search

inspec / inspec-gcp

InSpec GCP (Google Cloud Platform) Resource Pack
https://www.inspec.io/
Other
147 stars 71 forks source link

Check ip_version google_compute_global_address got nil #194

Open pomverte opened 5 years ago

pomverte commented 5 years ago

We are creating a Global Address resource with Kitchen Terraform in order to test our infrastructure's code

Describe the problem

After creating the resources, kitchen is launching the assertions and exited with an error on ip_version for the resource google_compute_global_address. The documentation states that by default it's "IPV4" https://www.terraform.io/docs/providers/google/r/compute_global_address.html#ip_version

main.tf

resource "google_compute_global_address" "svc_ip_range" {
  count         = var.ENABLE_SVC_PEERING ? 1 : 0
  provider      = "google-beta"
  name          = var.SVC_IP_RANGE_NAME
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  address       = var.SVC_IP_RANGE_ADDRESS
  prefix_length = var.SVC_IP_RANGE_PREFIX_LENGTH
  network       = google_compute_network.vpc.self_link

  labels = {
    role        = lower(var.ROLE)
    owner       = lower(var.OWNER)
    environment = lower(var.ENV)
    provider    = lower(var.PROVIDER)
  }
}

common.tfvars

BASE_SUBNET_PUBLIC_CIDR  = "10.0.0.0/24"
BASE_SUBNET_PRIVATE_CIDR = "10.1.0.0/24"
OWNER                    = "kitchen"
ENV                      = "kitchen-env"
ENABLE_SVC_PEERING       = true
SVC_IP_RANGE_ADDRESS     = "10.2.0.0"

SVC_IP_RANGE_PREFIX_LENGTH = "24"
  describe google_compute_global_address(project: PROJECT_ID, name: 'default-svc-peering') do
    it { should exist }
    its('ip_version') { should eq 'IPV4' }
    its('labels.owner') { eq 'team' }
    its('labels.environment') { eq 'kitchen-env' }
    its('labels.role') { eq 'domain' }
    its('labels.provider') { eq 'terraform' }
  end
     ×  GlobalAddress default-svc-peering ip_version should eq "IPV4"

     expected: "IPV4"
          got: nil

     (compared using ==)

Possible Solution

pomverte commented 5 years ago

here are the logs

$ bundle exec kitchen test
-----> Starting Kitchen (v1.25.0)
-----> Cleaning up any prior instances of <gcp-terraform>
-----> Destroying <gcp-terraform>...
       Terraform v0.12.8

       Your version of Terraform is out of date! The latest version
       is 0.12.12. You can update by downloading from www.terraform.io/downloads.html
$$$$$$ Running command `terraform init -input=false -lock=true -lock-timeout=0s -no-color -force-copy -backend=true -backend-config="bucket=fd-tf-backend-xxx" -backend-config="prefix=base-network" -get=true -get-plugins=true -verify-plugins=true` in directory /builds/xxx/common/terraform/base-network
       Initializing modules...
       Downloading git::https://xxx/xxx/common/terraform/private-dns-zone.git?ref=v1.0.1 for private_dns_zone...
       - private_dns_zone in .terraform/modules/private_dns_zone

       Initializing the backend...

       Successfully configured the backend "gcs"! Terraform will automatically
       use this backend unless the backend configuration changes.

       Initializing provider plugins...
       - Checking for available provider plugins...
       - Downloading plugin for provider "google" (hashicorp/google) 2.18.1...
       - Downloading plugin for provider "google-beta" (terraform-providers/google-beta) 2.18.1...

       Terraform has been successfully initialized!
$$$$$$ Running command `terraform workspace select kitchen-terraform-gcp-terraform` in directory /builds/xxx/common/terraform/base-network
       Switched to workspace "kitchen-terraform-gcp-terraform".
$$$$$$ Running command `terraform destroy -auto-approve -lock=true -lock-timeout=0s -input=false -no-color -parallelism=10 -refresh=true  -var-file="/builds/xxx/common/terraform/base-network/tests/common.tfvars"` in directory /builds/xxx/common/terraform/base-network
       google_compute_network.vpc: Refreshing state... [id=default-vpc-name]
       module.private_dns_zone.data.google_compute_network.vpc: Refreshing state...
       google_compute_subnetwork.private: Refreshing state... [id=europe-west1/default-private-subnet]
       google_compute_subnetwork.public: Refreshing state... [id=europe-west1/default-public-subnet]
       google_compute_router.router: Refreshing state... [id=europe-west1/router-xxx]
       google_compute_router_nat.natgw: Refreshing state... [id=xxx/europe-west1/router-xxx/natgw-xxx]
       google_compute_subnetwork.public: Destroying... [id=europe-west1/default-public-subnet]
       google_compute_router_nat.natgw: Destroying... [id=xxx/europe-west1/router-xxx/natgw-xxx]
       google_compute_router_nat.natgw: Destruction complete after 4s
       google_compute_router.router: Destroying... [id=europe-west1/router-xxx]
       google_compute_router.router: Destruction complete after 4s
       google_compute_subnetwork.private: Destroying... [id=europe-west1/default-private-subnet]
       google_compute_subnetwork.public: Still destroying... [id=europe-west1/default-public-subnet, 10s elapsed]
       google_compute_subnetwork.private: Still destroying... [id=europe-west1/default-private-subnet, 10s elapsed]
       google_compute_subnetwork.public: Still destroying... [id=europe-west1/default-public-subnet, 20s elapsed]
       google_compute_subnetwork.public: Destruction complete after 27s
       google_compute_subnetwork.private: Still destroying... [id=europe-west1/default-private-subnet, 20s elapsed]
       google_compute_subnetwork.private: Destruction complete after 26s
       google_compute_network.vpc: Destroying... [id=default-vpc-name]
       google_compute_network.vpc: Still destroying... [id=default-vpc-name, 10s elapsed]
       google_compute_network.vpc: Still destroying... [id=default-vpc-name, 20s elapsed]
       google_compute_network.vpc: Destruction complete after 27s

