inspec · abheda-crest · Oct 21, 2024 · Oct 21, 2024
@@ -367,6 +367,7 @@ The following resources are available in the InSpec GCP Profile
 | [google_runtime_config_config_iam_policy](docs/resources/google_runtime_config_config_iam_policy.md)                 | No Plural Resource                                                                                                             |
 | [google_runtime_config_variable](docs/resources/google_runtime_config_variable.md)                                   | [google_runtime_config_variables](docs/resources/google_runtime_config_variables.md)                                           |
 | [google_secret_manager_secret](docs/resources/google_secret_manager_secret.md)                           | [google_secret_manager_secrets](docs/resources/google_secret_manager_secrets.md)             |
+| [google_secret_manage_regional_secret](docs/resources/google_secret_manager_regional_secret.md)                           | [google_secret_manager_regional_secrets](docs/resources/google_secret_manager_regional_secrets.md)             |
 | [google_service_account](docs/resources/google_service_account.md)                                                   | [google_service_accounts](docs/resources/google_service_accounts.md)                                                           |
 | No Singular Resource                                                    | [google_service_networking_service_connections](docs/resources/google_service_networking_service_connections.md)                                                           |
 | [google_service_account_key](docs/resources/google_service_account_key.md)                                           | [google_service_account_keys](docs/resources/google_service_account_keys.md)                                                   |

@@ -0,0 +1,63 @@
+---
+title: About the google_secret_manager_regional_secret resource
+platform: gcp
+---
+
+## Syntax
+A `google_secret_manager_regional_secret` is used to test a Google Regional Secret resource
+
+## Examples
+```
+describe google_secret_manager_regional_secret(name: 'projects/<project>/locations/<location>/secrets/<secret>', region: 'value_region') do
+	it { should exist }
+
+end
+
+describe google_secret_manager_regional_secret(name: "does_not_exit", region: 'value_region') do
+	it { should_not exist }
+end
+```
+
+## Properties
+Properties that can be accessed from the `google_secret_manager_regional_secret` resource:
+
+
+  * `name`: The resource name of the Regional Secret. Format: `projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}`
+
+  * `create_time`: The time at which the Regional Secret was created.
+
+  * `labels`: The labels assigned to this Regional Secret. Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}  No more than 64 labels can be assigned to a given resource.  An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
+
+  * `annotations`: Custom metadata about the regional secret.
+    Annotations are distinct from various forms of labels. Annotations exist to allow
+    client tools to store their own state information without requiring a database.
+    Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of
+    maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and
+    may have dashes (-), underscores (_), dots (.), and alphanumerics in between these
+    symbols.
+    The total size of annotation keys and values must be less than 16KiB.
+
+  * `customer_managed_encryption`: Customer Managed Encryption for the secret.
+
+    * `kms_key_name`: Describes the Cloud KMS encryption key that will be used to protect destination secret.
+
+  * `topics`: A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.
+
+    * `name`: The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.
+
+  * `expire_time`: Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
+
+  * `ttl`: The TTL for the Secret. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
+
+  * `version_destroy_ttl`: Secret Version TTL after destruction request. This is a part of the delayed delete feature on Secret Version. For secret with versionDestroyTtl>0, version destruction doesn't happen immediately on calling destroy instead the version goes to a disabled state and the actual destruction happens after this TTL expires. It must be atleast 24h.
+
+  * `rotation`: The rotation time and period for a Secret. At `next_rotation_time`, Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. `topics` must be set to configure rotation.
+
+    * `next_rotation_time`: Timestamp in UTC at which the Secret is scheduled to rotate. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
+
+    * `rotation_period`: The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). If rotationPeriod is set, `next_rotation_time` must be set. `next_rotation_time` will be advanced by this period when the service automatically sends rotation notifications.
+
+
+## GCP Permissions
+
+Ensure the [Secret Manager API](https://console.cloud.google.com/apis/library/secretmanager.googleapis.com/) is enabled for the current project.
@@ -0,0 +1,37 @@
+---
+title: About the google_secret_manager_regional_secrets resource
+platform: gcp
+---
+
+## Syntax
+A `google_secret_manager_regional_secrets` is used to test a Google Regional Secret resource
+
+## Examples
+```
+  describe google_secret_manager_regional_secrets(parent: ' value_parent', region: 'value_region') do
+    it { should exist }
+  end
+```
+
+## Properties
+Properties that can be accessed from the `google_secret_manager_regional_secrets` resource:
+
+See [google_secret_manager_regional_secret.md](google_secret_manager_regional_secret.md) for more detailed information
+  * `names`: an array of `google_secret_manager_regional_secret` name
+  * `create_times`: an array of `google_secret_manager_regional_secret` create_time
+  * `annotations`: an array of `google_secret_manager_regional_secret` annotation
+  * `labels`: an array of `google_secret_manager_regional_secret` labels
+  * `topics`: an array of `google_secret_manager_regional_secret` topics
+  * `expire_times`: an array of `google_secret_manager_regional_secret` expire_time
+  * `ttls`: an array of `google_secret_manager_regional_secret` ttl
+  * `rotations`: an array of `google_secret_manager_regional_secret` rotation
+  * `customer_managed_encryptions`: an array of `google_secret_manager_regional_secret` customer_managed_encryption
+  * `version_destroy_ttl`: an array of `google_secret_manager_regional_secret` version_destroy_ttl
+
+## Filter Criteria
+This resource supports all of the above properties as filter criteria, which can be used
+with `where` as a block or a method.
