inspec · sa-progress · Oct 6, 2025 · Sep 4, 2025 · Sep 4, 2025 · Sep 4, 2025
@@ -0,0 +1,58 @@
++++
+title = "About the Chef InSpec Google Cloud Platform resource pack"
+draft = false
+linkTitle = "GCP resource pack"
+summary = "Chef InSpec resources for auditing Google Cloud Platform."
+
+[cascade]
+  [cascade.params]
+    platform = "gcp"
+
+[menu.gcp]
+  title = "About GCP resources"
+  identifier = "inspec/resources/gcp/about"
+  parent = "inspec/resources/gcp"
+  weight = 10
++++
+
+Chef InSpec has resources for auditing Google Cloud Platform (GCP).
+
+## Prerequisites
+
+To use Chef InSpec GCP resources:
+
+- [Install and configure the Google Cloud SDK](https://cloud.google.com/sdk/docs/).
+
+## Initialize an InSpec profile for auditing GCP
+
+To use the GCP resources, follow these steps:
+
+1. Create a [service account](https://cloud.google.com/docs/authentication/getting-started) with the scopes appropriate for your needs.
+
+1. Download the credential JSON file, for example `project-credentials.json`, to your workspace and activate your service account:
+
+    ```bash
+    gcloud auth activate-service-account --key-file project-credentials.json
+    ```
+
+1. Create an InSpec profile for testing GCP resources:
+
+    ```bash
+    inspec init profile --platform gcp <PROFILE_NAME>
+    ```
+
+1. Create controls using the resources listed below.
+
+1. Assuming the `inputs.yml` file contains your GCP project ID, you execute the profile can then be executed using the following command:
+
+    ```bash
+    inspec exec <PROFILE_NAME> --input-file=<PROFILE_NAME>/inputs.yml -t gcp://
+    ```
+
+## Google Cloud Platform resources
+
+The following InSpec Google Cloud resources are available in this resource pack.
+
+{{< inspec_resources_filter >}}
+
+{{< inspec_resources section="gcp" platform="gcp" >}}
@@ -1,14 +1,20 @@
----
-title: About the google_access_context_manager_access_level resource
-platform: gcp
----
++++
+title = "google_access_context_manager_access_level resource"
 
-## Syntax
-A `google_access_context_manager_access_level` is used to test a Google AccessLevel resource
+draft = false
+
+
+[menu.gcp]
+title = "google_access_context_manager_access_level"
+identifier = "inspec/resources/gcp/google_access_context_manager_access_level resource"
+parent = "inspec/resources/gcp"
++++
+
+Use the `google_access_context_manager_access_level` InSpec audit resource to to test a Google Cloud AccessLevel resource.
 
 ## Examples
-```
 
+```ruby
 policy_name = google_access_context_manager_access_policies(org_id: '190694428152').names.first
 
 describe google_access_context_manager_access_level(parent: policy_name, name: "ip_subnet") do
@@ -25,6 +31,7 @@ end
 ```
 
 ## Properties
+
 Properties that can be accessed from the `google_access_context_manager_access_level` resource:
 
 
@@ -92,4 +99,4 @@ Properties that can be accessed from the `google_access_context_manager_access_l
   * `name`: Name of the access level
 
 
-## GCP Permissions
+## GCP permissions
@@ -1,14 +1,20 @@
----
-title: About the google_access_context_manager_access_levels resource
-platform: gcp
----
++++
+title = "google_access_context_manager_access_levels resource"
 
-## Syntax
-A `google_access_context_manager_access_levels` is used to test a Google AccessLevel resource
+draft = false
+
+
+[menu.gcp]
+title = "google_access_context_manager_access_levels"
+identifier = "inspec/resources/gcp/google_access_context_manager_access_levels resource"
+parent = "inspec/resources/gcp"
++++
+
+Use the `google_access_context_manager_access_levels` InSpec audit resource to to test a Google Cloud AccessLevel resource.
 
 ## Examples
-```
 
+```ruby
 policy_name = google_access_context_manager_access_policies(org_id: '190694428152').names.first
 
 describe google_access_context_manager_access_levels(parent: policy_name) do
@@ -18,18 +24,21 @@ end
 ```
 
 ## Properties
+
 Properties that can be accessed from the `google_access_context_manager_access_levels` resource:
 
-See [google_access_context_manager_access_level.md](google_access_context_manager_access_level.md) for more detailed information
+See [google_access_context_manager_access_level](google_access_context_manager_access_level) for more detailed information.
+
   * `titles`: an array of `google_access_context_manager_access_level` title
   * `descriptions`: an array of `google_access_context_manager_access_level` description
   * `basics`: an array of `google_access_context_manager_access_level` basic
   * `customs`: an array of `google_access_context_manager_access_level` custom
   * `parents`: an array of `google_access_context_manager_access_level` parent
   * `names`: an array of `google_access_context_manager_access_level` name
 
-## Filter Criteria
+## Filter criteria
+
 This resource supports all of the above properties as filter criteria, which can be used
 with `where` as a block or a method.
 
