources/google_runtime_config_config_iam_binding.md
@@ -0,0 +1,27 @@
+---
+title: About the google_runtime_config_config_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_runtime_config_config_iam_binding` is used to test a Google Config Iam Bindings
+
+## Examples
+```
+describe google_runtime_config_config_iam_binding(project: "project", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_runtime_config_config_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Resource Manager API](https://console.cloud.google.com/apis/library/cloudresourcemanager.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_spanner_instance_iam_binding.md b/docs/resources/google_spanner_instance_iam_binding.md
new file mode 100644
index 000000000..024385a1e
--- /dev/null
+++ b/docs/resources/google_spanner_instance_iam_binding.md
@@ -0,0 +1,27 @@
+---
+title: About the google_spanner_instance_iam_binding resource
+platform: gcp
+---
+
+## Syntax
+A `google_spanner_instance_iam_binding` is used to test a Google Instance Iam Bindings
+
+## Examples
+```
+describe google_spanner_instance_iam_binding(project: "project", name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_spanner_instance_iam_binding` resource:
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+
+## GCP Permissions
+
+Ensure the [Cloud Spanner API](https://console.cloud.google.com/apis/library/spanner.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket.md b/docs/resources/google_storage_bucket.md
index 9489e5a0f..38c04bc04 100644
--- a/docs/resources/google_storage_bucket.md
+++ b/docs/resources/google_storage_bucket.md
@@ -1,56 +1,152 @@
---
-title: About the google_storage_bucket Resource
+title: About the google_storage_bucket resource
platform: gcp
---
-# google\_storage\_bucket
+## Syntax
+A `google_storage_bucket` is used to test a Google Bucket resource
-Use the `google_storage_bucket` InSpec audit resource to test properties of a GCP storage bucket.
+## Examples
+```
+describe google_storage_bucket(name: bucket-name) do
+ it { should exist }
+ its('location') { should cmp 'europe-west2'.upcase }
-
s
+ its('storage_class') { should eq "STANDARD" }
+end
-## Syntax
+describe google_storage_bucket(name: "nonexistent") do
+ it { should_not exist }
+end
+```
-A `google_storage_bucket` resource block declares the tests for a single GCP storage bucket by name.
+## Properties
+Properties that can be accessed from the `google_storage_bucket` resource:
- describe google_storage_bucket(name: 'chef-inspec-gcp-storage-bucket-abcd') do
- it { should exist }
- its('name') { should eq 'chef-inspec-gcp-storage-bucket-abcd' }
- end
-
+ * `acl`: Access controls on the bucket.
-## Examples
+ * `bucket`: The name of the bucket.
-The following examples show how to use this InSpec audit resource.
+ * `domain`: The domain associated with the entity.
-### Test that a GCP storage bucket is in the expected location
+ * `email`: The email address associated with the entity.
- describe google_storage_bucket(name: 'chef-inspec-gcp-storage-bucket-abcd') do
- its('location') { should eq "EUROPE-WEST2" }
- end
+ * `entity`: The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
-### Test that a GCP storage bucket has the expected project number
+ * `entity_id`: The ID for the entity
- describe google_storage_bucket(name: 'chef-inspec-gcp-storage-bucket-abcd') do
- its('project_number') {should eq 12345678 }
- end
+ * `id`: The ID of the access-control entry.
-### Test that a GCP storage bucket has the expected storage class
+ * `project_team`: The project team associated with the entity
- describe google_storage_bucket(name: 'chef-inspec-gcp-storage-bucket-abcd') do
- its('storage_class') { should eq 'STANDARD' }
- end
+ * `project_number`: The project team associated with the entity
-
+ * `team`: The team.
-## Properties
+ * `role`: The access permission for the entity.
+
+ * `cors`: The bucket's Cross-Origin Resource Sharing (CORS) configuration.
+
+ * `max_age_seconds`: The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.
+
+ * `method`: The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".
+
+ * `origin`: The list of Origins eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin".
+
+ * `response_header`: The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.
+
+ * `default_object_acl`: Default access controls to apply to new objects when no ACL is provided.
+
+ * `bucket`: The name of the bucket.
+
+ * `domain`: The domain associated with the entity.
+
+ * `email`: The email address associated with the entity.
+
+ * `entity`: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as "user-liz@example.com") * group-{{groupId}} * group-{{email}} (such as "group-example@googlegroups.com") * domain-{{domain}} (such as "domain-example.com") * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
+
+ * `entity_id`: The ID for the entity
+
+ * `generation`: The content generation of the object, if applied to an object.
+
+ * `id`: The ID of the access-control entry.
+
+ * `object`: The name of the object, if applied to an object.
+
+ * `project_team`: The project team associated with the entity
+
+ * `project_number`: The project team associated with the entity
+
+ * `team`: The team.
+
+ * `role`: The access permission for the entity.
+
+ * `id`: The ID of the bucket. For buckets, the id and name properities are the same.
+
+ * `lifecycle`: The bucket's lifecycle configuration. See https://developers.google.com/storage/docs/lifecycle for more information.
+
+ * `rule`: A lifecycle management rule, which is made of an action to take and the condition(s) under which the action will be taken.
+
+ * `action`: The action to take.
+
+ * `storage_class`: Target storage class. Required iff the type of the action is SetStorageClass.
+
+ * `type`: Type of the action. Currently, only Delete and SetStorageClass are supported.
+
+ * `condition`: The condition(s) under which the action will be taken.
+
+ * `age_days`: Age of an object (in days). This condition is satisfied when an object reaches the specified age.
+
+ * `created_before`: A date in RFC 3339 format with only the date part (for instance, "2013-01-15"). This condition is satisfied when an object is created before midnight of the specified date in UTC.
+
+ * `is_live`: Relevant only for versioned objects. If the value is true, this condition matches live objects; if the value is false, it matches archived objects.
+
+ * `matches_storage_class`: Objects having any of the storage classes specified by this condition will be matched. Values include MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, STANDARD, and DURABLE_REDUCED_AVAILABILITY.
+
+ * `num_newer_versions`: Relevant only for versioned objects. If the value is N, this condition is satisfied when there are at least N versions (including the live version) newer than this version of the object.
+
+ * `location`: The location of the bucket. Object data for objects in the bucket resides in physical storage within this region. Defaults to US. See the developer's guide for the authoritative list.
+
+ * `logging`: The bucket's logging configuration, which defines the destination bucket and optional name prefix for the current bucket's logs.
+
+ * `log_bucket`: The destination bucket where the current bucket's logs should be placed.
+
+ * `log_object_prefix`: A prefix for log object names.
+
+ * `metageneration`: The metadata generation of this bucket.
+
+ * `name`: The name of the bucket
+
+ * `owner`: The owner of the bucket. This is always the project team's owner group.
+
+ * `entity`: The entity, in the form project-owner-projectId.
+
+ * `entity_id`: The ID for the entity.
+
+ * `project_number`: The project number of the project the bucket belongs to.
+
+ * `storage_class`: The bucket's default storage class, used whenever no storageClass is specified for a newly-created object. This defines how objects in the bucket are stored and determines the SLA and the cost of storage. Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, COLDLINE, and DURABLE_REDUCED_AVAILABILITY. If this value is not specified when the bucket is created, it will default to STANDARD. For more information, see storage classes.
+
+ * `time_created`: The creation time of the bucket in RFC 3339 format.
+
+ * `updated`: The modification time of the bucket in RFC 3339 format.
+
+ * `versioning`: The bucket's versioning configuration.
+
+ * `enabled`: While set to true, versioning is fully enabled for this bucket.
+
+ * `website`: The bucket's website configuration, controlling how the service behaves when accessing bucket contents as a web site. See the Static Website Examples for more information.
+
+ * `main_page_suffix`: If the requested object path is missing, the service will ensure the path has a trailing '/', append this suffix, and attempt to retrieve the resulting object. This allows the creation of index.html objects to represent directory pages.
+
+ * `not_found_page`: If the requested object path is missing, and any mainPageSuffix object is missing, if applicable, the service will return the named object from this bucket as the content for a 404 Not Found result.
-* `etag`, `id`, `kind`, `location`, `metageneration`, `name`, `project_number`, `storage_class`, `time_created`, `updated`
+ * `project`: A valid API project identifier.
-
+ * `predefined_default_object_acl`: Apply a predefined set of default object access controls to this bucket. Acceptable values are: - "authenticatedRead": Object owner gets OWNER access, and allAuthenticatedUsers get READER access. - "bucketOwnerFullControl": Object owner gets OWNER access, and project team owners get OWNER access. - "bucketOwnerRead": Object owner gets OWNER access, and project team owners get READER access. - "private": Object owner gets OWNER access. - "projectPrivate": Object owner gets OWNER access, and project team members get access according to their roles. - "publicRead": Object owner gets OWNER access, and allUsers get READER access.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket_acl.md b/docs/resources/google_storage_bucket_acl.md
index 36845f5bc..03e96e43c 100644
--- a/docs/resources/google_storage_bucket_acl.md
+++ b/docs/resources/google_storage_bucket_acl.md
@@ -1,49 +1,49 @@
---
-title: About the google_storage_bucket_acl Resource
+title: About the google_storage_bucket_acl resource
platform: gcp
---
-# google\_storage\_bucket\_acl
-
-Use the `google_storage_bucket_acl` InSpec audit resource to test properties of a single GCP storage bucket ACL. The 'entity' property below is as described in the [Google documentation here](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls).
