diff --git a/docs/resources/google_bigquery_dataset.md b/docs/resources/google_bigquery_dataset.md index 6fd9d11db..ab78c9fa3 100644 --- a/docs/resources/google_bigquery_dataset.md +++ b/docs/resources/google_bigquery_dataset.md @@ -42,7 +42,7 @@ Properties that can be accessed from the `google_bigquery_dataset` resource: * `group_by_email`: An email address of a Google Group to grant access to. - * `role`: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts, and will show a diff post-create. See [official docs](https://cloud.google.com/bigquery/docs/access-control). + * `role`: Describes the rights granted to the user specified by the other member of the access object. Primitive, Predefined and custom roles are supported. Predefined roles that have equivalent primitive roles are swapped by the API to their Primitive counterparts. See [official docs](https://cloud.google.com/bigquery/docs/access-control). * `special_group`: A special group to grant access to. Possible values include: * `projectOwners`: Owners of the enclosing project. * `projectReaders`: Readers of the enclosing project. * `projectWriters`: Writers of the enclosing project. * `allAuthenticatedUsers`: All authenticated BigQuery users. diff --git a/docs/resources/google_compute_backend_service.md b/docs/resources/google_compute_backend_service.md index 81a96ac42..2a5bb68f3 100644 --- a/docs/resources/google_compute_backend_service.md +++ b/docs/resources/google_compute_backend_service.md @@ -60,9 +60,9 @@ Properties that can be accessed from the `google_compute_backend_service` resour * `max_utilization`: Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. The default is 0.8. Valid range is [0.0, 1.0]. - * `circuit_breakers`: (Beta only) Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + * `circuit_breakers`: Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. - * `connect_timeout`: The timeout for new network connections to hosts. + * `connect_timeout`: (Beta only) The timeout for new network connections to hosts. * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. @@ -78,7 +78,7 @@ Properties that can be accessed from the `google_compute_backend_service` resour * `max_retries`: The maximum number of parallel retries to the backend cluster. Defaults to 3. - * `consistent_hash`: (Beta only) Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. + * `consistent_hash`: Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. * `http_cookie`: Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. @@ -118,7 +118,7 @@ Properties that can be accessed from the `google_compute_backend_service` resour * `creation_timestamp`: Creation timestamp in RFC3339 text format. - * `custom_request_headers`: (Beta only) Headers that the HTTP/S load balancer should add to proxied requests. + * `custom_request_headers`: Headers that the HTTP/S load balancer should add to proxied requests. * `fingerprint`: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. @@ -145,7 +145,7 @@ Properties that can be accessed from the `google_compute_backend_service` resour * EXTERNAL * INTERNAL_SELF_MANAGED - * `locality_lb_policy`: (Beta only) The load balancing algorithm used within the scope of the locality. The possible values are - ROUND_ROBIN - This is a simple policy in which each healthy backend is selected in round robin order. LEAST_REQUEST - An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. RING_HASH - The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. RANDOM - The load balancer selects a random healthy host. ORIGINAL_DESTINATION - Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. MAGLEV - used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + * `locality_lb_policy`: The load balancing algorithm used within the scope of the locality. The possible values are - ROUND_ROBIN - This is a simple policy in which each healthy backend is selected in round robin order. LEAST_REQUEST - An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. RING_HASH - The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. RANDOM - The load balancer selects a random healthy host. ORIGINAL_DESTINATION - Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. MAGLEV - used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Possible values: * ROUND_ROBIN * LEAST_REQUEST @@ -156,7 +156,7 @@ Properties that can be accessed from the `google_compute_backend_service` resour * `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - * `outlier_detection`: (Beta only) Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + * `outlier_detection`: Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. * `base_ejection_time`: