Skip to content

Latest commit

 

History

History
49 lines (29 loc) · 1.53 KB

google_kms_crypto_key_iam_binding.md

File metadata and controls

49 lines (29 loc) · 1.53 KB
Raw
title platform
About the google_kms_crypto_key_iam_binding Resource
gcp

google_kms_crypto_key_iam_binding

Use the google_kms_crypto_key_iam_binding InSpec audit resource to test properties of a single GCP KMS Crypto Key IAM Binding.


Syntax

A google_kms_crypto_key_iam_binding resource block declares the tests for a single KMS Crypto Key IAM Binding for specified role.

describe google_kms_crypto_key_iam_binding(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name',  role: "roles/owner") do
  it { should exist }
end

Examples

The following examples show how to use this InSpec audit resource.

Test that a GCP KMS Crypto Key IAM Binding exists for the specified role

describe google_kms_crypto_key_iam_binding(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name',  role: "roles/owner") do
  it { should exist }
end

Test that a GCP KMS Crypto Key IAM Binding has the desired user included for the specified role

describe google_kms_crypto_key_iam_binding(crypto_key_url: 'projects/project/locations/europe-west2/keyRings/key-ring/cryptoKeys/key-name',  role: "roles/owner") do
  its('members') {should include 'user:someuser@domain.com' }
end

Properties

  • members

GCP Permissions

Ensure the Cloud Key Management Service (KMS) API is enabled for the project where the resource is located.