Syntax
A google_service_accounts
is used to test a Google ServiceAccount resource
Examples
describe google_service_accounts(project: 'chef-gcp-inspec', name: "display-name@project-id.iam.gserviceaccount.com") do
its('service_account_emails') { should include "display-name@project-id.iam.gserviceaccount.com" }
its('count') { should be <= 1000 }
end
Test that there are no more than a specified number of service accounts for the project
describe google_service_accounts(project: 'chef-inspec-gcp') do
its('count') { should be <= 1000}
end
Test that an expected service account display name is available
describe google_service_accounts(project: 'chef-inspec-gcp') do
its('service_account_display_names'){ should include "gcp_sa_name" }
end
Test that an expected service account unique identifier is available
describe google_service_accounts(project: 'chef-inspec-gcp') do
its('service_account_ids'){ should include 12345678 }
end
Test that a service account with expected name is available
describe google_service_accounts(project: 'dummy-project') do
its('service_account_names'){ should include "projects/dummy-project/serviceAccounts/dummy-acct@dummy-project.iam.gserviceaccount.com" }
end
Use filtering to retrieve a particular service account
google_service_accounts(project: 'chef-inspec-gcp').where(service_account_display_names: /^dummyaccount/).service_account_names.each do |sa_name|
describe google_service_account(name: sa_name) do
it { should exist }
end
end
Properties
Properties that can be accessed from the google_service_accounts
resource:
See googleserviceaccount.md for more detailed information
* service_account_names
: an array of google_service_account
name
* project_ids
: an array of google_service_account
projectid
* `serviceaccountids: an array of
googleserviceaccount` uniqueid
* service_account_emails
: an array of google_service_account
email
* service_account_display_names
: an array of google_service_account
displayname
* `oauth2clientids: an array of
googleserviceaccount` oauth2client_id
Filter Criteria
This resource supports all of the above properties as filter criteria, which can be used
with where
as a block or a method.
GCP Permissions
Ensure the Identity and Access Management (IAM) API is enabled for the current project.