| title | platform |
|---|---|
About the google_organization_policy Resource |
gcp |
This resource is deprecated. Please use google_orgpolicy_organization_policy instead
Use the google_organization_policy InSpec audit resource to test constraints set on a GCP organization.
Google organization policies can restrict certain GCP services. For more information see https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints
A google_organization_policy resource block declares the tests for a single GCP organization constraint identified by the pair of the name of the organization and the constraint:
describe google_organization_policy(name: 'organizations/123456', constraint: 'constraints/compute.disableGuestAttributesAccess') do
it { should exist }
its('boolean_policy.enforced') { should be true }
end
The following examples show how to use this InSpec audit resource.
describe google_organization_policy(name: 'organizations/123456', constraint: 'constraints/compute.disableGuestAttributesAccess') do
it { should exist }
its('boolean_policy.enforced') { should be true }
end
describe google_organization_policy(name: 'organizations/123456', constraint: 'constraints/someListConstraint') do
it { should exist }
its('list_policy.allowed_values') { should include 'included_val' }
its('list_policy.allowed_values') { should_not include 'excluded' }
its('list_policy.denied_values') { should include 'denied' }
end
-
update_time: The time stamp this policy was last updated. -
boolean_policy: Only available for constraints that are boolean policies.enforced: Boolean for if this policy is enforced.
-
list_policy: Available for list policies.-
allowed_values: List of values allowed at this resource. -
denied_values: List of values denied at this resource.
-
Ensure the Cloud Resource Manager API is enabled for the project.