[edit on GitHub]

Syntax

A google_storage_bucket_acl is used to test a Google BucketACL resource

Examples

describe google_storage_bucket_acl(bucket: 'storage-bucket-name', entity: user-email) do
  it { should exist }
  its('role') { should cmp "OWNER" }

  its('bucket') { should eq 'storage-bucket-name' }
  its('email') { should include entity-email.com }
end

describe google_storage_bucket_acl(bucket: 'storage-bucket-name', entity: "allUsers") do
  it { should_not exist }
end

Test that a GCP storage bucket ACL exists

 describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz',  entity: '[email protected]') do
  it { should exist }
end

Test that a GCP storage bucket ACL has the expected role (READER, WRITER or OWNER)

describe google_storage_bucket_acl(bucket: 'bucket-buvsjjcndqz',  entity: '[email protected]') do
  its('role') { should eq 'OWNER' }
end

Properties

Properties that can be accessed from the google_storage_bucket_acl resource:

domain

The domain associated with the entity.

email

The email address associated with the entity.

entity

The entity holding the permission, in one of the following forms: user-userId user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user [email protected] would be [email protected]. The group [email protected] would be [email protected]. To refer to all members of the Google Apps for Business domain example.com, the entity would be domain-example.com.

entity_id

The ID for the entity

id

The ID of the access-control entry.

project_team

The project team associated with the entity

project_number

The project team associated with the entity

team

The team.

Possible values:

• editors
• owners
• viewers

role

The access permission for the entity.

Possible values:

• OWNER
• READER
• WRITER

GCP Permissions

Ensure the Google Cloud Storage is enabled for the current project.