Closed erlanderlo closed 3 years ago
erlanderlo
commented
3 years ago erlanderlo
commented
3 years ago profile: gcp_notebooks
Version: (not specified)
Target: gcp://ci-account-ffcm@elo-notebook-analytics.iam.gserviceaccount.com
✔ gcp_notebooks: Notebooks module GCP resources
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr is expected to exist
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_keys is expected to include "proxy-mode"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_values is expected to include "mail"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_keys is expected to include "notebook-disable-root"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_values is expected to include "true"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_keys is expected to include "notebook-disable-downloads"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_values is expected to include "true"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_keys is expected to include "notebook-disable-nbconvert"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_values is expected to include "true"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_keys is expected to include "enable-oslogin"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_values is expected to include "TRUE"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_keys is expected to include "post-startup-script"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_values is expected to include "gs://restricted-notebook_bootstrap-hpdr/post_startup_script.sh"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_keys is expected to include "serial-port-enable"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_values is expected to include "FALSE"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_keys is expected to include "block-project-ssh-keys"
✔ Instance caip-nbk-trusted-sample-elodemo-hpdr metadata_values is expected to include "TRUE"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr is expected to exist
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_keys is expected to include "proxy-mode"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_values is expected to include "mail"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_keys is expected to include "notebook-disable-root"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_values is expected to include "true"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_keys is expected to include "notebook-disable-downloads"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_values is expected to include "true"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_keys is expected to include "notebook-disable-nbconvert"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_values is expected to include "true"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_keys is expected to include "enable-oslogin"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_values is expected to include "TRUE"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_keys is expected to include "post-startup-script"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_values is expected to include "gs://restricted-notebook_bootstrap-hpdr/post_startup_script.sh"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_keys is expected to include "serial-port-enable"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_values is expected to include "FALSE"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_keys is expected to include "block-project-ssh-keys"
✔ Instance caip-nbk-trusted-sample-erlander-hpdr metadata_values is expected to include "TRUE"
✔ gcp_buckets: Data module GCP resources for Cloud Storage
✔ Bucket restricted-notebook_bootstrap-hpdr is expected to exist
✔ Bucket restricted-notebook_bootstrap-hpdr storage_class is expected to eq "STANDARD"
✔ Bucket restricted-notebook_bootstrap-hpdr location is expected to eq "US"
✔ Bucket restricted-notebook_bootstrap-hpdr encryption.default_kms_key_name is expected to eq "projects/elo-notebook-kms/locations/us/keyRings/trusted-data-keyring-hpdr/cryptoKeys/trusted-data-key"
✔ gcp_kms: KMS module GCP resources
✔ KeyRing trusted-data-keyring-hpdr is expected to exist
✔ KeyRing trusted-data-keyring-hpdr key_ring_name is expected to eq "trusted-data-keyring-hpdr"
✔ CryptoKey trusted-data-key is expected to exist
✔ CryptoKey trusted-data-key crypto_key_name is expected to cmp == "trusted-data-key"
✔ CryptoKey trusted-data-key primary_state is expected to eq "ENABLED"
✔ CryptoKey trusted-data-key purpose is expected to eq "ENCRYPT_DECRYPT"
✔ CryptoKey trusted-data-key next_rotation_time is expected to be > 2021-03-17 15:05:04 +0000
✔ CryptoKey trusted-data-key version_template.protection_level is expected to eq "HSM"
↺ gcp_policy: OrgPolicies module constraint tests for gcp constraints
↺ Skipped control due to only_if condition: org path fixed
↺ gcp_iam_policy: OrgPolicies module constraint tests for IAM constraints
↺ Skipped control due to only_if condition: org path fixed
↺ gcp_compute_policy: OrgPolicies module constraint tests for compute constraints
↺ Skipped control due to only_if condition: org path fixed
× gcp_perimeters: VPC-Service Control perimeters GCP resources
× Control Source Code Error /workspace/test/integration/standalone_example/controls/gcp_perimeters.rb:38
bad URI(is not URI?): "https://accesscontextmanager.googleapis.com/v1/accessPolicies/720164443624/servicePerimeters/Input 'perimeter_title' does not have a value. Skipping test."
Profile: Google Cloud Platform Resource Pack (inspec-gcp)
Version: 1.7.0
Target: gcp://ci-account-ffcm@elo-notebook-analytics.iam.gserviceaccount.com
No tests executed.
Profile Summary: 3 successful controls, 1 control failure, 3 controls skipped
Test Summary: 46 successful, 1 failure, 3 skipped