       Destroy complete! Resources: 5 destroyed.
$$$$$$ Running command `terraform workspace select default` in directory /builds/xxx/common/terraform/base-network
       Switched to workspace "default".
$$$$$$ Running command `terraform workspace delete kitchen-terraform-gcp-terraform` in directory /builds/xxx/common/terraform/base-network
       Deleted workspace "kitchen-terraform-gcp-terraform"!
       Finished destroying <gcp-terraform> (1m12.39s).
-----> Testing <gcp-terraform>
-----> Creating <gcp-terraform>...
       Terraform v0.12.8

       Your version of Terraform is out of date! The latest version
       is 0.12.12. You can update by downloading from www.terraform.io/downloads.html
$$$$$$ Running command `terraform init -input=false -lock=true -lock-timeout=0s -no-color -upgrade -force-copy -backend=true -backend-config="bucket=fd-tf-backend-xxx" -backend-config="prefix=base-network" -get=true -get-plugins=true -verify-plugins=true` in directory /builds/xxx/common/terraform/base-network
       Upgrading modules...
       Downloading git::https://xxx/xxx/common/terraform/private-dns-zone.git?ref=v1.0.1 for private_dns_zone...
       - private_dns_zone in .terraform/modules/private_dns_zone

       Initializing the backend...

       Initializing provider plugins...
       - Checking for available provider plugins...
       - Downloading plugin for provider "google-beta" (terraform-providers/google-beta) 2.18.1...
       - Downloading plugin for provider "google" (hashicorp/google) 2.18.1...

       Terraform has been successfully initialized!
$$$$$$ Running command `terraform workspace select kitchen-terraform-gcp-terraform` in directory /builds/xxx/common/terraform/base-network

       Workspace "kitchen-terraform-gcp-terraform" doesn't exist.

       You can create this workspace with the "new" subcommand.
$$$$$$ Running command `terraform workspace new kitchen-terraform-gcp-terraform` in directory /builds/xxx/common/terraform/base-network
       Created and switched to workspace "kitchen-terraform-gcp-terraform"!

       You're now on a new, empty workspace. Workspaces isolate their state,
       so if you run "terraform plan" Terraform will not see any existing state
       for this configuration.
       Finished creating <gcp-terraform> (0m6.14s).
-----> Converging <gcp-terraform>...
       Terraform v0.12.8

       Your version of Terraform is out of date! The latest version
       is 0.12.12. You can update by downloading from www.terraform.io/downloads.html
$$$$$$ Running command `terraform workspace select kitchen-terraform-gcp-terraform` in directory /builds/xxx/common/terraform/base-network
$$$$$$ Running command `terraform get -update` in directory /builds/xxx/common/terraform/base-network
       Downloading git::https://xxx/xxx/common/terraform/private-dns-zone.git?ref=v1.0.1 for private_dns_zone...
       - private_dns_zone in .terraform/modules/private_dns_zone
$$$$$$ Running command `terraform validate -no-color  -var-file="/builds/xxx/common/terraform/base-network/tests/common.tfvars"` in directory /builds/xxx/common/terraform/base-network
       Success! The configuration is valid.

$$$$$$ Running command `terraform apply -lock=true -lock-timeout=0s -input=false -auto-approve=true -no-color -parallelism=10 -refresh=true  -var-file="/builds/xxx/common/terraform/base-network/tests/common.tfvars"` in directory /builds/xxx/common/terraform/base-network
       google_compute_network.vpc: Creating...
       google_compute_network.vpc: Still creating... [10s elapsed]
       google_compute_network.vpc: Creation complete after 17s [id=default-vpc-name]
       module.private_dns_zone.data.google_compute_network.vpc: Refreshing state...
       google_compute_subnetwork.private: Creating...
       google_compute_subnetwork.public: Creating...
       google_compute_global_address.svc_ip_range[0]: Creating...
       google_compute_global_address.svc_ip_range[0]: Creation complete after 5s [id=default-svc-peering]
       google_service_networking_connection.svc_peering[0]: Creating...
       google_compute_subnetwork.private: Still creating... [10s elapsed]
       google_compute_subnetwork.public: Still creating... [10s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [10s elapsed]
       google_compute_subnetwork.public: Creation complete after 16s [id=europe-west1/default-public-subnet]
       google_compute_subnetwork.private: Still creating... [20s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [20s elapsed]
       google_compute_subnetwork.private: Creation complete after 27s [id=europe-west1/default-private-subnet]
       google_compute_router.router: Creating...
       google_compute_router.router: Creation complete after 3s [id=europe-west1/router-xxx]
       google_compute_router_nat.natgw: Creating...
       google_service_networking_connection.svc_peering[0]: Still creating... [30s elapsed]
       google_compute_router_nat.natgw: Still creating... [10s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [40s elapsed]
       google_compute_router_nat.natgw: Creation complete after 17s [id=xxx/europe-west1/router-xxx/natgw-xxx]
       google_service_networking_connection.svc_peering[0]: Still creating... [50s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [1m0s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [1m10s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [1m20s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [1m30s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [1m40s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [1m50s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [2m0s elapsed]
       google_service_networking_connection.svc_peering[0]: Creation complete after 2m10s [id=https%3A%2F%2Fwww.googleapis.com%2Fcompute%2Fv1%2Fprojects%2Fxxx%2Fglobal%2Fnetworks%2Fdefault-vpc-name:servicenetworking.googleapis.com]

