From 0a3a46185f2cb97daefe632c6eb289a0e5482e22 Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Sun, 7 Dec 2025 19:33:48 +0700 Subject: [PATCH 01/21] Add files via upload --- policies/gcp/api_hub/google_apikeys_key | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 policies/gcp/api_hub/google_apikeys_key diff --git a/policies/gcp/api_hub/google_apikeys_key b/policies/gcp/api_hub/google_apikeys_key new file mode 100644 index 000000000..e69de29bb From 062132d9e005f225fdbe19bb3b0f7626f0d734cc Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Sun, 7 Dec 2025 19:35:20 +0700 Subject: [PATCH 02/21] Add files via upload --- policies/gcp/api_hub/vars.rego | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 policies/gcp/api_hub/vars.rego diff --git a/policies/gcp/api_hub/vars.rego b/policies/gcp/api_hub/vars.rego new file mode 100644 index 000000000..1dc690be1 --- /dev/null +++ b/policies/gcp/api_hub/vars.rego @@ -0,0 +1,7 @@ +package terraform.gcp.security.apikeys.google_apikeys_key.vars + +variables := { + "friendly_resource_name": "API Key", + "resource_type": "google_apikeys_key", + "resource_value_name" : "name" +} From 9bc28503f7503a3e28edeab30940cd9394e84d0d Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Sun, 7 Dec 2025 19:38:59 +0700 Subject: [PATCH 03/21] Delete policies/gcp/api_hub/vars.rego --- policies/gcp/api_hub/vars.rego | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 policies/gcp/api_hub/vars.rego diff --git a/policies/gcp/api_hub/vars.rego b/policies/gcp/api_hub/vars.rego deleted file mode 100644 index 1dc690be1..000000000 --- a/policies/gcp/api_hub/vars.rego +++ /dev/null @@ -1,7 +0,0 @@ -package terraform.gcp.security.apikeys.google_apikeys_key.vars - -variables := { - "friendly_resource_name": "API Key", - "resource_type": "google_apikeys_key", - "resource_value_name" : "name" -} From 66e5e3486fce250cefe4d84dae48601400c01ddf Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Sun, 7 Dec 2025 19:39:09 +0700 Subject: [PATCH 04/21] Delete policies/gcp/api_hub/google_apikeys_key --- policies/gcp/api_hub/google_apikeys_key | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 policies/gcp/api_hub/google_apikeys_key diff --git a/policies/gcp/api_hub/google_apikeys_key b/policies/gcp/api_hub/google_apikeys_key deleted file mode 100644 index e69de29bb..000000000 From 37c81fdb482994cc0b15da887255417f1d0aca8a Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Sun, 7 Dec 2025 19:50:32 +0700 Subject: [PATCH 05/21] Adding policies --- .../allowed_api_targets/policy.rego | 29 +++++++++++++++++++ .../policy.rego | 25 ++++++++++++++++ .../disallow_public_server_ips/policy.rego | 25 ++++++++++++++++ .../disallow_wildcard_methods/policy.rego | 25 ++++++++++++++++ .../enforce_key_restrictions/policy.rego | 27 +++++++++++++++++ .../google_apikeyskey_policies/vars.rego | 7 +++++ 6 files changed, 138 insertions(+) create mode 100644 policies/gcp/api_hub/google_apikeyskey_policies/allowed_api_targets/policy.rego create mode 100644 policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_browser_referrers/policy.rego create mode 100644 policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_server_ips/policy.rego create mode 100644 policies/gcp/api_hub/google_apikeyskey_policies/disallow_wildcard_methods/policy.rego create mode 100644 policies/gcp/api_hub/google_apikeyskey_policies/enforce_key_restrictions/policy.rego create mode 100644 policies/gcp/api_hub/google_apikeyskey_policies/vars.rego diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/allowed_api_targets/policy.rego b/policies/gcp/api_hub/google_apikeyskey_policies/allowed_api_targets/policy.rego new file mode 100644 index 000000000..610585e44 --- /dev/null +++ b/policies/gcp/api_hub/google_apikeyskey_policies/allowed_api_targets/policy.rego @@ -0,0 +1,29 @@ +package terraform.gcp.security.apikeys.google_apikeys_key.allowed_api_targets + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.apikeys.google_apikeys_key.vars + +conditions := [ + [ + { + "situation_description" : "API key is configured for a service that is not in the approved list.", + "remedies":[ + "Restrict api_targets.service to approved services only." + ] + }, + { + "condition": "Check that api_targets.service is one of the approved services.", + # restrictions[0].api_targets[0].service + "attribute_path" : ["restrictions", 0, "api_targets", 0, "service"], + "values" : [ + "maps.googleapis.com", + "places.googleapis.com", + "translate.googleapis.com" + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_browser_referrers/policy.rego b/policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_browser_referrers/policy.rego new file mode 100644 index 000000000..418762004 --- /dev/null +++ b/policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_browser_referrers/policy.rego @@ -0,0 +1,25 @@ +package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_browser_referrers + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.apikeys.google_apikeys_key.vars + +conditions := [ + [ + { + "situation_description" : "Browser key restrictions allow very broad referrers (e.g. * or http://*).", + "remedies":[ + "Restrict browser_key_restrictions.allowed_referrers to specific trusted domains." + ] + }, + { + "condition": "Check that allowed_referrers does not contain overly broad patterns.", + # restrictions[0].browser_key_restrictions[0].allowed_referrers[0] + "attribute_path" : ["restrictions", 0, "browser_key_restrictions", 0, "allowed_referrers", 0], + "values" : ["*", "http://*", "https://*"], + "policy_type" : "blacklist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_server_ips/policy.rego b/policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_server_ips/policy.rego new file mode 100644 index 000000000..380cad0c2 --- /dev/null +++ b/policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_server_ips/policy.rego @@ -0,0 +1,25 @@ +package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_server_ips + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.apikeys.google_apikeys_key.vars + +conditions := [ + [ + { + "situation_description" : "Server key restrictions allow calls from 0.0.0.0/0 (any IP).", + "remedies":[ + "Restrict server_key_restrictions.allowed_ips to specific trusted IP ranges." + ] + }, + { + "condition": "Check that allowed_ips does not contain public 0.0.0.0/0.", + # restrictions[0].server_key_restrictions[0].allowed_ips[0] + "attribute_path" : ["restrictions", 0, "server_key_restrictions", 0, "allowed_ips", 0], + "values" : ["0.0.0.0/0"], + "policy_type" : "blacklist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/disallow_wildcard_methods/policy.rego b/policies/gcp/api_hub/google_apikeyskey_policies/disallow_wildcard_methods/policy.rego new file mode 100644 index 000000000..6cee54bf2 --- /dev/null +++ b/policies/gcp/api_hub/google_apikeyskey_policies/disallow_wildcard_methods/policy.rego @@ -0,0 +1,25 @@ +package terraform.gcp.security.apikeys.google_apikeys_key.disallow_wildcard_methods + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.apikeys.google_apikeys_key.vars + +conditions := [ + [ + { + "situation_description" : "API key allows all methods (*) for a target service.", + "remedies":[ + "Specify only the required methods in api_targets.methods instead of using a wildcard." + ] + }, + { + "condition": "Check that api_targets.methods does not contain a wildcard.", + # restrictions[0].api_targets[0].methods[0] + "attribute_path" : ["restrictions", 0, "api_targets", 0, "methods", 0], + "values" : ["*"], + "policy_type" : "blacklist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/enforce_key_restrictions/policy.rego b/policies/gcp/api_hub/google_apikeyskey_policies/enforce_key_restrictions/policy.rego new file mode 100644 index 000000000..0a54c6749 --- /dev/null +++ b/policies/gcp/api_hub/google_apikeyskey_policies/enforce_key_restrictions/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.apikeys.google_apikeys_key.require_restrictions + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.apikeys.google_apikeys_key.vars + +conditions := [ + [ + { + "situation_description" : "API key has no key restrictions configured.", + "remedies":[ + "Configure at least one restriction block (api_targets, browser_key_restrictions, server_key_restrictions, android_key_restrictions or ios_key_restrictions)." + ] + }, + { + "condition": "Check that restrictions block is present.", + # restrictions is the top-level attribute in google_apikeys_key values + "attribute_path" : ["restrictions"], + # If restrictions is null/empty, helper will treat this as a match for blacklist values + "values" : [null], + "policy_type" : "blacklist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message + +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/vars.rego b/policies/gcp/api_hub/google_apikeyskey_policies/vars.rego new file mode 100644 index 000000000..73b1fd00d --- /dev/null +++ b/policies/gcp/api_hub/google_apikeyskey_policies/vars.rego @@ -0,0 +1,7 @@ +package terraform.gcp.security.apikeys.google_apikeys_key.vars + +variables := { + "friendly_resource_name": "API Key", + "resource_type": "google_apikeys_key", + "resource_value_name" : "name" +} From 5043d13963934ec47b0cd599d0d9b3873800b4b8 Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Mon, 8 Dec 2025 18:27:06 +0700 Subject: [PATCH 06/21] Adding policies --- .../allowed_api_targets/policy.rego | 0 .../disallow_public_browser_referrers/policy.rego | 0 .../disallow_public_server_ips/policy.rego | 0 .../disallow_wildcard_methods/policy.rego | 0 .../enforce_key_restrictions/policy.rego | 0 .../gcp/{api_hub/google_apikeyskey_policies => apikeys}/vars.rego | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename policies/gcp/{api_hub/google_apikeyskey_policies => apikeys}/allowed_api_targets/policy.rego (100%) rename policies/gcp/{api_hub/google_apikeyskey_policies => apikeys}/disallow_public_browser_referrers/policy.rego (100%) rename policies/gcp/{api_hub/google_apikeyskey_policies => apikeys}/disallow_public_server_ips/policy.rego (100%) rename policies/gcp/{api_hub/google_apikeyskey_policies => apikeys}/disallow_wildcard_methods/policy.rego (100%) rename policies/gcp/{api_hub/google_apikeyskey_policies => apikeys}/enforce_key_restrictions/policy.rego (100%) rename policies/gcp/{api_hub/google_apikeyskey_policies => apikeys}/vars.rego (100%) diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/allowed_api_targets/policy.rego b/policies/gcp/apikeys/allowed_api_targets/policy.rego similarity index 100% rename from policies/gcp/api_hub/google_apikeyskey_policies/allowed_api_targets/policy.rego rename to policies/gcp/apikeys/allowed_api_targets/policy.rego diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_browser_referrers/policy.rego b/policies/gcp/apikeys/disallow_public_browser_referrers/policy.rego similarity index 100% rename from policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_browser_referrers/policy.rego rename to policies/gcp/apikeys/disallow_public_browser_referrers/policy.rego diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_server_ips/policy.rego b/policies/gcp/apikeys/disallow_public_server_ips/policy.rego similarity index 100% rename from policies/gcp/api_hub/google_apikeyskey_policies/disallow_public_server_ips/policy.rego rename to policies/gcp/apikeys/disallow_public_server_ips/policy.rego diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/disallow_wildcard_methods/policy.rego b/policies/gcp/apikeys/disallow_wildcard_methods/policy.rego similarity index 100% rename from policies/gcp/api_hub/google_apikeyskey_policies/disallow_wildcard_methods/policy.rego rename to policies/gcp/apikeys/disallow_wildcard_methods/policy.rego diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/enforce_key_restrictions/policy.rego b/policies/gcp/apikeys/enforce_key_restrictions/policy.rego similarity index 100% rename from policies/gcp/api_hub/google_apikeyskey_policies/enforce_key_restrictions/policy.rego rename to policies/gcp/apikeys/enforce_key_restrictions/policy.rego diff --git a/policies/gcp/api_hub/google_apikeyskey_policies/vars.rego b/policies/gcp/apikeys/vars.rego similarity index 100% rename from policies/gcp/api_hub/google_apikeyskey_policies/vars.rego rename to policies/gcp/apikeys/vars.rego From bd5c6af232b09338ae272a8ffc5e5c57f6c2312c Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Wed, 10 Dec 2025 15:58:16 +0700 Subject: [PATCH 07/21] Adding inputs --- .../allowed_api_targets/.terraform.lock.hcl | 21 +++++++++++++++++++ inputs/gcp/apikeys/allowed_api_targets/c.tf | 12 +++++++++++ .../gcp/apikeys/allowed_api_targets/config.tf | 11 ++++++++++ inputs/gcp/apikeys/allowed_api_targets/nc.tf | 12 +++++++++++ .../.terraform.lock.hcl | 21 +++++++++++++++++++ .../disallow_public_browser_referrers/c.tf | 18 ++++++++++++++++ .../config.tf | 11 ++++++++++ .../disallow_public_browser_referrers/nc.tf | 19 +++++++++++++++++ .../.terraform.lock.hcl | 21 +++++++++++++++++++ .../apikeys/disallow_public_server_ips/c.tf | 18 ++++++++++++++++ .../disallow_public_server_ips/config.tf | 11 ++++++++++ .../apikeys/disallow_public_server_ips/nc.tf | 19 +++++++++++++++++ .../.terraform.lock.hcl | 21 +++++++++++++++++++ .../apikeys/disallow_wildcard_methods/c.tf | 16 ++++++++++++++ .../disallow_wildcard_methods/config.tf | 11 ++++++++++ .../apikeys/disallow_wildcard_methods/nc.tf | 16 ++++++++++++++ .../.terraform.lock.hcl | 21 +++++++++++++++++++ .../gcp/apikeys/enforce_key_restrictions/c.tf | 11 ++++++++++ .../enforce_key_restrictions/config.tf | 11 ++++++++++ .../apikeys/enforce_key_restrictions/nc.tf | 6 ++++++ 20 files changed, 307 insertions(+) create mode 100644 inputs/gcp/apikeys/allowed_api_targets/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/allowed_api_targets/c.tf create mode 100644 inputs/gcp/apikeys/allowed_api_targets/config.tf create mode 100644 inputs/gcp/apikeys/allowed_api_targets/nc.tf create mode 100644 inputs/gcp/apikeys/disallow_public_browser_referrers/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/disallow_public_browser_referrers/c.tf create mode 100644 inputs/gcp/apikeys/disallow_public_browser_referrers/config.tf create mode 100644 inputs/gcp/apikeys/disallow_public_browser_referrers/nc.tf create mode 100644 inputs/gcp/apikeys/disallow_public_server_ips/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/disallow_public_server_ips/c.tf create mode 100644 inputs/gcp/apikeys/disallow_public_server_ips/config.tf create mode 100644 inputs/gcp/apikeys/disallow_public_server_ips/nc.tf create mode 100644 inputs/gcp/apikeys/disallow_wildcard_methods/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/disallow_wildcard_methods/c.tf create mode 100644 inputs/gcp/apikeys/disallow_wildcard_methods/config.tf create mode 100644 inputs/gcp/apikeys/disallow_wildcard_methods/nc.tf create mode 100644 inputs/gcp/apikeys/enforce_key_restrictions/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/enforce_key_restrictions/c.tf create mode 100644 inputs/gcp/apikeys/enforce_key_restrictions/config.tf create mode 100644 inputs/gcp/apikeys/enforce_key_restrictions/nc.tf diff --git a/inputs/gcp/apikeys/allowed_api_targets/.terraform.lock.hcl b/inputs/gcp/apikeys/allowed_api_targets/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/allowed_api_targets/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/allowed_api_targets/c.tf b/inputs/gcp/apikeys/allowed_api_targets/c.tf new file mode 100644 index 000000000..5f1aea048 --- /dev/null +++ b/inputs/gcp/apikeys/allowed_api_targets/c.tf @@ -0,0 +1,12 @@ +# Compliant example for allowed_api_targets policy + +resource "google_apikeys_key" "c" { + name = "apikey-allowed-api-targets-compliant" + display_name = "Compliant API key for allowed_api_targets test" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + } +} diff --git a/inputs/gcp/apikeys/allowed_api_targets/config.tf b/inputs/gcp/apikeys/allowed_api_targets/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/allowed_api_targets/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/allowed_api_targets/nc.tf b/inputs/gcp/apikeys/allowed_api_targets/nc.tf new file mode 100644 index 000000000..8358e7aa4 --- /dev/null +++ b/inputs/gcp/apikeys/allowed_api_targets/nc.tf @@ -0,0 +1,12 @@ +# Non-compliant example for allowed_api_targets policy + +resource "google_apikeys_key" "nc" { + name = "apikey-allowed-api-targets-non-compliant" + display_name = "Non-compliant API key for allowed_api_targets test" + + restrictions { + api_targets { + service = "storage.googleapis.com" + } + } +} diff --git a/inputs/gcp/apikeys/disallow_public_browser_referrers/.terraform.lock.hcl b/inputs/gcp/apikeys/disallow_public_browser_referrers/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/disallow_public_browser_referrers/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/disallow_public_browser_referrers/c.tf b/inputs/gcp/apikeys/disallow_public_browser_referrers/c.tf new file mode 100644 index 000000000..01b5fda4e --- /dev/null +++ b/inputs/gcp/apikeys/disallow_public_browser_referrers/c.tf @@ -0,0 +1,18 @@ +# Compliant example for disallow_public_browser_referrers + +resource "google_apikeys_key" "c" { + name = "apikey-browser-referrer-compliant" + display_name = "Compliant browser key (no public referrers)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + browser_key_restrictions { + allowed_referrers = [ + "https://example.com/*" + ] + } + } +} diff --git a/inputs/gcp/apikeys/disallow_public_browser_referrers/config.tf b/inputs/gcp/apikeys/disallow_public_browser_referrers/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/disallow_public_browser_referrers/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/disallow_public_browser_referrers/nc.tf b/inputs/gcp/apikeys/disallow_public_browser_referrers/nc.tf new file mode 100644 index 000000000..dac788313 --- /dev/null +++ b/inputs/gcp/apikeys/disallow_public_browser_referrers/nc.tf @@ -0,0 +1,19 @@ +# Non-compliant example for disallow_public_browser_referrers + +resource "google_apikeys_key" "nc" { + name = "apikey-browser-referrer-non-compliant" + display_name = "Non-compliant browser key (public referrers)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + browser_key_restrictions { + allowed_referrers = [ + "*", + "https://example.com/*" + ] + } + } +} diff --git a/inputs/gcp/apikeys/disallow_public_server_ips/.terraform.lock.hcl b/inputs/gcp/apikeys/disallow_public_server_ips/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/disallow_public_server_ips/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/disallow_public_server_ips/c.tf b/inputs/gcp/apikeys/disallow_public_server_ips/c.tf new file mode 100644 index 000000000..a484e0cb4 --- /dev/null +++ b/inputs/gcp/apikeys/disallow_public_server_ips/c.tf @@ -0,0 +1,18 @@ +# Compliant example for disallow_public_server_ips + +resource "google_apikeys_key" "c" { + name = "apikey-server-ips-compliant" + display_name = "Compliant server key (restricted IPs)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + server_key_restrictions { + allowed_ips = [ + "10.0.0.0/8" + ] + } + } +} diff --git a/inputs/gcp/apikeys/disallow_public_server_ips/config.tf