-
-
-
## Syntax
+A `google_storage_bucket_acl` is used to test a Google BucketACL resource
+
+## Examples
+```
+describe google_storage_bucket_acl(bucket: 'storage-bucket-name', entity: user-email) do
+ it { should exist }
+ its('role') { should cmp "OWNER" }
-A `google_storage_bucket_acl` resource block declares the tests for a single GCP storage bucket ACL by bucket name and entity.
+ its('bucket') { should eq 'storage-bucket-name' }
+ its('email') { should include entity-email.com }
+end
- describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
+describe google_storage_bucket_acl(bucket: 'storage-bucket-name', entity: "allUsers") do
+ it { should_not exist }
+end
+```
-
+## Properties
+Properties that can be accessed from the `google_storage_bucket_acl` resource:
-## Examples
-The following examples show how to use this InSpec audit resource.
+ * `domain`: The domain associated with the entity.
-### Test that a GCP storage bucket ACL exists
+ * `email`: The email address associated with the entity.
- describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
+ * `entity`: The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com. The group example@googlegroups.com would be group-example@googlegroups.com. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.
-### Test that a GCP storage bucket ACL has the expected role (READER, WRITER or OWNER)
+ * `entity_id`: The ID for the entity
- describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- its('role') { should eq 'OWNER' }
- end
+ * `id`: The ID of the access-control entry.
-
+ * `project_team`: The project team associated with the entity
-## Properties
+ * `project_number`: The project team associated with the entity
-* `bucket`, `email`, `entity`, `etag`, `id`, `kind`, `role`
+ * `team`: The team.
-
+ * `role`: The access permission for the entity.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket_iam_binding.md b/docs/resources/google_storage_bucket_iam_binding.md
index 40364b4d6..f439b4e30 100644
--- a/docs/resources/google_storage_bucket_iam_binding.md
+++ b/docs/resources/google_storage_bucket_iam_binding.md
@@ -1,50 +1,27 @@
---
-title: About the google_storage_bucket_iam_binding Resource
+title: About the google_storage_bucket_iam_binding resource
platform: gcp
---
-# google\_storage\_bucket\_iam\_binding
-
-Use the `google_storage_bucket_iam_binding` InSpec audit resource to test properties of a single GCP storage bucket IAM binding.
-
-
-
## Syntax
-
-A `google_storage_bucket_iam_binding` resource block declares the tests for a single GCP storage bucket IAM binding by bucket name and role.
-
- describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz', role: 'roles/storage.objectViewer') do
- it { should exist }
- end
-
-
+A `google_storage_bucket_iam_binding` is used to test a Google Bucket Iam Bindings
## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test that a GCP storage bucket IAM binding exists
-
- describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz', role: 'roles/storage.admin') do
- it { should exist }
- end
-
-### Test that a GCP storage bucket IAM binding role has the desired user or service account included
-
- describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz', role: 'roles/storage.admin') do
- its('members') {should include 'user:someuser@domain.com' }
- its('members') {should include 'serviceAccount:someserviceaccount@domain.com' }
- end
-
-
+```
+describe google_storage_bucket_iam_binding(name: "name", role: "roles/editor") do
+ it { should exist }
+ its('members') { should include 'user:testuser@example.com' }
+end
+```
## Properties
+Properties that can be accessed from the `google_storage_bucket_iam_binding` resource:
-* `members`
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
-
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket_iam_policy.md b/docs/resources/google_storage_bucket_iam_policy.md
new file mode 100644
index 000000000..43a95305d
--- /dev/null
+++ b/docs/resources/google_storage_bucket_iam_policy.md
@@ -0,0 +1,46 @@
+---
+title: About the google_storage_bucket_iam_policy resource
+platform: gcp
+---
+
+## Syntax
+A `google_storage_bucket_iam_policy` is used to test a Google Bucket Iam Policy resource
+
+## Examples
+```
+describe google_storage_bucket_iam_policy(name: "name") do
+ it { should exist }
+end
+
+google_storage_bucket_iam_policy(name: "name").bindings.each do |binding|
+ describe binding do
+ its('role') { should eq 'roles/editor'}
+ its('members') { should include 'user:testuser@example.com'}
+ end
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_storage_bucket_iam_policy` resource:
+
+ * `bindings`: Associates a list of members to a role.
+
+ * `role`: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
+
+ * `members`: Specifies the identities requesting access for a Cloud Platform resource.
+
+ * `audit_configs`: Specifies cloud audit logging configuration for this policy.
+
+ * `service`: Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.
+
+ * `audit_log_configs`: The configuration for logging of each type of permission.
+
+ * `log_type`: The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
+
+ * `exempted_members`: Specifies the identities that do not cause logging for this type of permission.
+
+
+
+## GCP Permissions
+
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_bucket_object.md b/docs/resources/google_storage_bucket_object.md
index 999eb68d8..bf7af6a79 100644
--- a/docs/resources/google_storage_bucket_object.md
+++ b/docs/resources/google_storage_bucket_object.md
@@ -1,70 +1,63 @@
---
-title: About the google_storage_bucket_object Resource
+title: About the google_storage_bucket_object resource
platform: gcp
---
-# google\_storage\_bucket\_object
-
-Use the `google_storage_bucket_object` InSpec audit resource to test properties of a single GCP storage bucket object.
+## Syntax
+A `google_storage_bucket_object` is used to test a Google BucketObject resource
-
+## Examples
+```
+describe google_storage_bucket_object(bucket: 'bucket-with-object', object: 'image1') do
+ it { should exist }
+ its('size.to_i') { should be > 0 }
-## Syntax
+ its('time_created') { should be > Time.now - 60*60*24*10 }
+ its('time_updated') { should be > Time.now - 60*60*24*10 }
+end
-A `google_storage_bucket_object` resource block declares the tests for a single GCP storage bucket object by bucket name and object name:
+describe google_storage_bucket_object(bucket: 'bucket-with-object', object: "nonexistent") do
+ it { should_not exist }
+end
+```
- describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
- it { should exist }
- end
+## Properties
+Properties that can be accessed from the `google_storage_bucket_object` resource:
-
-## Examples
+ * `object`: The name of the object.
-The following examples show how to use this InSpec audit resource.
+ * `content_type`: The Content-Type of the object data. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Complete_list_of_MIME_types for more information on possible Content-Types
-### Test that a GCP compute zone exists
+ * `crc32c`: CRC32c checksum.
- describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
- it { should exist }
- end
+ * `etag`: The object entity tag.
-### Test that a GCP storage bucket object has non-zero size
+ * `generation`: The content generation of this object. Used for object versioning.
- describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
- its('size') { should be > 0 }
- end
+ * `id`: The ID of the object, including the bucket name, object name, and generation number.
-### Test that a GCP storage bucket object has the expected content type
+ * `md5_hash`: MD5 hash of the data; encoded using base64.
- describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
- its('content_type') { should eq "text/plain; charset=utf-8" }
- end
+ * `media_link`: Media download link.
+ * `metageneration`: The version of the metadata for this object at this generation. Used for preconditions and for detecting changes in metadata. A metageneration number is only meaningful in the context of a particular generation of a particular object.
-### Test that a GCP storage bucket object was created within a certain time period
+ * `name`: The name of the object.
- describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
- its('time_created_date') { should be > Time.now - 365*60*60*24*10 }
- end
-
-
-### Test that a GCP storage bucket object was last updated within a certain time period
+ * `size`: Content-Length of the data in bytes.
- describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
- its('updated_date') { should be > Time.now - 365*60*60*24*10 }
- end
-
+ * `storage_class`: Storage class of the object.
-
+ * `time_created`: The time this object was created.
-## Properties
+ * `time_deleted`: The time this object was deleted. Returned if and only if this version of the object is no longer a live version, but remains in the bucket as a noncurrent version.
-* `bucket`, `content_type`, `crc32c`, `etag`, `generation`, `id`, `kind`, `md5_hash`, `media_link`, `metageneration`, `name`, `size`, `storage_class`, `time_created_date`, `time_storage_class_updated_date`, `updated_date`
+ * `time_storage_class_updated`: The time at which the object's storage class was last changed.
-
+ * `time_updated`: The modification time of the object metadata.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_buckets.md b/docs/resources/google_storage_buckets.md
index 6fea754fe..70da2f7c0 100644
--- a/docs/resources/google_storage_buckets.md
+++ b/docs/resources/google_storage_buckets.md
@@ -1,75 +1,45 @@
---
-title: About the google_storage_buckets Resource
+title: About the google_storage_buckets resource
platform: gcp
---
-# google\_storage\_bucket
-
-Use the `google_storage_buckets` InSpec audit resource to test properties of a GCP storage buckets.
-
-
-
## Syntax
-
-A `google_storage_buckets` resource block collects GCP buckets by project then tests that group.
-
- describe google_storage_buckets(project: 'chef-inspec-gcp') do
- it { should exist }
- end
-
-Use this InSpec resource to enumerate IDs then test in-depth using `google_storage_bucket`.
-
- google_storage_buckets(project: 'chef-inspec-gcp').bucket_names.each do |bucket_name|
- describe google_storage_bucket(name: bucket_name) do
- it { should exist }
- its('storage_class') { should eq 'STANDARD' }
- end
- end
-
-
+A `google_storage_buckets` is used to test a Google Bucket resource
## Examples
-
-The following examples show how to use this InSpec audit resource.
