Skip to content
This repository has been archived by the owner on Nov 14, 2024. It is now read-only.

Latest commit

 

History

History
60 lines (42 loc) · 1.77 KB

google_project_iam_custom_role.md

File metadata and controls

60 lines (42 loc) · 1.77 KB
Raw
title platform
About the google_project_iam_custom_role resource
gcp

Syntax

A google_project_iam_custom_role is used to test a Google CustomRole resource

Examples

describe google_project_iam_custom_role(project: 'chef-gcp-inspec', name: 'admin-role') do
  it { should exist }
  its('stage') { should eq 'GA' }
  its('included_permissions') { should eq ["iam.roles.list"] }
end

describe google_project_iam_custom_role(project: 'chef-gcp-inspec', name: 'nonexistent') do
  it { should_not exist }
end

Test that a GCP project IAM custom role has the expected stage in the launch lifecycle

describe google_project_iam_custom_role(project: 'chef-inspec-gcp', name: 'chef-inspec-gcp-role-abcd') do
  its('stage') { should eq "GA" }
end

Test that a GCP project IAM custom role has the expected included permissions

describe google_project_iam_custom_role(project: 'chef-inspec-gcp', name: 'chef-inspec-gcp-role-abcd') do
  its('included_permissions') { should eq ["iam.roles.list"] }
end

Properties

Properties that can be accessed from the google_project_iam_custom_role resource:

  • name: The name of the role.

  • title: A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

  • description: Human-readable description for the role

  • included_permissions: Names of permissions this role grants when bound in an IAM policy.

  • stage: The current launch stage of the role. Possible values:

    • ALPHA
    • BETA
    • GA
    • DEPRECATED
    • DISABLED
    • EAP

  • deleted: The current deleted state of the role

GCP Permissions

Ensure the Identity and Access Management (IAM) API is enabled for the current project.