inspec-gcp icon indicating copy to clipboard operation
inspec-gcp copied to clipboard
verified publisher icon inspec

Upgrade google_redis_instance() to expose 'transit_encryption_mode' attribute

Open sukchomb-zz opened this issue 4 years ago • 2 comments

We want to be able to test if a memstore redis instance has TLS enabled.

Detailed Description

When TLS is enabled 'transit_encryption_mode' is set to 'SERVER_AUTHENTICATION' in @fetched

During Inspec resource execution, although 'transit_encryption_mode' is brought back in @fetched object, there is no corresponding method in google_redis_instance#methods which can be used to test it in the resource.

Context

We can explicitly test this attribute and further check the security posture of the platform.

Possible Implementation

As an interim fix to , I have implemented this as:

 this_redis_instance= google_redis_instance(project: p_gcp_project_id, region: p_redis_instance_region, name: p_redis_instance_name)
      
 describe "Instance $#{p_redis_instance_name}$, its TLS settings is expected to be 'SERVER_AUTHENTICATION'"  do
   subject {this_redis_instance.inspect.to_s.match?('transitEncryptionMode\"=>\"SERVER_AUTHENTICATION')}
    it {should cmp true}
 end

sukchomb-zz avatar Feb 01 '21 14:02 sukchomb-zz

This will be done via https://github.com/GoogleCloudPlatform/magic-modules/pull/4444

slevenick avatar Feb 11 '21 18:02 slevenick

@sukchomb , sorry this took a while... could you go ahead and test please.

trickyearlobe avatar Mar 05 '21 15:03 trickyearlobe