The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. @@ -212,7 +212,7 @@ Properties that can be accessed from the `google_compute_backend_service` resour * `timeout_sec`: How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400]. - * `log_config`: (Beta only) This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. + * `log_config`: This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. * `enable`: Whether to enable logging for the load balancer traffic served by this backend service. diff --git a/docs/resources/google_compute_backend_services.md b/docs/resources/google_compute_backend_services.md index 7a5d44bbd..018007aa3 100644 --- a/docs/resources/google_compute_backend_services.md +++ b/docs/resources/google_compute_backend_services.md @@ -27,12 +27,12 @@ Properties that can be accessed from the `google_compute_backend_services` resou See [google_compute_backend_service.md](google_compute_backend_service.md) for more detailed information * `affinity_cookie_ttl_secs`: an array of `google_compute_backend_service` affinity_cookie_ttl_sec * `backends`: an array of `google_compute_backend_service` backends - * `circuit_breakers`: (Beta only) an array of `google_compute_backend_service` circuit_breakers - * `consistent_hashes`: (Beta only) an array of `google_compute_backend_service` consistent_hash + * `circuit_breakers`: an array of `google_compute_backend_service` circuit_breakers + * `consistent_hashes`: an array of `google_compute_backend_service` consistent_hash * `cdn_policies`: an array of `google_compute_backend_service` cdn_policy * `connection_drainings`: an array of `google_compute_backend_service` connection_draining * `creation_timestamps`: an array of `google_compute_backend_service` creation_timestamp - * `custom_request_headers`: (Beta only) an array of `google_compute_backend_service` custom_request_headers + * `custom_request_headers`: an array of `google_compute_backend_service` custom_request_headers * `fingerprints`: an array of `google_compute_backend_service` fingerprint * `descriptions`: an array of `google_compute_backend_service` description * `enable_cdns`: an array of `google_compute_backend_service` enable_cdn @@ -40,15 +40,15 @@ See [google_compute_backend_service.md](google_compute_backend_service.md) for m * `ids`: an array of `google_compute_backend_service` id * `iaps`: an array of `google_compute_backend_service` iap * `load_balancing_schemes`: an array of `google_compute_backend_service` load_balancing_scheme - * `locality_lb_policies`: (Beta only) an array of `google_compute_backend_service` locality_lb_policy + * `locality_lb_policies`: an array of `google_compute_backend_service` locality_lb_policy * `names`: an array of `google_compute_backend_service` name - * `outlier_detections`: (Beta only) an array of `google_compute_backend_service` outlier_detection + * `outlier_detections`: an array of `google_compute_backend_service` outlier_detection * `port_names`: an array of `google_compute_backend_service` port_name * `protocols`: an array of `google_compute_backend_service` protocol * `security_policies`: an array of `google_compute_backend_service` security_policy * `session_affinities`: an array of `google_compute_backend_service` session_affinity * `timeout_secs`: an array of `google_compute_backend_service` timeout_sec - * `log_configs`: (Beta only) an array of `google_compute_backend_service` log_config + * `log_configs`: an array of `google_compute_backend_service` log_config ## Filter Criteria This resource supports all of the above properties as filter criteria, which can be used diff --git a/docs/resources/google_compute_region_backend_service.md b/docs/resources/google_compute_region_backend_service.md index 4031b709d..c1a53592b 100644 --- a/docs/resources/google_compute_region_backend_service.md +++ b/docs/resources/google_compute_region_backend_service.md @@ -28,7 +28,7 @@ end Properties that can be accessed from the `google_compute_region_backend_service` resource: - * `affinity_cookie_ttl_sec`: (Beta only) Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used. + * `affinity_cookie_ttl_sec`: Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used. * `backends`: The set of backends that serve this RegionBackendService. @@ -42,7 +42,7 @@ Properties that can be accessed from the `google_compute_region_backend_service` * `description`: An optional description of this resource. Provide this property when you create the resource. - * `failover`: (Beta only) This field designates whether this is a failover backend. More than one failover backend can be configured for a given RegionBackendService. + * `failover`: This field designates whether this is a failover backend. More than one failover backend can be configured for a given RegionBackendService. * `group`: The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. When the `load_balancing_scheme` is INTERNAL, only instance groups are supported. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL. @@ -60,9 +60,9 @@ Properties that can be accessed from the `google_compute_region_backend_service` * `max_utilization`: Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0]. Cannot be set for INTERNAL backend services. - * `circuit_breakers`: (Beta only) Settings controlling the volume of connections to a backend service. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. + * `circuit_breakers`: Settings controlling the volume of connections to a backend service. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. - * `connect_timeout`: The timeout for new network connections to hosts. + * `connect_timeout`: (Beta only) The timeout for new network connections to hosts. * `seconds`: Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. @@ -78,7 +78,7 @@ Properties that can be accessed from the `google_compute_region_backend_service` * `max_retries`: The maximum number of parallel retries to the backend cluster. Defaults to 3. - * `consistent_hash`: (Beta only) Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies when all of the following are true - * `load_balancing_scheme` is set to INTERNAL_MANAGED * `protocol` is set to HTTP, HTTPS, or HTTP2 * `locality_lb_policy` is set to MAGLEV or RING_HASH + * `consistent_hash`: Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies when all of the following are true - * `load_balancing_scheme` is set to INTERNAL_MANAGED * `protocol` is set to HTTP, HTTPS, or HTTP2 * `locality_lb_policy` is set to MAGLEV or RING_HASH * `http_cookie`: Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. @@ -104,7 +104,7 @@ Properties that can be accessed from the `google_compute_region_backend_service` * `description`: An optional description of this resource. - * `failover_policy`: (Beta only) Policy for failovers. + * `failover_policy`: Policy for failovers. * `disable_connection_drain_on_failover`: On failover or failback, this field indicates whether connection drain will be honored. Setting this to true has the following effect: connections to the old active pool are not drained. Connections to the new active pool use the timeout of 10 min (currently fixed). Setting to false has the following effect: both old and new connections will have a drain timeout of 10 min. This can be set to true only if the protocol is TCP. The default is false. @@ -123,7 +123,7 @@ Properties that can be accessed from the `google_compute_region_backend_service` * INTERNAL * INTERNAL_MANAGED - * `locality_lb_policy`: (Beta only) The load balancing algorithm used within the scope of the locality. The possible values are - ROUND_ROBIN - This is a simple policy in which each healthy backend is selected in round robin order. LEAST_REQUEST - An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. RING_HASH - The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. RANDOM - The load balancer selects a random healthy host. ORIGINAL_DESTINATION - Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. MAGLEV - used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. + * `locality_lb_policy`: The load balancing algorithm used within the scope of the locality. The possible values are - ROUND_ROBIN - This is a simple policy in which each healthy backend is selected in round robin order. LEAST_REQUEST - An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. RING_HASH - The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. RANDOM - The load balancer selects a random healthy host. ORIGINAL_DESTINATION - Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. MAGLEV - used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. Possible values: * ROUND_ROBIN * LEAST_REQUEST @@ -134,7 +134,7 @@ Properties that can be accessed from the `google_compute_region_backend_service` * `name`: Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. - * `outlier_detection`: (Beta only) Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. + * `outlier_detection`: Settings controlling eviction of unhealthy hosts from the load balancing pool. This field is applicable only when the `load_balancing_scheme` is set to INTERNAL_MANAGED and the `protocol` is set to HTTP, HTTPS, or HTTP2. * `base_ejection_time`: The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. @@ -187,7 +187,7 @@ Properties that can be accessed from the `google_compute_region_backend_service` * `timeout_sec`: How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400]. - * `log_config`: (Beta only) This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. + * `log_config`: This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. * `enable`: Whether to enable logging for the load balancer traffic served by this backend service. diff --git a/docs/resources/google_compute_region_backend_services.md b/docs/resources/google_compute_region_backend_services.md index 7435c1d3e..f901fd916 100644 --- a/docs/resources/google_compute_region_backend_services.md +++ b/docs/resources/google_compute_region_backend_services.md @@ -24,25 +24,25 @@ end Properties that can be accessed from the `google_compute_region_backend_services` resource: See [google_compute_region_backend_service.md](google_compute_region_backend_service.md) for more detailed information - * `affinity_cookie_ttl_secs`: (Beta only) an array of `google_compute_region_backend_service` affinity_cookie_ttl_sec + * `affinity_cookie_ttl_secs`: an array of `google_compute_region_backend_service` affinity_cookie_ttl_sec * `backends`: an array of `google_compute_region_backend_service` backends - * `circuit_breakers`: (Beta only) an array of `google_compute_region_backend_service` circuit_breakers - * `consistent_hashes`: (Beta only) an array of `google_compute_region_backend_service` consistent_hash + * `circuit_breakers`: an array of `google_compute_region_backend_service` circuit_breakers + * `consistent_hashes`: an array of `google_compute_region_backend_service` consistent_hash * `connection_drainings`: an array of `google_compute_region_backend_service` connection_draining * `creation_timestamps`: an array of `google_compute_region_backend_service` creation_timestamp * `descriptions`: an array of `google_compute_region_backend_service` description - * `failover_policies`: (Beta only) an array of `google_compute_region_backend_service` failover_policy + * `failover_policies`: an array of `google_compute_region_backend_service` failover_policy * `fingerprints`: an array of `google_compute_region_backend_service` fingerprint * `health_checks`: an array of `google_compute_region_backend_service` health_checks * `ids`: an array of `google_compute_region_backend_service` id * `load_balancing_schemes`: an array of `google_compute_region_backend_service` load_balancing_scheme - * `locality_lb_policies`: (Beta only) an array of `google_compute_region_backend_service` locality_lb_policy + * `locality_lb_policies`: an array of `google_compute_region_backend_service` locality_lb_policy * `names`: an array of `google_compute_region_backend_service` name - * `outlier_detections`: (Beta only) an array of `google_compute_region_backend_service` outlier_detection + * `outlier_detections`: an array of `google_compute_region_backend_service` outlier_detection * `protocols`: an array of `google_compute_region_backend_service` protocol * `session_affinities`: an array of `google_compute_region_backend_service` session_affinity * `timeout_secs`: an array of `google_compute_region_backend_service` timeout_sec - * `log_configs`: (Beta only) an array of `google_compute_region_backend_service` log_config + * `log_configs`: an array of `google_compute_region_backend_service` log_config * `networks`: an array of `google_compute_region_backend_service` network * `regions`: an array of `google_compute_region_backend_service` region diff --git a/docs/resources/google_compute_url_map.md b/docs/resources/google_compute_url_map.md index 29599fa82..e76876185 100644 --- a/docs/resources/google_compute_url_map.md +++ b/docs/resources/google_compute_url_map.md @@ -124,7 +124,7 @@ Properties that can be accessed from the `google_compute_url_map` resource: * SEE_OTHER * TEMPORARY_REDIRECT - * `strip_query`: If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false. + * `strip_query`: If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. * `tests`: The list of expected URL mapping tests. Request to update this UrlMap will succeed only if all of the test cases pass. You can specify a maximum of 100 tests per UrlMap. diff --git a/docs/resources/google_service_account.md b/docs/resources/google_service_account.md index 6d0568702..3d783cc18 100644 --- a/docs/resources/google_service_account.md +++ b/docs/resources/google_service_account.md @@ -20,20 +20,20 @@ end ### Test that a GCP project IAM service account has the expected unique identifier - describe google_service_account(name: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do + describe google_service_account(project: 'sample-project', name: 'sample-account@sample-project.iam.gserviceaccount.com') do