Add support for compute_router_nat to inspec

Signed-off-by: Modular Magician <[email protected]>

docs/resources/google_compute_router_nat.md

@@ -0,0 +1,68 @@
+---
+title: About the google_compute_router_nat resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_router_nat` is used to test a Google RouterNat resource
+
+## Examples
+```
+describe google_compute_router_nat(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router', name: 'inspec-router-nat') do
+  it { should exist }
+  its('nat_ip_allocate_option') { should cmp 'AUTO_ONLY' }
+  its('source_subnetwork_ip_ranges_to_nat') { should cmp 'ALL_SUBNETWORKS_ALL_IP_RANGES' }
+  its('min_ports_per_vm') { should cmp '2' }
+  its('log_config.enable') { should cmp 'true' }
+  its('log_config.filter') { should cmp 'ERRORS_ONLY' }
+end
+
+describe google_compute_router(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'nonexistent', name: 'nonexistent') do
+  it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_router_nat` resource:
+
+
+  * `name`: Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
+
+  * `nat_ip_allocate_option`: How external IPs should be allocated for this NAT. Valid values are `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses.
+
+  * `nat_ips`: Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
+
+  * `source_subnetwork_ip_ranges_to_nat`: How NAT should be configured per Subnetwork. If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the IP ranges in every Subnetwork are allowed to Nat. If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP ranges in every Subnetwork are allowed to Nat. `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region.
+
+  * `subnetwork`: One or more subnetwork NAT configurations. Only used if `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS`
+
+    * `name`: Self-link of subnetwork to NAT
+
+    * `source_ip_ranges_to_nat`: List of options for which source IPs in the subnetwork should have NAT enabled. Supported values include: `ALL_IP_RANGES`, `LIST_OF_SECONDARY_IP_RANGES`, `PRIMARY_IP_RANGE`.
+
+    * `secondary_ip_range_names`: List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only if `LIST_OF_SECONDARY_IP_RANGES` is one of the values in sourceIpRangesToNat
+
+  * `min_ports_per_vm`: Minimum number of ports allocated to a VM from this NAT.
+
+  * `udp_idle_timeout_sec`: Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
+
+  * `icmp_idle_timeout_sec`: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
+
+  * `tcp_established_idle_timeout_sec`: Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
+
+  * `tcp_transitory_idle_timeout_sec`: Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
+
+  * `log_config`: Configuration for logging on NAT
+
+    * `enable`: Indicates whether or not to export logs.
+
+    * `filter`: Specifies the desired filtering of logs on this NAT. Valid values are: `"ERRORS_ONLY"`, `"TRANSLATIONS_ONLY"`, `"ALL"`
+
+  * `router`: The name of the Cloud Router in which this NAT will be configured.
+
+  * `region`: Region where the router and NAT reside.
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.

docs/resources/google_compute_router_nats.md

@@ -0,0 +1,40 @@
+---
+title: About the google_compute_router_nats resource
+platform: gcp
+---
+
+## Syntax
+A `google_compute_router_nats` is used to test a Google RouterNat resource
+
+## Examples
+```
+describe google_compute_router_nats(project: 'chef-gcp-inspec', region: 'europe-west2', router: 'inspec-gcp-router') do
+  its('names') { should include 'inspec-router-nat' }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_compute_router_nats` resource:
+
+See [google_compute_router_nat.md](google_compute_router_nat.md) for more detailed information
+  * `names`: an array of `google_compute_router_nat` name
+  * `nat_ip_allocate_options`: an array of `google_compute_router_nat` nat_ip_allocate_option
+  * `nat_ips`: an array of `google_compute_router_nat` nat_ips
+  * `source_subnetwork_ip_ranges_to_nats`: an array of `google_compute_router_nat` source_subnetwork_ip_ranges_to_nat
+  * `subnetworks`: an array of `google_compute_router_nat` subnetwork
+  * `min_ports_per_vms`: an array of `google_compute_router_nat` min_ports_per_vm
+  * `udp_idle_timeout_secs`: an array of `google_compute_router_nat` udp_idle_timeout_sec
+  * `icmp_idle_timeout_secs`: an array of `google_compute_router_nat` icmp_idle_timeout_sec
+  * `tcp_established_idle_timeout_secs`: an array of `google_compute_router_nat` tcp_established_idle_timeout_sec
+  * `tcp_transitory_idle_timeout_secs`: an array of `google_compute_router_nat` tcp_transitory_idle_timeout_sec
+  * `log_configs`: an array of `google_compute_router_nat` log_config
+  * `routers`: an array of `google_compute_router_nat` router
+  * `regions`: an array of `google_compute_router_nat` region
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the current project.

