google_service_account_key resource

[edit on GitHub]

Syntax

A google_service_account_key is used to test a Google ServiceAccountKey resource

Examples

google_service_account_keys(project: 'chef-gcp-inspec', service_account: "[email protected]").key_names.each do |sa_key_name|
	describe google_service_account_key(project: 'chef-gcp-inspec', service_account: "[email protected]", name: sa_key_name.split('/').last) do
		it { should exist }
		its('key_type') { should_not cmp 'USER_MANAGED' }
	end
end

Test that a GCP project IAM service account key has the expected key algorithm

describe google_service_account_key(name: "projects/sample-project/serviceAccounts/[email protected]/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" ) do
  its('key_algorithm') { should eq "KEY_ALG_RSA_2048" }
end

Properties

Properties that can be accessed from the google_service_account_key resource:

name
The name of the key.
private_key_type
Output format for the service account key.

Possible values:

  • TYPE_UNSPECIFIED
  • TYPE_PKCS12_FILE
  • TYPE_GOOGLE_CREDENTIALS_FILE
key_algorithm
Specifies the algorithm for the key.

Possible values:

  • KEY_ALG_UNSPECIFIED
  • KEY_ALG_RSA_1024
  • KEY_ALG_RSA_2048
private_key_data
Private key data. Base-64 encoded.
public_key_data
Public key data. Base-64 encoded.
valid_after_time
Key can only be used after this time.
valid_before_time
Key can only be used before this time.
key_type
Specifies the type of the key.

Possible values:

  • KEY_TYPE_UNSPECIFIED
  • USER_MANAGED
  • SYSTEM_MANAGED
service_account
The name of the serviceAccount.
path
The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. File path must be absolute.

GCP Permissions

Ensure the Identity and Access Management (IAM) API is enabled for the current project.

© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/inspec/resources/google_service_account_key/