its('unique_id') { should eq 12345678 } end ### Test that a GCP project IAM service account has the expected oauth2 client identifier - describe google_service_account(name: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do + describe google_service_account(project: 'sample-project', name: 'sample-account@sample-project.iam.gserviceaccount.com') do its('oauth2_client_id') { should eq 12345678 } end ### Test that a GCP project IAM service account does not have user managed keys - describe google_service_account(name: 'projects/sample-project/serviceAccounts/sample-account@sample-project.iam.gserviceaccount.com') do - it { should have_user_managed_keys } + describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do + its('key_types') { should_not include 'USER_MANAGED' } end ## Properties diff --git a/docs/resources/google_service_account_key.md b/docs/resources/google_service_account_key.md index 1d5c16974..6ba03a66c 100644 --- a/docs/resources/google_service_account_key.md +++ b/docs/resources/google_service_account_key.md @@ -9,7 +9,10 @@ A `google_service_account_key` is used to test a Google ServiceAccountKey resour ## Examples ``` google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com").key_names.each do |sa_key_name| - describe + describe google_service_account_key(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com", name: sa_key_name.split('/').last) do + it { should exist } + its('key_type') { should_not cmp 'USER_MANAGED' } + end end ``` diff --git a/docs/resources/google_service_account_keys.md b/docs/resources/google_service_account_keys.md index be1b6e1ae..03006946c 100644 --- a/docs/resources/google_service_account_keys.md +++ b/docs/resources/google_service_account_keys.md @@ -10,6 +10,7 @@ A `google_service_account_keys` is used to test a Google ServiceAccountKey resou ``` describe google_service_account_keys(project: 'chef-gcp-inspec', service_account: "display-name@project-id.iam.gserviceaccount.com") do its('count') { should be <= 1000 } + its('key_types') { should_not include 'USER_MANAGED' } end ``` diff --git a/libraries/google_service_account_keys.rb b/libraries/google_service_account_keys.rb index 04c629a23..27eb9944f 100644 --- a/libraries/google_service_account_keys.rb +++ b/libraries/google_service_account_keys.rb @@ -39,7 +39,7 @@ class IAMServiceAccountKeys < GcpResourceBase def initialize(params = {}) super(params.merge({ use_http_transport: true })) @params = params - @table = fetch_wrapped_resource('serviceAccountKeys') + @table = fetch_wrapped_resource('keys') end def fetch_wrapped_resource(wrap_path) diff --git a/test/integration/build/gcp-mm.tf b/test/integration/build/gcp-mm.tf index 6e01cfc66..e77ee9d0d 100644 --- a/test/integration/build/gcp-mm.tf +++ b/test/integration/build/gcp-mm.tf @@ -910,6 +910,11 @@ resource "google_service_account" "spanner_service_account" { display_name = "${var.gcp_service_account_display_name}-sp" } +resource "google_service_account_key" "userkey" { + service_account_id = google_service_account.spanner_service_account.name + public_key_type = "TYPE_X509_PEM_FILE" +} + resource "google_spanner_instance" "spanner_instance" { project = var.gcp_project_id config = var.spannerinstance["config"] diff --git a/test/integration/verify/controls/google_service_account_key.rb b/test/integration/verify/controls/google_service_account_key.rb index 091dfdc6e..309428ed7 100644 --- a/test/integration/verify/controls/google_service_account_key.rb +++ b/test/integration/verify/controls/google_service_account_key.rb @@ -24,6 +24,9 @@ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' } google_service_account_keys(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com").key_names.each do |sa_key_name| - describe + describe google_service_account_key(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com", name: sa_key_name.split('/').last) do + it { should exist } + its('key_type') { should_not cmp 'USER_MANAGED' } + end end end diff --git a/test/integration/verify/controls/google_service_account_keys.rb b/test/integration/verify/controls/google_service_account_keys.rb index e0832935e..67ffed829 100644 --- a/test/integration/verify/controls/google_service_account_keys.rb +++ b/test/integration/verify/controls/google_service_account_keys.rb @@ -25,5 +25,6 @@ only_if { gcp_enable_privileged_resources.to_i == 1 && gcp_organization_id != '' } describe google_service_account_keys(project: gcp_project_id, service_account: "#{gcp_service_account_display_name}@#{gcp_project_id}.iam.gserviceaccount.com") do its('count') { should be <= 1000 } + its('key_types') { should_not include 'USER_MANAGED' } end end