alicloud_ram_policies Resource
Use the alicloud_ram_policies
InSpec audit resource to test properties of a collection of Alicloud RAM Policies.
Syntax
An alicloud_ram_policies
resource returns a collection of RAM Policies and allows testing of that collection.
describe alicloud_ram_policies do
its('policy_names') { should include('test-policy-1') }
end
Parameters
type
(optional)This resource allows filtering by PolicyType. To list only Alicloud managed policies, set
type
toSystem
. To list only the customer managed policies in your Alicloud account, settype
toCustom
. If type is not supplied, both types of policies are returned.only_attached
(optional)This resource allows filtering by attached entities. When
only_attached
istrue
, the returned list contains only the policies that are attached to a RAM user, group, or role. Whenonly_attached
isfalse
, or when the parameter is not included, all policies of the specified type(s) (System
and/orCustom
) are returned, whether they are attached to any RAM users, groups, or roles, or not.region
(optional)The Alicloud Region ID - see the Alicloud documentation on Regions and Zones.
If provided, it must be passed asregion: 'value'
.
If not provided, theALICLOUD_REGION
environment variable will be used.
See also the Alicloud documentation on RAM Policy.
Properties
policy_names
- The policy names.
default_versions
- The ‘default_version’ value of each policy.
attachment_counts
- The count of attached entities for each policy.
attached_groups
- The list of group names of the groups attached to each policy.
attached_roles
- The list of role names of the roles attached to each policy.
attached_users
- The list of usernames of the users attached to each policy.
entries
- Provides access to the raw results of the query, which can be treated as an array of hashes.
Examples
Ensure a policy exists.
describe alicloud_ram_policies do
its('policy_names') { should include('test-policy-1') }
end
Allow at most 100 RAM Policies on the account.
describe alicloud_ram_policies do
its('entries.count') { should be <= 100}
end
Matchers
For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe alicloud_ram_policies.where( <property>: <value>) do
it { should exist }
end
describe alicloud_ram_policies.where( <property>: <value>) do
it { should_not exist }
end
Alicloud Permissions
Your Principal will need the ram:ListPolicies
and ram:ListEntitiesForPolicy
actions with Effect set to Allow.
See the Alibaba Cloud Resource Access Management documentation. See the documentation on authentication to RAM APIs.