       Apply complete! Resources: 7 added, 0 changed, 0 destroyed.
       Finished converging <gcp-terraform> (2m44.27s).
-----> Setting up <gcp-terraform>...
       Finished setting up <gcp-terraform> (0m0.00s).
-----> Verifying <gcp-terraform>...
       [Shell] Verify on instance gcp-terraform with state={:last_action=>"setup", :last_error=>nil}
[2019-10-28T16:57:21+00:00] WARN: Input 'provider' does not have a value. Use --input-file to provide a value for 'provider' or specify a  value with `attribute('provider', value: 'somevalue', ...)`.

Profile: basic
Version: (not specified)
Target:  gcp://xxxf@xxx.iam.gserviceaccount.com

  ×  main: Network default-vpc-name (1 failed)
     ✔  Network default-vpc-name should exist
     ✔  Subnetwork default-public-subnet should exist
     ✔  Subnetwork default-public-subnet network should eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Subnetwork default-public-subnet region should eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  Subnetwork default-public-subnet ip_cidr_range should eq "10.0.0.0/24"
     ✔  Subnetwork default-private-subnet should exist
     ✔  Subnetwork default-private-subnet network should eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Subnetwork default-private-subnet region should eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  Subnetwork default-private-subnet ip_cidr_range should eq "10.1.0.0/24"
     ✔  Router router-xxx should exist
     ✔  Router router-xxx network should eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Router router-xxx region should eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  GlobalAddress default-svc-peering should exist
     ×  GlobalAddress default-svc-peering ip_version should eq "IPV4"

     expected: "IPV4"
          got: nil

     (compared using ==)

     ✔  GlobalAddress default-svc-peering labels.owner 
     ✔  GlobalAddress default-svc-peering labels.environment 
     ✔  GlobalAddress default-svc-peering labels.role 
     ✔  GlobalAddress default-svc-peering labels.provider 

Profile: Google Cloud Platform Resource Pack (inspec-gcp)
Version: 0.11.0
Target:  gcp://xxxf@xxx.iam.gserviceaccount.com

     No tests executed.

Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 17 successful, 1 failure, 0 skipped
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Verify failed on instance <gcp-terraform>.  Please see .kitchen/logs/gcp-terraform.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
ERROR: Job failed: exit code 1
pomverte commented 5 years ago

I also tried

  describe google_compute_global_address(project: PROJECT_ID, name: 'default-svc-peering') do
    it { should exist }
    its('ip_version') { should == 'IPV4' }
  end

but got this result

     ✔  GlobalAddress default-svc-peering should exist
     ×  GlobalAddress default-svc-peering ip_version should == "IPV4"
     expected: "IPV4"
          got: nil (using ==)
slevenick commented 5 years ago

I believe terraform is not specifying IPV4 as a default when it creates the global address. I would add ip_version = "IPV4" to your terraform file and see if it works.

The description on ip_version may describe how the resource works if the field is not specified, rather than terraform's behavior.

pomverte commented 5 years ago

We still have the error with the following code :

resource "google_compute_global_address" "svc_ip_range" {
  count         = var.ENABLE_SVC_PEERING ? 1 : 0
  provider      = "google-beta"
  name          = var.SVC_IP_RANGE_NAME
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  address       = var.SVC_IP_RANGE_ADDRESS
  prefix_length = var.SVC_IP_RANGE_PREFIX_LENGTH
  network       = google_compute_network.vpc.self_link
  ip_version    = "IPV4"

  labels = {
    role        = lower(var.ROLE)
    owner       = lower(var.OWNER)
    environment = lower(var.ENV)
    provider    = lower(var.PROVIDER)
  }
}
  describe google_compute_global_address(project: PROJECT_ID, name: 'default-svc-peering') do
    it { should exist }
    # https://github.com/inspec/inspec-gcp/issues/194
    its('ip_version') { should eq 'IPV4' }
    its('labels.owner') { eq 'ct-cloudanddevops' }
    its('labels.environment') { eq 'kitchen-env' }
    its('labels.role') { eq 'domain' }
    its('labels.provider') { eq 'terraform' }
  end
  describe google_compute_global_address(project: PROJECT_ID, name: 'default-svc-peering') do
    it { should exist }
    # https://github.com/inspec/inspec-gcp/issues/194
    its('ip_version') { should == 'IPV4' }
    its('labels.owner') { eq 'ct-cloudanddevops' }
    its('labels.environment') { eq 'kitchen-env' }
    its('labels.role') { eq 'domain' }
    its('labels.provider') { eq 'terraform' }
  end
Profile: basic
Version: (not specified)
Target:  gcp://xxx@xxx.iam.gserviceaccount.com

