Skip to main content

alicloud_ram_policies resource

Use the alicloud_ram_policies InSpec audit resource to test properties of a collection of Alibaba Cloud RAM Policies.

Syntax

An alicloud_ram_policies resource returns a collection of RAM Policies and allows testing of that collection.

describe alicloud_ram_policies do
  its('policy_names') { should include('test-policy-1') }
end

Parameters

type (optional)

This resource allows filtering by PolicyType. To list only Alibaba Cloud managed policies, set type to System. To list only the customer managed policies in your Alibaba Cloud account, set type to Custom. If type is not supplied, both types of policies are returned.

only_attached (optional)

This resource allows filtering by attached entities. When only_attached is true, the returned list contains only the policies that are attached to a RAM user, group, or role. When only_attached is false, or when the parameter is not included, all policies of the specified type(s) (System and/or Custom) are returned, whether they are attached to any RAM users, groups, or roles, or not.

region (optional)

The Alibaba Cloud Region ID - see the Alibaba Cloud documentation on Regions and Zones.
If provided, it must be passed as region: 'value'.
If not provided, the ALICLOUD_REGION environment variable will be used.

See also the Alibaba Cloud documentation on RAM Policy.

Properties

policy_names
The policy names.
default_versions
The ‘default_version’ value of each policy.
attachment_counts
The count of attached entities for each policy.
attached_groups
The list of group names of the groups attached to each policy.
attached_roles
The list of role names of the roles attached to each policy.
attached_users
The list of usernames of the users attached to each policy.
entries
Provides access to the raw results of the query, which can be treated as an array of hashes.

Examples

Ensure a policy exists:

describe alicloud_ram_policies do
  its('policy_names') { should include('test-policy-1') }
end

Allow at most 100 RAM Policies on the account:

describe alicloud_ram_policies do
  its('entries.count') { should be <= 100}
end

Matchers

For a full list of available matchers, please visit our matchers page.

exist

The control will pass if the describe returns at least one result.

Use should_not to test the entity should not exist.

describe alicloud_ram_policies.where( <property>: <value>) do
  it { should exist }
end

describe alicloud_ram_policies.where( <property>: <value>) do
  it { should_not exist }
end

Alibaba Cloud Permissions

Your Principal will need the ram:ListPolicies and ram:ListEntitiesForPolicy actions with Effect set to Allow.

See the Alibaba Cloud Resource Access Management documentation. See the documentation on authentication to RAM APIs.

Thank you for your feedback!

×