-## GCP Permissions
+## GCP permissions
@@ -1,32 +1,41 @@
----
-title: About the google_access_context_manager_access_policies resource
-platform: gcp
----
++++
+title = "google_access_context_manager_access_policies resource"
 
-## Syntax
-A `google_access_context_manager_access_policies` is used to test a Google AccessPolicy resource
+draft = false
+
+
+[menu.gcp]
+title = "google_access_context_manager_access_policies"
+identifier = "inspec/resources/gcp/google_access_context_manager_access_policies resource"
+parent = "inspec/resources/gcp"
++++
+
+Use the `google_access_context_manager_access_policies` InSpec audit resource to test a Google Cloud AccessPolicy resource.
 
 ## Examples
-```
 
+```ruby
 describe google_access_context_manager_access_policies(org_id: '190694428152') do
   its('count') { should be >= 1 }
   its('titles') { should include 'policytitle' }
 end
 ```
 
 ## Properties
+
 Properties that can be accessed from the `google_access_context_manager_access_policies` resource:
 
-See [google_access_context_manager_access_policy.md](google_access_context_manager_access_policy.md) for more detailed information
+See [google_access_context_manager_access_policy](google_access_context_manager_access_policy) for more detailed information.
+
   * `names`: an array of `google_access_context_manager_access_policy` name
   * `create_times`: an array of `google_access_context_manager_access_policy` create_time
   * `update_times`: an array of `google_access_context_manager_access_policy` update_time
   * `parents`: an array of `google_access_context_manager_access_policy` parent
   * `titles`: an array of `google_access_context_manager_access_policy` title
 
-## Filter Criteria
+## Filter criteria
+
 This resource supports all of the above properties as filter criteria, which can be used
 with `where` as a block or a method.
 
-## GCP Permissions
+## GCP permissions
@@ -1,14 +1,20 @@
----
-title: About the google_access_context_manager_access_policy resource
-platform: gcp
----
++++
+title = "google_access_context_manager_access_policy resource"
 
-## Syntax
-A `google_access_context_manager_access_policy` is used to test a Google AccessPolicy resource
+draft = false
+
+
+[menu.gcp]
+title = "google_access_context_manager_access_policy"
+identifier = "inspec/resources/gcp/google_access_context_manager_access_policy resource"
+parent = "inspec/resources/gcp"
++++
+
+Use the `google_access_context_manager_access_policy` InSpec audit resource to to test a Google Cloud AccessPolicy resource.
 
 ## Examples
-```
 
+```ruby
 describe.one do
   google_access_context_manager_access_policies(org_id: '190694428152').names.each do |policy_name|
     describe google_access_context_manager_access_policy(name: policy_name) do
@@ -21,6 +27,7 @@ end
 ```
 
 ## Properties
+
 Properties that can be accessed from the `google_access_context_manager_access_policy` resource:
 
 
@@ -35,4 +42,4 @@ Properties that can be accessed from the `google_access_context_manager_access_p
   * `title`: Human readable title. Does not affect behavior.
 
 
-## GCP Permissions
+## GCP permissions
@@ -1,14 +1,20 @@
----
-title: About the google_access_context_manager_service_perimeter resource
-platform: gcp
----
++++
+title = "google_access_context_manager_service_perimeter resource"
 
-## Syntax
-A `google_access_context_manager_service_perimeter` is used to test a Google ServicePerimeter resource
+draft = false
+
+
+[menu.gcp]
+title = "google_access_context_manager_service_perimeter"
+identifier = "inspec/resources/gcp/google_access_context_manager_service_perimeter resource"
+parent = "inspec/resources/gcp"
++++
+
+Use the `google_access_context_manager_service_perimeter` InSpec audit resource to to test a Google Cloud ServicePerimeter resource.
 