  ×  main: Network default-vpc-name (1 failed)
     ✔  Network default-vpc-name should exist
     ✔  Subnetwork default-public-subnet should exist
     ✔  Subnetwork default-public-subnet network should eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Subnetwork default-public-subnet region should eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  Subnetwork default-public-subnet ip_cidr_range should eq "10.0.0.0/24"
     ✔  Subnetwork default-private-subnet should exist
     ✔  Subnetwork default-private-subnet network should eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Subnetwork default-private-subnet region should eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  Subnetwork default-private-subnet ip_cidr_range should eq "10.1.0.0/24"
     ✔  Router router-xxx should exist
     ✔  Router router-xxx network should eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Router router-xxx region should eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  GlobalAddress default-svc-peering should exist
     ×  GlobalAddress default-svc-peering ip_version should eq "IPV4"

     expected: "IPV4"
          got: nil

     (compared using ==)

     ✔  GlobalAddress default-svc-peering labels.owner 
     ✔  GlobalAddress default-svc-peering labels.environment 
     ✔  GlobalAddress default-svc-peering labels.role 
     ✔  GlobalAddress default-svc-peering labels.provider 

Profile: Google Cloud Platform Resource Pack (inspec-gcp)
Version: 0.11.0
Target:  gcp://xxx@xxx.iam.gserviceaccount.com

     No tests executed.

Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 17 successful, 1 failure, 0 skipped
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Verify failed on instance <gcp-terraform>.  Please see .kitchen/logs/gcp-terraform.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
ERROR: Job failed: exit code 1
Profile: basic
Version: (not specified)
Target:  gcp://xxx@xxx.iam.gserviceaccount.com

  ×  main: Network default-vpc-name (1 failed)
     ✔  Network default-vpc-name should exist
     ✔  Subnetwork default-public-subnet should exist
     ✔  Subnetwork default-public-subnet network should eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Subnetwork default-public-subnet region should eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  Subnetwork default-public-subnet ip_cidr_range should eq "10.0.0.0/24"
     ✔  Subnetwork default-private-subnet should exist
     ✔  Subnetwork default-private-subnet network should eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Subnetwork default-private-subnet region should eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  Subnetwork default-private-subnet ip_cidr_range should eq "10.1.0.0/24"
     ✔  Router router-xxx should exist
     ✔  Router router-xxx network should eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Router router-xxx region should eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  GlobalAddress default-svc-peering should exist
     ×  GlobalAddress default-svc-peering ip_version should == "IPV4"
     expected: "IPV4"
          got: nil (using ==)
     ✔  GlobalAddress default-svc-peering labels.owner 
     ✔  GlobalAddress default-svc-peering labels.environment 
     ✔  GlobalAddress default-svc-peering labels.role 
     ✔  GlobalAddress default-svc-peering labels.provider 

Profile: Google Cloud Platform Resource Pack (inspec-gcp)
Version: 0.11.0
Target:  gcp://xxx@xxx.iam.gserviceaccount.com

     No tests executed.

Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 17 successful, 1 failure, 0 skipped
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Verify failed on instance <gcp-terraform>.  Please see .kitchen/logs/gcp-terraform.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
ERROR: Job failed: exit code 1
slevenick commented 5 years ago

Hmmm, I'm not sure what to think here. Are you sure that the ipVersion field is actually set on that resource? Can you check via gcloud or the cloud console?

I'm quite sure that the resource does support this field, as it is part of the integration test suite:

  ✔  google_compute_global_address-1.0: google_compute_global_address resource test
     ✔  GlobalAddress inspec-gcp-global-address is expected to exist
     ✔  GlobalAddress inspec-gcp-global-address ip_version is expected to eq "IPV6"

I see that you are on version 0.11.0 of the inspec-gcp resource pack, can you upgrade to the latest version?

pomverte commented 4 years ago

Still no success with version v0.23.2

inspect.yml

name: basic-inspect-gcp
depends:
  - name: inspec-gcp
    git: https://github.com/inspec/inspec-gcp.git
    tag: v0.23.2
supports:
  - platform: gcp
Running with gitlab-runner 12.5.0 (577f813d)
  on gitlab-runner-prod-1 oQFirHxT
Using Docker executor with image lafactory/terraform:2.6 ...
Pulling docker image lafactory/terraform:2.6 ...
Using docker image sha256:fe19498a4a44d95f7a956c3b5cf9f3e3546999b5990877ecc4e24732407d36be for lafactory/terraform:2.6 ...
Running on runner-oQFirHxT-project-57-concurrent-0 via gitlab-runner-prod-1...
Fetching changes...
Reinitialized existing Git repository in /builds/La_Factory/common/terraform/base-network/.git/
From https://gitlab.fd-lafactory.tech/La_Factory/common/terraform/base-network
 * [new ref]         refs/pipelines/15852 -> refs/pipelines/15852
   803c424..ec2c645  fix/ip_version       -> origin/fix/ip_version
Checking out ec2c645b as fix/ip_version...
Removing .terraform/
Removing tests/.kitchen/
Removing tests/integration/gcp/inspec.lock

