Merge pull request #308 from modular-magician/master

Gemfile

@@ -6,14 +6,9 @@ gem 'google-api-client'
 gem 'google-cloud'
 gem 'googleauth'
 gem 'inifile'
-gem 'inspec-bin', '4.26.4'
+gem 'inspec-bin', '4.16.0'
 gem 'rubocop', '>= 0.77.0'
 
-if Gem.ruby_version.to_s.start_with?("2.5")
-  # 16.7.23 required ruby 2.6+
-  gem "chef-utils", "< 16.7.23" # TODO: remove when we drop ruby 2.5
-end
-
 group :development do
   gem 'github_changelog_generator'
   gem 'pry-coolline'

docs/resources/google_compute_autoscaler.md

@@ -77,6 +77,8 @@ Properties that can be accessed from the `google_compute_autoscaler` resource:
 
       * `utilization_target`: The target CPU utilization that the autoscaler should maintain. Must be a float value in the range (0, 1]. If not specified, the default is 0.6.  If the CPU level is below the target utilization, the autoscaler scales down the number of instances until it reaches the minimum number of instances you specified or until the average CPU of your instances reaches the target utilization.  If the average CPU is above the target utilization, the autoscaler scales up until it reaches the maximum number of instances you specified or until the average utilization reaches the target utilization.
 
+      * `predictive_method`: (Beta only) Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:  - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.  - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.
+
     * `custom_metric_utilizations`: Configuration parameters of autoscaling based on a custom metric.
 
       * `metric`: The identifier (type) of the Stackdriver Monitoring metric. The metric cannot have negative values.  The metric must have a value type of INT64 or DOUBLE.

docs/resources/google_compute_global_address.md

@@ -47,16 +47,17 @@ Properties that can be accessed from the `google_compute_global_address` resourc
 
   * `region`: A reference to the region where the regional address resides.
 
-  * `prefix_length`: The prefix length of the IP range. If not present, it means the address field is a single IP address.  This field is not applicable to addresses with addressType=EXTERNAL.
+  * `prefix_length`: The prefix length of the IP range. If not present, it means the address field is a single IP address.  This field is not applicable to addresses with addressType=EXTERNAL, or addressType=INTERNAL when purpose=PRIVATE_SERVICE_CONNECT
 
   * `address_type`: The type of the address to reserve.  * EXTERNAL indicates public/external single IP address. * INTERNAL indicates internal IP ranges belonging to some network.
   Possible values:
     * EXTERNAL
     * INTERNAL
 
-  * `purpose`: The purpose of the resource. For global internal addresses it can be  * VPC_PEERING - for peer networks  This should only be set when using an Internal address.
+  * `purpose`: The purpose of the resource. For global internal addresses it can be  * VPC_PEERING - for peer networks * PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks  This should only be set when using an Internal address.
   Possible values:
     * VPC_PEERING
+    * PRIVATE_SERVICE_CONNECT
 
   * `network`: The URL of the network in which to reserve the IP range. The IP range must be in RFC1918 space. The network cannot be deleted if there are any reserved IP ranges referring to it.  This should only be set when using an Internal address.
 

docs/resources/google_compute_global_forwarding_rule.md

@@ -33,9 +33,9 @@ Properties that can be accessed from the `google_compute_global_forwarding_rule`
 
   * `id`: The unique identifier for the resource.
 
