Skip to main content

google_logging_project_exclusion resource

Use the google_logging_project_exclusion InSpec audit resource to to test a Google Cloud ProjectExclusion resource.

Examples

describe google_logging_project_exclusion(project: 'chef-gcp-inspec', name: 'inspec-project-exclusion') do
	it { should exist }
  its('description'){ should cmp 'My project exclusion description' }
  its('filter'){ should cmp 'resource.type = gce_instance AND severity <= DEBUG' }
end

describe google_logging_project_exclusion(project: 'chef-gcp-inspec', name: 'nonexistent') do
  it { should_not exist }
end

Test that a GCP project logging exclusion name is as expected

describe google_logging_project_exclusion(project: 'chef-inspec-gcp',  exclusion: 'exclusion-name-abcd') do
  its('name') { should eq 'exclusion-name-abcd' }
end

Test that a GCP project logging exclusion filter is set correctly

describe google_logging_project_exclusion(project: 'chef-inspec-gcp',  exclusion: 'exclusion-name-abcd') do
  its('filter') { should eq 'resource.type = gce_instance AND severity <= DEBUG' }
end

Test that a GCP project logging exclusion description is as expected

describe google_logging_project_exclusion(project: 'chef-inspec-gcp',  exclusion: 'exclusion-name-abcd') do
  its('description') { should eq 'Exclude GCE instance debug logs' }
end

Properties

Properties that can be accessed from the google_logging_project_exclusion resource:

  • project: Id of the project that this exclusion applies to.

  • name: Name of the exclusion, specified by the server during create.

  • description: A user provided description of this exclusion.

  • filter: An advanced logs filter. The only exported log entries are those that are in the resource owning the sink and that match the filter.

  • disabled: If set to true then this exclusion is disabled and it does not exclude any log entries.

GCP permissions

Ensure the Stackdriver Logging API is enabled for the current project.

Thank you for your feedback!

×