Skipping Git submodules setup
$ echo "https://gitlab-ci-token:$CI_JOB_TOKEN@gitlab.fd-lafactory.tech" > ~/.git-credentials
$ git config --global credential.helper "store --file ~/.git-credentials"
$ cd tests
$ bundle install
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and
installing your bundle as root will break this application for all non-root
users on this machine.
Fetching gem metadata from https://rubygems.org/.............
Fetching gem metadata from https://rubygems.org/..
Resolving dependencies......
Using public_suffix 4.0.1
Using addressable 2.7.0
Using aws-eventstream 1.0.3
Using aws-sigv4 1.1.0
Using jmespath 1.4.0
Fetching aws-sdk-core 2.11.420
Installing aws-sdk-core 2.11.420
Fetching aws-sdk-resources 2.11.420
Installing aws-sdk-resources 2.11.420
Fetching aws-sdk 2.11.420
Installing aws-sdk 2.11.420
Using concurrent-ruby 1.1.5
Using multipart-post 2.1.1
Using faraday 0.17.1
Using unf_ext 0.0.7.2
Using unf 0.1.4
Using domain_name 0.5.20190701
Using http-cookie 1.0.3
Using faraday-cookie_jar 0.0.6
Using timeliness 0.3.10
Using ms_rest 0.7.5
Using ms_rest_azure 0.11.1
Using azure_graph_rbac 0.17.1
Using azure_mgmt_key_vault 0.17.5
Using azure_mgmt_resources 0.17.8
Using bigdecimal 1.4.4
Fetching builder 3.2.4
Installing builder 3.2.4
Using bundler 2.0.2
Using coderay 1.1.2
Using declarative 0.0.10
Using declarative-option 0.1.0
Using diff-lcs 1.3
Fetching excon 0.71.1
Installing excon 0.71.1
Using multi_json 1.14.1
Using docker-api 1.34.2
Using dry-core 0.4.9
Using dry-configurable 0.9.0
Using dry-container 0.7.2
Using dry-equalizer 0.3.0
Using dry-inflector 0.2.0
Using dry-logic 0.6.1
Using dry-types 0.14.1
Using dry-validation 0.13.0
Using equatable 0.6.1
Using erubi 1.9.0
Using faraday_middleware 0.12.2
Using ffi 1.11.3
Using jwt 2.2.1
Using memoist 0.16.2
Using os 1.0.1
Using signet 0.12.0
Using googleauth 0.6.7
Using httpclient 2.8.3
Using mime-types-data 3.2019.1009
Using mime-types 3.3
Using uber 0.1.0
Using representable 3.0.4
Using retriable 3.1.2
Using google-api-client 0.23.9
Using gssapi 1.3.0
Using gyoku 1.3.1
Using hashie 3.6.0
Using htmlentities 4.3.4
Using inifile 3.0.0
Using json 2.1.0
Using method_source 0.9.2
Using mixlib-log 3.0.1
Using parallel 1.19.1
Using parslet 1.8.2
Using pry 0.12.2
Using rspec-support 3.9.0
Using rspec-core 3.9.0
Using rspec-expectations 3.9.0
Using rspec-mocks 3.9.0
Using rspec 3.9.0
Using rspec-its 1.3.0
Using rubyzip 1.3.0
Using semverse 3.0.0
Using sslshake 1.3.0
Using tins 1.22.2
Using term-ansicolor 1.7.1
Using thor 0.20.3
Using tomlrb 1.2.9
Using mixlib-shellout 2.4.4
Using net-ssh 4.2.0
Using net-scp 1.2.1
Using little-plugger 1.1.4
Using logging 2.2.2
Using nori 2.6.0
Using rubyntlm 0.6.2
Using winrm 2.3.3
Using winrm-fs 1.3.3
Using train 1.7.6
Using train-habitat 0.2.13
Using necromancer 0.5.1
Using tty-color 0.5.0
Using pastel 0.7.3
Using tty-cursor 0.7.0
Using tty-screen 0.7.0
Using wisper 2.0.1
Using tty-reader 0.7.0
Using tty-prompt 0.20.0
Using strings-ansi 0.2.0
Using unicode-display_width 1.6.0
Using unicode_utils 1.4.0
Using strings 0.1.8
Using tty-table 0.11.0
Using inspec 3.9.3
Using tty-box 0.5.0
Using license-acceptance 1.0.13
Using mixlib-versioning 1.2.7
Fetching mixlib-install 3.11.24
Installing mixlib-install 3.11.24
Using net-ssh-gateway 2.0.0
Using winrm-elevated 1.1.2
Using test-kitchen 1.25.0
Using tty-which 0.4.1
Using kitchen-terraform 4.9.0
Bundle complete! 3 Gemfile dependencies, 114 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
$ bundle exec kitchen test
-----> Starting Kitchen (v1.25.0)
-----> Cleaning up any prior instances of <gcp-terraform>
-----> Destroying <gcp-terraform>...
       Terraform v0.12.17

       Your version of Terraform is out of date! The latest version
       is 0.12.18. You can update by downloading from https://www.terraform.io/downloads.html
$$$$$$ Running command `terraform init -input=false -lock=true -lock-timeout=0s -no-color -force-copy -backend=true -backend-config="bucket=fd-tf-backend-xxx" -backend-config="prefix=base-network" -get=true -get-plugins=true -verify-plugins=true` in directory /builds/La_Factory/common/terraform/base-network
       Initializing modules...
       Downloading git::https://gitlab.fd-lafactory.tech/La_Factory/common/terraform/private-dns-zone.git?ref=v1.0.1 for private_dns_zone...
       - private_dns_zone in .terraform/modules/private_dns_zone

       Initializing the backend...