-  * `ip_address`: The IP address that this forwarding rule is serving on behalf of.  Addresses are restricted based on the forwarding rule's load balancing scheme (external or internal) and scope (global or regional). The address must be a global IP for external global forwarding rules.  If this field is empty, an ephemeral IPv4 address from the same scope (global) is chosen. Global forwarding rules supports either IPv4 or IPv6.  When the load balancing scheme is INTERNAL_SELF_MANAGED, this must be a URL reference to an existing Address resource (internal regional static IP address), with a purpose of GCE_END_POINT and addressType of INTERNAL.  An address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid:  * 100.1.2.3 * https://www.googleapis.com/compute/v1/projects/project/regions/      region/addresses/address * projects/project/regions/region/addresses/address * regions/region/addresses/address * global/addresses/address * address
+  * `ip_address`: The IP address that this forwarding rule is serving on behalf of.  Addresses are restricted based on the forwarding rule's load balancing scheme (external or internal) and scope (global or regional). The address must be a global IP for external global forwarding rules.  If this field is empty, an ephemeral IPv4 address from the same scope (global) is chosen. Global forwarding rules supports either IPv4 or IPv6.  When the load balancing scheme is INTERNAL_SELF_MANAGED, this must be a URL reference to an existing Address resource (internal regional static IP address), with a purpose of GCE_END_POINT and addressType of INTERNAL.  ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) This must be a URL reference to an existing Address resource (internal global static IP address), with a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL.  An address can be specified either by a literal IP address or a URL reference to an existing Address resource. The following examples are all valid:  * 100.1.2.3 * https://www.googleapis.com/compute/v1/projects/project/regions/      region/addresses/address * projects/project/regions/region/addresses/address * regions/region/addresses/address * global/addresses/address * address
 
-  * `ip_protocol`: The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL_SELF_MANAGED, only TCP is valid.
+  * `ip_protocol`: The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL_SELF_MANAGED, only TCP is valid. This field must not be set if the global address is configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL
   Possible values:
     * TCP
     * UDP
@@ -53,7 +53,7 @@ Properties that can be accessed from the `google_compute_global_forwarding_rule`
 
   * `label_fingerprint`: (Beta only) The fingerprint used for optimistic locking of this resource.  Used internally during updates.
 
-  * `load_balancing_scheme`: This signifies what the GlobalForwardingRule will be used for. The value of INTERNAL_SELF_MANAGED means that this will be used for Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy)  NOTE: Currently global forwarding rules cannot be used for INTERNAL load balancing.
+  * `load_balancing_scheme`: This signifies what the GlobalForwardingRule will be used for. The value of INTERNAL_SELF_MANAGED means that this will be used for Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy)  ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" if the global address is configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL.
   Possible values:
     * EXTERNAL
     * INTERNAL_SELF_MANAGED
@@ -77,7 +77,7 @@ Properties that can be accessed from the `google_compute_global_forwarding_rule`
 
   * `port_range`: This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance.  Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges.  Some types of forwarding target have constraints on the acceptable ports:  * TargetHttpProxy: 80, 8080 * TargetHttpsProxy: 443 * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995,                   1883, 5222 * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995,                   1883, 5222 * TargetVpnGateway: 500, 4500
 
-  * `target`: The URL of the target resource to receive the matched traffic. The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets are valid.
+  * `target`: The URL of the target resource to receive the matched traffic. The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets are valid.  ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) For global address with a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL, only "all-apis" and "vpc-sc" are valid.
 
 
 ## GCP Permissions

docs/resources/google_redis_instance.md

@@ -74,6 +74,23 @@ Properties that can be accessed from the `google_redis_instance` resource:
     * BASIC
     * STANDARD_HA
 
+  * `transit_encryption_mode`: (Beta only) The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.  - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentcation
+  Possible values:
+    * SERVER_AUTHENTICATION
+    * DISABLED
+
+  * `server_ca_certs`: (Beta only) List of server CA certificates for the instance.
+
+    * `serial_number`: Serial number, as extracted from the certificate.
+
+    * `cert`: Serial number, as extracted from the certificate.
+
+    * `create_time`: The time when the certificate was created.
+
+    * `expire_time`: The time when the certificate expires.
+
+    * `sha1_fingerprint`: Sha1 Fingerprint of the certificate.
+
   * `region`: The name of the Redis region of the instance.
 
