Syntax

A google_compute_firewalls is used to test a Google Firewall resource

Beta Resource

This resource has beta fields available. To retrieve these fields, include beta: true in the constructor for the resource

Examples

describe google_compute_firewalls(project: 'chef-gcp-inspec') do
  its('count') { should be >= 1 }
  its('firewall_names') { should include 'inspec-gcp-firewall' }
  its('firewall_directions') { should include 'INGRESS' }
end

Test that there are no more than a specified number of firewalls available for the project

describe google_compute_firewalls(project: 'chef-inspec-gcp') do
  its('count') { should be <= 100}
end

Test that an expected firewall is available for the project

describe google_compute_firewalls(project: 'chef-inspec-gcp') do
  its('firewall_names') { should include "my-app-firewall-rule" }
end

Test that a particular named rule does not exist

describe google_compute_firewalls(project: 'chef-inspec-gcp') do
  its('firewall_names') { should_not include "default-allow-ssh" }
end

Test there are no firewalls for the “INGRESS” direction

describe google_compute_firewalls(project: 'chef-inspec-gcp').where(firewall_direction: 'INGRESS') do
  it { should_not exist }
end

Properties

Properties that can be accessed from the google_compute_firewalls resource:

See googlecomputefirewall.md for more detailed information * alloweds: an array of google_compute_firewall allowed * creation_timestamps: an array of google_compute_firewall creationtimestamp * denieds: an array of `googlecomputefirewalldenied *descriptions: an array ofgooglecomputefirewalldescription *destinationranges: an array ofgooglecomputefirewalldestination_ranges *firewalldirections: an array ofgooglecomputefirewalldirection *disableds: an array ofgooglecomputefirewalldisabled *logconfigs: an array ofgooglecomputefirewalllog_config *firewallids: an array ofgooglecomputefirewallid *firewallnames: an array ofgooglecomputefirewallname *networks: an array ofgooglecomputefirewallnetwork *priorities: an array ofgooglecomputefirewallpriority *sourceranges: an array ofgooglecomputefirewall` sourceranges * source_service_accounts: an array of google_compute_firewall sourceserviceaccounts * source_tags: an array of google_compute_firewall sourcetags * `targetserviceaccounts: an array ofgooglecomputefirewall` targetserviceaccounts * `targettags: an array ofgooglecomputefirewall` target_tags

Filter Criteria

This resource supports all of the above properties as filter criteria, which can be used with where as a block or a method.

GCP Permissions

Ensure the Compute Engine API is enabled for the current project.