google_service_account resource
Syntax
A google_service_account is used to test a Google ServiceAccount resource
Examples
describe google_service_account(project: 'chef-gcp-inspec', name: "[email protected]") do
it { should exist }
its('display_name') { should cmp '' }
end
describe google_service_account(project: 'chef-gcp-inspec', name: "[email protected]") do
it { should_not exist }
end
Test that a GCP project IAM service account has the expected unique identifier
describe google_service_account(project: 'sample-project', name: '[email protected]') do
its('unique_id') { should eq 12345678 }
end
Test that a GCP project IAM service account has the expected oauth2 client identifier
describe google_service_account(project: 'sample-project', name: '[email protected]') do
its('oauth2_client_id') { should eq 12345678 }
end
Test that a GCP project IAM service account does not have user managed keys
describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "[email protected]") do
its('key_types') { should_not include 'USER_MANAGED' }
end
Properties
Properties that can be accessed from the google_service_account resource:
name- The name of the service account.
project_id- Id of the project that owns the service account.
unique_id- Unique and stable id of the service account
email- Email address of the service account.
display_name- User specified description of service account.
oauth2_client_id- OAuth2 client id for the service account.
GCP Permissions
Ensure the Identity and Access Management (IAM) API is enabled for the current project.
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/inspec/resources/google_service_account/