search

mattray / inspec-iggy

InSpec CLI plugin for generating compliance controls from Terraform and CloudFormation
Apache License 2.0
106 stars 18 forks source link

No output for GCP resources #6

Closed darkn3rd closed 5 years ago

darkn3rd commented 6 years ago

Steps

DEFAULT_CREDENTIALS=~/.config/gcloud/application_default_credentials.json
export TF_VAR_credentials=~/.config/gcloud/tf_creds.json
gcloud auth application-default login
cp ${DEFAULT_CREDENTIALS} ${TF_VAR_credentials}
export TF_VAR_project="$(gcloud config list --format 'value(core.project)')"
export TF_VAR_region="us-east1"
export TF_VAR_password="sekrets"

Using this a TF script like this:

variable "project" {}
variable "region" {}

provider "google" {
    project = "${var.project}"
    region = "${var.region}"
}

variable "username" {
  default = "admin"
}
variable "password" {}

resource "google_container_cluster" "mycluster" {
  name               = "mycluster"
  zone               = "us-east1-b"
  initial_node_count = 3

  addons_config {
    network_policy_config {
      disabled = true
    }
  }

  master_auth {
    username = "${var.username}"
    password = "${var.password}"
  }

  node_config {
    oauth_scopes = [
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
      "https://www.googleapis.com/auth/service.management.readonly",
      "https://www.googleapis.com/auth/servicecontrol",
      "https://www.googleapis.com/auth/trace.append",
      "https://www.googleapis.com/auth/compute"
    ]
  }
}

Then running it to create the state file:

$ terraform plan
$ terraform apply # create the instances
$ inspec terraform generate --tfstate terraform.tfstate
# encoding: utf-8
#

title '/path/to/terraform.tfstate controls generated by Iggy v0.2.0'
mattray commented 6 years ago

I haven't had a chance to test with GCP yet, I'm sure there are some mappings that aren't happening correctly (ie. for Azure we had to do "azurerm" -> "azure"). I'm planning on kicking the tires on GCP next week.

gbergere commented 5 years ago

Hello @mattray, I’m really interested with this project! Do you have any update regarding GCP? Thank you

mattray commented 5 years ago

I believe some GCP work is finally about to happen for a customer. Thank you for your patience.

If you have a .tfstate file from GCP you don't mind sharing for testing purposes, I'll be happy to put the basic support in to get started.

mattray commented 5 years ago

This will have to come out of work being done to add support for Resource Packs with InSpec 4 (out very soon).

mattray commented 5 years ago

Working on this in the 0.6.0 branch. Resource pack loading has been sorted.

mattray commented 5 years ago

GCP was well-tested with the 0.6.0 release.