b/inputs/gcp/apikeys/disallow_public_server_ips/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/disallow_public_server_ips/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/disallow_public_server_ips/nc.tf b/inputs/gcp/apikeys/disallow_public_server_ips/nc.tf new file mode 100644 index 000000000..1e0101694 --- /dev/null +++ b/inputs/gcp/apikeys/disallow_public_server_ips/nc.tf @@ -0,0 +1,19 @@ +# Non-compliant example for disallow_public_server_ips + +resource "google_apikeys_key" "nc" { + name = "apikey-server-ips-non-compliant" + display_name = "Non-compliant server key (public IP range)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + server_key_restrictions { + allowed_ips = [ + "0.0.0.0/0", + "10.0.0.0/8" + ] + } + } +} diff --git a/inputs/gcp/apikeys/disallow_wildcard_methods/.terraform.lock.hcl b/inputs/gcp/apikeys/disallow_wildcard_methods/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/disallow_wildcard_methods/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/disallow_wildcard_methods/c.tf b/inputs/gcp/apikeys/disallow_wildcard_methods/c.tf new file mode 100644 index 000000000..7261932ca --- /dev/null +++ b/inputs/gcp/apikeys/disallow_wildcard_methods/c.tf @@ -0,0 +1,16 @@ +# Compliant example for disallow_wildcard_methods + +resource "google_apikeys_key" "c" { + name = "apikey-wildcard-methods-compliant" + display_name = "Compliant key (no wildcard methods)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + methods = [ + "GET", + "POST" + ] + } + } +} diff --git a/inputs/gcp/apikeys/disallow_wildcard_methods/config.tf b/inputs/gcp/apikeys/disallow_wildcard_methods/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/disallow_wildcard_methods/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/disallow_wildcard_methods/nc.tf b/inputs/gcp/apikeys/disallow_wildcard_methods/nc.tf new file mode 100644 index 000000000..b26886a4a --- /dev/null +++ b/inputs/gcp/apikeys/disallow_wildcard_methods/nc.tf @@ -0,0 +1,16 @@ +# Non-compliant example for disallow_wildcard_methods + +resource "google_apikeys_key" "nc" { + name = "apikey-wildcard-methods-non-compliant" + display_name = "Non-compliant key (wildcard methods)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + methods = [ + "*", + "GET" + ] + } + } +} diff --git a/inputs/gcp/apikeys/enforce_key_restrictions/.terraform.lock.hcl b/inputs/gcp/apikeys/enforce_key_restrictions/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/enforce_key_restrictions/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/enforce_key_restrictions/c.tf b/inputs/gcp/apikeys/enforce_key_restrictions/c.tf new file mode 100644 index 000000000..3644d9b27 --- /dev/null +++ b/inputs/gcp/apikeys/enforce_key_restrictions/c.tf @@ -0,0 +1,11 @@ +# Compliant example for require_restrictions + +resource "google_apikeys_key" "c" { + name = "apikey-restrictions-compliant" + display_name = "Compliant key (has restrictions)" + restrictions { + api_targets { + service = "maps.googleapis.com" + } + } +} diff --git a/inputs/gcp/apikeys/enforce_key_restrictions/config.tf b/inputs/gcp/apikeys/enforce_key_restrictions/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/enforce_key_restrictions/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/enforce_key_restrictions/nc.tf b/inputs/gcp/apikeys/enforce_key_restrictions/nc.tf new file mode 100644 index 000000000..e42a9b8b5 --- /dev/null +++ b/inputs/gcp/apikeys/enforce_key_restrictions/nc.tf @@ -0,0 +1,6 @@ +# Non-compliant example for require_restrictions + +resource "google_apikeys_key" "nc" { + name = "apikey-restrictions-non-compliant" + display_name = "Non-compliant key (no restrictions)" +} From 70bce833de2a0900570930878e4bcadf6ae17df1 Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Tue, 13 Jan 2026 19:32:11 +0700 Subject: [PATCH 08/21] adding policies --- inputs/gcp/biglake/backup/.terraform.lock.hcl | 21 +++++++++++++++ inputs/gcp/biglake/backup/c.tf | 11 ++++++++ inputs/gcp/biglake/backup/config.tf | 11 ++++++++ inputs/gcp/biglake/backup/nc.tf | 11 ++++++++ .../biglake/data_access/.terraform.lock.hcl | 21 +++++++++++++++ inputs/gcp/biglake/data_access/c.tf | 10 +++++++ inputs/gcp/biglake/data_access/config.tf | 11 ++++++++ inputs/gcp/biglake/data_access/nc.tf | 10 +++++++ .../login_management/.terraform.lock.hcl | 21 +++++++++++++++ inputs/gcp/biglake/login_management/c.tf | 10 +++++++ inputs/gcp/biglake/login_management/config.tf | 11 ++++++++ inputs/gcp/biglake/login_management/nc.tf | 10 +++++++ .../network_configuration/.terraform.lock.hcl | 21 +++++++++++++++ inputs/gcp/biglake/network_configuration/c.tf | 10 +++++++ .../biglake/network_configuration/config.tf | 11 ++++++++ .../gcp/biglake/network_configuration/nc.tf | 10 +++++++ .../service_access/.terraform.lock.hcl | 21 +++++++++++++++ inputs/gcp/biglake/service_access/c.tf | 12 +++++++++ inputs/gcp/biglake/service_access/config.tf | 11 ++++++++ inputs/gcp/biglake/service_access/nc.tf | 12 +++++++++ policies/gcp/biglake/backup/policy.rego | 27 +++++++++++++++++++ policies/gcp/biglake/data_access/policy.rego | 27 +++++++++++++++++++ .../gcp/biglake/login_management/policy.rego | 26 ++++++++++++++++++ .../biglake/network_configuration/policy.rego | 27 +++++++++++++++++++ .../gcp/biglake/service_access/policy.rego | 27 +++++++++++++++++++ policies/gcp/biglake/vars.rego | 7 +++++ 26 files changed, 407 insertions(+) create mode 100644 inputs/gcp/biglake/backup/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/backup/c.tf create mode 100644 inputs/gcp/biglake/backup/config.tf create mode 100644 inputs/gcp/biglake/backup/nc.tf create mode 100644 inputs/gcp/biglake/data_access/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/data_access/c.tf create mode 100644 inputs/gcp/biglake/data_access/config.tf create mode 100644 inputs/gcp/biglake/data_access/nc.tf create mode 100644 inputs/gcp/biglake/login_management/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/login_management/c.tf create mode 100644 inputs/gcp/biglake/login_management/config.tf create mode 100644 inputs/gcp/biglake/login_management/nc.tf create mode 100644 inputs/gcp/biglake/network_configuration/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/network_configuration/c.tf create mode 100644 inputs/gcp/biglake/network_configuration/config.tf create mode 100644 inputs/gcp/biglake/network_configuration/nc.tf create mode 100644 inputs/gcp/biglake/service_access/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/service_access/c.tf create mode 100644 inputs/gcp/biglake/service_access/config.tf create mode 100644 inputs/gcp/biglake/service_access/nc.tf create mode 100644 policies/gcp/biglake/backup/policy.rego create mode 100644 policies/gcp/biglake/data_access/policy.rego create mode 100644 policies/gcp/biglake/login_management/policy.rego create mode 100644 policies/gcp/biglake/network_configuration/policy.rego create mode 100644 policies/gcp/biglake/service_access/policy.rego create mode 100644 policies/gcp/biglake/vars.rego diff --git a/inputs/gcp/biglake/backup/.terraform.lock.hcl b/inputs/gcp/biglake/backup/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/backup/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/backup/c.tf b/inputs/gcp/biglake/backup/c.tf new file mode 100644 index 000000000..43c9907f6 --- /dev/null +++ b/inputs/gcp/biglake/backup/c.tf @@ -0,0 +1,11 @@ +# Compliant example for backup policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-service-compliant" + description = "Compliant backup configuration" + + backup_config { + schedule = "daily" + retention_period = "30d" + } +} diff --git a/inputs/gcp/biglake/backup/config.tf b/inputs/gcp/biglake/backup/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/backup/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/backup/nc.tf b/inputs/gcp/biglake/backup/nc.tf new file mode 100644 index 000000000..02d39f841 --- /dev/null +++ b/inputs/gcp/biglake/backup/nc.tf @@ -0,0 +1,11 @@ +# Non-compliant example for backup policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-service-non-compliant" + description = "Non-compliant backup configuration" + + backup_config { + schedule = "monthly" + retention_period = "10d" + } +} diff --git a/inputs/gcp/biglake/data_access/.terraform.lock.hcl b/inputs/gcp/biglake/data_access/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/data_access/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/data_access/c.tf b/inputs/gcp/biglake/data_access/c.tf new file mode 100644 index 000000000..296d6d940 --- /dev/null +++ b/inputs/gcp/biglake/data_access/c.tf @@ -0,0 +1,10 @@ +# Compliant example for data access policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-data-compliant" + description = "Compliant data access with encryption" + + data_access { + encryption = "AES-256" + } +} diff --git a/inputs/gcp/biglake/data_access/config.tf b/inputs/gcp/biglake/data_access/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/data_access/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/data_access/nc.tf b/inputs/gcp/biglake/data_access/nc.tf new file mode 100644 index 000000000..23c0157b7 --- /dev/null +++ b/inputs/gcp/biglake/data_access/nc.tf @@ -0,0 +1,10 @@ +# Non-compliant example for data access policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-data-non-compliant" + description = "Non-compliant data access without encryption" + + data_access { + encryption = "None" + } +} diff --git a/inputs/gcp/biglake/login_management/.terraform.lock.hcl b/inputs/gcp/biglake/login_management/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/login_management/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/login_management/c.tf b/inputs/gcp/biglake/login_management/c.tf new file mode 100644 index 000000000..4ba121308 --- /dev/null +++ b/inputs/gcp/biglake/login_management/c.tf @@ -0,0 +1,10 @@ +# Compliant example for login management policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-login-compliant" + description = "Compliant login account with MFA enabled" + + login_management { + mfa_enabled = true + } +} diff --git a/inputs/gcp/biglake/login_management/config.tf b/inputs/gcp/biglake/login_management/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/login_management/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/login_management/nc.tf b/inputs/gcp/biglake/login_management/nc.tf new file mode 100644 index 000000000..f07ba7e70 --- /dev/null +++ b/inputs/gcp/biglake/login_management/nc.tf @@ -0,0 +1,10 @@ +# Non-compliant example for login management policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-login-non-compliant" + description = "Non-compliant login account without MFA" + + login_management { + mfa_enabled = false + } +} diff --git a/inputs/gcp/biglake/network_configuration/.terraform.lock.hcl b/inputs/gcp/biglake/network_configuration/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/network_configuration/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/network_configuration/c.tf b/inputs/gcp/biglake/network_configuration/c.tf new file mode 100644 index 000000000..42517493a --- /dev/null +++ b/inputs/gcp/biglake/network_configuration/c.tf @@ -0,0 +1,10 @@ +# Compliant example for network configuration policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-network-compliant" + description = "Compliant network configuration" + + network_configuration { + allowed_ip_ranges = ["10.0.0.0/24", "192.168.0.0/16"] + } +} diff --git a/inputs/gcp/biglake/network_configuration/config.tf b/inputs/gcp/biglake/network_configuration/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/network_configuration/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/network_configuration/nc.tf b/inputs/gcp/biglake/network_configuration/nc.tf new file mode 100644 index 000000000..0c089eff1 --- /dev/null +++ b/inputs/gcp/biglake/network_configuration/nc.tf @@ -0,0 +1,10 @@ +# Non-compliant example for network configuration policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-network-non-compliant" + description = "Non-compliant network configuration" + + network_configuration { + allowed_ip_ranges = ["0.0.0.0/0"] + } +} diff --git a/inputs/gcp/biglake/service_access/.terraform.lock.hcl b/inputs/gcp/biglake/service_access/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/service_access/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/service_access/c.tf b/inputs/gcp/biglake/service_access/c.tf new file mode 100644 index 000000000..42e3d02a2 --- /dev/null +++ b/inputs/gcp/biglake/service_access/c.tf @@ -0,0 +1,12 @@ +# Compliant example for service access policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-service-access-compliant" + description = "Compliant service access" + + service_access { + api_targets { + service = "maps.googleapis.com" + } + } +} diff --git a/inputs/gcp/biglake/service_access/config.tf b/inputs/gcp/biglake/service_access/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/service_access/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/service_access/nc.tf b/inputs/gcp/biglake/service_access/nc.tf new file mode 100644 index 000000000..50948b962 --- /dev/null +++ b/inputs/gcp/biglake/service_access/nc.tf @@ -0,0 +1,12 @@ +# Non-compliant example for service access policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-service-access-non-compliant" + description = "Non-compliant service access" + + service_access { + api_targets { + service = "storage.googleapis.com" + } + } +} diff --git a/policies/gcp/biglake/backup/policy.rego b/policies/gcp/biglake/backup/policy.rego new file mode 100644 index 000000000..2112b6776 --- /dev/null +++ b/policies/gcp/biglake/backup/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_service.backup + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "Backup policy for BigLake is not configured or is insufficient.", + "remedies":[ + "Ensure regular backups are configured and validated for BigLake data." + ] + }, + { + "condition": "Check that backup schedules and retention periods are configured for BigLake.", + "attribute_path" : ["backup_config", 0, "schedule"], + "values" : [ + "daily", + "weekly" + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/data_access/policy.rego b/policies/gcp/biglake/data_access/policy.rego new file mode 100644 index 000000000..b0e4f7e08 --- /dev/null +++ b/policies/gcp/biglake/data_access/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_service.data_access + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "Data in BigLake is exposed without proper encryption.", + "remedies":[ + "Ensure data at rest and in transit is encrypted." + ] + }, + { + "condition": "Check that data storage is encrypted using AES-256 or a stronger algorithm.", + "attribute_path" : ["data_storage", 0, "encryption"], + "values" : [ + "AES-256", + "Google-managed encryption keys" + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/login_management/policy.rego b/policies/gcp/biglake/login_management/policy.rego new file mode 100644 index 000000000..e6851e878 --- /dev/null +++ b/policies/gcp/biglake/login_management/policy.rego @@ -0,0 +1,26 @@ +package terraform.gcp.security.biglake.google_biglake_service.login_management + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "Users are not required to use multi-factor authentication for accessing BigLake.", + "remedies":[ + "Enforce multi-factor authentication for all users accessing BigLake." + ] + }, + { + "condition": "Check that multi-factor authentication (MFA) is enabled for user accounts.", + "attribute_path" : ["user_accounts", 0, "mfa_enabled"], + "values" : [ + true + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/network_configuration/policy.rego b/policies/gcp/biglake/network_configuration/policy.rego new file mode 100644 index 000000000..d9c7d8486 --- /dev/null +++ b/policies/gcp/biglake/network_configuration/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_service.network_configuration + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "BigLake network is exposed to unapproved IP ranges.", + "remedies":[ + "Limit network access to approved IP ranges." + ] + }, + { + "condition": "Check that the network is restricted to approved IP ranges only.", + "attribute_path" : ["network_config", 0, "allowed_ip_ranges"], + "values" : [ + "10.0.0.0/24", + "192.168.0.0/16" + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/service_access/policy.rego b/policies/gcp/biglake/service_access/policy.rego new file mode 100644 index 000000000..def25823c --- /dev/null +++ b/policies/gcp/biglake/service_access/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_service.service_access + +import data.terraform.gcp.