Skip to main content

google_iam_service_account_key resource

Use the google_iam_service_account_key InSpec audit resource to to test a Google Cloud ServiceAccountKey resource.

Examples

google_iam_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com").key_names.each do |sa_key_name|
	describe 
end

Properties

Properties that can be accessed from the google_iam_service_account_key resource:

  • name: The name of the key.

  • private_key_type: Output format for the service account key.

  • key_algorithm: Specifies the algorithm for the key.

  • private_key_data: Private key data. Base-64 encoded.

  • public_key_data: Public key data. Base-64 encoded.

  • valid_after_time: Key can only be used after this time.

  • valid_before_time: Key can only be used before this time.

  • key_type: Specifies the type of the key. Possible values include KEY_TYPE_UNSPECIFIED, USER_MANAGED and SYSTEM_MANAGED

  • service_account: The name of the serviceAccount.

  • path: The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. File path must be absolute.

GCP permissions

Ensure the Identity and Access Management (IAM) API is enabled for the current project.

Thank you for your feedback!

×