Syntax
A google_storage_bucket_iam_policy
is used to test a Google Bucket Iam Policy resource
Examples
describe google_storage_bucket_iam_policy(bucket: "bucket") do
it { should exist }
end
google_storage_bucket_iam_policy(bucket: "bucket").bindings.each do |binding|
describe binding do
its('role') { should eq 'roles/editor'}
its('members') { should include 'user:testuser@example.com'}
end
end
Properties
Properties that can be accessed from the google_storage_bucket_iam_policy
resource:
iam_binding_roles
: The list of roles that exist on the policy.bindings
: Associates a list of members to a role.role
: Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.members
: Specifies the identities requesting access for a Cloud Platform resource.
audit_configs
: Specifies cloud audit logging configuration for this policy.service
: Specifies a service that will be enabled for audit logging. For example,storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services.audit_log_configs
: The configuration for logging of each type of permission.log_type
: The log type that this config enables. For example, ADMINREAD, DATAWRITE or DATA_READexempted_members
: Specifies the identities that do not cause logging for this type of permission.
GCP Permissions
Ensure the Google Cloud Storage is enabled for the current project.