Skip to content

Latest commit

 

History

History
55 lines (33 loc) · 1.61 KB

google_logging_project_exclusion.md

File metadata and controls

55 lines (33 loc) · 1.61 KB
Raw
title platform
About the google_logging_project_exclusion Resource
gcp

google_logging_project_exclusion

Use the google_logging_project_exclusion InSpec audit resource to test properties of a single GCP logging project exclusion.


Syntax

A google_logging_project_exclusion resource block declares the tests for a single GCP logging project exclusion by project and exclusion name.

describe google_logging_project_exclusion(project: 'chef-inspec-gcp',  exclusion: 'exclusion-name-abcd') do
  it { should exist }
end

Examples

The following examples show how to use this InSpec audit resource.

Test that a GCP project logging exclusion name is as expected

describe google_logging_project_exclusion(project: 'chef-inspec-gcp',  exclusion: 'exclusion-name-abcd') do
  its('name') { should eq 'exclusion-name-abcd' }
end

Test that a GCP project logging exclusion filter is set correctly

describe google_logging_project_exclusion(project: 'chef-inspec-gcp',  exclusion: 'exclusion-name-abcd') do
  its('filter') { should eq 'resource.type = gce_instance AND severity <= DEBUG' }
end

Test that a GCP project logging exclusion description is as expected

describe google_logging_project_exclusion(project: 'chef-inspec-gcp',  exclusion: 'exclusion-name-abcd') do
  its('description') { should eq 'Exclude GCE instance debug logs' }
end

Properties

  • description, filter, name

GCP Permissions

Ensure the Stackdriver Logging API is enabled for the project.