Skip to main content

google_kms_key_ring resource

Syntax

A google_kms_key_ring is used to test a Google KeyRing resource

Examples

describe google_kms_key_ring(project: 'chef-gcp-inspec', location: 'europe-west2', name: 'kms-key-ring') do
  it { should exist }
  its('create_time') { should be > Time.now - 365*60*60*24*10 }
  its('key_ring_name'){ should eq 'kms-key-ring' }
  its('key_ring_url'){ should match 'kms-key-ring' }
end

describe google_kms_key_ring(project: 'chef-gcp-inspec', location: 'europe-west2', name: "nonexistent") do
  it { should_not exist }
end

Test that a GCP kms key ring exists

describe google_kms_key_ring(project: 'chef-inspec-gcp',  location: 'us-east1', name: 'key-ring-name') do
  it { should exist }
end

Test that a GCP kms key ring is in the expected state

For any existing key ring, below should definitely be true!

describe google_kms_key_ring(project: 'chef-inspec-gcp',  location: 'us-east1', name: 'key-ring-name') do
  its('create_time_date') { should be > Time.now - 365*60*60*24*50 }
end

Properties

Properties that can be accessed from the google_kms_key_ring resource:

create_time
The time that this resource was created on the server. This is in RFC3339 text format.
key_ring_url
The full resource name for the KeyRing
location
The location for the KeyRing. A full list of valid locations can be found by running gcloud kms locations list.

GCP Permissions

Ensure the Cloud Key Management Service (KMS) API is enabled for the current project.

Was this page helpful?