Docs4dev
Docs

google_service_account_keys resource

[edit on GitHub]

Syntax

A google_service_account_keys is used to test a Google ServiceAccountKey resource

Examples

describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do
  its('count') { should be <= 1000 }
  its('key_types') { should_not include 'USER_MANAGED' }
end

Test that there are no more than a specified number of keys for the service account

describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do
  its('count') { should be <= 1000}
end

Test that a service account with expected name is available

describe google_service_account_keys(project: 'sample-project', service_account: 'sample-account@sample-project.iam.gserviceaccount.com') do
  its('key_names'){ should include "projects/sample-project/serviceAccounts/test-sa@sample-project.iam.gserviceaccount.com/keys/c6bd986da9fac6d71178db41d1741cbe751a5080" }
end

Properties

Properties that can be accessed from the google_service_account_keys resource:

See the google_service_account_key resource for more information.

key_names
an array of google_service_account_key name
private_key_types
an array of google_service_account_key private_key_type
key_algorithms
an array of google_service_account_key key_algorithm
private_key_data
an array of google_service_account_key private_key_data
public_key_data
an array of google_service_account_key public_key_data
valid_after_times
an array of google_service_account_key valid_after_time
valid_before_times
an array of google_service_account_key valid_before_time
key_types
an array of google_service_account_key key_type
service_accounts
an array of google_service_account_key service_account
paths
an array of google_service_account_key path

Filter Criteria

This resource supports all of the above properties as filter criteria, which can be used with where as a block or a method.

GCP Permissions

Ensure the Identity and Access Management (IAM) API is enabled for the current project.

© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/inspec/resources/google_service_account_keys/