-
-### Test that there are no more than a specified number of storage buckets for the project
-
- describe google_storage_buckets(project: 'chef-inspec-gcp') do
- its('count') { should be <= 100}
- end
-
-
-### Test that an expected named bucket is available
-
- describe google_storage_buckets do
- its('bucket_names'){ should include "my_expected_bucket" }
- end
-
-### Test that all buckets belong to the expected project number
-
- google_storage_buckets(project: 'chef-inspec-gcp').bucket_names.each do |bucket_name|
- describe google_storage_bucket(name: bucket_name) do
- it { should exist }
- its('project_number'){ should eq 1122334455 }
- end
- end
-
-
-
-## Filter Criteria
-
-This resource supports the following filter criteria: `bucket_id`; `bucket_name`; `bucket_project_number` and `bucket_location`. Any of these may be used with `where`, as a block or as a method.
+```
+describe google_storage_buckets(project: 'chef-gcp-inspec') do
+ its('bucket_names') { should include bucket-name }
+end
+```
## Properties
+Properties that can be accessed from the `google_storage_buckets` resource:
+
+See [google_storage_bucket.md](google_storage_bucket.md) for more detailed information
+ * `acls`: an array of `google_storage_bucket` acl
+ * `cors`: an array of `google_storage_bucket` cors
+ * `default_object_acls`: an array of `google_storage_bucket` default_object_acl
+ * `bucket_ids`: an array of `google_storage_bucket` id
+ * `lifecycles`: an array of `google_storage_bucket` lifecycle
+ * `bucket_locations`: an array of `google_storage_bucket` location
+ * `loggings`: an array of `google_storage_bucket` logging
+ * `metagenerations`: an array of `google_storage_bucket` metageneration
+ * `bucket_names`: an array of `google_storage_bucket` name
+ * `owners`: an array of `google_storage_bucket` owner
+ * `bucket_project_numbers`: an array of `google_storage_bucket` project_number
+ * `storage_classes`: an array of `google_storage_bucket` storage_class
+ * `time_createds`: an array of `google_storage_bucket` time_created
+ * `updateds`: an array of `google_storage_bucket` updated
+ * `versionings`: an array of `google_storage_bucket` versioning
+ * `websites`: an array of `google_storage_bucket` website
+ * `projects`: an array of `google_storage_bucket` project
+ * `predefined_default_object_acls`: an array of `google_storage_bucket` predefined_default_object_acl
-* `bucket_ids` - an array of google_storage_bucket identifier strings
-* `bucket_names` - an array of google_storage_bucket name strings
-* `bucket_project_numbers`- an array of google_storage_bucket identifier integers
-* `bucket_locations`- an array of google_storage_bucket location strings
-
-
+ its('bucket') { should eq 'gcp-inspec-storage-bucket' }
+ its('email') { should include entity-email.com }
+end
-## Syntax
+describe google_storage_default_object_acl(bucket: 'gcp-inspec-storage-bucket', entity: "allUsers") do
+ it { should_not exist }
+end
+```
-A `google_storage_default_object_acl` resource block declares the tests for a single GCP storage default object ACL by bucket name and entity.
+## Properties
+Properties that can be accessed from the `google_storage_default_object_acl` resource:
- describe google_storage_default_object_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
-
+ * `domain`: The domain associated with the entity.
-## Examples
+ * `email`: The email address associated with the entity.
-The following examples show how to use this InSpec audit resource.
+ * `entity`: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as "user-liz@example.com") * group-{{groupId}} * group-{{email}} (such as "group-example@googlegroups.com") * domain-{{domain}} (such as "domain-example.com") * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
-### Test that a GCP storage bucket ACL exists
+ * `entity_id`: The ID for the entity
- describe google_storage_default_object_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
+ * `generation`: The content generation of the object, if applied to an object.
-### Test that a GCP storage default object ACL has the expected role (READER, WRITER or OWNER)
+ * `id`: The ID of the access-control entry.
- describe google_storage_default_object_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- its('role') { should eq 'OWNER' }
- end
+ * `object`: The name of the object, if applied to an object.
-
+ * `project_team`: The project team associated with the entity
-## Properties
+ * `project_number`: The project team associated with the entity
-* `email`, `entity`, `etag`, `kind`, `role`
+ * `team`: The team.
-
+ * `role`: The access permission for the entity.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/docs/resources/google_storage_object_acl.md b/docs/resources/google_storage_object_acl.md
index 1d9c5486f..212df2ae5 100644
--- a/docs/resources/google_storage_object_acl.md
+++ b/docs/resources/google_storage_object_acl.md
@@ -1,49 +1,53 @@
---
-title: About the google_storage_object_acl Resource
+title: About the google_storage_object_acl resource
platform: gcp
---
-# google\_storage\_object\_acl
+## Syntax
+A `google_storage_object_acl` is used to test a Google ObjectACL resource
-Use the `google_storage_object_acl` InSpec audit resource to test properties of a single GCP storage object ACL. See the [Google documentation for this here](https://cloud.google.com/storage/docs/access-control/lists) covering the possible values for 'entity' argument below.
+## Examples
+```
+describe google_storage_object_acl(bucket: 'bucket-with-object', object: 'image1', entity: user-email) do
+ it { should exist }
+ its('role') { should cmp "OWNER" }
-
+ its('bucket') { should eq 'bucket-with-object' }
+ its('email') { should include entity-email.com }
+end
-## Syntax
+describe google_storage_object_acl(bucket: 'bucket-with-object', object: 'image1', entity: "allUsers") do
+ it { should_not exist }
+end
+```
-A `google_storage_object_acl` resource block declares the tests for a single GCP storage object ACL by bucket name, object name and entity.
+## Properties
+Properties that can be accessed from the `google_storage_object_acl` resource:
- describe google_storage_object_acl(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
-
+ * `domain`: The domain associated with the entity.
-## Examples
+ * `email`: The email address associated with the entity.
-The following examples show how to use this InSpec audit resource.
+ * `entity`: The entity holding the permission, in one of the following forms: * user-{{userId}} * user-{{email}} (such as "user-liz@example.com") * group-{{groupId}} * group-{{email}} (such as "group-example@googlegroups.com") * domain-{{domain}} (such as "domain-example.com") * project-team-{{projectId}} * allUsers * allAuthenticatedUsers
-### Test that a GCP storage bucket ACL exists
+ * `entity_id`: The ID for the entity
- describe google_storage_object_acl(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
+ * `generation`: The content generation of the object, if applied to an object.
-### Test that a GCP storage object ACL has the expected role (READER, WRITER or OWNER)
+ * `id`: The ID of the access-control entry.
- describe google_storage_object_acl(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- its('role') { should eq 'OWNER' }
- end
+ * `object`: The name of the object, if applied to an object.
-
+ * `project_team`: The project team associated with the entity
-## Properties
+ * `project_number`: The project team associated with the entity
-* `bucket`, `email`, `entity`, `etag`, `generation`, `id`, `kind`, `object`, `role`
+ * `team`: The team.
-
+ * `role`: The access permission for the entity.
## GCP Permissions
-Ensure the [Google Cloud Storage API](https://console.cloud.google.com/apis/api/storage-component.googleapis.com/) is enabled.
\ No newline at end of file
+Ensure the [Google Cloud Storage](https://console.cloud.google.com/apis/library/storage-component.googleapis.com/) is enabled for the current project.
