This repository is the development repository for InSpec for GCP.
As of now, GCP resources are implemented as an InSpec resource pack. It will ship with the required resources to write your own GCP tests.
├── README.md - this readme
└── libraries - contains GCP resources
In order to utilize the GCP InSpec resource pack the following software must be installed on the system.
- InSpec
- google-api-client ruby gem
- googleauth ruby gem
- google-cloud ruby gem
Before running the profile with InSpec, define environment variables with your GCP credentials. InSpec supports the following variables:
GOOGLE_APPLICATION_CREDENTIALS
Those variables are defined in GCP Docs
Since this is a InSpec resource pack, it only defines InSpec resources. It includes example tests only. You can easily use the GCP InSpec resources in your tests do the following:
inspec init profile gcp-compliance
name: my-profile
title: My own GCP profile
version: 0.1.0
depends:
- name: gcp
url: https://github.com/martezr/inspec-gcp/archive/master.tar.gz
Since your profile depends on the resource pack, you can use those resources in your own profile:
control "gcp-1" do
impact 0.7
title 'Check development project'
describe gcp_project('silicon-vertex-398188') do
it { should exist }
its('name') { should eq 'My First Project' }
its('project_number') { should eq '3934801284823' }
its('lifecycle_state') { should eq 'ACTIVE' }
end
end
gcp_instance
- Verifies settings for a GCP instancegcp_project
- Verifies settings for a GCP projectgcp_storage
- Verifies settings for a GCP bucketgcp_image
- Verifies settings for a GCP image
gcp_iam
gcp_container
...
To execute the unit tests, run:
bundle exec rake test
To run the integration tests, please make sure all required environment variables are set. We use terraform to create the GCP setup and InSpec to verify the all aspects. If you want to use a specific terraform environment, set environment variable INSPEC_TERRAFORM_ENV
. Integration tests can be executed via:
bundle exec rake test:integration
This task sets up test GCP resources, runs the integration tests, and then cleans up the resources. To perform these tasks independently, please call them individually:
bundle exec rake test:configure_test_environment
bundle exec rake test:setup_integration_tests
bundle exec rake test:run_integration_tests
bundle exec rake test:cleanup_integration_tests
bundle exec rake test:destroy_test_environment