-
Notifications
You must be signed in to change notification settings - Fork 0
/
kitchen.yml
255 lines (251 loc) · 8.98 KB
/
kitchen.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
# spell-checker: ignore strftime tfvars inspec
<%
# Fall back to current time and known location for report files if not present
# in ENV
report_dir = ENV['REPORT_DIR'] || DateTime.now.strftime('test/reports/%Y%m%d')
report_ts = ENV['REPORT_TS'] || DateTime.now.rfc3339
%>
---
driver:
name: terraform
command_timeout: 300
verify_version: true
variables:
# These variables are applied to every platform (gcp/aws/azure) and suite
gcpRegion: us-west1
# This file will be generated by test/setup Terraform
# NOTE: values in this file will override the 'variables:' section everywhere
variable_files:
- test/setup/harness.tfvars
provisioner:
name: terraform
verifier:
name: terraform
color: true
platforms:
- name: google-network-min
driver:
root_module_directory: test/fixtures/google/network/min
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-network-min-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-network-min-<%= report_ts %>.html
- name: google-network-min-example
driver:
root_module_directory: test/fixtures/google/network/min/example
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-network-min-example-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-network-min-example-<%= report_ts %>.html
- name: google-workstation-default
driver:
root_module_directory: test/fixtures/google/workstation
variables:
variant: def
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-workstation-default-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-workstation-default-<%= report_ts %>.html
- name: google-workstation-example
driver:
root_module_directory: test/fixtures/google/workstation/example
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-workstation-example-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-workstation-example-<%= report_ts %>.html
- name: google-infra-default
driver:
root_module_directory: test/fixtures/google/infra
variables:
variant: def
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-default-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-default-<%= report_ts %>.html
- name: google-infra-example
driver:
root_module_directory: test/fixtures/google/infra/example
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-example-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-example-<%= report_ts %>.html
- name: google-infra-custom-vpcs
driver:
root_module_directory: test/fixtures/google/infra
variables:
# spell-checker: ignore vpcopts mgmt
variant: vpcopts
vpc_options: '{ mgmt = { primary_cidr = \"172.16.0.0/16\", mtu = 1500, nat = true }, private = { primary_cidr = \"172.17.0.0/16\", mtu = 1500, nat = false }, public = { primary_cidr = \"172.18.0.0/16\", mtu = 1500, nat = false }}'
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-custom-vpcs-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-custom-vpcs-<%= report_ts %>.html
- name: google-infra-private-vpc
driver:
root_module_directory: test/fixtures/google/infra
variables:
variant: priv
# main VPC should be an alias for private in this case
expected_main_equiv: private
vpc_options: '{ mgmt = null, private = { primary_cidr = \"172.17.0.0/16\", mtu = 1500, nat = true }, public = null}'
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-private-vpc-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-private-vpc-<%= report_ts %>.html
- name: google-infra-public-vpc
driver:
root_module_directory: test/fixtures/google/infra
variables:
variant: pub
# main VPC should be an alias for public in this case
expected_main_equiv: public
vpc_options: '{ mgmt = null, private = null, public = { primary_cidr = \"172.18.0.0/16\", mtu = 1500, nat = false } }'
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-public-vpc-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-public-vpc-<%= report_ts %>.html
- name: google-infra-priv-pub-vpc
driver:
root_module_directory: test/fixtures/google/infra
variables:
variant: pp
# main VPC should be an alias for private in this case
expected_main_equiv: private
vpc_options: '{ mgmt = null, private = { primary_cidr = \"172.17.0.0/16\", mtu = 1500, nat = false }, public = { primary_cidr = \"172.18.0.0/16\", mtu = 1500, nat = false } }'
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-priv-pub-vpc-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-priv-pub-vpc-<%= report_ts %>.html
- name: google-infra-workstation
driver:
root_module_directory: test/fixtures/google/infra
variables:
# spell-checker: ignore wkstn
variant: wkstn
features: '{workstation = "true", isolated = "false", registry = "false"}'
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-workstation-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-workstation-<%= report_ts %>.html
- name: google-infra-isolated
driver:
root_module_directory: test/fixtures/google/infra
variables:
variant: iso
features: '{workstation = "false", isolated = "true", registry = "false"}'
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-isolated-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-isolated-<%= report_ts %>.html
- name: google-infra-registry
driver:
root_module_directory: test/fixtures/google/infra
variables:
variant: reg
features: '{workstation = "false", isolated = "false", registry = "true"}'
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-registry-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-registry-<%= report_ts %>.html
- name: google-infra-enable-all
driver:
root_module_directory: test/fixtures/google/infra
variables:
variant: all
features: '{workstation = "true", isolated = "true", registry = "true"}'
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-enable-all-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-enable-all-<%= report_ts %>.html
- name: google-infra-disable-all
driver:
root_module_directory: test/fixtures/google/infra
variables:
variant: 'off'
features: '{workstation = "false", isolated = "false", registry = "false"}'
verifier:
systems:
- name: inspec-gcp
backend: gcp
reporter:
- cli
- documentation:<%= report_dir %>/google-infra-disable-all-<%= report_ts %>.txt
- html2:<%= report_dir %>/google-infra-disable-all-<%= report_ts %>.html
suites:
- name: gcp-network-min
includes:
- google-network-min
- google-network-min-example
- name: gcp-workstation
includes:
- google-workstation-default
- google-workstation-example
- name: gcp-infra
includes:
- google-infra-default
- google-infra-example
- google-infra-custom-vpcs
- google-infra-private-vpc
- google-infra-public-vpc
- google-infra-priv-pub-vpc
- google-infra-workstation
- google-infra-isolated
- google-infra-registry
- google-infra-enable-all
- google-infra-disable-all