Syntax
A google_kms_key_rings
is used to test a Google KeyRing resource
Examples
describe google_kms_key_rings(project: 'chef-gcp-inspec', location: 'europe-west2') do
its('key_ring_names'){ should include 'kms-key-ring' }
end
describe.one do
google_kms_key_rings(project: 'chef-gcp-inspec', location: 'europe-west2').key_ring_urls do |url|
describe url do
it { should match 'kms-key-ring' }
end
end
end
Test that there are no more than a specified number of kmskeyrings available for the project
describe google_kms_key_rings(project: 'chef-inspec-gcp', location: 'us-east1') do
its('count') { should be <= 200}
end
Test that an expected kmskeyring is available for the project
describe google_kms_key_rings(project: 'chef-inspec-gcp', location: 'us-east1') do
its('key_ring_names') { should include "a-named-key" }
end
Test that all KMS key rings were created in the past year
describe google_kms_key_rings(project: gcp_project_id, location: 'us-east1').key_ring_names.each do |key_ring_name|
describe google_kms_key_ring(project: 'chef-inspec-gcp', location: 'us-east1', 'name: key_ring_name) do
it { should exist }
its('create_time_date') { should be > Time.now - 365*60*60*24 }
end
end
Properties
Properties that can be accessed from the google_kms_key_rings
resource:
See googlekmskey_ring.md for more detailed information
* create_times
: an array of google_kms_key_ring
createtime
* `keyringurls: an array of
googlekmskeyringkey_ring_url
*
locations: an array of
googlekmskey_ring` location
Filter Criteria
This resource supports all of the above properties as filter criteria, which can be used
with where
as a block or a method.
GCP Permissions
Ensure the Cloud Key Management Service (KMS) API is enabled for the current project.