Syntax
A google_kms_key_ring
is used to test a Google KeyRing resource
Examples
describe google_kms_key_ring(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'kms-key-ring') do
it { should exist }
its('create_time') { should be > Time.now - 365*60*60*24*10 }
its('key_ring_name'){ should eq 'kms-key-ring' }
its('key_ring_url'){ should match 'kms-key-ring' }
end
describe google_kms_key_ring(project: 'chef-gcp-inspec', location: 'europe-west2', name: "nonexistent") do
it { should_not exist }
end
Test that a GCP kms key ring exists
describe google_kms_key_ring(project: 'chef-inspec-gcp', location: 'us-east1', name: 'key-ring-name') do
it { should exist }
end
Test that a GCP kms key ring is in the expected state
For any existing key ring, below should definitely be true!
describe google_kms_key_ring(project: 'chef-inspec-gcp', location: 'us-east1', name: 'key-ring-name') do
its('create_time_date') { should be > Time.now - 365*60*60*24*50 }
end
Properties
Properties that can be accessed from the google_kms_key_ring
resource:
create_time
: The time that this resource was created on the server. This is in RFC3339 text format.key_ring_url
: The full resource name for the KeyRinglocation
: The location for the KeyRing. A full list of valid locations can be found by runninggcloud kms locations list
.
GCP Permissions
Ensure the Cloud Key Management Service (KMS) API is enabled for the current project.