       Successfully configured the backend "gcs"! Terraform will automatically
       use this backend unless the backend configuration changes.

       Initializing provider plugins...
       - Checking for available provider plugins...
       - Downloading plugin for provider "google-beta" (terraform-providers/google-beta) 2.20.1...
       - Downloading plugin for provider "google" (hashicorp/google) 2.20.1...

       Terraform has been successfully initialized!
$$$$$$ Running command `terraform workspace select kitchen-terraform-gcp-terraform` in directory /builds/La_Factory/common/terraform/base-network
       Switched to workspace "kitchen-terraform-gcp-terraform".
$$$$$$ Running command `terraform destroy -auto-approve -lock=true -lock-timeout=0s -input=false -no-color -parallelism=10 -refresh=true  -var-file="/builds/La_Factory/common/terraform/base-network/tests/common.tfvars"` in directory /builds/La_Factory/common/terraform/base-network

       Warning: Quoted references are deprecated

         on peering.tf line 3, in resource "google_compute_global_address" "svc_ip_range":
          3:   provider      = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       Warning: Quoted references are deprecated

         on peering.tf line 22, in resource "google_service_networking_connection" "svc_peering":
         22:   provider                = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       google_compute_network.vpc: Refreshing state... [id=default-vpc-name]
       google_compute_global_address.svc_ip_range[0]: Refreshing state... [id=default-svc-peering]
       google_compute_subnetwork.private: Refreshing state... [id=europe-west1/default-private-subnet]
       google_compute_subnetwork.public: Refreshing state... [id=europe-west1/default-public-subnet]
       module.private_dns_zone.data.google_compute_network.vpc: Refreshing state...
       google_compute_router.router: Refreshing state... [id=europe-west1/router-xxx]
       google_service_networking_connection.svc_peering[0]: Refreshing state... [id=https%3A%2F%2Fwww.googleapis.com%2Fcompute%2Fv1%2Fprojects%2Fxxx%2Fglobal%2Fnetworks%2Fdefault-vpc-name:servicenetworking.googleapis.com]
       google_compute_router_nat.natgw: Refreshing state... [id=xxx/europe-west1/router-xxx/natgw-xxx]
       google_compute_subnetwork.public: Destroying... [id=europe-west1/default-public-subnet]
       google_compute_router_nat.natgw: Destroying... [id=xxx/europe-west1/router-xxx/natgw-xxx]
       google_service_networking_connection.svc_peering[0]: Destroying... [id=https%3A%2F%2Fwww.googleapis.com%2Fcompute%2Fv1%2Fprojects%2Fxxx%2Fglobal%2Fnetworks%2Fdefault-vpc-name:servicenetworking.googleapis.com]
       google_compute_router_nat.natgw: Destruction complete after 9s
       google_compute_router.router: Destroying... [id=europe-west1/router-xxx]
       google_compute_subnetwork.public: Still destroying... [id=europe-west1/default-public-subnet, 10s elapsed]
       google_service_networking_connection.svc_peering[0]: Still destroying... [id=https%3A%2F%2Fwww.googleapis.com%2Fcomp...-name:servicenetworking.googleapis.com, 10s elapsed]
       google_compute_router.router: Destruction complete after 4s
       google_compute_subnetwork.private: Destroying... [id=europe-west1/default-private-subnet]
       google_compute_subnetwork.public: Destruction complete after 16s
       google_service_networking_connection.svc_peering[0]: Destruction complete after 17s
       google_compute_global_address.svc_ip_range[0]: Destroying... [id=default-svc-peering]
       google_compute_global_address.svc_ip_range[0]: Destruction complete after 4s
       google_compute_subnetwork.private: Still destroying... [id=europe-west1/default-private-subnet, 10s elapsed]
       google_compute_subnetwork.private: Destruction complete after 16s
       google_compute_network.vpc: Destroying... [id=default-vpc-name]
       google_compute_network.vpc: Still destroying... [id=default-vpc-name, 10s elapsed]
       google_compute_network.vpc: Destruction complete after 16s

       Warning: "enable_flow_logs": [DEPRECATED] This field is being removed in favor of log_config. If log_config is present, flow logs are enabled.

         on main.tf line 6, in resource "google_compute_subnetwork" "public":
          6: resource "google_compute_subnetwork" "public" {

       Warning: "enable_flow_logs": [DEPRECATED] This field is being removed in favor of log_config. If log_config is present, flow logs are enabled.

         on main.tf line 20, in resource "google_compute_subnetwork" "private":
         20: resource "google_compute_subnetwork" "private" {

