Skip to main content

google_iam_organization_custom_role resource

Use the google_iam_organization_custom_role InSpec audit resource to to test a Google Cloud OrganizationCustomRole resource.

Examples

describe google_iam_organization_custom_role(org_id: '12345', name: 'org-role') do
  it { should exist }
  its('stage') { should eq 'GA' }
  its('included_permissions') { should eq ["iam.roles.list"] }
end

describe google_iam_organization_custom_role(org_id: '12345', name: 'org-role', name: 'nonexistent') do
  it { should_not exist }
end

Properties

Properties that can be accessed from the google_iam_organization_custom_role resource:

name: The name of the role.
title: A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
description: Human-readable description for the role
included_permissions: Names of permissions this role grants when bound in an IAM policy.
stage: The current launch stage of the role. Possible values:
- ALPHA
- BETA
- GA
- DEPRECATED
- DISABLED
- EAP
deleted: The current deleted state of the role

GCP permissions

Ensure the Identity and Access Management (IAM) API is enabled for the current project.

Was this page helpful?

Still stuck?

Contact Support Ask The Community

How can we improve this document?

Thank you for your feedback!

×