diff --git a/libraries/google/storage/property/bucket_acl.rb b/libraries/google/storage/property/bucket_acl.rb
new file mode 100644
index 000000000..ec2cfa7d8
--- /dev/null
+++ b/libraries/google/storage/property/bucket_acl.rb
@@ -0,0 +1,64 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/storage/property/bucket_acl_project_team'
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketAcl
+ attr_reader :bucket
+
+ attr_reader :domain
+
+ attr_reader :email
+
+ attr_reader :entity
+
+ attr_reader :entity_id
+
+ attr_reader :id
+
+ attr_reader :project_team
+
+ attr_reader :role
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @bucket = args['bucket']
+ @domain = args['domain']
+ @email = args['email']
+ @entity = args['entity']
+ @entity_id = args['entityId']
+ @id = args['id']
+ @project_team = GoogleInSpec::Storage::Property::BucketAclProjectTeam.new(args['projectTeam'], to_s)
+ @role = args['role']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketAcl"
+ end
+ end
+
+ class BucketAclArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return BucketAcl.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| BucketAcl.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_acl_project_team.rb b/libraries/google/storage/property/bucket_acl_project_team.rb
new file mode 100644
index 000000000..3657f7901
--- /dev/null
+++ b/libraries/google/storage/property/bucket_acl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketAclProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketAclProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_cors.rb b/libraries/google/storage/property/bucket_cors.rb
new file mode 100644
index 000000000..0f1cc3cdc
--- /dev/null
+++ b/libraries/google/storage/property/bucket_cors.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketCors
+ attr_reader :max_age_seconds
+
+ attr_reader :method
+
+ attr_reader :origin
+
+ attr_reader :response_header
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @max_age_seconds = args['maxAgeSeconds']
+ @method = args['method']
+ @origin = args['origin']
+ @response_header = args['responseHeader']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketCors"
+ end
+ end
+
+ class BucketCorsArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return BucketCors.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| BucketCors.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_default_object_acl.rb b/libraries/google/storage/property/bucket_default_object_acl.rb
new file mode 100644
index 000000000..582a22709
--- /dev/null
+++ b/libraries/google/storage/property/bucket_default_object_acl.rb
@@ -0,0 +1,70 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/storage/property/bucket_default_object_acl_project_team'
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketDefaultObjectAcl
+ attr_reader :bucket
+
+ attr_reader :domain
+
+ attr_reader :email
+
+ attr_reader :entity
+
+ attr_reader :entity_id
+
+ attr_reader :generation
+
+ attr_reader :id
+
+ attr_reader :object
+
+ attr_reader :project_team
+
+ attr_reader :role
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @bucket = args['bucket']
+ @domain = args['domain']
+ @email = args['email']
+ @entity = args['entity']
+ @entity_id = args['entityId']
+ @generation = args['generation']
+ @id = args['id']
+ @object = args['object']
+ @project_team = GoogleInSpec::Storage::Property::BucketDefaultObjectAclProjectTeam.new(args['projectTeam'], to_s)
+ @role = args['role']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketDefaultObjectAcl"
+ end
+ end
+
+ class BucketDefaultObjectAclArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return BucketDefaultObjectAcl.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| BucketDefaultObjectAcl.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_default_object_acl_project_team.rb b/libraries/google/storage/property/bucket_default_object_acl_project_team.rb
new file mode 100644
index 000000000..25659cc5e
--- /dev/null
+++ b/libraries/google/storage/property/bucket_default_object_acl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketDefaultObjectAclProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketDefaultObjectAclProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_lifecycle.rb b/libraries/google/storage/property/bucket_lifecycle.rb
new file mode 100644
index 000000000..4042b6355
--- /dev/null
+++ b/libraries/google/storage/property/bucket_lifecycle.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/storage/property/bucket_lifecycle_rule'
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLifecycle
+ attr_reader :rule
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @rule = GoogleInSpec::Storage::Property::BucketLifecycleRuleArray.parse(args['rule'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLifecycle"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_lifecycle_rule.rb b/libraries/google/storage/property/bucket_lifecycle_rule.rb
new file mode 100644
index 000000000..364d541ad
--- /dev/null
+++ b/libraries/google/storage/property/bucket_lifecycle_rule.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'google/storage/property/bucket_lifecycle_rule_action'
+require 'google/storage/property/bucket_lifecycle_rule_condition'
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLifecycleRule
+ attr_reader :action
+
+ attr_reader :condition
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @action = GoogleInSpec::Storage::Property::BucketLifecycleRuleAction.new(args['action'], to_s)
+ @condition = GoogleInSpec::Storage::Property::BucketLifecycleRuleCondition.new(args['condition'], to_s)
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLifecycleRule"
+ end
+ end
+
+ class BucketLifecycleRuleArray
+ def self.parse(value, parent_identifier)
+ return if value.nil?
+ return BucketLifecycleRule.new(value, parent_identifier) unless value.is_a?(::Array)
+ value.map { |v| BucketLifecycleRule.new(v, parent_identifier) }
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_lifecycle_rule_action.rb b/libraries/google/storage/property/bucket_lifecycle_rule_action.rb
new file mode 100644
index 000000000..36173d301
--- /dev/null
+++ b/libraries/google/storage/property/bucket_lifecycle_rule_action.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLifecycleRuleAction
+ attr_reader :storage_class
+
+ attr_reader :type
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @storage_class = args['storageClass']
+ @type = args['type']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLifecycleRuleAction"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_lifecycle_rule_condition.rb b/libraries/google/storage/property/bucket_lifecycle_rule_condition.rb
new file mode 100644
index 000000000..519ba0641
--- /dev/null
+++ b/libraries/google/storage/property/bucket_lifecycle_rule_condition.rb
@@ -0,0 +1,51 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLifecycleRuleCondition
+ attr_reader :age_days
+
+ attr_reader :created_before
+
+ attr_reader :is_live
+
+ attr_reader :matches_storage_class
+
+ attr_reader :num_newer_versions
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @age_days = args['age']
+ @created_before = parse_time_string(args['createdBefore'])
+ @is_live = args['isLive']
+ @matches_storage_class = args['matchesStorageClass']
+ @num_newer_versions = args['numNewerVersions']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLifecycleRuleCondition"
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_logging.rb b/libraries/google/storage/property/bucket_logging.rb
new file mode 100644
index 000000000..4625b7ea3
--- /dev/null
+++ b/libraries/google/storage/property/bucket_logging.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketLogging
+ attr_reader :log_bucket
+
+ attr_reader :log_object_prefix
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @log_bucket = args['logBucket']
+ @log_object_prefix = args['logObjectPrefix']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketLogging"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_owner.rb b/libraries/google/storage/property/bucket_owner.rb
new file mode 100644
index 000000000..06b76ac89
--- /dev/null
+++ b/libraries/google/storage/property/bucket_owner.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketOwner
+ attr_reader :entity
+
+ attr_reader :entity_id
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @entity = args['entity']
+ @entity_id = args['entityId']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketOwner"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_versioning.rb b/libraries/google/storage/property/bucket_versioning.rb
new file mode 100644
index 000000000..747b99878
--- /dev/null
+++ b/libraries/google/storage/property/bucket_versioning.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketVersioning
+ attr_reader :enabled
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @enabled = args['enabled']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketVersioning"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucket_website.rb b/libraries/google/storage/property/bucket_website.rb
new file mode 100644
index 000000000..096b53f67
--- /dev/null
+++ b/libraries/google/storage/property/bucket_website.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketWebsite
+ attr_reader :main_page_suffix
+
+ attr_reader :not_found_page
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @main_page_suffix = args['mainPageSuffix']
+ @not_found_page = args['notFoundPage']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketWebsite"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/bucketacl_project_team.rb b/libraries/google/storage/property/bucketacl_project_team.rb
new file mode 100644
index 000000000..02370f3df
--- /dev/null
+++ b/libraries/google/storage/property/bucketacl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class BucketACLProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} BucketACLProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/defaultobjectacl_project_team.rb b/libraries/google/storage/property/defaultobjectacl_project_team.rb
new file mode 100644
index 000000000..19df5674e
--- /dev/null
+++ b/libraries/google/storage/property/defaultobjectacl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class DefaultObjectACLProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} DefaultObjectACLProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google/storage/property/objectacl_project_team.rb b/libraries/google/storage/property/objectacl_project_team.rb
new file mode 100644
index 000000000..481835bc8
--- /dev/null
+++ b/libraries/google/storage/property/objectacl_project_team.rb
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+ module Storage
+ module Property
+ class ObjectACLProjectTeam
+ attr_reader :project_number
+
+ attr_reader :team
+
+ def initialize(args = nil, parent_identifier = nil)
+ return if args.nil?
+ @parent_identifier = parent_identifier
+ @project_number = args['projectNumber']
+ @team = args['team']
+ end
+
+ def to_s
+ "#{@parent_identifier} ObjectACLProjectTeam"
+ end
+ end
+ end
+ end
+end
diff --git a/libraries/google_compute_subnetwork_iam_binding.rb b/libraries/google_compute_subnetwork_iam_binding.rb
new file mode 100644
index 000000000..542099847
--- /dev/null
+++ b/libraries/google_compute_subnetwork_iam_binding.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Compute Engine IAM Binding resources.
+class SubnetworkIamBinding < GcpResourceBase
+ name 'google_compute_subnetwork_iam_binding'
+ desc 'Subnetwork Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ @members_list = binding.members
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Subnetwork IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/compute/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/regions/{{region}}/subnetworks/{{name}}/getIamPolicy'
+ end
+end
diff --git a/libraries/google_pubsub_subscription_iam_binding.rb b/libraries/google_pubsub_subscription_iam_binding.rb
new file mode 100644
index 000000000..98bb8631b
--- /dev/null
+++ b/libraries/google_pubsub_subscription_iam_binding.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Pub/Sub IAM Binding resources.
+class SubscriptionIamBinding < GcpResourceBase
+ name 'google_pubsub_subscription_iam_binding'
+ desc 'Subscription Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ @members_list = binding.members
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Subscription IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://pubsub.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/subscriptions/{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_pubsub_topic_iam_binding.rb b/libraries/google_pubsub_topic_iam_binding.rb
new file mode 100644
index 000000000..bcd089529
--- /dev/null
+++ b/libraries/google_pubsub_topic_iam_binding.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Pub/Sub IAM Binding resources.
+class TopicIamBinding < GcpResourceBase
+ name 'google_pubsub_topic_iam_binding'
+ desc 'Topic Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ @members_list = binding.members
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Topic IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://pubsub.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/topics/{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_resourcemanager_project_iam_binding.rb b/libraries/google_resourcemanager_project_iam_binding.rb
new file mode 100644
index 000000000..8f2c7e552
--- /dev/null
+++ b/libraries/google_resourcemanager_project_iam_binding.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Resource Manager IAM Binding resources.
+class ProjectIamBinding < GcpResourceBase
+ name 'google_resourcemanager_project_iam_binding'
+ desc 'Project Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ @members_list = binding.members
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Project IamBinding #{@params[:project_id]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://cloudresourcemanager.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project_id}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_runtime_config_config_iam_binding.rb b/libraries/google_runtime_config_config_iam_binding.rb
new file mode 100644
index 000000000..bc002176b
--- /dev/null
+++ b/libraries/google_runtime_config_config_iam_binding.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Runtime Configuration IAM Binding resources.
