Syntax

A google_service_account_keys is used to test a Google ServiceAccountKey resource

Examples

describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do
  its('count') { should be <= 1000 }
  its('key_types') { should_not include 'USER_MANAGED' }
end

Test that there are no more than a specified number of keys for the service account

describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do
  its('count') { should be <= 1000}
end

Test that a service account with expected name is available

describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do
  its('key_names'){ should include "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" }
end

Properties

Properties that can be accessed from the google_service_account_keys resource:

See googleserviceaccount_key.md for more detailed information * key_names: an array of google_service_account_key name * private_key_types: an array of google_service_account_key privatekeytype * key_algorithms: an array of google_service_account_key keyalgorithm * `privatekeydata: an array ofgoogleserviceaccountkeyprivate_key_data *publickeydata: an array ofgoogleserviceaccountkey` publickeydata * `validaftertimes: an array ofgoogleserviceaccountkeyvalid_after_time *validbeforetimes: an array ofgoogleserviceaccountkey` validbeforetime * `keytypes: an array ofgoogleserviceaccountkey` keytype * service_accounts: an array of google_service_account_key serviceaccount * paths: an array of `googleserviceaccountkey` path

Filter Criteria

This resource supports all of the above properties as filter criteria, which can be used with where as a block or a method.

GCP Permissions

Ensure the Identity and Access Management (IAM) API is enabled for the current project.