+
+## GCP Permissions
+
+Ensure the [Secret Manager Regional API](https://console.cloud.google.com/apis/library/secretmanager.googleapis.com/) is enabled for the current project.
@@ -0,0 +1,42 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module SecretManagerRegional
+    module Property
+      class SecretCustomerManagedEncryption
+        attr_reader :kms_key_name
+
+        def initialize(args = nil, parent_identifier = nil)
+          return if args.nil?
+          @parent_identifier = parent_identifier
+          @kms_key_name = args['kmsKeyName']
+        end
+
+        def to_s
+          "#{@parent_identifier} SecretCustomerManagedEncryption"
+        end
+      end
+
+      class SecretCustomerManagedEncryptionArray
+        def self.parse(value, parent_identifier)
+          return if value.nil?
+          return SecretCustomerManagedEncryption.new(value, parent_identifier) unless value.is_a?(::Array)
+          value.map { |v| SecretCustomerManagedEncryption.new(v, parent_identifier) }
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,37 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module SecretManagerRegional
+    module Property
+      class SecretRotation
+        attr_reader :next_rotation_time
+
+        attr_reader :rotation_period
+
+        def initialize(args = nil, parent_identifier = nil)
+          return if args.nil?
+          @parent_identifier = parent_identifier
+          @next_rotation_time = args['nextRotationTime']
+          @rotation_period = args['rotationPeriod']
+        end
+
+        def to_s
+          "#{@parent_identifier} SecretRotation"
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,42 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+module GoogleInSpec
+  module SecretManagerRegional
+    module Property
+      class SecretTopics
+        attr_reader :name
+
+        def initialize(args = nil, parent_identifier = nil)
+          return if args.nil?
+          @parent_identifier = parent_identifier
+          @name = args['name']
+        end
+
+        def to_s
+          "#{@parent_identifier} SecretTopics"
+        end
+      end
+
+      class SecretTopicsArray
+        def self.parse(value, parent_identifier)
+          return if value.nil?
+          return SecretTopics.new(value, parent_identifier) unless value.is_a?(::Array)
+          value.map { |v| SecretTopics.new(v, parent_identifier) }
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,76 @@
+# frozen_string_literal: false
+
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in README.md and
+#     CONTRIBUTING.md located at the root of this package.
+#
+# ----------------------------------------------------------------------------
+require 'gcp_backend'
+require 'google/secretmanagerregional/property/secret_customer_managed_encryption'
+require 'google/secretmanagerregional/property/secret_rotation'
+require 'google/secretmanagerregional/property/secret_topics'
+
+# A provider to manage Secret Manager resources.
+class SecretManagerRegionalSecret < GcpResourceBase
+  name 'google_secret_manager_regional_secret'
+  desc 'Secret'
+  supports platform: 'gcp'
+
+  attr_reader :params
+  attr_reader :name
+  attr_reader :create_time
+  attr_reader :annotations
+  attr_reader :labels
+  attr_reader :topics
+  attr_reader :expire_time
+  attr_reader :customer_managed_encryption
+  attr_reader :version_destroy_ttl
+  attr_reader :version_aliases
+  attr_reader :rotation
+
+  def initialize(params)
+    super(params.merge({ use_http_transport: true }))
+    @params = params
+    @fetched = @connection.fetch(product_url(params[:beta]), resource_base_url, params, 'Get')
+    parse unless @fetched.nil?
+  end
+
+  def parse
+    @name = @fetched['name']
+    @create_time = @fetched['createTime']
+    @annotations = @fetched['annotations']
+    @labels = @fetched['labels']
+    @topics = GoogleInSpec::SecretManagerRegional::Property::SecretTopicsArray.parse(@fetched['topics'], to_s)
+    @expire_time = @fetched['expireTime']
+    @customer_managed_encryption = GoogleInSpec::SecretManagerRegional::Property::SecretCustomerManagedEncryptionArray.parse(@fetched['customerManagedEncryption'], to_s)
+    @version_destroy_ttl = @fetched['versionDestroyTtl']
+    @version_aliases = @fetched['versionAliases']
+    @rotation = GoogleInSpec::SecretManagerRegional::Property::SecretRotation.new(@fetched['rotation'], to_s)
+  end
+
+  def exists?
+    [email protected]?
+  end
+
+  def to_s
+    "Secret #{@params[:name]}"
+  end
+
+  private
+
+  def product_url(_ = nil)
+    'https://secretmanager.{{region}}.rep.googleapis.com/v1/'
+  end
+
+  def resource_base_url
+    '{{name}}'
+  end
+end