google_container_clusters resource
Use the google_container_clusters InSpec audit resource to to test a Google Cloud Cluster resource.
Examples
describe google_container_clusters(project: 'chef-gcp-inspec', location: 'europe-west2-a') do
its('cluster_names') { should include 'gcp-inspec-kube-cluster' }
end
Test that there are no more than a specified number of clusters available for the project in a particular zone
describe google_container_clusters(project: 'chef-inspec-gcp', location: 'europe-west2-a') do
its('count') { should be <= 5}
end
Test that an expected cluster is available for the project
describe google_container_clusters(project: 'chef-inspec-gcp', location: 'europe-west2-a') do
its('cluster_names') { should include "my-cluster" }
end
Test whether any clusters are in status “STOPPING”
describe google_container_clusters(project: 'chef-inspec-gcp', location: 'europe-west2-a') do
its('cluster_statuses') { should_not include "STOPPING" }
end
Test that a subset of all clusters matching “kube*” are “RUNNING”
google_container_clusters(project: gcp_project_id).where(cluster_name: /^kube/).cluster_names.each do |cluster_name|
describe google_container_cluster(project: 'chef-inspec-gcp', location: 'europe-west2-a', name: cluster_name) do
it { should exist }
its('status') { should eq 'RUNNING' }
end
end
Properties
Properties that can be accessed from the google_container_clusters resource:
See google_container_cluster for more detailed information.
cluster_names: an array ofgoogle_container_clusternamedescriptions: an array ofgoogle_container_clusterdescriptioninitial_node_counts: an array ofgoogle_container_clusterinitial_node_countnode_configs: an array ofgoogle_container_clusternode_configmaster_auths: an array ofgoogle_container_clustermaster_authlogging_services: an array ofgoogle_container_clusterlogging_servicemonitoring_services: an array ofgoogle_container_clustermonitoring_servicecluster_networks: an array ofgoogle_container_clusternetworkdatabase_encryptions: an array ofgoogle_container_clusterdatabase_encryptionprivate_cluster_configs: an array ofgoogle_container_clusterprivate_cluster_configcluster_ipv4_cidrs: an array ofgoogle_container_clustercluster_ipv4_cidrenable_tpus: an array ofgoogle_container_clusterenable_tputpu_ipv4_cidr_blocks: an array ofgoogle_container_clustertpu_ipv4_cidr_blockaddons_configs: an array ofgoogle_container_clusteraddons_configsubnetworks: an array ofgoogle_container_clustersubnetworklocations: an array ofgoogle_container_clusterlocationsresource_labels: an array ofgoogle_container_clusterresource_labelslabel_fingerprints: an array ofgoogle_container_clusterlabel_fingerprintlegacy_abacs: an array ofgoogle_container_clusterlegacy_abacnetwork_policies: an array ofgoogle_container_clusternetwork_policydefault_max_pods_constraints: an array ofgoogle_container_clusterdefault_max_pods_constraintip_allocation_policies: an array ofgoogle_container_clusterip_allocation_policyendpoints: an array ofgoogle_container_clusterendpointinitial_cluster_versions: an array ofgoogle_container_clusterinitial_cluster_versioncurrent_master_versions: an array ofgoogle_container_clustercurrent_master_versioncurrent_node_versions: an array ofgoogle_container_clustercurrent_node_versioncreate_times: an array ofgoogle_container_clustercreate_timecluster_statuses: an array ofgoogle_container_clusterstatusstatus_messages: an array ofgoogle_container_clusterstatus_messagenode_ipv4_cidr_sizes: an array ofgoogle_container_clusternode_ipv4_cidr_sizeservices_ipv4_cidrs: an array ofgoogle_container_clusterservices_ipv4_cidrcurrent_node_counts: an array ofgoogle_container_clustercurrent_node_countexpire_times: an array ofgoogle_container_clusterexpire_timeconditions: an array ofgoogle_container_clusterconditionsmaster_authorized_networks_configs: an array ofgoogle_container_clustermaster_authorized_networks_confignode_pools: an array ofgoogle_container_clusternode_poolsbinary_authorizations: an array ofgoogle_container_clusterbinary_authorizationrelease_channels: an array ofgoogle_container_clusterrelease_channelshielded_nodes: an array ofgoogle_container_clustershielded_nodesnetwork_configs: an array ofgoogle_container_clusternetwork_configenable_kubernetes_alphas: an array ofgoogle_container_clusterenable_kubernetes_alphalocations: an array ofgoogle_container_clusterlocation
Filter criteria
This resource supports all of the above properties as filter criteria, which can be used
with where as a block or a method.
GCP permissions
Ensure the Kubernetes Engine API is enabled for the current project.