Syntax
A google_compute_firewalls
is used to test a Google Firewall resource
Beta Resource
This resource has beta fields available. To retrieve these fields, include beta: true
in the constructor for the resource
Examples
describe google_compute_firewalls(project: 'chef-gcp-inspec') do
its('count') { should be >= 1 }
its('firewall_names') { should include 'inspec-gcp-firewall' }
its('firewall_directions') { should include 'INGRESS' }
end
Test that there are no more than a specified number of firewalls available for the project
describe google_compute_firewalls(project: 'chef-inspec-gcp') do
its('count') { should be <= 100}
end
Test that an expected firewall is available for the project
describe google_compute_firewalls(project: 'chef-inspec-gcp') do
its('firewall_names') { should include "my-app-firewall-rule" }
end
Test that a particular named rule does not exist
describe google_compute_firewalls(project: 'chef-inspec-gcp') do
its('firewall_names') { should_not include "default-allow-ssh" }
end
Test there are no firewalls for the “INGRESS” direction
describe google_compute_firewalls(project: 'chef-inspec-gcp').where(firewall_direction: 'INGRESS') do
it { should_not exist }
end
Properties
Properties that can be accessed from the google_compute_firewalls
resource:
See googlecomputefirewall.md for more detailed information
* alloweds
: an array of google_compute_firewall
allowed
* creation_timestamps
: an array of google_compute_firewall
creationtimestamp
* denieds
: an array of `googlecomputefirewalldenied
*
descriptions: an array of
googlecomputefirewalldescription
*
destinationranges: an array of
googlecomputefirewalldestination_ranges
*
firewalldirections: an array of
googlecomputefirewalldirection
*
disableds: an array of
googlecomputefirewalldisabled
*
logconfigs: an array of
googlecomputefirewalllog_config
*
firewallids: an array of
googlecomputefirewallid
*
firewallnames: an array of
googlecomputefirewallname
*
networks: an array of
googlecomputefirewallnetwork
*
priorities: an array of
googlecomputefirewallpriority
*
sourceranges: an array of
googlecomputefirewall` sourceranges
* source_service_accounts
: an array of google_compute_firewall
sourceserviceaccounts
* source_tags
: an array of google_compute_firewall
sourcetags
* `targetserviceaccounts: an array of
googlecomputefirewall` targetserviceaccounts
* `targettags: an array of
googlecomputefirewall` target_tags
Filter Criteria
This resource supports all of the above properties as filter criteria, which can be used
with where
as a block or a method.
GCP Permissions
Ensure the Compute Engine API is enabled for the current project.