+class ConfigIamBinding < GcpResourceBase
+ name 'google_runtime_config_config_iam_binding'
+ desc 'Config Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ @members_list = binding.members
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Config IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://runtimeconfig.googleapis.com/v1beta1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/configs/{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_spanner_instance_iam_binding.rb b/libraries/google_spanner_instance_iam_binding.rb
new file mode 100644
index 000000000..f3e0a144e
--- /dev/null
+++ b/libraries/google_spanner_instance_iam_binding.rb
@@ -0,0 +1,65 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Spanner IAM Binding resources.
+class InstanceIamBinding < GcpResourceBase
+ name 'google_spanner_instance_iam_binding'
+ desc 'Instance Iam Binding'
+ supports platform: 'gcp'
+
+ attr_reader :params
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Post')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ @members_list = binding.members
+ @iam_binding_exists = true
+ end
+ end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Instance IamBinding #{@params[:name]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://spanner.googleapis.com/v1/'
+ end
+
+ def resource_base_url
+ 'projects/{{project}}/instances/{{name}}:getIamPolicy'
+ end
+end
diff --git a/libraries/google_storage_bucket.rb b/libraries/google_storage_bucket.rb
index 1f3c7f1f0..69d31af01 100644
--- a/libraries/google_storage_bucket.rb
+++ b/libraries/google_storage_bucket.rb
@@ -1,48 +1,103 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/storage/property/bucket_acl'
+require 'google/storage/property/bucket_cors'
+require 'google/storage/property/bucket_default_object_acl'
+require 'google/storage/property/bucket_lifecycle'
+require 'google/storage/property/bucket_lifecycle_rule'
+require 'google/storage/property/bucket_logging'
+require 'google/storage/property/bucket_owner'
+require 'google/storage/property/bucket_versioning'
+require 'google/storage/property/bucket_website'
-module Inspec::Resources
- class GoogleStorageBucket < GcpResourceBase
- name 'google_storage_bucket'
- desc 'Verifies settings for a bucket'
-
- example "
- describe google_storage_bucket(name: 'inspec-test-bucket') do
- it { should exist }
- its('storage_class') { should eq 'REGIONAL' }
- its('location') { should eq 'US-CENTRAL1' }
- its('lifecycle') { should eq 'enabled' }
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @display_name = opts[:name]
- catch_gcp_errors do
- @bucket = @gcp.gcp_storage_client.get_bucket(opts[:name])
- create_resource_methods(@bucket)
- end
- end
-
- def exists?
- !@bucket.nil?
- end
-
- def has_versioning_enabled?
- return false if !defined?(@bucket.versioning)
- return false if @bucket.versioning.nil?
- @bucket.versioning.enabled
- end
-
- def has_logging_enabled?
- return false if !defined?(@bucket.logging)
- return false if @bucket.logging.nil?
- true
- end
-
- def to_s
- "Bucket #{@display_name}"
- end
+# A provider to manage Cloud Storage resources.
+class StorageBucket < GcpResourceBase
+ name 'google_storage_bucket'
+ desc 'Bucket'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :acl
+ attr_reader :cors
+ attr_reader :default_object_acl
+ attr_reader :id
+ attr_reader :lifecycle
+ attr_reader :location
+ attr_reader :logging
+ attr_reader :metageneration
+ attr_reader :name
+ attr_reader :owner
+ attr_reader :project_number
+ attr_reader :storage_class
+ attr_reader :time_created
+ attr_reader :updated
+ attr_reader :versioning
+ attr_reader :website
+ attr_reader :project
+ attr_reader :predefined_default_object_acl
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @acl = GoogleInSpec::Storage::Property::BucketAclArray.parse(@fetched['acl'], to_s)
+ @cors = GoogleInSpec::Storage::Property::BucketCorsArray.parse(@fetched['cors'], to_s)
+ @default_object_acl = GoogleInSpec::Storage::Property::BucketDefaultObjectAclArray.parse(@fetched['defaultObjectAcl'], to_s)
+ @id = @fetched['id']
+ @lifecycle = GoogleInSpec::Storage::Property::BucketLifecycle.new(@fetched['lifecycle'], to_s)
+ @location = @fetched['location']
+ @logging = GoogleInSpec::Storage::Property::BucketLogging.new(@fetched['logging'], to_s)
+ @metageneration = @fetched['metageneration']
+ @name = @fetched['name']
+ @owner = GoogleInSpec::Storage::Property::BucketOwner.new(@fetched['owner'], to_s)
+ @project_number = @fetched['projectNumber']
+ @storage_class = @fetched['storageClass']
+ @time_created = parse_time_string(@fetched['timeCreated'])
+ @updated = parse_time_string(@fetched['updated'])
+ @versioning = GoogleInSpec::Storage::Property::BucketVersioning.new(@fetched['versioning'], to_s)
+ @website = GoogleInSpec::Storage::Property::BucketWebsite.new(@fetched['website'], to_s)
+ @project = @fetched['project']
+ @predefined_default_object_acl = @fetched['predefinedDefaultObjectAcl']
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Bucket #{@params[:name]}"
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{name}}?projection=full'
end
end
diff --git a/libraries/google_storage_bucket_acl.rb b/libraries/google_storage_bucket_acl.rb
index 53b57245b..49b050a26 100644
--- a/libraries/google_storage_bucket_acl.rb
+++ b/libraries/google_storage_bucket_acl.rb
@@ -1,41 +1,72 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/storage/property/bucketacl_project_team'
-module Inspec::Resources
- class GoogleStorageBucketAcl < GcpResourceBase
- name 'google_storage_bucket_acl'
- desc 'Verifies settings for a storage bucket ACL'
-
- example "
- describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @entity = opts[:entity]
- begin
- @acl = @gcp.gcp_storage_client.get_bucket_access_control(@bucket, @entity)
- create_resource_methods(@acl)
- # all non-existing entities raise a "Not Found" client error
- rescue Google::Apis::ClientError => e
- # re-raise the exception if the error is not "Not Found"
- raise e unless e.status_code == 404
- @acl = nil
- @error = JSON.parse(e.body)
- end
- end
-
- def exists?
- !@acl.nil?
- end
-
- def to_s
- "Storage Bucket ACL #{@bucket}"
- end
+# A provider to manage Cloud Storage resources.
+class StorageBucketACL < GcpResourceBase
+ name 'google_storage_bucket_acl'
+ desc 'BucketACL'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :domain
+ attr_reader :email
+ attr_reader :entity
+ attr_reader :entity_id
+ attr_reader :id
+ attr_reader :project_team
+ attr_reader :role
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @domain = @fetched['domain']
+ @email = @fetched['email']
+ @entity = @fetched['entity']
+ @entity_id = @fetched['entityId']
+ @id = @fetched['id']
+ @project_team = GoogleInSpec::Storage::Property::BucketACLProjectTeam.new(@fetched['projectTeam'], to_s)
+ @role = @fetched['role']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "BucketACL #{@params[:entity]}"
+ end
+
+ def bucket
+ @params[:bucket]
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/acl/{{entity}}'
end
end
diff --git a/libraries/google_storage_bucket_iam_binding.rb b/libraries/google_storage_bucket_iam_binding.rb
index 49de4b189..ffdd4b18d 100644
--- a/libraries/google_storage_bucket_iam_binding.rb
+++ b/libraries/google_storage_bucket_iam_binding.rb
@@ -1,48 +1,65 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/iam/property/iam_policy_bindings'
-module Inspec::Resources
- class GoogleStorageBucketIamBinding < GcpResourceBase
- name 'google_storage_bucket_iam_binding'
- desc 'Verifies settings for a storage bucket IAM binding'
-
- example "
- describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz', role: 'roles/storage.objectViewer') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @role = opts[:role]
- @iam_binding_exists = false
- @members_list=[]
- catch_gcp_errors do
- # note this is the same call as for the plural iam_bindings resource because there isn't an easy way to pull out a singular binding
- @iam_bindings = @gcp.gcp_storage_client.get_bucket_iam_policy(@bucket)
- raise Inspec::Exceptions::ResourceFailed, "google_storage_bucket_iam_binding is missing expected IAM policy 'bindings' property" if !@iam_bindings || !@iam_bindings.bindings
- @iam_bindings.bindings.each do |binding|
- next if binding.role != @role
- @iam_binding_exists=true
- @members_list=binding.members
- end
- end
- end
+# A provider to manage Cloud Storage IAM Binding resources.
+class BucketIamBinding < GcpResourceBase
+ name 'google_storage_bucket_iam_binding'
+ desc 'Bucket Iam Binding'
+ supports platform: 'gcp'
- # return the list of users corresponding to the role
- def members
- @members_list
- end
+ attr_reader :params
- def exists?
- @iam_binding_exists
- end
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ raise "Expected 'role' to be defined for iam_binding resource" unless params.key?(:role)
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
- def to_s
- "Storage Bucket IAM Binding #{@role}"
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @bindings.each do |binding|
+ next if binding.role != params[:role]
+ @members_list = binding.members
+ @iam_binding_exists = true
end
end
+
+ def exists?
