google_service_account_keys resource

Syntax

A google_service_account_keys is used to test a Google ServiceAccountKey resource

Examples

describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "[email protected]") do
  its('count') { should be <= 1000 }
  its('key_types') { should_not include 'USER_MANAGED' }
end

Test that there are no more than a specified number of keys for the service account

describe google_service_account_keys(project: 'sample-project', service_account: '[email protected]') do
  its('count') { should be <= 1000}
end

Test that a service account with expected name is available

describe google_service_account_keys(project: 'sample-project', service_account: '[email protected]') do
  its('key_names'){ should include "projects/sample-project/serviceAccounts/[email protected]/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" }
end

Properties

Properties that can be accessed from the google_service_account_keys resource:

See the google_service_account_key resource for more information.

key_names

an array of google_service_account_key name

private_key_types

an array of google_service_account_key private_key_type

key_algorithms

an array of google_service_account_key key_algorithm

private_key_data

an array of google_service_account_key private_key_data

public_key_data

an array of google_service_account_key public_key_data

valid_after_times

an array of google_service_account_key valid_after_time

valid_before_times

an array of google_service_account_key valid_before_time

key_types

an array of google_service_account_key key_type

service_accounts

an array of google_service_account_key service_account

paths

an array of google_service_account_key path

Filter Criteria

This resource supports all of the above properties as filter criteria, which can be used with where as a block or a method.

GCP Permissions

Ensure the Identity and Access Management (IAM) API is enabled for the current project.