| title | platform |
|---|---|
About the google_projects Resource |
gcp |
Use the google_projects InSpec audit resource to test properties of all, or a filtered group of, GCP projects in a particular organisation.
A google_projects resource block collects GCP projects then tests that group.
describe google_projects do
it { should exist }
end
Use this InSpec resource to enumerate IDs then test in-depth using google_compute_project.
google_projects.project_ids.each do |project_id|
describe google_project(project: project_id) do
it { should exist }
its('lifecycle_state') { should eq "ACTIVE" }
end
end
The following examples show how to use this InSpec audit resource.
describe google_projects do
its('count') { should be <= 100}
end
describe google_projects do
its('project_names'){ should include "GCP Project Name" }
end
describe google_projects do
its('project_ids'){ should include "gcp_project_id" }
end
describe google_projects do
its('project_numbers'){ should include 1122334455 }
end
google_projects.where(project_id: /^prod/).project_ids.each do |gcp_project_id|
describe google_project(project: gcp_project_id) do
it { should exist }
its('lifecycle_state') { should eq "ACTIVE" }
end
end
google_projects.where(project_id: /^prod/, lifecycle_state: 'ACTIVE').project_ids.each do |gcp_project_id|
describe google_project(project: gcp_project_id) do
it { should exist }
end
end
This resource supports the following filter criteria: project_id; project_name; project_number and lifecycle_state. Any of these may be used with where, as a block or as a method.
project_ids- an array of google_compute_project identifier stringsproject_names- an array of google_compute_project name stringsproject_numbers- an array of google_compute_project number identifier integerslifecycle_state- an array of google_compute_project lifecycle state strings
Ensure the Cloud Resource Manager API is enabled for the project.