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "Service account has broader access than allowed for BigLake service.", + "remedies":[ + "Restrict service account access to BigLake only." + ] + }, + { + "condition": "Check that the service account has permissions limited to BigLake service only.", + "attribute_path" : ["service_accounts", 0, "permissions"], + "values" : [ + "biglake.data.read", + "biglake.data.write" + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/vars.rego b/policies/gcp/biglake/vars.rego new file mode 100644 index 000000000..a42f8552c --- /dev/null +++ b/policies/gcp/biglake/vars.rego @@ -0,0 +1,7 @@ +package terraform.gcp.security.biglake.google_biglake_service.vars + +variables := { + "friendly_resource_name": "BigLake Service", + "resource_type": "google_biglake_service", + "resource_value_name" : "name" +} From 40c6b492ef8cc583ae3583fac96e1e39a893e751 Mon Sep 17 00:00:00 2001 From: Paul Curtis <32033064+paulJRCurtis@users.noreply.github.com> Date: Thu, 18 Dec 2025 07:42:11 +1100 Subject: [PATCH 09/21] Refactor import paths in Rego policy files to unify helper imports (#252) - Updated import statements in all policy.rego files to replace `data.terraform.gcp.helpers` with `data.terraform.helpers` to point at refactored helpers. --- policies/gcp/Firebase/android_app/deletion_policy/policy.rego | 2 +- policies/gcp/Firebase/apple_app/deletion_policy/policy.rego | 2 +- policies/gcp/Firebase/web_app/deletion_policy/policy.rego | 2 +- .../data_connect_service/deletion_policy/policy.rego | 2 +- .../fleet_logging_default_mode_required/policy.rego | 2 +- .../no_public_principals_binding/policy.rego | 2 +- .../no_public_principals_member/policy.rego | 2 +- .../git_approved_HTTPS/policy.rego | 2 +- .../git_secure_auth/policy.rego | 2 +- .../pc_enable_requied/policy.rego | 2 +- .../binauthz_policy_binding_approved/policy.rego | 2 +- .../google_gke_hub_membership/authority_issuer/policy.rego | 2 +- .../approved_roles/policy.rego | 2 +- .../no_public_principals_binding/policy.rego | 2 +- .../no_public_principals_member/policy.rego | 2 +- .../no_public_principals_policy/policy.rego | 2 +- .../enrolled_services/policy.rego | 2 +- .../enrollment_level/policy.rego | 2 +- .../enrolled_services/policy.rego | 2 +- .../enrolled_services/policy.rego | 2 +- .../config_encryption_type/policy.rego | 2 +- .../config_enforce_cmek_key_name/policy.rego | 2 +- .../google_apihub_api_hub_instance/disable_search/policy.rego | 2 +- .../api_hub/google_apihub_api_hub_instance/location/policy.rego | 2 +- .../policy.rego | 2 +- .../policy.rego | 2 +- .../google_apihub_plugin/allowed_service_account/policy.rego | 2 +- .../allowed_supported_auth_types/policy.rego | 2 +- .../allowed_encryption_type/policy.rego | 2 +- .../force_enable_plugin/policy.rego | 2 +- .../allowed_location/policy.rego | 2 +- .../decrypted_credential/auth_token/token/policy.rego | 2 +- .../decrypted_credential/auth_token/type/policy.rego | 2 +- .../decrypted_credential/credential_type/policy.rego | 2 +- .../decrypted_credential/jwt/jwt_header/policy.rego | 2 +- .../oauth2_client_credentials/client_secret/policy.rego | 2 +- .../oauth2_client_credentials/request_type/policy.rego | 2 +- .../google_integrations_auth_config/visibility/policy.rego | 2 +- .../google_integrations_client/allowed_location/policy.rego | 2 +- .../cloud_kms_config/allowed_kms_location/policy.rego | 2 +- .../google_integrations_client/cloud_kms_config/key/policy.rego | 2 +- .../cloud_kms_config/kms_ring/policy.rego | 2 +- .../google_beyondcorp_app_connection/port_whitelist/policy.rego | 2 +- .../region_whitelist/policy.rego | 2 +- .../region_whitelist/policy.rego | 2 +- .../service_account_whitelist/policy.rego | 2 +- .../host_type_whitelist/policy.rego | 2 +- .../google_beyondcorp_app_gateway/region_whitelist/policy.rego | 2 +- .../hubs_region_whitelist/policy.rego | 2 +- .../endpoint_hostname_whitelist/policy.rego | 2 +- .../upstreams_whitelist/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../bigquery_datapolicy_data_policy_iam/location/policy.rego | 2 +- .../bigquery_datapolicy_data_policy_iam/member/policy.rego | 2 +- .../data_masking_policy/predefined_expression/policy.rego | 2 +- .../data_policy_type/policy.rego | 2 +- .../google_bigquery_datapolicy_data_policy/location/policy.rego | 2 +- .../destination_dataset_id/policy.rego | 2 +- .../encryption_configuration/policy.rego | 2 +- .../bigquery_data_transfer_config/location/policy.rego | 2 +- .../public_keys/policy.rego | 2 +- .../signature_algorithm/policy.rego | 2 +- .../attestor_reference/policy.rego | 2 +- .../authorized_role/policy.rego | 2 +- .../required_member/policy.rego | 2 +- .../audit_log_required/policy.rego | 2 +- .../cluster_admission_rule/policy.rego | 2 +- .../default_admission_rule/policy.rego | 2 +- .../require_attestations_by/policy.rego | 2 +- .../gcp/chronicle/chronicle_rule/allowed_location/policy.rego | 2 +- policies/gcp/chronicle/chronicle_rule/allowed_scope/policy.rego | 2 +- .../chronicle/data_access_label/allowed_location/policy.rego | 2 +- policies/gcp/chronicle/data_access_label/udm_query/policy.rego | 2 +- .../chronicle/data_access_scope/allowed_location/policy.rego | 2 +- .../secure_data_access_scope_configuration/policy.rego | 2 +- .../gcp/chronicle/reference_list/allowed_location/policy.rego | 2 +- policies/gcp/chronicle/retrohunt/allowed_location/policy.rego | 2 +- .../gcp/chronicle/rule_deployment/allowed_location/policy.rego | 2 +- .../gcp/chronicle/rule_deployment/detect_alerts/policy.rego | 2 +- .../rule_deployment/rule_deployment_enabled/policy.rego | 2 +- policies/gcp/chronicle/watchlist/allowed_location/policy.rego | 2 +- .../watchlist/disallow_manual_entity_population/policy.rego | 2 +- policies/gcp/chronicle/watchlist/multiplying_factor/policy.rego | 2 +- .../create_policy/policy.rego | 2 +- .../delete_policy/policy.rego | 2 +- .../google_deployment_manager_deployment/preview/policy.rego | 2 +- .../google_folder/deletion_protection/policy.rego | 2 +- .../google_folder_iam_audit_config/audit_config/policy.rego | 2 +- .../google_folder_iam_binding/iam_binding/policy.rego | 2 +- .../google_folder_iam_member/iam_member/policy.rego | 2 +- .../google_folder_iam_policy/policy_data/policy.rego | 2 +- .../google_folder_organization_policy/constraint/policy.rego | 2 +- .../google_organization_iam_custom_role/stage/policy.rego | 2 +- .../google_project/auto_create_network/policy.rego | 2 +- .../google_project/billing_account/policy.rego | 2 +- .../google_project/deletion_policy/policy.rego | 2 +- .../cloud_platform_service/google_project/labels/policy.rego | 2 +- .../cloud_platform_service/google_project/org_id/policy.rego | 2 +- .../google_project/project_id/policy.rego | 2 +- .../gcp/cloud_platform_service/google_project/tags/policy.rego | 2 +- .../google_project_default_service_accounts/action/policy.rego | 2 +- .../google_project_service/service/policy.rego | 2 +- .../google_service_account/account_id/policy.rego | 2 +- .../google_service_account/description/policy.rego | 2 +- .../google_service_account/disabled/policy.rego | 2 +- .../google_service_account/display_name/policy.rego | 2 +- .../google_service_account_key/exposure/policy.rego | 2 +- .../google_storage_anywhere_cache/zone_whitelist/policy.rego | 2 +- .../google_storage_bucket/allowed_location/policy.rego | 2 +- .../google_storage_bucket/block_broad_cors/policy.rego | 2 +- .../cloud_storage/google_storage_bucket/encryption/policy.rego | 2 +- .../google_storage_bucket/force_destroy/policy.rego | 2 +- .../google_storage_bucket/public_access_prevention/policy.rego | 2 +- .../google_storage_bucket/public_ip_filter/policy.rego | 2 +- .../google_storage_bucket/retention_lock/policy.rego | 2 +- .../google_storage_bucket/retention_period/policy.rego | 2 +- .../uniform_bucket_level_access/policy.rego | 2 +- .../public_entity_blacklist/policy.rego | 2 +- .../google_storage_bucket_acl/block_default_acl/policy.rego | 2 +- .../google_storage_bucket_acl/role_entity_required/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../google_storage_bucket_object/encryption/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../google_storage_folder/force_destroy/policy.rego | 2 +- .../google_storage_managed_folder/force_destroy/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../google_storage_object_acl/predefined_acl/policy.rego | 2 +- .../public_access_prevention/policy.rego | 2 +- .../disallow_permanent_object_deletion/policy.rego | 2 +- .../forbid_unsetting_object_holds/policy.rego | 2 +- .../require_scope_prefix_or_manifest/policy.rego | 2 +- .../rewrite_requires_cmek/policy.rego | 2 +- .../block_broad_external_access/policy.rego | 2 +- .../cloud_vmware_engine/network/allowed_location/policy.rego | 2 +- .../gcp/cloud_vmware_engine/network/block_legacy/policy.rego | 2 +- .../network_peering/block_custom_routes/policy.rego | 2 +- .../network_peering/block_thirdparty/policy.rego | 2 +- .../network_policy/allowed_location/policy.rego | 2 +- .../network_policy/block_external_ip/policy.rego | 2 +- .../network_policy/block_internet_access/policy.rego | 2 +- .../private_cloud/allowed_location/policy.rego | 2 +- .../private_cloud/zonal_location/policy.rego | 2 +- policies/gcp/connection/policy.rego | 2 +- .../connection_profile/cloudsql_authorized_networks/policy.rego | 2 +- .../connection_profile/cloudsql_cmek/policy.rego | 2 +- .../connection_profile/cloudsql_private_network/policy.rego | 2 +- .../connection_profile/cloudsql_require_ssl/policy.rego | 2 +- .../connection_profile/forward_ssh_connectivity/policy.rego | 2 +- .../connection_profile/location/policy.rego | 2 +- .../connection_profile/mysql_ssl_type/policy.rego | 2 +- .../connection_profile/postgresql_ssl_type/policy.rego | 2 +- .../connection_profile/private_connectivity/policy.rego | 2 +- .../static_service_ip_connectivity/policy.rego | 2 +- .../migration_job/dump_type/policy.rego | 2 +- .../migration_job/location/policy.rego | 2 +- .../migration_job/reverse_ssh_connectivity/policy.rego | 2 +- .../migration_job/static_ip_connectivity/policy.rego | 2 +- .../database_migration_service/migration_job/type/policy.rego | 2 +- .../migration_job/vpc_peering_connectivity/policy.rego | 2 +- .../private_connection/create_without_validation/policy.rego | 2 +- .../private_connection/location/policy.rego | 2 +- .../google_dataform_repository/deletion_policy/policy.rego | 2 +- .../dataform/google_dataform_repository/encryption/policy.rego | 2 +- .../google_dataform_repository/git_https_secret/policy.rego | 2 +- .../google_dataform_repository/git_required/policy.rego | 2 +- .../google_dataform_repository/git_ssh_auth/policy.rego | 2 +- .../labels_security_required/policy.rego | 2 +- .../google_dataform_repository/region_allowlist/policy.rego | 2 +- .../google_dataform_repository_iam/iam_no_public/policy.rego | 2 +- .../cron_required/policy.rego | 2 +- .../service_account_required/policy.rego | 2 +- .../federation/deletion_protection/policy.rego | 2 +- policies/gcp/dataproc_metastore/federation/location/policy.rego | 2 +- .../dataproc_metastore/federation/metastore_type/policy.rego | 2 +- policies/gcp/dataproc_metastore/federation/name/policy.rego | 2 +- policies/gcp/dataproc_metastore/federation/version/policy.rego | 2 +- .../gcp/dataproc_metastore/service/database_type/policy.rego | 2 +- .../dataproc_metastore/service/deletion_protection/policy.rego | 2 +- .../dataproc_metastore/service/encryption_config/policy.rego | 2 +- policies/gcp/dataproc_metastore/service/location/policy.rego | 2 +- .../dataproc_metastore/service/metadata_integration/policy.rego | 2 +- policies/gcp/dataproc_metastore/service/port/policy.rego | 2 +- .../gcp/dataproc_metastore/service/scheduled_backup/policy.rego | 2 +- .../deploy/automation/service_account_validation/policy.rego | 2 +- policies/gcp/deploy/automation/suspended_check/policy.rego | 2 +- .../custom_target_type/custom_actions_validation/policy.rego | 2 +- .../prohibited_members/policy.rego | 2 +- .../custom_target_type_iam_binding/required_role/policy.rego | 2 +- .../custom_target_type_iam_member/prohibited_member/policy.rego | 2 +- .../custom_target_type_iam_member/required_role/policy.rego | 2 +- .../custom_target_type_iam_policy/required_role/policy.rego | 2 +- .../delivery_pipeline/serial_pipeline_validation/policy.rego | 2 +- .../gcp/deploy/delivery_pipeline/suspended_check/policy.rego | 2 +- .../prohibited_members/policy.rego | 2 +- .../delivery_pipeline_iam_binding/required_role/policy.rego | 2 +- .../delivery_pipeline_iam_member/prohibited_member/policy.rego | 2 +- .../delivery_pipeline_iam_member/required_role/policy.rego | 2 +- .../delivery_pipeline_iam_policy/required_role/policy.rego | 2 +- policies/gcp/deploy/deploy_policy/suspended_check/policy.rego | 2 +- policies/gcp/deploy/target/gke_configuration/policy.rego | 2 +- policies/gcp/deploy/target/require_approval_check/policy.rego | 2 +- policies/gcp/deploy/target/run_configuration/policy.rego | 2 +- .../deploy/target_iam_binding/prohibited_members/policy.rego | 2 +- .../gcp/deploy/target_iam_binding/required_role/policy.rego | 2 +- .../gcp/deploy/target_iam_member/prohibited_member/policy.rego | 2 +- policies/gcp/deploy/target_iam_member/required_role/policy.rego | 2 +- policies/gcp/deploy/target_iam_policy/required_role/policy.rego | 2 +- .../approved_locations/policy.rego | 2 +- .../least_privilege_scopes/policy.rego | 2 +- .../system_provider_id/policy.rego | 2 +- .../approved_location/policy.rego | 2 +- .../bitbucket_cloud_config_sub_attributes/policy.rego | 2 +- .../bitbucket_data_center_config_sub_attributes/policy.rego | 2 +- .../cmek_key_reference/policy.rego | 2 +- .../github_config_sub_attributes/policy.rego | 2 +- .../github_enterprise_config_sub_attributes/policy.rego | 2 +- .../gitlab_config_sub_attributes/policy.rego | 2 +- .../gitlab_enterprise_config_sub_attributes/policy.rego | 2 +- .../approved_clone_uri/policy.rego | 2 +- .../approved_location/policy.rego | 2 +- .../approved_parent_connection/policy.rego | 2 +- .../approved_location/policy.rego | 2 +- .../insights_security_baseline/policy.rego | 2 +- .../discovery_engine/chat_engine/chat_engine_config/policy.rego | 2 +- .../chat_engine/chat_engine_location/policy.rego | 2 +- .../cmek_config/cmek_config_kms_key/policy.rego | 2 +- .../cmek_config/cmek_config_location/policy.rego | 2 +- .../cmek_config/cmek_config_single_region_keys/policy.rego | 2 +- .../data_store/data_store_content_config/policy.rego | 2 +- .../data_store_document_processing_config/policy.rego | 2 +- .../data_store/data_store_kms_key_name/policy.rego | 2 +- .../discovery_engine/data_store/data_store_location/policy.rego | 2 +- .../engine_schema/engine_schema_json/policy.rego | 2 +- .../engine_schema/engine_schema_location/policy.rego | 2 +- .../search_engine/search_engine_industry_vertical/policy.rego | 2 +- .../backend/codebase_repository/policy.rego | 2 +- policies/gcp/firebase_app_hosting/backend/location/policy.rego | 2 +- .../firebase_app_hosting/backend/serving_locality/policy.rego | 2 +- .../traffic/rollout_policy_codebase_branch/policy.rego | 2 +- .../custom_domain_verification/policy.rego | 2 +- .../cache_control_secure/policy.rego | 2 +- .../cors_policy_secure/policy.rego | 2 +- .../headers_security/policy.rego | 2 +- .../redirect_rules_secure/policy.rego | 2 +- .../rewrite_rules_secure/policy.rego | 2 +- .../google_firebase_database_instance/desired_state/policy.rego | 2 +- .../google_firebase_database_instance/type/policy.rego | 2 +- .../firestore_backup_schedule/daily_recurrence/policy.rego | 2 +- .../firestore/firestore_backup_schedule/retention/policy.rego | 2 +- .../firestore_backup_schedule/weekly_recurrence/policy.rego | 2 +- .../firestore_database/app_engine_integration_mode/policy.rego | 2 +- .../firestore/firestore_database/concurrency_mode/policy.rego | 2 +- .../gcp/firestore/firestore_database/location_id/policy.rego | 2 +- .../gcp/firestore/firestore_document/collection/policy.rego | 2 +- policies/gcp/firestore/firestore_document/fields/policy.rego | 2 +- policies/gcp/firestore/firestore_document/project/policy.rego | 2 +- policies/gcp/gdce/cluster/cidr_blocks/policy.rego | 2 +- policies/gcp/gdce/cluster/maintenance_policy/policy.rego | 2 +- policies/gcp/gdce/cluster/target_version/policy.rego | 2 +- policies/gcp/gdce/node_pool/basic_checks/policy.rego | 2 +- policies/gcp/gdce/node_pool/disk_encryption/policy.rego | 2 +- policies/gcp/gdce/vpn_connection/vpc/policy.rego | 2 +- .../google_netapp_active_directory/required_domain/policy.rego | 2 +- .../google_netapp_active_directory/valid_dns/policy.rego | 2 +- .../google_netapp_active_directory/valid_password/policy.rego | 2 +- .../google_netapp_active_directory/valid_username/policy.rego | 2 +- .../google_netapp_backup/allowed_location/policy.rego | 2 +- .../google_netapp_backup/allowed_source_volume/policy.rego | 2 +- .../google_netapp_backup/approved_vault_name/policy.rego | 2 +- .../google_netapp_backup_policy/allowed_location/policy.rego | 2 +- .../required_daily_backup_limit/policy.rego | 2 +- .../google_netapp_backup_vault/allowed_location/policy.rego | 2 +- .../google_netapp_kmsconfig/allowed_location/policy.rego | 2 +- .../google_netapp_kmsconfig/valid_crypto_key_name/policy.rego | 2 +- .../google_netapp_storage_pool/allowed_location/policy.rego | 2 +- .../google_netapp_storage_pool/allowed_network/policy.rego | 2 +- .../google_netapp_volume/valid_protocols/policy.rego | 2 +- .../allowed_location/policy.rego | 2 +- .../disk_limit_mib_range/policy.rego | 2 +- .../allowed_location/policy.rego | 2 +- .../required_replication_schedule/policy.rego | 2 +- .../google_netapp_volume_snapshot/allowed_location/policy.rego | 2 +- .../allowed_volume_name/policy.rego | 2 +- .../google_cloudfunctions2_function/env_variable/policy.rego | 2 +- .../ingress_settings/policy.rego | 2 +- .../google_cloudfunctions2_function/location/policy.rego | 2 +- .../google_cloudfunctions2_function/timeout/policy.rego | 2 +- .../google_cloudfunctions2_function/vpc_connector/policy.rego | 2 +- .../member/policy.rego | 2 +- .../google_cloudfunctions2_function_iam_member/role/policy.rego | 2 +- .../cloud_function/policy.rego | 2 +- .../spark_application_environment_config/policy.rego | 2 +- .../google_kms_crypto_key/complaint_purpose/policy.rego | 2 +- .../scheduled_destroy_duration/policy.rego | 2 +- .../google_kms_crypto_key/scheduled_rotation_period/policy.rego | 2 +- .../google_kms_crypto_key_iam_binding/approved_role/policy.rego | 2 +- .../google_kms_crypto_key_version/state_allowed/policy.rego | 2 +- .../google_kms_ekm_connection/approved_location/policy.rego | 2 +- .../google_kms_ekm_connection/cert_hostname_match/policy.rego | 2 +- .../google_kms_key_handle/approved_location/policy.rego | 2 +- .../google_kms_key_handle/approved_resources/policy.rego | 2 +- .../google_kms/google_kms_key_ring/allowed_location/policy.rego | 2 +- .../google_kms_key_ring_import_job/import_method/policy.rego | 2 +- .../google_kms_key_ring_import_job/protection_level/policy.rego | 2 +- .../google_kms_secret_ciphertext/crypto_key/policy.rego | 2 +- .../google_iap_app_engine_service_iam/member/policy.rego | 2 +- .../google_iap_app_engine_service_iam/role/policy.rego | 2 +- .../google_iap_brand/application_title/policy.rego | 2 +- .../google_iap_brand/support_email/policy.rego | 2 +- .../google_iap_settings/allowed_domain/policy.rego | 2 +- .../google_iap_settings/cookie_domain/policy.rego | 2 +- .../google_iap_web_backend_service_iam/member/policy.rego | 2 +- .../google_iap_web_backend_service_iam/role/policy.rego | 2 +- .../web_backend_service/policy.rego | 2 +- .../cloud_run_service_name/policy.rego | 2 +- .../google_iap_web_cloud_run_service_iam/location/policy.rego | 2 +- .../google_iap_web_cloud_run_service_iam/member/policy.rego | 2 +- .../google_iap_web_cloud_run_service_iam/role/policy.rego | 2 +- .../forwarding_rule/policy.rego | 2 +- .../project/policy.rego | 2 +- .../google_iap_web_iam/condition/policy.rego | 2 +- .../identity_aware_proxy/google_iap_web_iam/member/policy.rego | 2 +- .../identity_aware_proxy/google_iap_web_iam/role/policy.rego | 2 +- .../google_iap_web_type_compute_iam/member/policy.rego | 2 +- .../google_iap_web_type_compute_iam/role/policy.rego | 2 +- policies/gcp/looker/core/cmek_required/policy.rego | 2 +- policies/gcp/looker/core/consumer_network_set/policy.rego | 2 +- policies/gcp/looker/core/custom_domain_when_private/policy.rego | 2 +- policies/gcp/looker/core/disallow_trial_editions/policy.rego | 2 +- policies/gcp/looker/core/fips_required/policy.rego | 2 +- policies/gcp/looker/core/maintenance_window_set/policy.rego | 2 +- policies/gcp/looker/core/no_public_ip/policy.rego | 2 +- policies/gcp/looker/core/oauth_config_present/policy.rego | 2 +- .../gcp/looker/core/private_connectivity_required/policy.rego | 2 +- policies/gcp/looker/core/psc_mode_hygiene/policy.rego | 2 +- policies/gcp/looker/core/reserved_range_for_psa_psc/policy.rego | 2 +- .../gcp/lustre/lustre_instance/allowed_location/policy.rego | 2 +- .../gcp/lustre/lustre_instance/allowed_vpc_network/policy.rego | 2 +- .../gcp/lustre/lustre_instance/gke_support_enabled/policy.rego | 2 +- .../valid_per_unit_storage_throughput/policy.rego | 2 +- .../google_managed_kafka_acl/global_acls/policy.rego | 2 +- .../google_managed_kafka_acl/secured_acl_entries/policy.rego | 2 +- .../google_managed_kafka_acl/wildcard_principals/policy.rego | 2 +- .../google_managed_kafka_cluster/kafka_cluster/policy.rego | 2 +- .../kafka_cmek_enforcement/policy.rego | 2 +- .../kafka_mtls_enforcement/policy.rego | 2 +- .../cluster_binding/policy.rego | 2 +- .../disallow_public_exposure/policy.rego | 2 +- .../enforce_private_networking/policy.rego | 2 +- .../enforce_connector/policy.rego | 2 +- .../google_managed_kafka_connector/task_restart/policy.rego | 2 +- .../google_managed_kafka_topic/secure_topic_config/policy.rego | 2 +- .../google_memcache_instance/authorized_network/policy.rego | 2 +- .../google_memcache_instance/maintenance_policy/policy.rego | 2 +- .../google_memcache_instance/memcache_version/policy.rego | 2 +- .../google_memcache_instance/reserved_ip_range_id/policy.rego | 2 +- .../memorystore_instance/authorization_mode/policy.rego | 2 +- .../memorystore_instance/deletion_protection_config/policy.rego | 2 +- .../confidence_level/policy.rego | 2 +- .../google_model_armor_floorsetting/filter_config/policy.rego | 2 +- .../filter_config_sub_attributes/policy.rego | 2 +- .../google_model_armor_floorsetting/filter_type/policy.rego | 2 +- .../google_model_armor_floorsetting/location/policy.rego | 2 +- .../google_model_armor_template/confidence_level/policy.rego | 2 +- .../google_model_armor_template/filter_config/policy.rego | 2 +- .../filter_config_sub_attributes/policy.rego | 2 +- .../google_model_armor_template/filter_type/policy.rego | 2 +- .../google_model_armor_template/location/policy.rego | 2 +- policies/gcp/network/policy.rego | 2 +- .../google_integration_connectors_connection/port/policy.rego | 2 +- .../secret_manager_secret/policy.rego | 2 +- .../ssl_config_trust_model/policy.rego | 2 +- .../ssl_config_use_ssl/policy.rego | 2 +- .../user_password/policy.rego | 2 +- .../service_attachment/policy.rego | 2 +- .../dns_peer_binding/policy.rego | 2 +- .../managed_zone/policy.rego | 2 +- .../gcp/os_config_v2/policy_orchestrator/action/policy.rego | 2 +- .../policy_orchestrator/orchestrated_resource/policy.rego | 2 +- .../policy_orchestrator/orchestration_scope/policy.rego | 2 +- .../policy_orchestrator_for_folder/action/policy.rego | 2 +- .../orchestrated_resource/policy.rego | 2 +- .../orchestration_scope/policy.rego | 2 +- .../policy_orchestrator_for_organization/action/policy.rego | 2 +- .../orchestrated_resource/policy.rego | 2 +- .../organization_id/policy.rego | 2 +- .../policy_orchestrator_id/policy.rego | 2 +- .../google_compute_instance/block_project_ssh_keys/policy.rego | 2 +- .../disallow_legacy_metadata_ssh_keys/policy.rego | 2 +- .../gcp/oslogin/google_compute_instance/enabled/policy.rego | 2 +- .../google_compute_instance/require_service_account/policy.rego | 2 +- .../google_compute_instance/require_shielded_vm/policy.rego | 2 +- .../google_compute_instance/restrict_external_ip/policy.rego | 2 +- policies/gcp/oslogin/google_compute_instance/twofa/policy.rego | 2 +- .../google_parallelstore_instance/location/policy.rego | 2 +- policies/gcp/parameter_manager/parameter/encryption/policy.rego | 2 +- .../regional_parameter/allowed_location/policy.rego | 2 +- .../parameter_manager/regional_parameter/encryption/policy.rego | 2 +- .../entitlement/additional_notification_targets/policy.rego | 2 +- .../entitlement/approval_workflow/policy.rego | 2 +- .../entitlement/eligible_users/policy.rego | 2 +- .../privileged_access_manager/entitlement/location/policy.rego | 2 +- .../entitlement/max_request_duration/policy.rego | 2 +- .../entitlement/privileged_access/policy.rego | 2 +- .../entitlement/requester_justification_config/policy.rego | 2 +- .../gcp/recaptchaenterprise/key/allow_all_domains/policy.rego | 2 +- .../gcp/recaptchaenterprise/key/allow_amp_traffic/policy.rego | 2 +- .../key/challenge_security_preference/policy.rego | 2 +- .../gcp/recaptchaenterprise/key/integration_type/policy.rego | 2 +- .../gcp/registries/analysis_note/expiration_time/policy.rego | 2 +- .../scc/event_threat_detection_custom_module/config/policy.rego | 2 +- .../enablement_state/policy.rego | 2 +- .../gcp/scc/folder_custom_module/enablement_state/policy.rego | 2 +- .../allowed_organization/policy.rego | 2 +- .../scc/google_scc_notification_config/pubsub_topic/policy.rego | 2 +- .../google_scc_notification_config/streaming_config/policy.rego | 2 +- .../big_query_export_id/policy.rego | 2 +- .../dataset/policy.rego | 2 +- .../required_filter/policy.rego | 2 +- .../scc/google_scc_source_iam_binding/allowed_role/policy.rego | 2 +- .../gcp/scc/google_scc_source_iam_binding/members/policy.rego | 2 +- policies/gcp/scc/mute_config/filter/policy.rego | 2 +- .../scc/organization_custom_module/enablement_state/policy.rego | 2 +- .../gcp/scc/project_custom_module/enablement_state/policy.rego | 2 +- templates/gcp/policy.rego | 2 +- 432 files changed, 432 insertions(+), 432 deletions(-) diff --git a/policies/gcp/Firebase/android_app/deletion_policy/policy.rego b/policies/gcp/Firebase/android_app/deletion_policy/policy.rego index 7ef41fd61..85c8ed056 100644 --- a/policies/gcp/Firebase/android_app/deletion_policy/policy.rego +++ b/policies/gcp/Firebase/android_app/deletion_policy/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.Firebase.android_app.deletion_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.Firebase.android_app.vars conditions := [ diff --git a/policies/gcp/Firebase/apple_app/deletion_policy/policy.rego b/policies/gcp/Firebase/apple_app/deletion_policy/policy.rego index be8194302..b8b51db89 100644 --- a/policies/gcp/Firebase/apple_app/deletion_policy/policy.rego +++ b/policies/gcp/Firebase/apple_app/deletion_policy/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.Firebase.apple_app.deletion_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.Firebase.apple_app.vars conditions := [ diff --git a/policies/gcp/Firebase/web_app/deletion_policy/policy.rego b/policies/gcp/Firebase/web_app/deletion_policy/policy.rego index df4699831..ab253b5d2 100644 --- a/policies/gcp/Firebase/web_app/deletion_policy/policy.rego +++ b/policies/gcp/Firebase/web_app/deletion_policy/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.Firebase.web_app.deletion_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.Firebase.web_app.vars conditions := [ diff --git a/policies/gcp/Firebase_Data_Connect/data_connect_service/deletion_policy/policy.rego b/policies/gcp/Firebase_Data_Connect/data_connect_service/deletion_policy/policy.rego index 2d1db151f..55908c1d3 100644 --- a/policies/gcp/Firebase_Data_Connect/data_connect_service/deletion_policy/policy.rego +++ b/policies/gcp/Firebase_Data_Connect/data_connect_service/deletion_policy/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.Firebase_Data_Connect.data_connect_service.deletion_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.Firebase_Data_Connect.data_connect_service.vars conditions := [ diff --git a/policies/gcp/GKEHub/google_gke_hub_feature/fleet_logging_default_mode_required/policy.rego b/policies/gcp/GKEHub/google_gke_hub_feature/fleet_logging_default_mode_required/policy.rego index 33769330e..ae7c11c5f 100644 --- a/policies/gcp/GKEHub/google_gke_hub_feature/fleet_logging_default_mode_required/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_feature/fleet_logging_default_mode_required/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_feature.fleet_logging_default_mode_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_feature.vars conditions := [[ diff --git a/policies/gcp/GKEHub/google_gke_hub_feature_iam_binding/no_public_principals_binding/policy.rego b/policies/gcp/GKEHub/google_gke_hub_feature_iam_binding/no_public_principals_binding/policy.rego index e56185d87..76043c876 100644 --- a/policies/gcp/GKEHub/google_gke_hub_feature_iam_binding/no_public_principals_binding/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_feature_iam_binding/no_public_principals_binding/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_feature_iam_binding.no_public_principals_binding -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_feature_iam_binding.vars conditions := [[ diff --git a/policies/gcp/GKEHub/google_gke_hub_feature_iam_member/no_public_principals_member/policy.rego b/policies/gcp/GKEHub/google_gke_hub_feature_iam_member/no_public_principals_member/policy.rego index afece853d..4b34e2134 100644 --- a/policies/gcp/GKEHub/google_gke_hub_feature_iam_member/no_public_principals_member/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_feature_iam_member/no_public_principals_member/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_feature_iam_member.no_public_principals_member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_feature_iam_member.vars diff --git a/policies/gcp/GKEHub/google_gke_hub_feature_membership/git_approved_HTTPS/policy.rego b/policies/gcp/GKEHub/google_gke_hub_feature_membership/git_approved_HTTPS/policy.rego index fdf70d63c..950cf8d7b 100644 --- a/policies/gcp/GKEHub/google_gke_hub_feature_membership/git_approved_HTTPS/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_feature_membership/git_approved_HTTPS/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_feature_membership.git_approved_HTTPS -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_feature_membership.vars conditions := [ diff --git a/policies/gcp/GKEHub/google_gke_hub_feature_membership/git_secure_auth/policy.rego b/policies/gcp/GKEHub/google_gke_hub_feature_membership/git_secure_auth/policy.rego index a1038a00f..b9af2b6d1 100644 --- a/policies/gcp/GKEHub/google_gke_hub_feature_membership/git_secure_auth/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_feature_membership/git_secure_auth/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_feature_membership.git_secure_auth -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_feature_membership.vars diff --git a/policies/gcp/GKEHub/google_gke_hub_feature_membership/pc_enable_requied/policy.rego b/policies/gcp/GKEHub/google_gke_hub_feature_membership/pc_enable_requied/policy.rego index 9a3581d39..6e654da4b 100644 --- a/policies/gcp/GKEHub/google_gke_hub_feature_membership/pc_enable_requied/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_feature_membership/pc_enable_requied/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_feature_membership.pc_enabled_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_feature_membership.vars diff --git a/policies/gcp/GKEHub/google_gke_hub_fleet/binauthz_policy_binding_approved/policy.rego b/policies/gcp/GKEHub/google_gke_hub_fleet/binauthz_policy_binding_approved/policy.rego index 1479348f5..08578e2c8 100644 --- a/policies/gcp/GKEHub/google_gke_hub_fleet/binauthz_policy_binding_approved/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_fleet/binauthz_policy_binding_approved/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_fleet.binauthz_policy_binding_approved -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_fleet.vars diff --git a/policies/gcp/GKEHub/google_gke_hub_membership/authority_issuer/policy.rego b/policies/gcp/GKEHub/google_gke_hub_membership/authority_issuer/policy.rego index f86efd39d..b6344e98b 100644 --- a/policies/gcp/GKEHub/google_gke_hub_membership/authority_issuer/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_membership/authority_issuer/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_membership.authority_issuer -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_membership.vars conditions := [ diff --git a/policies/gcp/GKEHub/google_gke_hub_membership_rbac_role_binding/approved_roles/policy.rego b/policies/gcp/GKEHub/google_gke_hub_membership_rbac_role_binding/approved_roles/policy.rego index 490cb4f1d..1d28bf5ab 100644 --- a/policies/gcp/GKEHub/google_gke_hub_membership_rbac_role_binding/approved_roles/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_membership_rbac_role_binding/approved_roles/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_membership_rbac_role_binding.approved_roles -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_membership_rbac_role_binding.vars conditions := [ diff --git a/policies/gcp/GKEHub/google_gke_hub_scope_iam_binding/no_public_principals_binding/policy.rego b/policies/gcp/GKEHub/google_gke_hub_scope_iam_binding/no_public_principals_binding/policy.rego index 2ee1c7988..6f6507275 100644 --- a/policies/gcp/GKEHub/google_gke_hub_scope_iam_binding/no_public_principals_binding/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_scope_iam_binding/no_public_principals_binding/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_scope_iam_binding.no_public_principals_binding -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_scope_iam_binding.vars conditions := [ diff --git a/policies/gcp/GKEHub/google_gke_hub_scope_iam_member/no_public_principals_member/policy.rego b/policies/gcp/GKEHub/google_gke_hub_scope_iam_member/no_public_principals_member/policy.rego index 924fe04ba..3080e5c0f 100644 --- a/policies/gcp/GKEHub/google_gke_hub_scope_iam_member/no_public_principals_member/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_scope_iam_member/no_public_principals_member/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_scope_iam_member.no_public_principals_member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_scope_iam_member.vars conditions := [ diff --git a/policies/gcp/GKEHub/google_gke_hub_scope_iam_policy/no_public_principals_policy/policy.rego b/policies/gcp/GKEHub/google_gke_hub_scope_iam_policy/no_public_principals_policy/policy.rego index b201d9bfc..510449668 100644 --- a/policies/gcp/GKEHub/google_gke_hub_scope_iam_policy/no_public_principals_policy/policy.rego +++ b/policies/gcp/GKEHub/google_gke_hub_scope_iam_policy/no_public_principals_policy/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gke_hub.google_gke_hub_scope_iam_policy.no_public_principals_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gke_hub.google_gke_hub_scope_iam_policy.vars conditions := [ diff --git a/policies/gcp/access_approval/google_folder_access_approval_settings/enrolled_services/policy.rego b/policies/gcp/access_approval/google_folder_access_approval_settings/enrolled_services/policy.rego index b663fce5c..f972e55d0 100644 --- a/policies/gcp/access_approval/google_folder_access_approval_settings/enrolled_services/policy.rego +++ b/policies/gcp/access_approval/google_folder_access_approval_settings/enrolled_services/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.access_approval.google_folder_access_approval_settings.enrolled_services -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.access_approval.google_folder_access_approval_settings.vars conditions := [[ diff --git a/policies/gcp/access_approval/google_folder_access_approval_settings/enrollment_level/policy.rego b/policies/gcp/access_approval/google_folder_access_approval_settings/enrollment_level/policy.rego index 9285d1d3e..6cb661729 100644 --- a/policies/gcp/access_approval/google_folder_access_approval_settings/enrollment_level/policy.rego +++ b/policies/gcp/access_approval/google_folder_access_approval_settings/enrollment_level/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.access_approval.google_folder_access_approval_settings.enrollment_level -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.access_approval.google_folder_access_approval_settings.vars conditions := [[ diff --git a/policies/gcp/access_approval/google_organization_access_approval_settings/enrolled_services/policy.rego b/policies/gcp/access_approval/google_organization_access_approval_settings/enrolled_services/policy.rego index 1c831744d..f626aaa89 100644 --- a/policies/gcp/access_approval/google_organization_access_approval_settings/enrolled_services/policy.rego +++ b/policies/gcp/access_approval/google_organization_access_approval_settings/enrolled_services/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.access_approval.google_organization_access_approval_settings.enrolled_services -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.access_approval.google_organization_access_approval_settings.vars conditions := [[ diff --git a/policies/gcp/access_approval/google_project_access_approval_settings/enrolled_services/policy.rego b/policies/gcp/access_approval/google_project_access_approval_settings/enrolled_services/policy.rego index 9c67a113d..ece517b15 100644 --- a/policies/gcp/access_approval/google_project_access_approval_settings/enrolled_services/policy.rego +++ b/policies/gcp/access_approval/google_project_access_approval_settings/enrolled_services/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.access_approval.google_project_access_approval_settings.enrolled_services -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.access_approval.google_project_access_approval_settings.vars conditions := [[ diff --git a/policies/gcp/api_hub/google_apihub_api_hub_instance/config_encryption_type/policy.rego b/policies/gcp/api_hub/google_apihub_api_hub_instance/config_encryption_type/policy.rego index 704116fa6..ae6d2548e 100644 --- a/policies/gcp/api_hub/google_apihub_api_hub_instance/config_encryption_type/policy.rego +++ b/policies/gcp/api_hub/google_apihub_api_hub_instance/config_encryption_type/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_api_hub_instance.config_encryption_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_api_hub_instance.vars conditions := [ diff --git a/policies/gcp/api_hub/google_apihub_api_hub_instance/config_enforce_cmek_key_name/policy.rego b/policies/gcp/api_hub/google_apihub_api_hub_instance/config_enforce_cmek_key_name/policy.rego index 039267f91..450eb781c 100644 --- a/policies/gcp/api_hub/google_apihub_api_hub_instance/config_enforce_cmek_key_name/policy.rego +++ b/policies/gcp/api_hub/google_apihub_api_hub_instance/config_enforce_cmek_key_name/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_api_hub_instance.config_enforce_cmek_key_name -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_api_hub_instance.vars conditions := [ diff --git a/policies/gcp/api_hub/google_apihub_api_hub_instance/disable_search/policy.rego b/policies/gcp/api_hub/google_apihub_api_hub_instance/disable_search/policy.rego index feb449dd0..1fe58f66b 100644 --- a/policies/gcp/api_hub/google_apihub_api_hub_instance/disable_search/policy.rego +++ b/policies/gcp/api_hub/google_apihub_api_hub_instance/disable_search/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_api_hub_instance.disable_search -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_api_hub_instance.vars conditions := [ diff --git a/policies/gcp/api_hub/google_apihub_api_hub_instance/location/policy.rego b/policies/gcp/api_hub/google_apihub_api_hub_instance/location/policy.rego index 312b74f5b..a7586e332 100644 --- a/policies/gcp/api_hub/google_apihub_api_hub_instance/location/policy.rego +++ b/policies/gcp/api_hub/google_apihub_api_hub_instance/location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_api_hub_instance.