Skip to content

Latest commit

 

History

History
51 lines (30 loc) · 1.33 KB

google_kms_key_ring.md

File metadata and controls

51 lines (30 loc) · 1.33 KB
Raw
title platform
About the google_kms_key_ring Resource
gcp

google_kms_key_ring

Use the google_kms_key_ring InSpec audit resource to test properties of a single GCP kms key ring.


Syntax

A google_kms_key_ring resource block declares the tests for a single GCP key ring by project and name.

describe google_kms_key_ring(project: 'chef-inspec-gcp',  location: 'us-east1', name: 'key-ring-name') do
  it { should exist }
end

Examples

The following examples show how to use this InSpec audit resource.

Test that a GCP kms key ring exists

describe google_kms_key_ring(project: 'chef-inspec-gcp',  location: 'us-east1', name: 'key-ring-name') do
  it { should exist }
end

Test that a GCP kms key ring is in the expected state

For any existing key ring, below should definitely be true!

describe google_kms_key_ring(project: 'chef-inspec-gcp',  location: 'us-east1', name: 'key-ring-name') do
  its('create_time_date') { should be > Time.now - 365*60*60*24*50 }
end

Properties

  • create_time, create_time_date, name, key_ring_name, key_ring_url

GCP Permissions

Ensure the Cloud Key Management Service (KMS) API is enabled for the project where the resource is located.