google_project_iam_policy resource
Syntax
A google_project_iam_policy
is used to test a Google Project Iam Policy resource
Examples
describe google_project_iam_policy(project: "project") do
it { should exist }
end
google_project_iam_policy(project: "project").bindings.each do |binding|
describe binding do
its('role') { should eq 'roles/editor'}
its('members') { should include 'user:testuser@example.com'}
end
end
This resource supports IAM conditions.
Properties
Properties that can be accessed from the google_project_iam_policy
resource:
iam_binding_roles
- The list of roles that exist on the policy.
bindings
- Associates a list of members to a role.
role
- Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.
members
- Specifies the identities requesting access for a Cloud Platform resource.
condition
- Contains information about when this binding is to be applied.
expression
- Textual representation of an expression in Common Expression Language syntax.
title
- An optional title for the expression, i.e. a short string describing its purpose.
description
- An optional description of the expression. This is a longer text which describes the expression.
audit_configs
- Specifies cloud audit logging configuration for this policy.
service
- Specifies a service that will be enabled for audit logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services. audit_log_configs
- The configuration for logging of each type of permission.
log_type
- The log type that this config enables. For example, ADMIN_READ, DATA_WRITE or DATA_READ
exempted_members
- Specifies the identities that do not cause logging for this type of permission.
GCP Permissions
Ensure the Cloud Resource Manager API is enabled for the current project.