 

docs/resources/google_redis_instances.md

@@ -44,6 +44,8 @@ See [google_redis_instance.md](google_redis_instance.md) for more detailed infor
   * `redis_versions`: an array of `google_redis_instance` redis_version
   * `reserved_ip_ranges`: an array of `google_redis_instance` reserved_ip_range
   * `tiers`: an array of `google_redis_instance` tier
+  * `transit_encryption_modes`: (Beta only) an array of `google_redis_instance` transit_encryption_mode
+  * `server_ca_certs`: (Beta only) an array of `google_redis_instance` server_ca_certs
   * `regions`: an array of `google_redis_instance` region
 
 ## Filter Criteria

libraries/google/compute/property/autoscaler_autoscaling_policy_cpu_utilization.rb

@@ -19,10 +19,13 @@ module Property
       class AutoscalerAutoscalingPolicyCpuUtilization
         attr_reader :utilization_target
 
+        attr_reader :predictive_method
+
         def initialize(args = nil, parent_identifier = nil)
           return if args.nil?
           @parent_identifier = parent_identifier
           @utilization_target = args['utilizationTarget']
+          @predictive_method = args['predictiveMethod']
         end
 
         def to_s

libraries/google/redis/property/instance_server_ca_certs.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module Redis
+    module Property
+      class InstanceServerCaCerts
+        attr_reader :serial_number
+
+        attr_reader :cert
+
+        attr_reader :create_time
+
+        attr_reader :expire_time
+
+        attr_reader :sha1_fingerprint
+
+        def initialize(args = nil, parent_identifier = nil)
+          return if args.nil?
+          @parent_identifier = parent_identifier
+          @serial_number = args['serialNumber']
+          @cert = args['cert']
+          @create_time = args['createTime']
+          @expire_time = args['expireTime']
+          @sha1_fingerprint = args['sha1Fingerprint']
+        end
+
+        def to_s
+          "#{@parent_identifier} InstanceServerCaCerts"
+        end
+      end
+
+      class InstanceServerCaCertsArray
+        def self.parse(value, parent_identifier)
+          return if value.nil?
+          return InstanceServerCaCerts.new(value, parent_identifier) unless value.is_a?(::Array)
+          value.map { |v| InstanceServerCaCerts.new(v, parent_identifier) }
+        end
+      end
+    end
+  end
+end

libraries/google_redis_instance.rb

@@ -14,6 +14,7 @@
 #
 # ----------------------------------------------------------------------------
 require 'gcp_backend'
+require 'google/redis/property/instance_server_ca_certs'
 
 # A provider to manage Memorystore (Redis) resources.
 class RedisInstance < GcpResourceBase
@@ -40,6 +41,8 @@ class RedisInstance < GcpResourceBase
   attr_reader :redis_version
   attr_reader :reserved_ip_range
   attr_reader :tier
+  attr_reader :transit_encryption_mode
+  attr_reader :server_ca_certs
   attr_reader :region
 
   def initialize(params)
@@ -68,6 +71,8 @@ def parse
     @redis_version = @fetched['redisVersion']
     @reserved_ip_range = @fetched['reservedIpRange']
     @tier = @fetched['tier']
+    @transit_encryption_mode = @fetched['transitEncryptionMode']
+    @server_ca_certs = GoogleInSpec::Redis::Property::InstanceServerCaCertsArray.parse(@fetched['serverCaCerts'], to_s)
     @region = @fetched['region']
   end
 

libraries/google_redis_instances.rb

@@ -41,6 +41,8 @@ class RedisInstances < GcpResourceBase
   filter_table_config.add(:redis_versions, field: :redis_version)
   filter_table_config.add(:reserved_ip_ranges, field: :reserved_ip_range)
   filter_table_config.add(:tiers, field: :tier)
+  filter_table_config.add(:transit_encryption_modes, field: :transit_encryption_mode)
+  filter_table_config.add(:server_ca_certs, field: :server_ca_certs)
   filter_table_config.add(:regions, field: :region)
 
   filter_table_config.connect(self, :table)
@@ -99,6 +101,8 @@ def transformers
       'redisVersion' => ->(obj) { return :redis_version, obj['redisVersion'] },
       'reservedIpRange' => ->(obj) { return :reserved_ip_range, obj['reservedIpRange'] },
       'tier' => ->(obj) { return :tier, obj['tier'] },
+      'transitEncryptionMode' => ->(obj) { return :transit_encryption_mode, obj['transitEncryptionMode'] },
+      'serverCaCerts' => ->(obj) { return :server_ca_certs, GoogleInSpec::Redis::Property::InstanceServerCaCertsArray.parse(obj['serverCaCerts'], to_s) },
       'region' => ->(obj) { return :region, obj['region'] },
     }
   end