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_api_hub_instance.vars conditions := [ diff --git a/policies/gcp/api_hub/google_apihub_curation/endpoint_application_integration_endpoint_details_approved_trigger_id/policy.rego b/policies/gcp/api_hub/google_apihub_curation/endpoint_application_integration_endpoint_details_approved_trigger_id/policy.rego index 986b40d38..874f62b81 100644 --- a/policies/gcp/api_hub/google_apihub_curation/endpoint_application_integration_endpoint_details_approved_trigger_id/policy.rego +++ b/policies/gcp/api_hub/google_apihub_curation/endpoint_application_integration_endpoint_details_approved_trigger_id/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_curation.endpoint_application_integration_endpoint_details_approved_trigger_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_curation.vars conditions := [ diff --git a/policies/gcp/api_hub/google_apihub_curation/endpoint_application_integration_endpoint_details_approved_uri_pattern/policy.rego b/policies/gcp/api_hub/google_apihub_curation/endpoint_application_integration_endpoint_details_approved_uri_pattern/policy.rego index 71cdf0e7e..e96a434dc 100644 --- a/policies/gcp/api_hub/google_apihub_curation/endpoint_application_integration_endpoint_details_approved_uri_pattern/policy.rego +++ b/policies/gcp/api_hub/google_apihub_curation/endpoint_application_integration_endpoint_details_approved_uri_pattern/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_curation.endpoint_application_integration_endpoint_details_approved_uri_pattern -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_curation.vars conditions := [ diff --git a/policies/gcp/api_hub/google_apihub_plugin/allowed_service_account/policy.rego b/policies/gcp/api_hub/google_apihub_plugin/allowed_service_account/policy.rego index e0777922b..9348df9ee 100644 --- a/policies/gcp/api_hub/google_apihub_plugin/allowed_service_account/policy.rego +++ b/policies/gcp/api_hub/google_apihub_plugin/allowed_service_account/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_plugin.allowed_service_account -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_plugin.vars conditions := [ diff --git a/policies/gcp/api_hub/google_apihub_plugin/allowed_supported_auth_types/policy.rego b/policies/gcp/api_hub/google_apihub_plugin/allowed_supported_auth_types/policy.rego index da99e9320..ee8da24bf 100644 --- a/policies/gcp/api_hub/google_apihub_plugin/allowed_supported_auth_types/policy.rego +++ b/policies/gcp/api_hub/google_apihub_plugin/allowed_supported_auth_types/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_plugin.allowed_supported_auth_types -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_plugin.vars conditions := [ diff --git a/policies/gcp/api_hub/google_apihub_plugin_instance/allowed_encryption_type/policy.rego b/policies/gcp/api_hub/google_apihub_plugin_instance/allowed_encryption_type/policy.rego index baef44d22..d11d80ae0 100644 --- a/policies/gcp/api_hub/google_apihub_plugin_instance/allowed_encryption_type/policy.rego +++ b/policies/gcp/api_hub/google_apihub_plugin_instance/allowed_encryption_type/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_plugin_instance.allowed_encryption_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_plugin_instance.vars conditions := [ diff --git a/policies/gcp/api_hub/google_apihub_plugin_instance/force_enable_plugin/policy.rego b/policies/gcp/api_hub/google_apihub_plugin_instance/force_enable_plugin/policy.rego index 5449e4ede..6d799200a 100644 --- a/policies/gcp/api_hub/google_apihub_plugin_instance/force_enable_plugin/policy.rego +++ b/policies/gcp/api_hub/google_apihub_plugin_instance/force_enable_plugin/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.api_hub.google_apihub_plugin_instance.force_enable_plugin -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.api_hub.google_apihub_plugin_instance.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_auth_config/allowed_location/policy.rego b/policies/gcp/application_integration/google_integrations_auth_config/allowed_location/policy.rego index aa9eac20d..8fa3a103d 100644 --- a/policies/gcp/application_integration/google_integrations_auth_config/allowed_location/policy.rego +++ b/policies/gcp/application_integration/google_integrations_auth_config/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_auth_config.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_auth_config.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/auth_token/token/policy.rego b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/auth_token/token/policy.rego index 53eb4d71a..66ba946db 100644 --- a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/auth_token/token/policy.rego +++ b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/auth_token/token/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_auth_config.decrypted_credential.auth_token.token -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_auth_config.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/auth_token/type/policy.rego b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/auth_token/type/policy.rego index c7d2055d3..2c8d0cf22 100644 --- a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/auth_token/type/policy.rego +++ b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/auth_token/type/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_auth_config.decrypted_credential.auth_token.type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_auth_config.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/credential_type/policy.rego b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/credential_type/policy.rego index 7e31a767d..73e05f8fc 100644 --- a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/credential_type/policy.rego +++ b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/credential_type/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_auth_config.decrypted_credential.credential_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_auth_config.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/jwt/jwt_header/policy.rego b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/jwt/jwt_header/policy.rego index 42d823ed2..9f50a0ec6 100644 --- a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/jwt/jwt_header/policy.rego +++ b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/jwt/jwt_header/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_auth_config.decrypted_credential.jwt.jwt_header -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_auth_config.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/oauth2_client_credentials/client_secret/policy.rego b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/oauth2_client_credentials/client_secret/policy.rego index cd4bdc2d1..3492533b6 100644 --- a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/oauth2_client_credentials/client_secret/policy.rego +++ b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/oauth2_client_credentials/client_secret/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_auth_config.decrypted_credential.oauth2_client_credentials.client_secret -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_auth_config.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/oauth2_client_credentials/request_type/policy.rego b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/oauth2_client_credentials/request_type/policy.rego index ad11a14ab..85297a68c 100644 --- a/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/oauth2_client_credentials/request_type/policy.rego +++ b/policies/gcp/application_integration/google_integrations_auth_config/decrypted_credential/oauth2_client_credentials/request_type/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_auth_config.decrypted_credential.oauth2_client_credentials.request_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_auth_config.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_auth_config/visibility/policy.rego b/policies/gcp/application_integration/google_integrations_auth_config/visibility/policy.rego index cd87d075f..7018f448b 100644 --- a/policies/gcp/application_integration/google_integrations_auth_config/visibility/policy.rego +++ b/policies/gcp/application_integration/google_integrations_auth_config/visibility/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_auth_config.visibility -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_auth_config.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_client/allowed_location/policy.rego b/policies/gcp/application_integration/google_integrations_client/allowed_location/policy.rego index 5ce6be6b0..0d1ea07d6 100644 --- a/policies/gcp/application_integration/google_integrations_client/allowed_location/policy.rego +++ b/policies/gcp/application_integration/google_integrations_client/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_client.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_client.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/allowed_kms_location/policy.rego b/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/allowed_kms_location/policy.rego index 85874b205..38997e9a8 100644 --- a/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/allowed_kms_location/policy.rego +++ b/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/allowed_kms_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_client.cloud_kms_config.allowed_kms_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_client.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/key/policy.rego b/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/key/policy.rego index b264c9e9c..37c7c5073 100644 --- a/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/key/policy.rego +++ b/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/key/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_client.cloud_kms_config.key -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_client.vars conditions := [ diff --git a/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/kms_ring/policy.rego b/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/kms_ring/policy.rego index 050175c27..2ebfeee51 100644 --- a/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/kms_ring/policy.rego +++ b/policies/gcp/application_integration/google_integrations_client/cloud_kms_config/kms_ring/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.application_integration.google_integrations_client.cloud_kms_config.kms_ring -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.application_integration.google_integrations_client.vars # Define the conditions for valid kms_ring diff --git a/policies/gcp/beyondcorp/google_beyondcorp_app_connection/port_whitelist/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_app_connection/port_whitelist/policy.rego index 000924790..3c489d794 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_app_connection/port_whitelist/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_app_connection/port_whitelist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_app_connection.port_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_app_connection.vars conditions := [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_app_connection/region_whitelist/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_app_connection/region_whitelist/policy.rego index a1dc7db8b..91af2e9cd 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_app_connection/region_whitelist/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_app_connection/region_whitelist/policy.rego @@ -1,7 +1,7 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_app_connection.region_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_app_connection.vars conditions := [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_app_connector/region_whitelist/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_app_connector/region_whitelist/policy.rego index 826d4b5ae..b3722cfba 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_app_connector/region_whitelist/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_app_connector/region_whitelist/policy.rego @@ -1,7 +1,7 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_app_connector.region_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_app_connector.vars conditions := [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_app_connector/service_account_whitelist/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_app_connector/service_account_whitelist/policy.rego index 95daa1396..59519f888 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_app_connector/service_account_whitelist/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_app_connector/service_account_whitelist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_app_connector.service_account_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_app_connector.vars conditions := [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_app_gateway/host_type_whitelist/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_app_gateway/host_type_whitelist/policy.rego index a7b011be7..c5ddea838 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_app_gateway/host_type_whitelist/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_app_gateway/host_type_whitelist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_app_gateway.host_type_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_app_gateway.vars conditions := [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_app_gateway/region_whitelist/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_app_gateway/region_whitelist/policy.rego index fcab46588..932c78229 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_app_gateway/region_whitelist/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_app_gateway/region_whitelist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_app_gateway.region_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_app_gateway.vars conditions := [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway/hubs_region_whitelist/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway/hubs_region_whitelist/policy.rego index 64b9b2518..5e8d95209 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway/hubs_region_whitelist/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway/hubs_region_whitelist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway.hubs_region_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway.vars conditions := [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application/endpoint_hostname_whitelist/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application/endpoint_hostname_whitelist/policy.rego index 558ed9fb7..d0374e97f 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application/endpoint_hostname_whitelist/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application/endpoint_hostname_whitelist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_application.endpoint_hostname_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_application.vars conditions := [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application/upstreams_whitelist/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application/upstreams_whitelist/policy.rego index 8877c637c..fac9997a5 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application/upstreams_whitelist/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application/upstreams_whitelist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_application.upstreams_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_application.vars conditions := [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application_iam_binding/public_access_prevention/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application_iam_binding/public_access_prevention/policy.rego index 8c5417054..b191db1fc 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application_iam_binding/public_access_prevention/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application_iam_binding/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_application_iam_binding.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_application_iam_binding.vars conditions := [ [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application_iam_member/public_access_prevention/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application_iam_member/public_access_prevention/policy.rego index 15151eb8b..385fe8754 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application_iam_member/public_access_prevention/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_application_iam_member/public_access_prevention/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_application_iam_member.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_application_iam_member.vars conditions := [ [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_iam_binding/public_access_prevention/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_iam_binding/public_access_prevention/policy.rego index 8958657bc..63a243b03 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_iam_binding/public_access_prevention/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_iam_binding/public_access_prevention/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_iam_binding.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_iam_binding.vars conditions := [ [ diff --git a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_iam_member/public_access_prevention/policy.rego b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_iam_member/public_access_prevention/policy.rego index 66680c3a6..96a4519a8 100644 --- a/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_iam_member/public_access_prevention/policy.rego +++ b/policies/gcp/beyondcorp/google_beyondcorp_security_gateway_iam_member/public_access_prevention/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_iam_member.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.beyondcorp.google_beyondcorp_security_gateway_iam_member.vars conditions := [ [ diff --git a/policies/gcp/bigquery_data_policy/bigquery_datapolicy_data_policy_iam/location/policy.rego b/policies/gcp/bigquery_data_policy/bigquery_datapolicy_data_policy_iam/location/policy.rego index 8c94faeaf..0b1917a24 100644 --- a/policies/gcp/bigquery_data_policy/bigquery_datapolicy_data_policy_iam/location/policy.rego +++ b/policies/gcp/bigquery_data_policy/bigquery_datapolicy_data_policy_iam/location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.bigquery_data_policy.bigquery_datapolicy_data_policy_iam.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.bigquery_data_policy.bigquery_datapolicy_data_policy_iam.vars conditions := [ diff --git a/policies/gcp/bigquery_data_policy/bigquery_datapolicy_data_policy_iam/member/policy.rego b/policies/gcp/bigquery_data_policy/bigquery_datapolicy_data_policy_iam/member/policy.rego index 4dba105d7..02089e897 100644 --- a/policies/gcp/bigquery_data_policy/bigquery_datapolicy_data_policy_iam/member/policy.rego +++ b/policies/gcp/bigquery_data_policy/bigquery_datapolicy_data_policy_iam/member/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.bigquery_data_policy.bigquery_datapolicy_data_policy_iam.member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.bigquery_data_policy.bigquery_datapolicy_data_policy_iam.vars conditions := [ diff --git a/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/data_masking_policy/predefined_expression/policy.rego b/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/data_masking_policy/predefined_expression/policy.rego index 1a6c6fcc5..db205d07d 100644 --- a/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/data_masking_policy/predefined_expression/policy.rego +++ b/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/data_masking_policy/predefined_expression/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.bigquery_data_policy.google_bigquery_datapolicy_data_policy.data_masking_policy.predefined_expression -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.bigquery_data_policy.google_bigquery_datapolicy_data_policy.vars conditions := [ diff --git a/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/data_policy_type/policy.rego b/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/data_policy_type/policy.rego index 6b1f24716..3ca02ca35 100644 --- a/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/data_policy_type/policy.rego +++ b/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/data_policy_type/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.bigquery_data_policy.google_bigquery_datapolicy_data_policy.data_policy_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.bigquery_data_policy.google_bigquery_datapolicy_data_policy.vars conditions := [ diff --git a/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/location/policy.rego b/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/location/policy.rego index 02371428a..a754f176f 100644 --- a/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/location/policy.rego +++ b/policies/gcp/bigquery_data_policy/google_bigquery_datapolicy_data_policy/location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.bigquery_data_policy.google_bigquery_datapolicy_data_policy.