google_organization

Use the google_organization InSpec audit resource to test properties of a GCP organization.


Syntax

Google organization have a name, display name (or domain) and lifecycle state. For more info, please see here.

A google_organization resource block declares the tests for a single GCP organization identified by display_name or name:

describe google_organization(display_name: 'google.com') do
  it { should exist }
  its('name') { should eq 'organizations/1234'  }
  its('display_name') { should eq 'google.com' }
end

describe google_organization(name: 'organizations/1234') do
  it { should exist }
  its('name') { should eq 'google.com'  }
  its('lifecycle_state') { should eq 'ACTIVE' }
end


Examples

The following examples show how to use this InSpec audit resource.

Test that a GCP organization has the expected name

describe google_organization(name: 'organizations/1234') do
  its('name') { should eq 'organizations/1234' }
end

Test that a GCP organization has the expected lifecycle state e.g. “ACTIVE”

describe google_organization(display_name: 'google.com') do
  its('lifecycle_state') { should eq "ACTIVE" }
end


Properties

  • name, display_name, lifecycle_state


GCP Permissions

Ensure the Cloud Resource Manager API is enabled for the project.