title | platform |
---|---|
About the google_sql_users Resource |
gcp |
Use the google_sql_users
InSpec audit resource to test properties of all, or a filtered group of, GCP sql users for a project database instance.
A google_sql_users
resource block collects GCP users by project then tests that group.
describe google_sql_users(project: 'chef-inspec-gcp', database: 'database-instance') do
it { should exist }
end
The following examples show how to use this InSpec audit resource.
describe google_sql_users(project: 'chef-inspec-gcp', database: 'database-instance') do
its('count') { should be <= 100}
end
describe google_sql_users(project: 'chef-inspec-gcp') do
its('user_names') { should include "us-east1-b" }
end
describe google_sql_users(project: 'chef-inspec-gcp') do
its('user_statuses') { should_not include "DOWN" }
end
google_sql_database_instances(project: 'chef-inspec-gcp').instance_names.each do |instance_name|
describe google_sql_users(project: 'chef-inspec-gcp', database: instance_name) do
it { should exist }
end
end
This resource supports the following filter criteria: user_id
; user_name
and user_status
. Any of these may be used with where
, as a block or as a method.
user_names
- an array of google sql user name stringsuser_instances
- an array of google_sql_database_instance name stringsuser_hosts
- an array of google sql user host strings
Ensure the Cloud SQL API is enabled for the project.