Add table gcp_compute_ssl_policy. Closes #153

docs/tables/gcp_compute_ssl_policy.md

@@ -0,0 +1,60 @@
+# Table: gcp_compute_ssl_policy
+
+Secure Sockets Layer (SSL) policies determine what port Transport Layer Security (TLS)
+features clients are permitted to use when connecting to load balancers.
+
+## Examples
+
+### Basic info
+
+```sql
+select
+  name,
+  id,
+  self_link,
+  min_tls_version
+from
+  gcp_compute_ssl_policy;
+```
+
+### List SSL policies with minimum TLS version 1.2 and the MODERN profile
+
+```sql
+select
+  name,
+  id,
+  min_tls_version
+from
+  gcp_compute_ssl_policy
+where
+  min_tls_version = 'TLS_1_2'
+  and profile = 'MODERN';
+```
+
+### List SSL policies with the RESTRICTED profile
+
+```sql
+select
+  name,
+  id,
+  profile
+from
+  gcp_compute_ssl_policy
+where
+  profile = 'RESTRICTED';
+```
+
+### List SSL policies with weak cipher suites
+
+```sql
+select
+  name,
+  id,
+  enabled_feature
+from
+  gcp_compute_ssl_policy,
+  jsonb_array_elements_text(enabled_features) as enabled_feature
+where
+  profile = 'CUSTOM'
+  and enabled_feature in('TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_128_CBC_SHA', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_3DES_EDE_CBC_SHA');
+```

gcp-test/tests/gcp_compute_ssl_policy/test-get-expected.json

@@ -0,0 +1,25 @@
+[
+	{
+		"description": "Test SSL policy to validate the table outcome.",
+    "enabled_features": [
+			"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+			"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+			"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+			"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+			"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+			"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+			"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+			"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+		],
+		"fingerprint": "{{ output.fingerprint.value }}",
+		"kind": "compute#sslPolicy",
+		"location": "global",
+		"min_tls_version": "TLS_1_2",
+		"name": "{{ resourceName }}",
+		"profile": "MODERN",
+		"project": "{{ output.project_id.value }}",
+		"self_link": "{{ output.self_link.value }}"
+	}
+]

gcp-test/tests/gcp_compute_ssl_policy/test-get-query.sql

@@ -0,0 +1,3 @@
+select name, description, kind, fingerprint, min_tls_version, profile, enabled_features, self_link, project, location
+from gcp.gcp_compute_ssl_policy
+where name = '{{ resourceName }}';

gcp-test/tests/gcp_compute_ssl_policy/test-invalid-name-expected.json

@@ -0,0 +1 @@
+null

gcp-test/tests/gcp_compute_ssl_policy/test-invalid-name-query.sql

@@ -0,0 +1,3 @@
+select name, id, description
+from gcp.gcp_compute_ssl_policy
+where name = '';

gcp-test/tests/gcp_compute_ssl_policy/test-list-expected.json

@@ -0,0 +1,6 @@
+[
+	{
+		"description": "Test SSL policy to validate the table outcome.",
+		"name": "{{ resourceName }}"
+	}
+]

gcp-test/tests/gcp_compute_ssl_policy/test-list-query.sql

@@ -0,0 +1,3 @@
+select name, description
+from gcp.gcp_compute_ssl_policy
+where akas::text = '["{{ output.resource_aka.value }}"]';

gcp-test/tests/gcp_compute_ssl_policy/test-not-found-expected.json

@@ -0,0 +1 @@
+null

gcp-test/tests/gcp_compute_ssl_policy/test-not-found-query.sql

@@ -0,0 +1,3 @@
+select name, id, kind, description
+from gcp.gcp_compute_ssl_policy
+where name = 'dummy-{{ resourceName }}';

gcp-test/tests/gcp_compute_ssl_policy/test-turbot-expected.json

@@ -0,0 +1,6 @@
+[
+	{
+		"akas": ["{{ output.resource_aka.value }}"],
+		"title": "{{ resourceName }}"
+	}
+]

gcp-test/tests/gcp_compute_ssl_policy/test-turbot-query.sql

@@ -0,0 +1,3 @@
+select title, akas
+from gcp.gcp_compute_ssl_policy
+where name = '{{ resourceName }}';

gcp-test/tests/gcp_compute_ssl_policy/variables.json

@@ -0,0 +1 @@
+{}

gcp-test/tests/gcp_compute_ssl_policy/variables.tf

@@ -0,0 +1,68 @@
+
+variable "resource_name" {
+  type        = string
+  default     = "turbot-test-20200125-create-update"
+  description = "Name of the resource used throughout the test."
+}
+
+variable "gcp_project" {
+  type        = string
+  default     = "niteowl-aaa"
+  description = "GCP project used for the test."
+}
+
+variable "gcp_region" {
+  type        = string
+  default     = "us-east1"
+  description = "GCP region used for the test."
+}
+
+variable "gcp_zone" {
+  type    = string
+  default = "us-east1-b"
+}
+
+provider "google" {
+  project = var.gcp_project
+  region  = var.gcp_region
+  zone    = var.gcp_zone
+}
+
+data "google_client_config" "current" {}
+
+data "null_data_source" "resource" {
+  inputs = {
+    scope = "gcp://cloudresourcemanager.googleapis.com/projects/${data.google_client_config.current.project}"
+  }
+}
+
+resource "google_compute_ssl_policy" "named_test_resource" {
+  name            = var.resource_name
+  description     = "Test SSL policy to validate the table outcome."
+  profile         = "MODERN"
+  min_tls_version = "TLS_1_2"
+}
+
+output "resource_aka" {
+  value = "gcp://compute.googleapis.com/${google_compute_ssl_policy.named_test_resource.id}"
+}
+
+output "resource_name" {
+  value = var.resource_name
+}
+
+output "resource_id" {
+  value = google_compute_ssl_policy.named_test_resource.id
+}
+
+output "self_link" {
+  value = google_compute_ssl_policy.named_test_resource.self_link
+}
+
+output "fingerprint" {
+  value = google_compute_ssl_policy.named_test_resource.fingerprint
+}
+
+output "project_id" {
+  value = var.gcp_project
+}

gcp/plugin.go

@@ -50,6 +50,7 @@ func Plugin(ctx context.Context) *plugin.Plugin {
 			"gcp_compute_region":                  tableGcpComputeRegion(ctx),
 			"gcp_compute_router":                  tableGcpComputeRouter(ctx),
 			"gcp_compute_snapshot":                tableGcpComputeSnapshot(ctx),
+			"gcp_compute_ssl_policy":              tableGcpComputeSslPolicy(ctx),
 			"gcp_compute_subnetwork":              tableGcpComputeSubnetwork(ctx),
 			"gcp_compute_target_https_proxy":      tableGcpComputeTargetHttpsProxy(ctx),
 			"gcp_compute_target_pool":             tableGcpComputeTargetPool(ctx),