libraries/google/compute/property/routernat_log_config.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module Compute
+    module Property
+      class RouterNatLogConfig
+        attr_reader :enable
+
+        attr_reader :filter
+
+        def initialize(args = nil, parent_identifier = nil)
+          return if args.nil?
+          @parent_identifier = parent_identifier
+          @enable = args['enable']
+          @filter = args['filter']
+        end
+
+        def to_s
+          "#{@parent_identifier} RouterNatLogConfig"
+        end
+      end
+    end
+  end
+end

libraries/google/compute/property/routernat_subnetwork.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module Compute
+    module Property
+      class RouterNatSubnetwork
+        attr_reader :name
+
+        attr_reader :source_ip_ranges_to_nat
+
+        attr_reader :secondary_ip_range_names
+
+        def initialize(args = nil, parent_identifier = nil)
+          return if args.nil?
+          @parent_identifier = parent_identifier
+          @name = args['name']
+          @source_ip_ranges_to_nat = args['sourceIpRangesToNat']
+          @secondary_ip_range_names = args['secondaryIpRangeNames']
+        end
+
+        def to_s
+          "#{@parent_identifier} RouterNatSubnetwork"
+        end
+      end
+
+      class RouterNatSubnetworkArray
+        def self.parse(value, parent_identifier)
+          return if value.nil?
+          return RouterNatSubnetwork.new(value, parent_identifier) unless value.is_a?(::Array)
+          value.map { |v| RouterNatSubnetwork.new(v, parent_identifier) }
+        end
+      end
+    end
+  end
+end

libraries/google_compute_router_nat.rb

@@ -0,0 +1,99 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/compute/property/routernat_log_config'
+require 'google/compute/property/routernat_subnetwork'
+
+# A provider to manage Compute Engine resources.
+class ComputeRouterNat < GcpResourceBase
+  name 'google_compute_router_nat'
+  desc 'RouterNat'
+  supports platform: 'gcp'
+
+  attr_reader :params
+  attr_reader :name
+  attr_reader :nat_ip_allocate_option
+  attr_reader :nat_ips
+  attr_reader :source_subnetwork_ip_ranges_to_nat
+  attr_reader :subnetwork
+  attr_reader :min_ports_per_vm
+  attr_reader :udp_idle_timeout_sec
+  attr_reader :icmp_idle_timeout_sec
+  attr_reader :tcp_established_idle_timeout_sec
+  attr_reader :tcp_transitory_idle_timeout_sec
+  attr_reader :log_config
+  attr_reader :router
+  attr_reader :region
+
+  def initialize(params)
+    super(params.merge({ use_http_transport: true }))
+    @params = params
+    fetched = @connection.fetch(product_url, resource_base_url, params, 'Get')
+    @fetched = unwrap(fetched, params)
+    parse unless @fetched.nil?
+  end
+
+  def identity
+    %w{name}
+  end
+
+  def collection_item
+    'nats'
+  end
+
+  def unwrap(fetched, params)
+    fetched[collection_item].find { |result| identity.all? { |id| result[id.to_sym] == params[id] } }
+  end
+
+  def parse
+    @name = @fetched['name']
+    @nat_ip_allocate_option = @fetched['natIpAllocateOption']
+    @nat_ips = @fetched['natIps']
+    @source_subnetwork_ip_ranges_to_nat = @fetched['sourceSubnetworkIpRangesToNat']
+    @subnetwork = GoogleInSpec::Compute::Property::RouterNatSubnetworkArray.parse(@fetched['subnetworks'], to_s)
+    @min_ports_per_vm = @fetched['minPortsPerVm']
+    @udp_idle_timeout_sec = @fetched['udpIdleTimeoutSec']
+    @icmp_idle_timeout_sec = @fetched['icmpIdleTimeoutSec']
+    @tcp_established_idle_timeout_sec = @fetched['tcpEstablishedIdleTimeoutSec']
+    @tcp_transitory_idle_timeout_sec = @fetched['tcpTransitoryIdleTimeoutSec']
+    @log_config = GoogleInSpec::Compute::Property::RouterNatLogConfig.new(@fetched['logConfig'], to_s)
+    @router = @fetched['router']
+    @region = @fetched['region']
+  end
+
+  # Handles parsing RFC3339 time string
+  def parse_time_string(time_string)
+    time_string ? Time.parse(time_string) : nil
+  end
+
+  def exists?
+    !@fetched.nil?
+  end
+
+  def to_s
+    "RouterNat #{@params[:router]}"
+  end
+
+  private
+
+  def product_url
+    'https://www.googleapis.com/compute/v1/'
+  end
+
+  def resource_base_url
+    'projects/{{project}}/regions/{{region}}/routers/{{router}}'
+  end
+end