Skip to content

Latest commit

 

History

History
50 lines (30 loc) · 1.38 KB

google_storage_bucket_iam_binding.md

File metadata and controls

50 lines (30 loc) · 1.38 KB
Raw
title platform
About the google_storage_bucket_iam_binding Resource
gcp

google_storage_bucket_iam_binding

Use the google_storage_bucket_iam_binding InSpec audit resource to test properties of a single GCP storage bucket IAM binding.


Syntax

A google_storage_bucket_iam_binding resource block declares the tests for a single GCP storage bucket IAM binding by bucket name and role.

describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz',  role: 'roles/storage.objectViewer') do
  it { should exist }
end

Examples

The following examples show how to use this InSpec audit resource.

Test that a GCP storage bucket IAM binding exists

describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz',  role: 'roles/storage.admin') do
  it { should exist }
end

Test that a GCP storage bucket IAM binding role has the desired user or service account included

describe google_storage_bucket_iam_binding(bucket: 'bucket-buvsjjcndqz',  role: 'roles/storage.admin') do
  its('members') {should include 'user:someuser@domain.com' }
  its('members') {should include 'serviceAccount:someserviceaccount@domain.com' }
end

Properties

  • members

GCP Permissions

Ensure the Google Cloud Storage API is enabled.