 ## Examples
-```
 
+```ruby
 describe.one do
   google_access_context_manager_access_policies(org_id: '190694428152').names.each do |policy_name|
     describe google_access_context_manager_service_perimeter(policy_name: policy_name, name: 'restrict_all') do
@@ -21,6 +27,7 @@ end
 ```
 
 ## Properties
+
 Properties that can be accessed from the `google_access_context_manager_service_perimeter` resource:
 
 
@@ -72,4 +79,4 @@ Properties that can be accessed from the `google_access_context_manager_service_
   * `name`: Resource name for the ServicePerimeter. The short_name component must begin with a letter and only include alphanumeric and '_'. Format: accessPolicies/{policy_id}/servicePerimeters/{short_name}
 
 
-## GCP Permissions
+## GCP permissions
@@ -1,14 +1,20 @@
----
-title: About the google_access_context_manager_service_perimeters resource
-platform: gcp
----
++++
+title = "google_access_context_manager_service_perimeters resource"
 
-## Syntax
-A `google_access_context_manager_service_perimeters` is used to test a Google ServicePerimeter resource
+draft = false
+
+
+[menu.gcp]
+title = "google_access_context_manager_service_perimeters"
+identifier = "inspec/resources/gcp/google_access_context_manager_service_perimeters resource"
+parent = "inspec/resources/gcp"
++++
+
+Use the `google_access_context_manager_service_perimeters` InSpec audit resource to to test a Google Cloud ServicePerimeter resource.
 
 ## Examples
-```
 
+```ruby
 describe.one do
   google_access_context_manager_access_policies(org_id: '190694428152').names.each do |policy_name|
     describe google_access_context_manager_service_perimeters(policy_name: policy_name) do
@@ -20,9 +26,11 @@ end
 ```
 
 ## Properties
+
 Properties that can be accessed from the `google_access_context_manager_service_perimeters` resource:
 
-See [google_access_context_manager_service_perimeter.md](google_access_context_manager_service_perimeter.md) for more detailed information
+See [google_access_context_manager_service_perimeter](google_access_context_manager_service_perimeter) for more detailed information.
+
   * `titles`: an array of `google_access_context_manager_service_perimeter` title
   * `descriptions`: an array of `google_access_context_manager_service_perimeter` description
   * `create_times`: an array of `google_access_context_manager_service_perimeter` create_time
@@ -34,8 +42,9 @@ See [google_access_context_manager_service_perimeter.md](google_access_context_m
   * `parents`: an array of `google_access_context_manager_service_perimeter` parent
   * `names`: an array of `google_access_context_manager_service_perimeter` name
 
-## Filter Criteria
+## Filter criteria
+
 This resource supports all of the above properties as filter criteria, which can be used
 with `where` as a block or a method.
 
-## GCP Permissions
+## GCP permissions
@@ -1,28 +1,21 @@
 +++
+title = "google_apigee_endpoint_attachment resource"
 
-title = "google_apigee_endpoint_attachment Resource"
-platform = "gcp"
 draft = false
-gh_repo = "inspec-gcp"
 
 
-[menu.inspec]
 
+[menu.gcp]
 title = "google_apigee_endpoint_attachment"
-identifier = "inspec/resources/gcp/google_apigee_endpoint_attachment Resource"
+identifier = "inspec/resources/gcp/google_apigee_endpoint_attachment resource"
 parent = "inspec/resources/gcp"
 +++
 
-Use the `google_apigee_endpoint_attachment` InSpec audit resource to test the properties of a test a Google EndpointAttachment.
-
-## Installation
-{{% inspec_gcp_install %}}
-
-## Syntax
-A `google_apigee_endpoint_attachment` is used to test a Google EndpointAttachment resource
+Use the `google_apigee_endpoint_attachment` InSpec audit resource to test the properties of a Google Cloud EndpointAttachment resource.
 
 ## Examples
-```
+
+```ruby
 describe google_apigee_endpoint_attachment(name: ' value_name') do
 	it { should exist }
 	its('host') { should cmp 'value_host' }
@@ -40,9 +33,11 @@ end
 ```
 
 ## Parameters
-Properties that can be accessed from the `google_apigee_endpoint_attachment` resource:
+
+Parameters that can be accessed from the `google_apigee_endpoint_attachment` resource:
 
 ## Properties
+
 Properties that can be accessed from the `google_apigee_endpoint_attachment` resource:
 
 
@@ -74,6 +69,6 @@ Properties that can be accessed from the `google_apigee_endpoint_attachment` res
     * UPDATING
 
 
-## GCP Permissions
+## GCP permissions
 
 Ensure the [Apigee API](https://console.cloud.google.com/apis/library/apigee.googleapis.com/) is enabled for the current project.