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.bigquery_data_policy.google_bigquery_datapolicy_data_policy.vars conditions := [ diff --git a/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/destination_dataset_id/policy.rego b/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/destination_dataset_id/policy.rego index 69f2a20d1..9364cac79 100644 --- a/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/destination_dataset_id/policy.rego +++ b/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/destination_dataset_id/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.bigquery_data_transfer.bigquery_data_transfer_config.destination_dataset_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.bigquery_data_transfer.bigquery_data_transfer_config.vars conditions := [ diff --git a/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/encryption_configuration/policy.rego b/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/encryption_configuration/policy.rego index 5d270815f..cad5666ae 100644 --- a/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/encryption_configuration/policy.rego +++ b/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/encryption_configuration/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.bigquery_data_transfer.bigquery_data_transfer_config.encryption_configuration -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.bigquery_data_transfer.bigquery_data_transfer_config.vars conditions := [ diff --git a/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/location/policy.rego b/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/location/policy.rego index a2c40e329..54bfc96d7 100644 --- a/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/location/policy.rego +++ b/policies/gcp/bigquery_data_transfer/bigquery_data_transfer_config/location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.bigquery_data_transfer.bigquery_data_transfer_config.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.bigquery_data_transfer.bigquery_data_transfer_config.vars conditions := [[ diff --git a/policies/gcp/binary_authorization/google_binary_authorization_attestor/public_keys/policy.rego b/policies/gcp/binary_authorization/google_binary_authorization_attestor/public_keys/policy.rego index ba7098a66..dcb5ff1e1 100644 --- a/policies/gcp/binary_authorization/google_binary_authorization_attestor/public_keys/policy.rego +++ b/policies/gcp/binary_authorization/google_binary_authorization_attestor/public_keys/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.binary_authorization.google_binary_authorization_attestor.public_keys -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.binary_authorization.google_binary_authorization_attestor.vars conditions := [ diff --git a/policies/gcp/binary_authorization/google_binary_authorization_attestor/signature_algorithm/policy.rego b/policies/gcp/binary_authorization/google_binary_authorization_attestor/signature_algorithm/policy.rego index d61975038..f43fd173e 100644 --- a/policies/gcp/binary_authorization/google_binary_authorization_attestor/signature_algorithm/policy.rego +++ b/policies/gcp/binary_authorization/google_binary_authorization_attestor/signature_algorithm/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.binary_authorization.google_binary_authorization_attestor.signature_algorithm -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.binary_authorization.google_binary_authorization_attestor.vars conditions := [ diff --git a/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/attestor_reference/policy.rego b/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/attestor_reference/policy.rego index c7537ada6..92a644db2 100644 --- a/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/attestor_reference/policy.rego +++ b/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/attestor_reference/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.binary_authorization.google_binary_authorization_attestor_iam.attestor_reference -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.binary_authorization.google_binary_authorization_attestor_iam.vars conditions := [ diff --git a/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/authorized_role/policy.rego b/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/authorized_role/policy.rego index fecc4d705..a2cd62334 100644 --- a/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/authorized_role/policy.rego +++ b/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/authorized_role/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.binary_authorization.google_binary_authorization_attestor_iam.authorized_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.binary_authorization.google_binary_authorization_attestor_iam.vars diff --git a/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/required_member/policy.rego b/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/required_member/policy.rego index ac2fe4432..5330beea1 100644 --- a/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/required_member/policy.rego +++ b/policies/gcp/binary_authorization/google_binary_authorization_attestor_iam/required_member/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.binary_authorization.google_binary_authorization_attestor_iam.required_member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.binary_authorization.google_binary_authorization_attestor_iam.vars conditions := [ diff --git a/policies/gcp/binary_authorization/google_binary_authorization_policy/audit_log_required/policy.rego b/policies/gcp/binary_authorization/google_binary_authorization_policy/audit_log_required/policy.rego index b916de481..55fd838c0 100644 --- a/policies/gcp/binary_authorization/google_binary_authorization_policy/audit_log_required/policy.rego +++ b/policies/gcp/binary_authorization/google_binary_authorization_policy/audit_log_required/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.binary_authorization.google_binary_authorization_policy.audit_log_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.binary_authorization.google_binary_authorization_policy.vars conditions := [ diff --git a/policies/gcp/binary_authorization/google_binary_authorization_policy/cluster_admission_rule/policy.rego b/policies/gcp/binary_authorization/google_binary_authorization_policy/cluster_admission_rule/policy.rego index 893a4a984..629d52fa7 100644 --- a/policies/gcp/binary_authorization/google_binary_authorization_policy/cluster_admission_rule/policy.rego +++ b/policies/gcp/binary_authorization/google_binary_authorization_policy/cluster_admission_rule/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.binary_authorization.google_binary_authorization_policy.cluster_admission_rule -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.binary_authorization.google_binary_authorization_policy.vars conditions := [ diff --git a/policies/gcp/binary_authorization/google_binary_authorization_policy/default_admission_rule/policy.rego b/policies/gcp/binary_authorization/google_binary_authorization_policy/default_admission_rule/policy.rego index 42ca4ab90..d2b55c235 100644 --- a/policies/gcp/binary_authorization/google_binary_authorization_policy/default_admission_rule/policy.rego +++ b/policies/gcp/binary_authorization/google_binary_authorization_policy/default_admission_rule/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.binary_authorization.google_binary_authorization_policy.default_admission_rule -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.binary_authorization.google_binary_authorization_policy.vars conditions := [ diff --git a/policies/gcp/binary_authorization/google_binary_authorization_policy/require_attestations_by/policy.rego b/policies/gcp/binary_authorization/google_binary_authorization_policy/require_attestations_by/policy.rego index d77f2d632..746a8f00f 100644 --- a/policies/gcp/binary_authorization/google_binary_authorization_policy/require_attestations_by/policy.rego +++ b/policies/gcp/binary_authorization/google_binary_authorization_policy/require_attestations_by/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.binary_authorization.google_binary_authorization_policy.require_attestations_by -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.binary_authorization.google_binary_authorization_policy.vars conditions := [ diff --git a/policies/gcp/chronicle/chronicle_rule/allowed_location/policy.rego b/policies/gcp/chronicle/chronicle_rule/allowed_location/policy.rego index 1a41971d3..2ecfcce2d 100644 --- a/policies/gcp/chronicle/chronicle_rule/allowed_location/policy.rego +++ b/policies/gcp/chronicle/chronicle_rule/allowed_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.chronicle.chronicle_rule.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.chronicle_rule.vars diff --git a/policies/gcp/chronicle/chronicle_rule/allowed_scope/policy.rego b/policies/gcp/chronicle/chronicle_rule/allowed_scope/policy.rego index fecf9bc20..1a58097dd 100644 --- a/policies/gcp/chronicle/chronicle_rule/allowed_scope/policy.rego +++ b/policies/gcp/chronicle/chronicle_rule/allowed_scope/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.chronicle.chronicle_rule.allowed_scope -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.chronicle_rule.vars conditions := [ diff --git a/policies/gcp/chronicle/data_access_label/allowed_location/policy.rego b/policies/gcp/chronicle/data_access_label/allowed_location/policy.rego index 5375b0632..5561b5749 100644 --- a/policies/gcp/chronicle/data_access_label/allowed_location/policy.rego +++ b/policies/gcp/chronicle/data_access_label/allowed_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.chronicle.data_access_label.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.data_access_label.vars diff --git a/policies/gcp/chronicle/data_access_label/udm_query/policy.rego b/policies/gcp/chronicle/data_access_label/udm_query/policy.rego index d4ca10171..76d215f64 100644 --- a/policies/gcp/chronicle/data_access_label/udm_query/policy.rego +++ b/policies/gcp/chronicle/data_access_label/udm_query/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.chronicle.data_access_label.udm_query -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.data_access_label.vars conditions := [ diff --git a/policies/gcp/chronicle/data_access_scope/allowed_location/policy.rego b/policies/gcp/chronicle/data_access_scope/allowed_location/policy.rego index b6a9d4b11..a971640fc 100644 --- a/policies/gcp/chronicle/data_access_scope/allowed_location/policy.rego +++ b/policies/gcp/chronicle/data_access_scope/allowed_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.chronicle.data_access_scope.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.data_access_scope.vars diff --git a/policies/gcp/chronicle/data_access_scope/secure_data_access_scope_configuration/policy.rego b/policies/gcp/chronicle/data_access_scope/secure_data_access_scope_configuration/policy.rego index 74838379e..be90b1287 100644 --- a/policies/gcp/chronicle/data_access_scope/secure_data_access_scope_configuration/policy.rego +++ b/policies/gcp/chronicle/data_access_scope/secure_data_access_scope_configuration/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.chronicle.data_access_scope.secure_data_access_scope_configuration -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.data_access_scope.vars conditions := [ diff --git a/policies/gcp/chronicle/reference_list/allowed_location/policy.rego b/policies/gcp/chronicle/reference_list/allowed_location/policy.rego index 5a76c17b5..1e0a30228 100644 --- a/policies/gcp/chronicle/reference_list/allowed_location/policy.rego +++ b/policies/gcp/chronicle/reference_list/allowed_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.chronicle.reference_list.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.reference_list.vars diff --git a/policies/gcp/chronicle/retrohunt/allowed_location/policy.rego b/policies/gcp/chronicle/retrohunt/allowed_location/policy.rego index 3082a7cc3..9f66c36a1 100644 --- a/policies/gcp/chronicle/retrohunt/allowed_location/policy.rego +++ b/policies/gcp/chronicle/retrohunt/allowed_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.chronicle.retrohunt.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.retrohunt.vars diff --git a/policies/gcp/chronicle/rule_deployment/allowed_location/policy.rego b/policies/gcp/chronicle/rule_deployment/allowed_location/policy.rego index e2406a2ea..df02096ef 100644 --- a/policies/gcp/chronicle/rule_deployment/allowed_location/policy.rego +++ b/policies/gcp/chronicle/rule_deployment/allowed_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.chronicle.rule_deployment.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.rule_deployment.vars diff --git a/policies/gcp/chronicle/rule_deployment/detect_alerts/policy.rego b/policies/gcp/chronicle/rule_deployment/detect_alerts/policy.rego index d9770bff6..88ad8aada 100644 --- a/policies/gcp/chronicle/rule_deployment/detect_alerts/policy.rego +++ b/policies/gcp/chronicle/rule_deployment/detect_alerts/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.chronicle.rule_deployment.detect_alerts -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.rule_deployment.vars conditions := [ diff --git a/policies/gcp/chronicle/rule_deployment/rule_deployment_enabled/policy.rego b/policies/gcp/chronicle/rule_deployment/rule_deployment_enabled/policy.rego index a40559d61..21fd54d7c 100644 --- a/policies/gcp/chronicle/rule_deployment/rule_deployment_enabled/policy.rego +++ b/policies/gcp/chronicle/rule_deployment/rule_deployment_enabled/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.chronicle.rule_deployment.rule_deployment_enabled -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.rule_deployment.vars conditions := [ diff --git a/policies/gcp/chronicle/watchlist/allowed_location/policy.rego b/policies/gcp/chronicle/watchlist/allowed_location/policy.rego index 69d245368..5eacf435a 100644 --- a/policies/gcp/chronicle/watchlist/allowed_location/policy.rego +++ b/policies/gcp/chronicle/watchlist/allowed_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.chronicle.watchlist.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.watchlist.vars diff --git a/policies/gcp/chronicle/watchlist/disallow_manual_entity_population/policy.rego b/policies/gcp/chronicle/watchlist/disallow_manual_entity_population/policy.rego index 5bf2925a7..4920351f6 100644 --- a/policies/gcp/chronicle/watchlist/disallow_manual_entity_population/policy.rego +++ b/policies/gcp/chronicle/watchlist/disallow_manual_entity_population/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.chronicle.watchlist.disallow_manual_entity_population -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.watchlist.vars conditions := [ diff --git a/policies/gcp/chronicle/watchlist/multiplying_factor/policy.rego b/policies/gcp/chronicle/watchlist/multiplying_factor/policy.rego index 35a5e8e31..c35b493e0 100644 --- a/policies/gcp/chronicle/watchlist/multiplying_factor/policy.rego +++ b/policies/gcp/chronicle/watchlist/multiplying_factor/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.chronicle.watchlist.multiplying_factor -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.chronicle.watchlist.vars conditions := [ diff --git a/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/create_policy/policy.rego b/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/create_policy/policy.rego index e24a64404..f1561387d 100644 --- a/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/create_policy/policy.rego +++ b/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/create_policy/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.cloud_deployment_manager.google_deployment_manager_deployment.create_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_deployment_manager.google_deployment_manager_deployment.vars conditions := [ diff --git a/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/delete_policy/policy.rego b/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/delete_policy/policy.rego index 2b3abc2f9..86e59754f 100644 --- a/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/delete_policy/policy.rego +++ b/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/delete_policy/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.cloud_deployment_manager.google_deployment_manager_deployment.delete_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_deployment_manager.google_deployment_manager_deployment.vars conditions := [ diff --git a/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/preview/policy.rego b/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/preview/policy.rego index 2863dc9cc..b14bcf607 100644 --- a/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/preview/policy.rego +++ b/policies/gcp/cloud_deployment_manager/google_deployment_manager_deployment/preview/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.cloud_deployment_manager.google_deployment_manager_deployment.preview -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_deployment_manager.google_deployment_manager_deployment.vars conditions := [ diff --git a/policies/gcp/cloud_platform_service/google_folder/deletion_protection/policy.rego b/policies/gcp/cloud_platform_service/google_folder/deletion_protection/policy.rego index 4e0a2bdc3..4df1d91f3 100644 --- a/policies/gcp/cloud_platform_service/google_folder/deletion_protection/policy.rego +++ b/policies/gcp/cloud_platform_service/google_folder/deletion_protection/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_folder.deletion_protection -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_folder.vars conditions := [ diff --git a/policies/gcp/cloud_platform_service/google_folder_iam_audit_config/audit_config/policy.rego b/policies/gcp/cloud_platform_service/google_folder_iam_audit_config/audit_config/policy.rego index dfc10ddc1..c1151fc68 