Skip to content

Latest commit

 

History

History
50 lines (30 loc) · 1.55 KB

google_service_account.md

File metadata and controls

50 lines (30 loc) · 1.55 KB
Raw
title platform
About the google_service_account Resource
gcp

google_service_account

Use the google_service_account InSpec audit resource to test properties of a GCP project IAM service account.


s

Syntax

A google_service_account resource block declares the tests for a single GCP project IAM service account by fully qualified name.

describe google_service_account(name: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do
  its('display_name') { should eq 'gcp-inspec-service-account' }
  its('project_id') { should eq 'chef-inspec-gcp' }
end

Examples

The following examples show how to use this InSpec audit resource.

Test that a GCP project IAM service account has the expected unique identifier

describe google_service_account(name: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do
  its('unique_id') { should eq 12345678 }
end

Test that a GCP project IAM service account has the expected oauth2 client identifier

describe google_service_account(name: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do
  its('oauth2_client_id') { should eq 12345678 }
end

Properties

  • display_name, email, etag, name, oauth2_client_id, project_id, unique_id

GCP Permissions

Ensure the Identity and Access Management (IAM) API is enabled for the project.