Syntax
A google_service_account_keys
is used to test a Google ServiceAccountKey resource
Examples
describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do
its('count') { should be <= 1000 }
its('key_types') { should_not include 'USER_MANAGED' }
end
Test that there are no more than a specified number of keys for the service account
describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do
its('count') { should be <= 1000}
end
Test that a service account with expected name is available
describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do
its('key_names'){ should include "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" }
end
Properties
Properties that can be accessed from the google_service_account_keys
resource:
See googleserviceaccount_key.md for more detailed information
* key_names
: an array of google_service_account_key
name
* private_key_types
: an array of google_service_account_key
privatekeytype
* key_algorithms
: an array of google_service_account_key
keyalgorithm
* `privatekeydata: an array of
googleserviceaccountkeyprivate_key_data
*
publickeydata: an array of
googleserviceaccountkey` publickeydata
* `validaftertimes: an array of
googleserviceaccountkeyvalid_after_time
*
validbeforetimes: an array of
googleserviceaccountkey` validbeforetime
* `keytypes: an array of
googleserviceaccountkey` keytype
* service_accounts
: an array of google_service_account_key
serviceaccount
* paths
: an array of `googleserviceaccountkey` path
Filter Criteria
This resource supports all of the above properties as filter criteria, which can be used
with where
as a block or a method.
GCP Permissions
Ensure the Identity and Access Management (IAM) API is enabled for the current project.