100644 --- a/policies/gcp/cloud_platform_service/google_folder_iam_audit_config/audit_config/policy.rego +++ b/policies/gcp/cloud_platform_service/google_folder_iam_audit_config/audit_config/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.cloud_platform_service.google_folder_iam_audit_config.audit_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_folder_iam_audit_config.vars diff --git a/policies/gcp/cloud_platform_service/google_folder_iam_binding/iam_binding/policy.rego b/policies/gcp/cloud_platform_service/google_folder_iam_binding/iam_binding/policy.rego index c51253fec..349f679fe 100644 --- a/policies/gcp/cloud_platform_service/google_folder_iam_binding/iam_binding/policy.rego +++ b/policies/gcp/cloud_platform_service/google_folder_iam_binding/iam_binding/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.cloud_platform_service.google_folder_iam_binding.iam_binding -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_folder_iam_binding.vars conditions := [ diff --git a/policies/gcp/cloud_platform_service/google_folder_iam_member/iam_member/policy.rego b/policies/gcp/cloud_platform_service/google_folder_iam_member/iam_member/policy.rego index f4ba282ba..4a3230cb0 100644 --- a/policies/gcp/cloud_platform_service/google_folder_iam_member/iam_member/policy.rego +++ b/policies/gcp/cloud_platform_service/google_folder_iam_member/iam_member/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.cloud_platform_service.google_folder_iam_member.iam_member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_folder_iam_member.vars conditions := [ diff --git a/policies/gcp/cloud_platform_service/google_folder_iam_policy/policy_data/policy.rego b/policies/gcp/cloud_platform_service/google_folder_iam_policy/policy_data/policy.rego index 55fceb196..168a7d062 100644 --- a/policies/gcp/cloud_platform_service/google_folder_iam_policy/policy_data/policy.rego +++ b/policies/gcp/cloud_platform_service/google_folder_iam_policy/policy_data/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.cloud_platform_service.google_folder_iam_policy.policy_data -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_folder_iam_policy.vars conditions := [ diff --git a/policies/gcp/cloud_platform_service/google_folder_organization_policy/constraint/policy.rego b/policies/gcp/cloud_platform_service/google_folder_organization_policy/constraint/policy.rego index c52010820..82f7afed2 100644 --- a/policies/gcp/cloud_platform_service/google_folder_organization_policy/constraint/policy.rego +++ b/policies/gcp/cloud_platform_service/google_folder_organization_policy/constraint/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.cloud_platform_service.google_folder_organization_policy.constraint -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_folder_organization_policy.vars conditions := [ diff --git a/policies/gcp/cloud_platform_service/google_organization_iam_custom_role/stage/policy.rego b/policies/gcp/cloud_platform_service/google_organization_iam_custom_role/stage/policy.rego index 0fe5a7537..986a19a1d 100644 --- a/policies/gcp/cloud_platform_service/google_organization_iam_custom_role/stage/policy.rego +++ b/policies/gcp/cloud_platform_service/google_organization_iam_custom_role/stage/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_organization_iam_custom_role.stage -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_organization_iam_custom_role.vars conditions := [ diff --git a/policies/gcp/cloud_platform_service/google_project/auto_create_network/policy.rego b/policies/gcp/cloud_platform_service/google_project/auto_create_network/policy.rego index 6dae29fc6..c9eef85a6 100644 --- a/policies/gcp/cloud_platform_service/google_project/auto_create_network/policy.rego +++ b/policies/gcp/cloud_platform_service/google_project/auto_create_network/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_project.auto_create_network -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_project.vars # Enforce: auto_create_network must be false diff --git a/policies/gcp/cloud_platform_service/google_project/billing_account/policy.rego b/policies/gcp/cloud_platform_service/google_project/billing_account/policy.rego index 811d428ab..539f221db 100644 --- a/policies/gcp/cloud_platform_service/google_project/billing_account/policy.rego +++ b/policies/gcp/cloud_platform_service/google_project/billing_account/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_project.billing_account -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_project.vars # Flag projects that have no billing account attached diff --git a/policies/gcp/cloud_platform_service/google_project/deletion_policy/policy.rego b/policies/gcp/cloud_platform_service/google_project/deletion_policy/policy.rego index 36b7e0c02..252e4cd8c 100644 --- a/policies/gcp/cloud_platform_service/google_project/deletion_policy/policy.rego +++ b/policies/gcp/cloud_platform_service/google_project/deletion_policy/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_project.deletion_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_project.vars # Enforce deletion guard at the project level diff --git a/policies/gcp/cloud_platform_service/google_project/labels/policy.rego b/policies/gcp/cloud_platform_service/google_project/labels/policy.rego index 4f10d7fa7..3b55097d7 100644 --- a/policies/gcp/cloud_platform_service/google_project/labels/policy.rego +++ b/policies/gcp/cloud_platform_service/google_project/labels/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_project.labels -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_project.vars conditions := [ diff --git a/policies/gcp/cloud_platform_service/google_project/org_id/policy.rego b/policies/gcp/cloud_platform_service/google_project/org_id/policy.rego index c7bf2001e..ccc48f5ad 100644 --- a/policies/gcp/cloud_platform_service/google_project/org_id/policy.rego +++ b/policies/gcp/cloud_platform_service/google_project/org_id/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_project.org_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_project.vars # Non-compliant when BOTH org_id and folder_id are null. diff --git a/policies/gcp/cloud_platform_service/google_project/project_id/policy.rego b/policies/gcp/cloud_platform_service/google_project/project_id/policy.rego index e792196d7..234fa25c4 100644 --- a/policies/gcp/cloud_platform_service/google_project/project_id/policy.rego +++ b/policies/gcp/cloud_platform_service/google_project/project_id/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_project.project_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_project.vars diff --git a/policies/gcp/cloud_platform_service/google_project/tags/policy.rego b/policies/gcp/cloud_platform_service/google_project/tags/policy.rego index 14de4f98a..11a7f42ae 100644 --- a/policies/gcp/cloud_platform_service/google_project/tags/policy.rego +++ b/policies/gcp/cloud_platform_service/google_project/tags/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_project.tags -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_project.vars # Require env tag with an approved value diff --git a/policies/gcp/cloud_platform_service/google_project_default_service_accounts/action/policy.rego b/policies/gcp/cloud_platform_service/google_project_default_service_accounts/action/policy.rego index b6e764c5f..50590cd61 100644 --- a/policies/gcp/cloud_platform_service/google_project_default_service_accounts/action/policy.rego +++ b/policies/gcp/cloud_platform_service/google_project_default_service_accounts/action/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_project_default_service_accounts.action -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_project_default_service_accounts.vars diff --git a/policies/gcp/cloud_platform_service/google_project_service/service/policy.rego b/policies/gcp/cloud_platform_service/google_project_service/service/policy.rego index 6db8e1a8a..aa70bc377 100644 --- a/policies/gcp/cloud_platform_service/google_project_service/service/policy.rego +++ b/policies/gcp/cloud_platform_service/google_project_service/service/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_project_service.service -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_project_service.vars diff --git a/policies/gcp/cloud_platform_service/google_service_account/account_id/policy.rego b/policies/gcp/cloud_platform_service/google_service_account/account_id/policy.rego index 40e4203da..6e8c3639a 100644 --- a/policies/gcp/cloud_platform_service/google_service_account/account_id/policy.rego +++ b/policies/gcp/cloud_platform_service/google_service_account/account_id/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_service_account.account_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_service_account.vars # (account_id) – single, simple blacklist diff --git a/policies/gcp/cloud_platform_service/google_service_account/description/policy.rego b/policies/gcp/cloud_platform_service/google_service_account/description/policy.rego index 41a2d9af9..baee0987f 100644 --- a/policies/gcp/cloud_platform_service/google_service_account/description/policy.rego +++ b/policies/gcp/cloud_platform_service/google_service_account/description/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_service_account.description -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_service_account.vars # Description must not be empty diff --git a/policies/gcp/cloud_platform_service/google_service_account/disabled/policy.rego b/policies/gcp/cloud_platform_service/google_service_account/disabled/policy.rego index 0eb7ceece..40b309320 100644 --- a/policies/gcp/cloud_platform_service/google_service_account/disabled/policy.rego +++ b/policies/gcp/cloud_platform_service/google_service_account/disabled/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_service_account.disabled -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_service_account.vars # Disabled on creation – boolean true (not string) diff --git a/policies/gcp/cloud_platform_service/google_service_account/display_name/policy.rego b/policies/gcp/cloud_platform_service/google_service_account/display_name/policy.rego index 2528969e2..f4a14edf4 100644 --- a/policies/gcp/cloud_platform_service/google_service_account/display_name/policy.rego +++ b/policies/gcp/cloud_platform_service/google_service_account/display_name/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_service_account.display_name -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_service_account.vars # (display_name) – exact matches only diff --git a/policies/gcp/cloud_platform_service/google_service_account_key/exposure/policy.rego b/policies/gcp/cloud_platform_service/google_service_account_key/exposure/policy.rego index bef9c4c3d..5652c8a78 100644 --- a/policies/gcp/cloud_platform_service/google_service_account_key/exposure/policy.rego +++ b/policies/gcp/cloud_platform_service/google_service_account_key/exposure/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_platform_service.google_service_account_key.exposure -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_platform_service.google_service_account_key.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_anywhere_cache/zone_whitelist/policy.rego b/policies/gcp/cloud_storage/google_storage_anywhere_cache/zone_whitelist/policy.rego index b9cb93447..c9c997b8d 100644 --- a/policies/gcp/cloud_storage/google_storage_anywhere_cache/zone_whitelist/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_anywhere_cache/zone_whitelist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_anywhere_cache.zone_whitelist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_anywhere_cache.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket/allowed_location/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket/allowed_location/policy.rego index 9fe1f5056..97cfb1fae 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket/allowed_location/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket/block_broad_cors/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket/block_broad_cors/policy.rego index 7fc6d3bd3..8274a6488 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket/block_broad_cors/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket/block_broad_cors/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket.block_broad_cors -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket.vars diff --git a/policies/gcp/cloud_storage/google_storage_bucket/encryption/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket/encryption/policy.rego index 2b024ebb5..8b4b1d0fa 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket/encryption/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket/encryption/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket.encryption -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket/force_destroy/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket/force_destroy/policy.rego index 6ff2df4ea..fbe8f4bea 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket/force_destroy/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket/force_destroy/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket.force_destroy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket.vars diff --git a/policies/gcp/cloud_storage/google_storage_bucket/public_access_prevention/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket/public_access_prevention/policy.rego index 8fb904b17..c2f279daa 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket/public_access_prevention/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket/public_ip_filter/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket/public_ip_filter/policy.rego index 33b338a19..46f1e3be2 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket/public_ip_filter/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket/public_ip_filter/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket.public_ip_filter -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket/retention_lock/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket/retention_lock/policy.rego index 9d857be89..6b99f54b5 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket/retention_lock/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket/retention_lock/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket.retention_lock -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket/retention_period/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket/retention_period/policy.rego index 8503f307c..f4668de17 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket/retention_period/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket/retention_period/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket.retention_period -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket/uniform_bucket_level_access/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket/uniform_bucket_level_access/policy.rego index bb02011da..469d3714e 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket/uniform_bucket_level_access/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket/uniform_bucket_level_access/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket.uniform_bucket_level_access -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket_access_control/public_entity_blacklist/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket_access_control/public_entity_blacklist/policy.rego index 9a50b4c5e..f34dd3d21 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket_access_control/public_entity_blacklist/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket_access_control/public_entity_blacklist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket_access_control.public_entity_blacklist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket_access_control.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket_acl/block_default_acl/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket_acl/block_default_acl/policy.rego index aa50ddd16..7918dd463 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket_acl/block_default_acl/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket_acl/block_default_acl/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket_acl.block_default_acl -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket_acl.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket_acl/role_entity_required/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket_acl/role_entity_required/policy.rego index 1b488108e..d6b63037a 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket_acl/role_entity_required/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket_acl/role_entity_required/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket_acl.role_entity_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket_acl.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket_iam_binding/public_access_prevention/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket_iam_binding/public_access_prevention/policy.rego index e2aa9b6f5..8762358be 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket_iam_binding/public_access_prevention/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket_iam_binding/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket_iam_binding.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket_iam_binding.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket_iam_member/public_access_prevention/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket_iam_member/public_access_prevention/policy.rego index d85edfc2d..09f74fe2e 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket_iam_member/public_access_prevention/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket_iam_member/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket_iam_member.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket_iam_member.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_bucket_object/encryption/policy.rego b/policies/gcp/cloud_storage/google_storage_bucket_object/encryption/policy.rego index 1c19e4825..d4de42c00 100644 --- a/policies/gcp/cloud_storage/google_storage_bucket_object/encryption/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_bucket_object/encryption/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_bucket_object.encryption -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_bucket_object.vars diff --git a/policies/gcp/cloud_storage/google_storage_default_object_access_control/public_access_prevention/policy.rego b/policies/gcp/cloud_storage/google_storage_default_object_access_control/public_access_prevention/policy.rego index c6a64dc20..6fd4c16f2 100644 --- a/policies/gcp/cloud_storage/google_storage_default_object_access_control/public_access_prevention/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_default_object_access_control/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_default_object_access_control.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_default_object_access_control.