+ @iam_binding_exists
+ end
+
+ def members
+ @members_list
+ end
+
+ def to_s
+ "Bucket IamBinding #{@params[:bucket]} Role: #{@params[:role]}"
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/iam'
+ end
end
diff --git a/libraries/google_storage_bucket_iam_policy.rb b/libraries/google_storage_bucket_iam_policy.rb
new file mode 100644
index 000000000..bd2eb66b6
--- /dev/null
+++ b/libraries/google_storage_bucket_iam_policy.rb
@@ -0,0 +1,59 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/iam/property/iam_policy_audit_configs'
+require 'google/iam/property/iam_policy_bindings'
+
+# A provider to manage Cloud Storage IAM Policy resources.
+class BucketIamPolicy < GcpResourceBase
+ name 'google_storage_bucket_iam_policy'
+ desc 'Bucket Iam Policy'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :bindings
+ attr_reader :audit_configs
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @bindings = GoogleInSpec::Iam::Property::IamPolicyBindingsArray.parse(@fetched['bindings'], to_s)
+ @audit_configs = GoogleInSpec::Iam::Property::IamPolicyAuditConfigsArray.parse(@fetched['auditConfigs'], to_s)
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "Bucket IamPolicy #{@params[:bucket]}"
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/iam'
+ end
+end
diff --git a/libraries/google_storage_bucket_object.rb b/libraries/google_storage_bucket_object.rb
index 8477ba338..03c2ef59d 100644
--- a/libraries/google_storage_bucket_object.rb
+++ b/libraries/google_storage_bucket_object.rb
@@ -1,53 +1,94 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'time'
-
-module Inspec::Resources
- class GoogleStorageBucketObject < GcpResourceBase
- name 'google_storage_bucket_object'
- desc 'Verifies settings for a storage bucket object'
-
- example "
- describe google_storage_bucket_object(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq') do
- it { should exist }
- end
- "
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @object = opts[:object]
- catch_gcp_errors do
- @bucket_object = @gcp.gcp_storage_client.get_object(@bucket, @object)
- @time_created = @bucket_object.time_created
- @time_updated = @bucket_object.updated
- @time_class_updated = @bucket_object.time_storage_class_updated
- create_resource_methods(@bucket_object)
- end
- end
-
- def updated_date
- return false if !defined?(@time_updated) || @time_updated.nil?
- Time.parse(@time_updated.to_s)
- end
-
- def time_storage_class_updated_date
- return false if !defined?(@time_class_updated) || @time_class_updated.nil?
- Time.parse(@time_class_updated.to_s)
- end
-
- def time_created_date
- return false if !defined?(@time_created) || @time_created.nil?
- Time.parse(@time_created.to_s)
- end
-
- def exists?
- !@bucket_object.nil?
- end
-
- def to_s
- "Bucket object #{@bucket}/#{@object}"
- end
+
+# A provider to manage Cloud Storage resources.
+class StorageBucketObject < GcpResourceBase
+ name 'google_storage_bucket_object'
+ desc 'BucketObject'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :object
+ attr_reader :content_type
+ attr_reader :crc32c
+ attr_reader :etag
+ attr_reader :generation
+ attr_reader :id
+ attr_reader :md5_hash
+ attr_reader :media_link
+ attr_reader :metageneration
+ attr_reader :name
+ attr_reader :size
+ attr_reader :storage_class
+ attr_reader :time_created
+ attr_reader :time_deleted
+ attr_reader :time_storage_class_updated
+ attr_reader :time_updated
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @object = @fetched['object']
+ @content_type = @fetched['contentType']
+ @crc32c = @fetched['crc32c']
+ @etag = @fetched['etag']
+ @generation = @fetched['generation']
+ @id = @fetched['id']
+ @md5_hash = @fetched['md5Hash']
+ @media_link = @fetched['mediaLink']
+ @metageneration = @fetched['metageneration']
+ @name = @fetched['name']
+ @size = @fetched['size']
+ @storage_class = @fetched['storageClass']
+ @time_created = parse_time_string(@fetched['timeCreated'])
+ @time_deleted = parse_time_string(@fetched['timeDeleted'])
+ @time_storage_class_updated = parse_time_string(@fetched['timeStorageClassUpdated'])
+ @time_updated = parse_time_string(@fetched['updated'])
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "BucketObject #{@params[:object]}"
+ end
+
+ def bucket
+ @params[:bucket]
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/o/{{object}}'
end
end
diff --git a/libraries/google_storage_buckets.rb b/libraries/google_storage_buckets.rb
index 7970f951d..0a4217afd 100644
--- a/libraries/google_storage_buckets.rb
+++ b/libraries/google_storage_buckets.rb
@@ -1,51 +1,118 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+class StorageBuckets < GcpResourceBase
+ name 'google_storage_buckets'
+ desc 'Bucket plural resource'
+ supports platform: 'gcp'
-module Inspec::Resources
- class GoogleStorageBuckets < GcpResourceBase
- name 'google_storage_buckets'
- desc 'Verifies settings for GCP storage buckets in bulk'
+ attr_reader :table
- example "
- describe google_storage_buckets(project: 'chef-inspec-gcp') do
- it { should exist }
- ...
- end
- "
+ filter_table_config = FilterTable.create
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @project = opts[:project]
- end
+ filter_table_config.add(:acls, field: :acl)
+ filter_table_config.add(:cors, field: :cors)
+ filter_table_config.add(:default_object_acls, field: :default_object_acl)
+ filter_table_config.add(:bucket_ids, field: :bucket_id)
+ filter_table_config.add(:lifecycles, field: :lifecycle)
+ filter_table_config.add(:bucket_locations, field: :bucket_location)
+ filter_table_config.add(:loggings, field: :logging)
+ filter_table_config.add(:metagenerations, field: :metageneration)
+ filter_table_config.add(:bucket_names, field: :bucket_name)
+ filter_table_config.add(:owners, field: :owner)
+ filter_table_config.add(:bucket_project_numbers, field: :bucket_project_number)
+ filter_table_config.add(:storage_classes, field: :storage_class)
+ filter_table_config.add(:time_createds, field: :time_created)
+ filter_table_config.add(:updateds, field: :updated)
+ filter_table_config.add(:versionings, field: :versioning)
+ filter_table_config.add(:websites, field: :website)
+ filter_table_config.add(:projects, field: :project)
+ filter_table_config.add(:predefined_default_object_acls, field: :predefined_default_object_acl)
- # FilterTable setup
- filter_table_config = FilterTable.create
- filter_table_config.add(:bucket_ids, field: :bucket_id)
- filter_table_config.add(:bucket_names, field: :bucket_name)
- filter_table_config.add(:bucket_project_numbers, field: :bucket_project_number)
- filter_table_config.add(:bucket_locations, field: :bucket_location)
- filter_table_config.connect(self, :fetch_data)
-
- def fetch_data
- bucket_rows = []
- next_page = nil
- loop do
- catch_gcp_errors do
- @buckets = @gcp.gcp_storage_client.list_buckets(@project, page_token: next_page)
- end
- return [] if !@buckets || !@buckets.items
- @buckets.items.map do |bucket|
- bucket_rows+=[{ bucket_id: bucket.id,
- bucket_name: bucket.name,
- bucket_project_number: bucket.project_number,
- bucket_location: bucket.location }]
+ filter_table_config.connect(self, :table)
+
+ def initialize(params = {})
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @table = fetch_wrapped_resource('items')
+ end
+
+ def fetch_wrapped_resource(wrap_path)
+ # fetch_resource returns an array of responses (to handle pagination)
+ result = @connection.fetch_all(product_url, resource_base_url, @params, 'Get')
+ return if result.nil?
