Open walterdolce opened 5 years ago
If a property doesn't exist on a resource the method doesn't get created. So if the property only is returned by the API in certain cases, it's tricky to write tests against them. This is a result of the methods that are generated via GcpResourceDynamicMethods.create_methods
.
So, based on the REST documentation for the container cluster resource: https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#Cluster
specifically the nodeIpv4CidrSize
property: This field will only be set when cluster is in route-based network mode.
. I'm guessing that you are testing a cluster in route-based network mode, which would not return the nodeIpv4CidrSize
which would cause the error you are seeing.
I would test this by grabbing the API response directly, and seeing if the nodeIpv4CidrSize
is set.
I prefer the Magic Modules generated resources for this reason, they will return nil rather than having a method be undefined.
I see. You're absolutely right @slevenick. Thank you for that.
What's the reason for us to using the beta version of the API internally within inspec-gcp instead of using the stable version?
That's a bad link on my part
The stable version is the same: https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1/projects.locations.clusters
Edit: looks like you're correct, we are using the beta version within that resource Google::Apis::ContainerV1beta1::ContainerService
Not sure of any reason on that, probably because it simply hasn't been updated.
Edit: looks like you're correct, we are using the beta version within that resource [...]
Yep. That's exactly what I was referring to :-) I should have added a link to the code! Let's see what the maintainers say about that. I would not expect the tool to rely on potentially unstable APIs, despite the fact inspec-gcp itself has not reached the 1.x version mark.
In order to check for particular CIS related properties in some cases there was no choice except to use beta api versions. Behind the scenes we continually test the resource pack against the APIs so any fluctuations are quickly dealt with.
That's good to know. I guess that's the usual "versioning enigma".
It appears as though the
node_ipv4_cidr_size
property can no longer be verified.InSpec spec:
Result:
According to this search result here, it is documented but there is no reference in the relevant Ruby class. There is a reference in the
google_container_regional_cluster
.This used to work just fine. But it doesn't anymore. Is this something resulting from a change on Google API's end?
Inspec version in use is
3.6.6
and Inspec-gcp version in use is the latest,v0.11.0
. Thank you