Skip to main content

google_logging_folder_log_sinks resource

Use the google_logging_folder_log_sinks InSpec audit resource to to test a Google Cloud FolderLogSink resource.

Examples

# Getting folder sinks is complicated due to the name being generated by the server.
# This can be drastically simplified if you have the folder name when writing the test
describe.one do
  google_resourcemanager_folders(parent: 'organizations/12345').names.each do |folder_name|
    # name on a folder is in the form `folders/12345`
    describe google_logging_folder_log_sinks(folder: folder_name.split('/')[1]) do
      its('names') { should include 'inspec-gcp-folder-sink' }
      its('filters') { should include 'resource.type = gce_instance AND severity >= ERROR' }
    end
  end
end

Properties

Properties that can be accessed from the google_logging_folder_log_sinks resource:

See google_logging_folder_log_sink for more detailed information.

  • folders: an array of google_logging_folder_log_sink folder
  • names: an array of google_logging_folder_log_sink name
  • filters: an array of google_logging_folder_log_sink filter
  • destinations: an array of google_logging_folder_log_sink destination
  • writer_identities: an array of google_logging_folder_log_sink writer_identity
  • include_children: an array of google_logging_folder_log_sink include_children

Filter criteria

This resource supports all of the above properties as filter criteria, which can be used with where as a block or a method.

GCP permissions

Ensure the Stackdriver Logging API is enabled for the current project.

Thank you for your feedback!

×