google_storage_bucket_iam_policy resource
Syntax
A google_storage_bucket_iam_policy is used to test a Google Bucket Iam Policy resource
Examples
describe google_storage_bucket_iam_policy(bucket: "bucket") do
it { should exist }
end
google_storage_bucket_iam_policy(bucket: "bucket").bindings.each do |binding|
describe binding do
its('role') { should eq 'roles/editor'}
its('members') { should include 'user:testuser@example.com'}
end
end
Properties
Properties that can be accessed from the google_storage_bucket_iam_policy resource:
-
iam_binding_roles - The list of roles that exist on the policy.
-
bindings - Associates a list of members to a role.
-
role - Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
-
members - Specifies the identities requesting access for a Cloud Platform resource.
-
audit_configs - Specifies cloud audit logging configuration for this policy.
-
service -
Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com,cloudsql.googleapis.com.allServicesis a special value that covers all services. -
audit_log_configs -
The configuration for logging of each type of permission.
-
log_type - The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
-
exempted_members - Specifies the identities that do not cause logging for this type of permission.
-
GCP Permissions
Ensure the Google Cloud Storage is enabled for the current project.
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/inspec/resources/google_storage_bucket_iam_policy/