       Warning: Quoted references are deprecated

         on peering.tf line 3, in resource "google_compute_global_address" "svc_ip_range":
          3:   provider      = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       Warning: Quoted references are deprecated

         on peering.tf line 22, in resource "google_service_networking_connection" "svc_peering":
         22:   provider                = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       Destroy complete! Resources: 7 destroyed.
$$$$$$ Running command `terraform workspace select default` in directory /builds/La_Factory/common/terraform/base-network
       Switched to workspace "default".
$$$$$$ Running command `terraform workspace delete kitchen-terraform-gcp-terraform` in directory /builds/La_Factory/common/terraform/base-network
       Deleted workspace "kitchen-terraform-gcp-terraform"!
       Finished destroying <gcp-terraform> (0m54.29s).
-----> Testing <gcp-terraform>
-----> Creating <gcp-terraform>...
       Terraform v0.12.17

       Your version of Terraform is out of date! The latest version
       is 0.12.18. You can update by downloading from https://www.terraform.io/downloads.html
$$$$$$ Running command `terraform init -input=false -lock=true -lock-timeout=0s -no-color -upgrade -force-copy -backend=true -backend-config="bucket=fd-tf-backend-xxx" -backend-config="prefix=base-network" -get=true -get-plugins=true -verify-plugins=true` in directory /builds/La_Factory/common/terraform/base-network
       Upgrading modules...
       Downloading git::https://gitlab.fd-lafactory.tech/La_Factory/common/terraform/private-dns-zone.git?ref=v1.0.1 for private_dns_zone...
       - private_dns_zone in .terraform/modules/private_dns_zone

       Initializing the backend...

       Initializing provider plugins...
       - Checking for available provider plugins...
       - Downloading plugin for provider "google-beta" (terraform-providers/google-beta) 2.20.1...
       - Downloading plugin for provider "google" (hashicorp/google) 2.20.1...

       Terraform has been successfully initialized!
$$$$$$ Running command `terraform workspace select kitchen-terraform-gcp-terraform` in directory /builds/La_Factory/common/terraform/base-network

       Workspace "kitchen-terraform-gcp-terraform" doesn't exist.

       You can create this workspace with the "new" subcommand.
$$$$$$ Running command `terraform workspace new kitchen-terraform-gcp-terraform` in directory /builds/La_Factory/common/terraform/base-network
       Created and switched to workspace "kitchen-terraform-gcp-terraform"!

       You're now on a new, empty workspace. Workspaces isolate their state,
       so if you run "terraform plan" Terraform will not see any existing state
       for this configuration.
       Finished creating <gcp-terraform> (0m3.86s).
-----> Converging <gcp-terraform>...
       Terraform v0.12.17

       Your version of Terraform is out of date! The latest version
       is 0.12.18. You can update by downloading from https://www.terraform.io/downloads.html
$$$$$$ Running command `terraform workspace select kitchen-terraform-gcp-terraform` in directory /builds/La_Factory/common/terraform/base-network
$$$$$$ Running command `terraform get -update` in directory /builds/La_Factory/common/terraform/base-network
       Downloading git::https://gitlab.fd-lafactory.tech/La_Factory/common/terraform/private-dns-zone.git?ref=v1.0.1 for private_dns_zone...
       - private_dns_zone in .terraform/modules/private_dns_zone
$$$$$$ Running command `terraform validate -no-color  -var-file="/builds/La_Factory/common/terraform/base-network/tests/common.tfvars"` in directory /builds/La_Factory/common/terraform/base-network

       Warning: The -var and -var-file flags are not used in validate. Setting them has no effect.

       These flags will be removed in a future version of Terraform.

       Warning: "enable_flow_logs": [DEPRECATED] This field is being removed in favor of log_config. If log_config is present, flow logs are enabled.

         on main.tf line 6, in resource "google_compute_subnetwork" "public":
          6: resource "google_compute_subnetwork" "public" {

       Warning: "enable_flow_logs": [DEPRECATED] This field is being removed in favor of log_config. If log_config is present, flow logs are enabled.

         on main.tf line 20, in resource "google_compute_subnetwork" "private":
         20: resource "google_compute_subnetwork" "private" {

       Warning: Quoted references are deprecated

         on peering.tf line 3, in resource "google_compute_global_address" "svc_ip_range":
          3:   provider      = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       Warning: Quoted references are deprecated

         on peering.tf line 22, in resource "google_service_networking_connection" "svc_peering":
         22:   provider                = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       Success! The configuration is valid, but there were some validation warnings as shown above.

$$$$$$ Running command `terraform apply -lock=true -lock-timeout=0s -input=false -auto-approve=true -no-color -parallelism=10 -refresh=true  -var-file="/builds/La_Factory/common/terraform/base-network/tests/common.tfvars"` in directory /builds/La_Factory/common/terraform/base-network