+
+ # Conversion of string -> object hash to symbol -> object hash that InSpec needs
+ converted = []
+ result.each do |response|
+ next if response.nil? || !response.key?(wrap_path)
+ response[wrap_path].each do |hash|
+ hash_with_symbols = {}
+ hash.each_key do |key|
+ name, value = transform(key, hash)
+ hash_with_symbols[name] = value
end
- next_page = @buckets.next_page_token
- break unless next_page
+ converted.push(hash_with_symbols)
end
- @table = bucket_rows
end
+
+ converted
+ end
+
+ def transform(key, value)
+ return transformers[key].call(value) if transformers.key?(key)
+
+ [key.to_sym, value]
+ end
+
+ def transformers
+ {
+ 'acl' => ->(obj) { return :acl, GoogleInSpec::Storage::Property::BucketAclArray.parse(obj['acl'], to_s) },
+ 'cors' => ->(obj) { return :cors, GoogleInSpec::Storage::Property::BucketCorsArray.parse(obj['cors'], to_s) },
+ 'defaultObjectAcl' => ->(obj) { return :default_object_acl, GoogleInSpec::Storage::Property::BucketDefaultObjectAclArray.parse(obj['defaultObjectAcl'], to_s) },
+ 'id' => ->(obj) { return :bucket_id, obj['id'] },
+ 'lifecycle' => ->(obj) { return :lifecycle, GoogleInSpec::Storage::Property::BucketLifecycle.new(obj['lifecycle'], to_s) },
+ 'location' => ->(obj) { return :bucket_location, obj['location'] },
+ 'logging' => ->(obj) { return :logging, GoogleInSpec::Storage::Property::BucketLogging.new(obj['logging'], to_s) },
+ 'metageneration' => ->(obj) { return :metageneration, obj['metageneration'] },
+ 'name' => ->(obj) { return :bucket_name, obj['name'] },
+ 'owner' => ->(obj) { return :owner, GoogleInSpec::Storage::Property::BucketOwner.new(obj['owner'], to_s) },
+ 'projectNumber' => ->(obj) { return :bucket_project_number, obj['projectNumber'] },
+ 'storageClass' => ->(obj) { return :storage_class, obj['storageClass'] },
+ 'timeCreated' => ->(obj) { return :time_created, parse_time_string(obj['timeCreated']) },
+ 'updated' => ->(obj) { return :updated, parse_time_string(obj['updated']) },
+ 'versioning' => ->(obj) { return :versioning, GoogleInSpec::Storage::Property::BucketVersioning.new(obj['versioning'], to_s) },
+ 'website' => ->(obj) { return :website, GoogleInSpec::Storage::Property::BucketWebsite.new(obj['website'], to_s) },
+ 'project' => ->(obj) { return :project, obj['project'] },
+ 'predefinedDefaultObjectAcl' => ->(obj) { return :predefined_default_object_acl, obj['predefinedDefaultObjectAcl'] },
+ }
+ end
+
+ # Handles parsing RFC3339 time string
+ def parse_time_string(time_string)
+ time_string ? Time.parse(time_string) : nil
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b?project={{project}}&projection=full'
end
end
diff --git a/libraries/google_storage_default_object_acl.rb b/libraries/google_storage_default_object_acl.rb
index 20aaff0be..d137fe721 100644
--- a/libraries/google_storage_default_object_acl.rb
+++ b/libraries/google_storage_default_object_acl.rb
@@ -1,41 +1,76 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
+require 'google/storage/property/defaultobjectacl_project_team'
-module Inspec::Resources
- class GoogleStorageDefaultObjectAcl < GcpResourceBase
- name 'google_storage_default_object_acl'
- desc 'Verifies settings for a storage default object ACL'
-
- example "
- describe google_storage_default_object_acl(bucket: 'bucket-buvsjjcndqz', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @entity = opts[:entity]
- begin
- @acl = @gcp.gcp_storage_client.get_default_object_access_control(@bucket, @entity)
- create_resource_methods(@acl)
- # all non-existing entities raise a "Not Found" client error
- rescue Google::Apis::ClientError => e
- @acl=nil
- @error=JSON.parse(e.body)
- end
- end
-
- def exists?
- !@acl.nil?
- end
-
- attr_reader :error
-
- def to_s
- "Storage Default Object ACL #{@bucket} #{@entity}"
- end
+# A provider to manage Cloud Storage resources.
+class StorageDefaultObjectACL < GcpResourceBase
+ name 'google_storage_default_object_acl'
+ desc 'DefaultObjectACL'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :domain
+ attr_reader :email
+ attr_reader :entity
+ attr_reader :entity_id
+ attr_reader :generation
+ attr_reader :id
+ attr_reader :object
+ attr_reader :project_team
+ attr_reader :role
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @domain = @fetched['domain']
+ @email = @fetched['email']
+ @entity = @fetched['entity']
+ @entity_id = @fetched['entityId']
+ @generation = @fetched['generation']
+ @id = @fetched['id']
+ @object = @fetched['object']
+ @project_team = GoogleInSpec::Storage::Property::DefaultObjectACLProjectTeam.new(@fetched['projectTeam'], to_s)
+ @role = @fetched['role']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "DefaultObjectACL #{@params[:entity]}"
+ end
+
+ def bucket
+ @params[:bucket]
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/defaultObjectAcl/{{entity}}'
end
end
diff --git a/libraries/google_storage_object_acl.rb b/libraries/google_storage_object_acl.rb
index 8ea3b79ee..4a794a5aa 100644
--- a/libraries/google_storage_object_acl.rb
+++ b/libraries/google_storage_object_acl.rb
@@ -1,43 +1,76 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
require 'gcp_backend'
-require 'json'
-
-module Inspec::Resources
- class GoogleStorageObjectAcl < GcpResourceBase
- name 'google_storage_object_acl'
- desc 'Verifies settings for a storage object ACL'
-
- example "
- describe google_storage_object_acl(bucket: 'bucket-buvsjjcndqz', object: 'bucket-object-pmxbiikq', entity: 'user-object-viewer@spaterson-project.iam.gserviceaccount.com') do
- it { should exist }
- end
- "
-
- def initialize(opts = {})
- # Call the parent class constructor
- super(opts)
- @bucket = opts[:bucket]
- @object = opts[:object]
- @entity = opts[:entity]
- begin
- @acl = @gcp.gcp_storage_client.get_object_access_control(@bucket, @object, @entity)
- create_resource_methods(@acl)
- # all non-existing entities raise a "Not Found" client error
- rescue Google::Apis::ClientError => e
- @acl=nil
- @error=JSON.parse(e.body)
- end
- end
-
- def exists?
- !@acl.nil?
- end
-
- attr_reader :error
-
- def to_s
- "Storage Object ACL #{@object} #{@entity}"
- end
+require 'google/storage/property/objectacl_project_team'
+
+# A provider to manage Cloud Storage resources.
+class StorageObjectACL < GcpResourceBase
+ name 'google_storage_object_acl'
+ desc 'ObjectACL'
+ supports platform: 'gcp'
+
+ attr_reader :params
+ attr_reader :domain
+ attr_reader :email
+ attr_reader :entity
+ attr_reader :entity_id
+ attr_reader :generation
+ attr_reader :id
+ attr_reader :object
+ attr_reader :project_team
+ attr_reader :role
+
+ def initialize(params)
+ super(params.merge({ use_http_transport: true }))
+ @params = params
+ @fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+ parse unless @fetched.nil?
+ end
+
+ def parse
+ @domain = @fetched['domain']
+ @email = @fetched['email']
+ @entity = @fetched['entity']
+ @entity_id = @fetched['entityId']
+ @generation = @fetched['generation']
+ @id = @fetched['id']
+ @object = @fetched['object']
+ @project_team = GoogleInSpec::Storage::Property::ObjectACLProjectTeam.new(@fetched['projectTeam'], to_s)
+ @role = @fetched['role']
+ end
+
+ def exists?
+ !@fetched.nil?
+ end
+
+ def to_s
+ "ObjectACL #{@params[:entity]}"
+ end
+
+ def bucket
+ @params[:bucket]
+ end
+
+ private
+
+ def product_url
+ 'https://www.googleapis.com/storage/v1/'
+ end
+
+ def resource_base_url
+ 'b/{{bucket}}/o/{{object}}/acl/{{entity}}'
end
end
diff --git a/test/integration/verify/controls/google_storage_bucket.rb b/test/integration/verify/controls/google_storage_bucket.rb
index 84202e66f..361a8bb85 100644
--- a/test/integration/verify/controls/google_storage_bucket.rb
+++ b/test/integration/verify/controls/google_storage_bucket.rb
@@ -1,20 +1,33 @@
-title 'Storage Bucket Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_number = attribute(:gcp_project_number, default: '', description: 'The GCP project number.')
-gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-gcp_storage_bucket_name = attribute(:gcp_storage_bucket_name, default:'', description: 'The Storage Bucket name.')
-
-control 'gcp-storage-bucket-1.0' do
+title 'Test GCP google_storage_bucket resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'GCP location')
+control 'google_storage_bucket-1.0' do
impact 1.0
- title 'Ensure that the Storage Bucket has been created correctly'
+ title 'google_storage_bucket resource test'
- describe google_storage_bucket(name: gcp_storage_bucket_name) do
+ describe google_storage_bucket(name: "inspec-gcp-static-#{gcp_project_id}") do
it { should exist }
- its('name') { should eq gcp_storage_bucket_name }
- its('id') { should eq gcp_storage_bucket_name }
- its('location') { should eq gcp_location.upcase }
- its('project_number') {should eq gcp_project_number.to_i }
- its('storage_class') { should eq 'STANDARD' }
+ its('location') { should cmp gcp_location.upcase }
+
+ its('storage_class') { should eq "STANDARD" }
+ end
+
+ describe google_storage_bucket(name: "nonexistent") do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_storage_bucket_acl.rb b/test/integration/verify/controls/google_storage_bucket_acl.rb
index adc0ab8bb..4eb91521a 100644
--- a/test/integration/verify/controls/google_storage_bucket_acl.rb
+++ b/test/integration/verify/controls/google_storage_bucket_acl.rb
@@ -1,24 +1,37 @@
-title 'Test single GCP storage bucket ACL'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_storage_bucket_acl = attribute(:gcp_storage_bucket_acl, default: '', description: 'The GCP bucket with ACL set.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default:'', description: 'Service account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_storage_bucket_acl resource.'
-control 'gcp-storage-bucket-acl-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_storage_bucket_acl = attribute(:gcp_storage_bucket_acl, default: 'gcp_storage_bucket_acl', description: 'The name of the storage bucket with ACLs attached')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The name of the service account assigned permissions')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+control 'google_storage_bucket_acl-1.0' do
impact 1.0
- title 'Ensure storage bucket ACL has the correct properties.'
