google_kms_key_ring_iam_policy resource

Syntax

A google_kms_key_ring_iam_policy is used to test a Google KeyRing Iam Policy resource

Examples

describe google_kms_key_ring_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name") do
  it { should exist }
end

google_kms_key_ring_iam_policy(project: "project", location: "location", key_ring_name: "key_ring_name").bindings.each do |binding|
  describe binding do
    its('role') { should eq 'roles/editor'}
    its('members') { should include 'user:[email protected]'}
  end
end

Properties

Properties that can be accessed from the google_kms_key_ring_iam_policy resource:

iam_binding_roles
The list of roles that exist on the policy.
bindings
Associates a list of members to a role.
role
Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
members
Specifies the identities requesting access for a Cloud Platform resource.
audit_configs
Specifies cloud audit logging configuration for this policy.
service
Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.
audit_log_configs
The configuration for logging of each type of permission.
log_type
The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
exempted_members
Specifies the identities that do not cause logging for this type of permission.

GCP Permissions

Ensure the Cloud Key Management Service (KMS) API is enabled for the current project.

© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/inspec/resources/google_kms_key_ring_iam_policy/