       Warning: Quoted references are deprecated

         on peering.tf line 3, in resource "google_compute_global_address" "svc_ip_range":
          3:   provider      = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       Warning: Quoted references are deprecated

         on peering.tf line 22, in resource "google_service_networking_connection" "svc_peering":
         22:   provider                = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       google_compute_network.vpc: Creating...
       google_compute_network.vpc: Still creating... [10s elapsed]
       google_compute_network.vpc: Still creating... [20s elapsed]
       google_compute_network.vpc: Creation complete after 27s [id=default-vpc-name]
       module.private_dns_zone.data.google_compute_network.vpc: Refreshing state...
       google_compute_global_address.svc_ip_range[0]: Creating...
       google_compute_subnetwork.public: Creating...
       google_compute_subnetwork.private: Creating...
       google_compute_global_address.svc_ip_range[0]: Creation complete after 5s [id=default-svc-peering]
       google_service_networking_connection.svc_peering[0]: Creating...
       google_compute_subnetwork.public: Still creating... [10s elapsed]
       google_compute_subnetwork.private: Still creating... [10s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [10s elapsed]
       google_compute_subnetwork.public: Creation complete after 17s [id=europe-west1/default-public-subnet]
       google_compute_subnetwork.private: Still creating... [20s elapsed]
       google_service_networking_connection.svc_peering[0]: Still creating... [20s elapsed]
       google_compute_subnetwork.private: Creation complete after 27s [id=europe-west1/default-private-subnet]
       google_compute_router.router: Creating...
       google_compute_router.router: Creation complete after 4s [id=europe-west1/router-xxx]
       google_compute_router_nat.natgw: Creating...
       google_service_networking_connection.svc_peering[0]: Still creating... [30s elapsed]
       google_compute_router_nat.natgw: Still creating... [10s elapsed]
       google_service_networking_connection.svc_peering[0]: Creation complete after 38s [id=https%3A%2F%2Fwww.googleapis.com%2Fcompute%2Fv1%2Fprojects%2Fxxx%2Fglobal%2Fnetworks%2Fdefault-vpc-name:servicenetworking.googleapis.com]
       google_compute_router_nat.natgw: Creation complete after 17s [id=xxx/europe-west1/router-xxx/natgw-xxx]

       Warning: "enable_flow_logs": [DEPRECATED] This field is being removed in favor of log_config. If log_config is present, flow logs are enabled.

         on main.tf line 6, in resource "google_compute_subnetwork" "public":
          6: resource "google_compute_subnetwork" "public" {

       Warning: "enable_flow_logs": [DEPRECATED] This field is being removed in favor of log_config. If log_config is present, flow logs are enabled.

         on main.tf line 20, in resource "google_compute_subnetwork" "private":
         20: resource "google_compute_subnetwork" "private" {

       Warning: Quoted references are deprecated

         on peering.tf line 3, in resource "google_compute_global_address" "svc_ip_range":
          3:   provider      = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       Warning: Quoted references are deprecated

         on peering.tf line 22, in resource "google_service_networking_connection" "svc_peering":
         22:   provider                = "google-beta"

       In this context, references are expected literally rather than in quotes.
       Terraform 0.11 and earlier required quotes, but quoted references are now
       deprecated and will be removed in a future version of Terraform. Remove the
       quotes surrounding this reference to silence this warning.

       Apply complete! Resources: 7 added, 0 changed, 0 destroyed.
       Finished converging <gcp-terraform> (1m20.03s).
-----> Setting up <gcp-terraform>...
       Finished setting up <gcp-terraform> (0m0.00s).
-----> Verifying <gcp-terraform>...
       [Shell] Verify on instance gcp-terraform with state={:last_action=>"setup", :last_error=>nil}
[2019-12-23T10:38:59+00:00] WARN: Input 'provider' does not have a value. Use --input-file to provide a value for 'provider' or specify a  value with `attribute('provider', value: 'somevalue', ...)`.

Profile: basic-inspect-gcp
Version: (not specified)
Target:  gcp://sa-tf-xxx@xxx.iam.gserviceaccount.com

  ×  main: Network default-vpc-name (1 failed)
     ✔  Network default-vpc-name is expected to exist
     ✔  Subnetwork default-public-subnet is expected to exist
     ✔  Subnetwork default-public-subnet network is expected to eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Subnetwork default-public-subnet region is expected to eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  Subnetwork default-public-subnet ip_cidr_range is expected to eq "10.0.0.0/24"
     ✔  Subnetwork default-private-subnet is expected to exist
     ✔  Subnetwork default-private-subnet network is expected to eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Subnetwork default-private-subnet region is expected to eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  Subnetwork default-private-subnet ip_cidr_range is expected to eq "10.1.0.0/24"
     ✔  Router router-xxx is expected to exist
     ✔  Router router-xxx network is expected to eq "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/default-vpc-name"
     ✔  Router router-xxx region is expected to eq "https://www.googleapis.com/compute/v1/projects/xxx/regions/europe-west1"
     ✔  GlobalAddress default-svc-peering is expected to exist
     ×  GlobalAddress default-svc-peering ip_version is expected to == "IPV4"
     expected: "IPV4"
          got: nil (using ==)
     ✔  GlobalAddress default-svc-peering labels.owner 
     ✔  GlobalAddress default-svc-peering labels.environment 
     ✔  GlobalAddress default-svc-peering labels.role 
     ✔  GlobalAddress default-svc-peering labels.provider 

Profile: Google Cloud Platform Resource Pack (inspec-gcp)
Version: 0.23.2
Target:  gcp://sa-tf-xxx@xxx.iam.gserviceaccount.com

     No tests executed.

Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 17 successful, 1 failure, 0 skipped
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Verify failed on instance <gcp-terraform>.  Please see .kitchen/logs/gcp-terraform.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
ERROR: Job failed: exit code 1