+ title 'google_storage_bucket_acl resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
describe google_storage_bucket_acl(bucket: gcp_storage_bucket_acl, entity: "user-#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
it { should exist }
- its('email') { should include "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com" }
- its('role') { should eq "OWNER" }
+ its('role') { should cmp "OWNER" }
+
its('bucket') { should eq gcp_storage_bucket_acl }
+ its('email') { should include "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com" }
end
- describe google_storage_bucket_acl(bucket: gcp_storage_bucket_acl, entity: 'allUsers') do
+ describe google_storage_bucket_acl(bucket: gcp_storage_bucket_acl, entity: "allUsers") do
it { should_not exist }
end
end
diff --git a/test/integration/verify/controls/google_storage_bucket_object.rb b/test/integration/verify/controls/google_storage_bucket_object.rb
index 8d447d6a7..e296e7260 100644
--- a/test/integration/verify/controls/google_storage_bucket_object.rb
+++ b/test/integration/verify/controls/google_storage_bucket_object.rb
@@ -1,21 +1,38 @@
-title 'Storage Bucket Object Properties'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: '', description: 'The GCP bucket with objects.')
-gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: '', description: 'The GCP bucket object name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_storage_bucket_object resource.'
-control 'gcp-storage-bucket-object-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: 'gcp_storage_bucket_object', description: 'The name of the storage bucket with an object')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The name of the service account assigned permissions')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: 'gcp_storage_bucket_object_name', description: 'The name of the object')
+control 'google_storage_bucket_object-1.0' do
impact 1.0
- title 'Ensure that the Storage Bucket Object has been created correctly'
+ title 'google_storage_bucket_object resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
describe google_storage_bucket_object(bucket: gcp_storage_bucket_object, object: gcp_storage_bucket_object_name) do
it { should exist }
- its('name') { should eq gcp_storage_bucket_object_name }
- its('size') { should be > 0 }
- its('content_type') { should eq "text/plain; charset=utf-8" }
- its('time_created_date') { should be > Time.now - 365*60*60*24*10 }
- its('updated_date') { should be > Time.now - 365*60*60*24*10 }
+ its('size.to_i') { should be > 0 }
+
+ its('time_created') { should be > Time.now - 60*60*24*10 }
+ its('time_updated') { should be > Time.now - 60*60*24*10 }
+ end
+
+ describe google_storage_bucket_object(bucket: gcp_storage_bucket_object, object: "nonexistent") do
+ it { should_not exist }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_storage_bucket_object_handwritten.rb b/test/integration/verify/controls/google_storage_bucket_object_handwritten.rb
new file mode 100644
index 000000000..8d447d6a7
--- /dev/null
+++ b/test/integration/verify/controls/google_storage_bucket_object_handwritten.rb
@@ -0,0 +1,21 @@
+title 'Storage Bucket Object Properties'
+
+gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: '', description: 'The GCP bucket with objects.')
+gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: '', description: 'The GCP bucket object name.')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+
+control 'gcp-storage-bucket-object-1.0' do
+
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
+ impact 1.0
+ title 'Ensure that the Storage Bucket Object has been created correctly'
+
+ describe google_storage_bucket_object(bucket: gcp_storage_bucket_object, object: gcp_storage_bucket_object_name) do
+ it { should exist }
+ its('name') { should eq gcp_storage_bucket_object_name }
+ its('size') { should be > 0 }
+ its('content_type') { should eq "text/plain; charset=utf-8" }
+ its('time_created_date') { should be > Time.now - 365*60*60*24*10 }
+ its('updated_date') { should be > Time.now - 365*60*60*24*10 }
+ end
+end
\ No newline at end of file
diff --git a/test/integration/verify/controls/google_storage_buckets.rb b/test/integration/verify/controls/google_storage_buckets.rb
index e5226e67b..4b1e23e24 100644
--- a/test/integration/verify/controls/google_storage_buckets.rb
+++ b/test/integration/verify/controls/google_storage_buckets.rb
@@ -1,21 +1,26 @@
-title 'Loop over all GCP Storage Buckets for a project'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_project_number = attribute(:gcp_project_number, default: '', description: 'The GCP project number.')
-gcp_storage_bucket_name = attribute(:gcp_storage_bucket_name, default:'', description: 'The Storage Bucket name.')
-gcp_location = attribute(:gcp_location, default: '', description: 'The GCP region being used.')
-
-control 'gcp-storage-buckets-1.0' do
+title 'Test GCP google_storage_buckets resource.'
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_location = attribute(:gcp_location, default: 'gcp_location', description: 'GCP location')
+control 'google_storage_buckets-1.0' do
impact 1.0
- title 'Ensure storage buckets have the correct properties in bulk.'
+ title 'google_storage_buckets resource test'
describe google_storage_buckets(project: gcp_project_id) do
- it { should exist }
- its('count') { should be <= 100}
- its('bucket_names') { should include gcp_storage_bucket_name }
- its('bucket_ids') { should include gcp_storage_bucket_name }
- its('bucket_locations') { should include gcp_location.upcase }
- its('bucket_project_numbers') {should include gcp_project_number.to_i }
+ its('bucket_names') { should include "inspec-gcp-static-#{gcp_project_id}" }
end
-end
\ No newline at end of file
+end
diff --git a/test/integration/verify/controls/google_storage_default_object_acl.rb b/test/integration/verify/controls/google_storage_default_object_acl.rb
index c868d9446..549aa2f57 100644
--- a/test/integration/verify/controls/google_storage_default_object_acl.rb
+++ b/test/integration/verify/controls/google_storage_default_object_acl.rb
@@ -1,20 +1,37 @@
-title 'Test single GCP storage default object ACL'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_storage_object_default_acl = attribute(:gcp_storage_bucket_name, default: '', description: 'The GCP bucket with default ACL set.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default:'', description: 'Service account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_storage_default_object_acl resource.'
-control 'gcp-storage-default-object-acl-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_storage_bucket_name = attribute(:gcp_storage_bucket_name, default: 'gcp_storage_bucket_name', description: 'The name of the storage bucket with the default object ACL')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The name of the service account assigned permissions')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+control 'google_storage_default_object_acl-1.0' do
impact 1.0
- title 'Ensure storage default object ACL has the correct properties.'
+ title 'google_storage_default_object_acl resource test'
- describe google_storage_default_object_acl(bucket: gcp_storage_object_default_acl, entity: "user-#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
+ describe google_storage_default_object_acl(bucket: gcp_storage_bucket_name, entity: "user-#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
it { should exist }
+ its('role') { should cmp "OWNER" }
+
+ its('bucket') { should eq gcp_storage_bucket_name }
its('email') { should include "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com" }
- its('role') { should eq "OWNER" }
end
-end
\ No newline at end of file
+ describe google_storage_default_object_acl(bucket: gcp_storage_bucket_name, entity: "allUsers") do
+ it { should_not exist }
+ end
+end
diff --git a/test/integration/verify/controls/google_storage_object_acl.rb b/test/integration/verify/controls/google_storage_object_acl.rb
index 59c92fe55..13a7e645f 100644
--- a/test/integration/verify/controls/google_storage_object_acl.rb
+++ b/test/integration/verify/controls/google_storage_object_acl.rb
@@ -1,20 +1,38 @@
-title 'Test single GCP storage object ACL'
+# ----------------------------------------------------------------------------
+#
+# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
+#
+# ----------------------------------------------------------------------------
+#
+# This file is automatically generated by Magic Modules and manual
+# changes will be clobbered when the file is regenerated.
+#
+# Please read more about how to change this file in README.md and
+# CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
-gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
-gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: '', description: 'The GCP bucket with objects.')
-gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: '', description: 'The GCP bucket object name.')
-gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default:'', description: 'Service account display name.')
-gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources,default:0,description:'Flag to enable privileged resources requiring elevated privileges in GCP.')
+title 'Test GCP google_storage_object_acl resource.'
-control 'gcp-storage-object-acl-1.0' do
-
- only_if { gcp_enable_privileged_resources.to_i == 1 }
+gcp_project_id = attribute(:gcp_project_id, default: 'gcp_project_id', description: 'The GCP project identifier.')
+gcp_storage_bucket_object = attribute(:gcp_storage_bucket_object, default: 'gcp_storage_bucket_object', description: 'The name of the storage bucket with ACLs attached')
+gcp_service_account_display_name = attribute(:gcp_service_account_display_name, default: 'gcp_service_account_display_name', description: 'The name of the service account assigned permissions')
+gcp_enable_privileged_resources = attribute(:gcp_enable_privileged_resources, default: 'gcp_enable_privileged_resources', description: 'If we are running tests with escalated permissions(required for this test)')
+gcp_storage_bucket_object_name = attribute(:gcp_storage_bucket_object_name, default: 'gcp_storage_bucket_object_name', description: 'The name of the object with ACLs')
+control 'google_storage_object_acl-1.0' do
impact 1.0
- title 'Ensure storage default object ACL has the correct properties.'
+ title 'google_storage_object_acl resource test'
+ only_if { gcp_enable_privileged_resources.to_i == 1 }
describe google_storage_object_acl(bucket: gcp_storage_bucket_object, object: gcp_storage_bucket_object_name, entity: "user-#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do
it { should exist }
+ its('role') { should cmp "OWNER" }
+
+ its('bucket') { should eq gcp_storage_bucket_object }
its('email') { should include "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com" }
- its('role') { should eq "OWNER" }
end
-end
\ No newline at end of file
+
+ describe google_storage_object_acl(bucket: gcp_storage_bucket_object, object: gcp_storage_bucket_object_name, entity: "allUsers") do
+ it { should_not exist }
+ end
+end