Add test for InSpec operator

Author: morgante

.kitchen.yml

@@ -85,6 +85,7 @@ suites:
  backend: local
  controls:
  - gcloud
+ - acm
  - name: gcp
  backend: gcp
  controls:

test/integration/simple_zonal/controls/acm.rb

@@ -0,0 +1,52 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'kubeclient'
+require 'rest-client'
+
+require 'base64'
+
+kubernetes_endpoint = attribute('kubernetes_endpoint')
+client_token = attribute('client_token')
+ca_certificate = attribute('ca_certificate')
+
+control "acm" do
+ title "Anthos Config Management"
+
+ describe "kubernetes" do
+ let(:kubernetes_http_endpoint) { "https://#{kubernetes_endpoint}/api" }
+ let(:client) do
+ cert_store = OpenSSL::X509::Store.new
+ cert_store.add_cert(OpenSSL::X509::Certificate.new(Base64.decode64(ca_certificate)))
+ Kubeclient::Client.new(
+ kubernetes_http_endpoint,
+ "v1",
+ ssl_options: {
+ cert_store: cert_store,
+ verify_ssl: OpenSSL::SSL::VERIFY_PEER,
+ },
+ auth_options: {
+ bearer_token: Base64.decode64(client_token),
+ },
+ )
+ end
+
+ describe "config-management-system namespace" do
+ let(:namespace) { client.get_namespace("config-management-system") }
+ it "should exist" do
+ expect(namespace).not_to be nil
+ end
+ end
+ end
+end

test/integration/simple_zonal/inspec.yml

@@ -25,4 +25,6 @@ attributes:
  - name: service_account
  required: true
  type: string
-
+ - name: ca_certificate
+ required: true
+ type: string