google_kms_key_rings resource
Syntax
A google_kms_key_rings is used to test a Google KeyRing resource
Examples
describe google_kms_key_rings(project: 'chef-gcp-inspec', location: 'europe-west2') do
its('key_ring_names'){ should include 'kms-key-ring' }
end
describe.one do
google_kms_key_rings(project: 'chef-gcp-inspec', location: 'europe-west2').key_ring_urls do |url|
describe url do
it { should match 'kms-key-ring' }
end
end
end
Test that there are no more than a specified number of kms_key_rings available for the project
describe google_kms_key_rings(project: 'chef-inspec-gcp', location: 'us-east1') do
its('count') { should be <= 200}
end
Test that an expected kms_key_ring is available for the project
describe google_kms_key_rings(project: 'chef-inspec-gcp', location: 'us-east1') do
its('key_ring_names') { should include "a-named-key" }
end
Test that all KMS key rings were created in the past year
describe google_kms_key_rings(project: gcp_project_id, location: 'us-east1').key_ring_names.each do |key_ring_name|
describe google_kms_key_ring(project: 'chef-inspec-gcp', location: 'us-east1', 'name: key_ring_name) do
it { should exist }
its('create_time_date') { should be > Time.now - 365*60*60*24 }
end
end
Properties
Properties that can be accessed from the google_kms_key_rings resource:
See the google_kms_key_ring resource for more information.
create_times- an array of
google_kms_key_ringcreate_time key_ring_urls- an array of
google_kms_key_ringkey_ring_url locations- an array of
google_kms_key_ringlocation
Filter Criteria
This resource supports all of the above properties as filter criteria, which can be used
with where as a block or a method.
GCP Permissions
Ensure the Cloud Key Management Service (KMS) API is enabled for the current project.