martezr / inspec-gcp Goto Github PK

View Code? Open in Web Editor NEW

3.0 2.0 3.0 32 KB

This project is DEPRECATED and the official InSpec GCP (https://github.com/inspec/inspec-gcp) should be used.

License: Apache License 2.0

Ruby 95.79% HCL 4.21%

gcp inspec

inspec-gcp's Introduction

InSpec for Google Cloud Platform (GCP)

Roadmap

This repository is the development repository for InSpec for GCP.

As of now, GCP resources are implemented as an InSpec resource pack. It will ship with the required resources to write your own GCP tests.

├── README.md - this readme
└── libraries - contains GCP resources

Requirements

In order to utilize the GCP InSpec resource pack the following software must be installed on the system.

InSpec
google-api-client ruby gem
googleauth ruby gem
google-cloud ruby gem

Get started

Before running the profile with InSpec, define environment variables with your GCP credentials. InSpec supports the following variables:

GOOGLE_APPLICATION_CREDENTIALS

Those variables are defined in GCP Docs

Use the resources

Since this is a InSpec resource pack, it only defines InSpec resources. It includes example tests only. You can easily use the GCP InSpec resources in your tests do the following:

Create a new profile

inspec init profile gcp-compliance

Adapt the `inspec.yml`

name: my-profile
title: My own GCP profile
version: 0.1.0
depends:
  - name: gcp
    url: https://github.com/martezr/inspec-gcp/archive/master.tar.gz

Add controls

Since your profile depends on the resource pack, you can use those resources in your own profile:

control "gcp-1" do
  impact 0.7
  title 'Check development project'

  describe gcp_project('silicon-vertex-398188') do
    it { should exist }
    its('name') { should eq 'My First Project' }
    its('project_number') { should eq '3934801284823' }
    its('lifecycle_state') { should eq 'ACTIVE' }
  end

end

Available Resources

gcp_instance - Verifies settings for a GCP instance
gcp_project - Verifies settings for a GCP project
gcp_storage - Verifies settings for a GCP bucket
gcp_image - Verifies settings for a GCP image

Roadmap

gcp_iam
gcp_container

...

Tests

Unit tests

To execute the unit tests, run:

bundle exec rake test

Integration tests

To run the integration tests, please make sure all required environment variables are set. We use terraform to create the GCP setup and InSpec to verify the all aspects. If you want to use a specific terraform environment, set environment variable INSPEC_TERRAFORM_ENV. Integration tests can be executed via:

bundle exec rake test:integration

This task sets up test GCP resources, runs the integration tests, and then cleans up the resources. To perform these tasks independently, please call them individually:

bundle exec rake test:configure_test_environment
bundle exec rake test:setup_integration_tests
bundle exec rake test:run_integration_tests
bundle exec rake test:cleanup_integration_tests
bundle exec rake test:destroy_test_environment

inspec-gcp's People

Contributors

Stargazers

Watchers

Forkers

tpoindessous nirbhay1997 soumyo13

inspec-gcp's Issues

Consider contributing to the inspec supported repo

Hey there @martezr -

I wanted to make sure it was on your radar that https://github.com/inspec/inspec-gcp is also an actively developed project trying to fill this space. It'd be excellent if you could bring some of your ideas to contribute over there.

Thanks for your work in this space. It's badly needed!

Error no catched when credentials are missing

during my tests, I forgot to export my credentials and I got this error which was not catched :

libraries/gcp_instance.rb:25:in `rescue in initialize': undefined method `body' for #<Signet::AuthorizationError:0x007f874abc1be0> (NoMethodError)
	from libraries/gcp_instance.rb:22:in `initialize'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/plugins/resource.rb:71:in `initialize'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/resource.rb:51:in `new'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/resource.rb:51:in `block (3 levels) in create_dsl'
	from ./controls/instance.rb:5:in `block in load_with_context'

Thanks !

Add support for storage

Installation of missing dependancies

I tried your example and I got an error because my computer didn't have the google api ruby librairies.

I needed to do a bundle install on your project's directory.

Thanks.

/Users/thomas/.rvm/rubies/ruby-2.3.0/lib/ruby/site_ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file -- google/apis (LoadError)
	from /Users/thomas/.rvm/rubies/ruby-2.3.0/lib/ruby/site_ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/dsl_shared.rb:14:in `require'
	from libraries/gcp_connection.rb:3:in `load_with_context'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/profile_context.rb:157:in `instance_eval'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/profile_context.rb:157:in `load_with_context'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/profile_context.rb:146:in `load_library_file'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/profile_context.rb:133:in `block in load_libraries'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/profile_context.rb:131:in `each'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/profile_context.rb:131:in `load_libraries'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/profile.rb:194:in `load_libraries'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/profile.rb:186:in `block in load_libraries'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/dependencies/dependency_set.rb:65:in `block in each'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/dependencies/dependency_set.rb:64:in `each'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/dependencies/dependency_set.rb:64:in `each'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/profile.rb:185:in `load_libraries'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/runner.rb:86:in `block in load'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/runner.rb:82:in `each'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/runner.rb:82:in `load'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/runner.rb:103:in `run'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/lib/inspec/cli.rb:168:in `exec'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/thor-0.20.0/lib/thor/base.rb:466:in `start'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/gems/inspec-2.0.17/bin/inspec:12:in `<top (required)>'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/bin/inspec:23:in `load'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/bin/inspec:23:in `<main>'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in `eval'
	from /Users/thomas/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in `<main>'

martezr / inspec-gcp Goto Github PK

inspec-gcp's Introduction

InSpec for Google Cloud Platform (GCP)

Roadmap

Requirements

Get started

Use the resources

Create a new profile

Adapt the inspec.yml

Add controls

Available Resources

Roadmap

Tests

Unit tests

Integration tests

inspec-gcp's People

Contributors

Stargazers

Watchers

Forkers

inspec-gcp's Issues

Recommend Projects

Recommend Topics

Recommend Org

Adapt the `inspec.yml`