Skip to content

Latest commit

 

History

History
61 lines (37 loc) · 1.74 KB

google_user.md

File metadata and controls

61 lines (37 loc) · 1.74 KB
Raw
title platform
About the google_user Resource
gcp

google_user

Use the google_user InSpec audit resource to test properties of a single GCP user.


Syntax

A google_user resource block declares the tests for a single GCP user by principal email address or immutable ID.

describe google_user(user_key: '[email protected]') do
  it { should exist }
end

Examples

The following examples show how to use this InSpec audit resource.

Test that a GCP user with specified ID exists

describe google_user(user_key: '110491234567894702010') do
  it { should exist }
end

Test that a GCP user has expected full name

describe google_user(user_key: '110491234567894702010') do
  its('name.full_name') { should eq "Bill S. Preston Esq." }
end

Test that a GCP user has MFA enabled

describe google_user(user_key: '[email protected]') do
  it { should have_mfa_enabled }
end

Test that a GCP user is suspended or not

describe google_user(user_key: '[email protected]') do
  it { should_not be_suspended }
end

Properties

  • agreed_to_terms, archived, change_password_at_next_login, creation_time, customer_id, emails, etag, id, include_in_global_address_list, ip_whitelisted, is_admin, is_delegated_admin, is_enforced_in2_sv, is_enrolled_in2_sv, is_mailbox_setup, kind, last_login_time, name, non_editable_aliases, org_unit_path, primary_email, suspended

GCP Permissions

Ensure the G Suite Admin SDK Directory API is enabled and you have sufficient privileges to list users.