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_default_object_acl/public_access_prevention/policy.rego b/policies/gcp/cloud_storage/google_storage_default_object_acl/public_access_prevention/policy.rego index a9aacfe71..d978e13b3 100644 --- a/policies/gcp/cloud_storage/google_storage_default_object_acl/public_access_prevention/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_default_object_acl/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_default_object_acl.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_default_object_acl.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_folder/force_destroy/policy.rego b/policies/gcp/cloud_storage/google_storage_folder/force_destroy/policy.rego index 6e37d3644..4fcd71667 100644 --- a/policies/gcp/cloud_storage/google_storage_folder/force_destroy/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_folder/force_destroy/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_folder.force_destroy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_folder.vars diff --git a/policies/gcp/cloud_storage/google_storage_managed_folder/force_destroy/policy.rego b/policies/gcp/cloud_storage/google_storage_managed_folder/force_destroy/policy.rego index 09c5d1e42..b98d2f6f6 100644 --- a/policies/gcp/cloud_storage/google_storage_managed_folder/force_destroy/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_managed_folder/force_destroy/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_managed_folder.force_destroy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_managed_folder.vars diff --git a/policies/gcp/cloud_storage/google_storage_managed_folder_iam_binding/public_access_prevention/policy.rego b/policies/gcp/cloud_storage/google_storage_managed_folder_iam_binding/public_access_prevention/policy.rego index 0af5c6785..4977f63b5 100644 --- a/policies/gcp/cloud_storage/google_storage_managed_folder_iam_binding/public_access_prevention/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_managed_folder_iam_binding/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_managed_folder_iam_binding.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_managed_folder_iam_binding.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_managed_folder_iam_member/public_access_prevention/policy.rego b/policies/gcp/cloud_storage/google_storage_managed_folder_iam_member/public_access_prevention/policy.rego index 97b046df8..ad0c92b36 100644 --- a/policies/gcp/cloud_storage/google_storage_managed_folder_iam_member/public_access_prevention/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_managed_folder_iam_member/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_managed_folder_iam_member.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_managed_folder_iam_member.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_object_access_control/public_access_prevention/policy.rego b/policies/gcp/cloud_storage/google_storage_object_access_control/public_access_prevention/policy.rego index 5770db248..d13f814ab 100644 --- a/policies/gcp/cloud_storage/google_storage_object_access_control/public_access_prevention/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_object_access_control/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_object_access_control.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_object_access_control.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_object_acl/predefined_acl/policy.rego b/policies/gcp/cloud_storage/google_storage_object_acl/predefined_acl/policy.rego index 7f714409d..782cf1c82 100644 --- a/policies/gcp/cloud_storage/google_storage_object_acl/predefined_acl/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_object_acl/predefined_acl/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_object_acl.predefined_acl -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_object_acl.vars conditions := [ diff --git a/policies/gcp/cloud_storage/google_storage_object_acl/public_access_prevention/policy.rego b/policies/gcp/cloud_storage/google_storage_object_acl/public_access_prevention/policy.rego index f4985dff5..7f26990b3 100644 --- a/policies/gcp/cloud_storage/google_storage_object_acl/public_access_prevention/policy.rego +++ b/policies/gcp/cloud_storage/google_storage_object_acl/public_access_prevention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage.google_storage_object_acl.public_access_prevention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage.google_storage_object_acl.vars conditions := [ diff --git a/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/disallow_permanent_object_deletion/policy.rego b/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/disallow_permanent_object_deletion/policy.rego index ba8668e40..bab3b9788 100644 --- a/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/disallow_permanent_object_deletion/policy.rego +++ b/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/disallow_permanent_object_deletion/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage_batch_operations.google_storage_batch_operations_job.disallow_permanent_object_deletion -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage_batch_operations.google_storage_batch_operations_job.vars conditions := [[ diff --git a/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/forbid_unsetting_object_holds/policy.rego b/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/forbid_unsetting_object_holds/policy.rego index 3c8c45668..a85d4f4c6 100644 --- a/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/forbid_unsetting_object_holds/policy.rego +++ b/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/forbid_unsetting_object_holds/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage_batch_operations.google_storage_batch_operations_job.forbid_unsetting_object_holds -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage_batch_operations.google_storage_batch_operations_job.vars conditions := [[ diff --git a/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/require_scope_prefix_or_manifest/policy.rego b/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/require_scope_prefix_or_manifest/policy.rego index 3844f9245..ed8c0c734 100644 --- a/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/require_scope_prefix_or_manifest/policy.rego +++ b/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/require_scope_prefix_or_manifest/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage_batch_operations.google_storage_batch_operations_job.require_scope_prefix_or_manifest -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage_batch_operations.google_storage_batch_operations_job.vars conditions := [[ diff --git a/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/rewrite_requires_cmek/policy.rego b/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/rewrite_requires_cmek/policy.rego index e6860eef4..97b0d2f6b 100644 --- a/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/rewrite_requires_cmek/policy.rego +++ b/policies/gcp/cloud_storage_batch_operations/google_storage_batch_operations_job/rewrite_requires_cmek/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_storage_batch_operations.google_storage_batch_operations_job.rewrite_requires_cmek -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_storage_batch_operations.google_storage_batch_operations_job.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/external_access_rule/block_broad_external_access/policy.rego b/policies/gcp/cloud_vmware_engine/external_access_rule/block_broad_external_access/policy.rego index 3573382b0..0bd09548f 100644 --- a/policies/gcp/cloud_vmware_engine/external_access_rule/block_broad_external_access/policy.rego +++ b/policies/gcp/cloud_vmware_engine/external_access_rule/block_broad_external_access/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.external_access_rule.block_broad_external_access -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.external_access_rule.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/network/allowed_location/policy.rego b/policies/gcp/cloud_vmware_engine/network/allowed_location/policy.rego index 9d4888feb..a6331bd21 100644 --- a/policies/gcp/cloud_vmware_engine/network/allowed_location/policy.rego +++ b/policies/gcp/cloud_vmware_engine/network/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.network.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.network.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/network/block_legacy/policy.rego b/policies/gcp/cloud_vmware_engine/network/block_legacy/policy.rego index 0d6288dc4..c91e8148c 100644 --- a/policies/gcp/cloud_vmware_engine/network/block_legacy/policy.rego +++ b/policies/gcp/cloud_vmware_engine/network/block_legacy/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.network.block_legacy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.network.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/network_peering/block_custom_routes/policy.rego b/policies/gcp/cloud_vmware_engine/network_peering/block_custom_routes/policy.rego index 877d572f3..d7e1c6bf0 100644 --- a/policies/gcp/cloud_vmware_engine/network_peering/block_custom_routes/policy.rego +++ b/policies/gcp/cloud_vmware_engine/network_peering/block_custom_routes/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.network_peering.block_custom_routes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.network_peering.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/network_peering/block_thirdparty/policy.rego b/policies/gcp/cloud_vmware_engine/network_peering/block_thirdparty/policy.rego index b85994995..1a827da1a 100644 --- a/policies/gcp/cloud_vmware_engine/network_peering/block_thirdparty/policy.rego +++ b/policies/gcp/cloud_vmware_engine/network_peering/block_thirdparty/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.network_peering.block_thirdparty -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.network_peering.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/network_policy/allowed_location/policy.rego b/policies/gcp/cloud_vmware_engine/network_policy/allowed_location/policy.rego index ae65b5c56..5c5eddf20 100644 --- a/policies/gcp/cloud_vmware_engine/network_policy/allowed_location/policy.rego +++ b/policies/gcp/cloud_vmware_engine/network_policy/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.network_policy.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.network_policy.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/network_policy/block_external_ip/policy.rego b/policies/gcp/cloud_vmware_engine/network_policy/block_external_ip/policy.rego index 3c9af1784..537ff3184 100644 --- a/policies/gcp/cloud_vmware_engine/network_policy/block_external_ip/policy.rego +++ b/policies/gcp/cloud_vmware_engine/network_policy/block_external_ip/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.network_policy.block_external_ip -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.network_policy.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/network_policy/block_internet_access/policy.rego b/policies/gcp/cloud_vmware_engine/network_policy/block_internet_access/policy.rego index d70129f9e..1573f7656 100644 --- a/policies/gcp/cloud_vmware_engine/network_policy/block_internet_access/policy.rego +++ b/policies/gcp/cloud_vmware_engine/network_policy/block_internet_access/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.network_policy.block_internet_access -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.network_policy.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/private_cloud/allowed_location/policy.rego b/policies/gcp/cloud_vmware_engine/private_cloud/allowed_location/policy.rego index 387182037..9461e7178 100644 --- a/policies/gcp/cloud_vmware_engine/private_cloud/allowed_location/policy.rego +++ b/policies/gcp/cloud_vmware_engine/private_cloud/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.private_cloud.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.private_cloud.vars conditions := [[ diff --git a/policies/gcp/cloud_vmware_engine/private_cloud/zonal_location/policy.rego b/policies/gcp/cloud_vmware_engine/private_cloud/zonal_location/policy.rego index 1942244c7..a126c701f 100644 --- a/policies/gcp/cloud_vmware_engine/private_cloud/zonal_location/policy.rego +++ b/policies/gcp/cloud_vmware_engine/private_cloud/zonal_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.cloud_vmware_engine.private_cloud.zonal_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.cloud_vmware_engine.private_cloud.vars conditions := [[ diff --git a/policies/gcp/connection/policy.rego b/policies/gcp/connection/policy.rego index 529a611f8..42c5e0ffb 100644 --- a/policies/gcp/connection/policy.rego +++ b/policies/gcp/connection/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.service_networking.connection -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.service_networking.connection.vars allowed_ranges := vars.variables["allowed_ip_ranges"] diff --git a/policies/gcp/database_migration_service/connection_profile/cloudsql_authorized_networks/policy.rego b/policies/gcp/database_migration_service/connection_profile/cloudsql_authorized_networks/policy.rego index 3365324b5..25e9f357d 100644 --- a/policies/gcp/database_migration_service/connection_profile/cloudsql_authorized_networks/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/cloudsql_authorized_networks/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.cloudsql_authorized_networks -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/connection_profile/cloudsql_cmek/policy.rego b/policies/gcp/database_migration_service/connection_profile/cloudsql_cmek/policy.rego index a8713d908..81b3243b3 100644 --- a/policies/gcp/database_migration_service/connection_profile/cloudsql_cmek/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/cloudsql_cmek/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.cloudsql_cmek -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/connection_profile/cloudsql_private_network/policy.rego b/policies/gcp/database_migration_service/connection_profile/cloudsql_private_network/policy.rego index c9c6bfe8b..474d289c4 100644 --- a/policies/gcp/database_migration_service/connection_profile/cloudsql_private_network/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/cloudsql_private_network/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.cloudsql_private_network -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/connection_profile/cloudsql_require_ssl/policy.rego b/policies/gcp/database_migration_service/connection_profile/cloudsql_require_ssl/policy.rego index 2a97fec51..7842690d1 100644 --- a/policies/gcp/database_migration_service/connection_profile/cloudsql_require_ssl/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/cloudsql_require_ssl/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.cloudsql_require_ssl -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/connection_profile/forward_ssh_connectivity/policy.rego b/policies/gcp/database_migration_service/connection_profile/forward_ssh_connectivity/policy.rego index a1fe36aae..76ac441d3 100644 --- a/policies/gcp/database_migration_service/connection_profile/forward_ssh_connectivity/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/forward_ssh_connectivity/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.forward_ssh_connectivity -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/connection_profile/location/policy.rego b/policies/gcp/database_migration_service/connection_profile/location/policy.rego index 58a90793d..c03ef0186 100644 --- a/policies/gcp/database_migration_service/connection_profile/location/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/connection_profile/mysql_ssl_type/policy.rego b/policies/gcp/database_migration_service/connection_profile/mysql_ssl_type/policy.rego index db3f826d2..ebddf4e70 100644 --- a/policies/gcp/database_migration_service/connection_profile/mysql_ssl_type/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/mysql_ssl_type/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.mysql_ssl_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/connection_profile/postgresql_ssl_type/policy.rego b/policies/gcp/database_migration_service/connection_profile/postgresql_ssl_type/policy.rego index 5618d00b9..a2e0082f6 100644 --- a/policies/gcp/database_migration_service/connection_profile/postgresql_ssl_type/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/postgresql_ssl_type/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.postgresql_ssl_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/connection_profile/private_connectivity/policy.rego b/policies/gcp/database_migration_service/connection_profile/private_connectivity/policy.rego index b10e0f401..816e76ca1 100644 --- a/policies/gcp/database_migration_service/connection_profile/private_connectivity/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/private_connectivity/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.private_connectivity -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/connection_profile/static_service_ip_connectivity/policy.rego b/policies/gcp/database_migration_service/connection_profile/static_service_ip_connectivity/policy.rego index 859c538e1..9679e875a 100644 --- a/policies/gcp/database_migration_service/connection_profile/static_service_ip_connectivity/policy.rego +++ b/policies/gcp/database_migration_service/connection_profile/static_service_ip_connectivity/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.connection_profile.static_service_ip_connectivity -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.connection_profile.vars conditions := [ diff --git a/policies/gcp/database_migration_service/migration_job/dump_type/policy.rego b/policies/gcp/database_migration_service/migration_job/dump_type/policy.rego index a1a9064ba..a67cd469a 100644 --- a/policies/gcp/database_migration_service/migration_job/dump_type/policy.rego +++ b/policies/gcp/database_migration_service/migration_job/dump_type/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.migration_job.dump_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.migration_job.vars conditions := [ diff --git a/policies/gcp/database_migration_service/migration_job/location/policy.rego b/policies/gcp/database_migration_service/migration_job/location/policy.rego index d67562e01..64e490f85 100644 --- a/policies/gcp/database_migration_service/migration_job/location/policy.rego +++ b/policies/gcp/database_migration_service/migration_job/location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.migration_job.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.migration_job.vars conditions := [ diff --git a/policies/gcp/database_migration_service/migration_job/reverse_ssh_connectivity/policy.rego b/policies/gcp/database_migration_service/migration_job/reverse_ssh_connectivity/policy.rego index b454d3e3f..79540fa49 100644 --- a/policies/gcp/database_migration_service/migration_job/reverse_ssh_connectivity/policy.rego +++ b/policies/gcp/database_migration_service/migration_job/reverse_ssh_connectivity/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.migration_job.reverse_ssh_connectivity -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.migration_job.vars conditions := [ diff --git a/policies/gcp/database_migration_service/migration_job/static_ip_connectivity/policy.rego b/policies/gcp/database_migration_service/migration_job/static_ip_connectivity/policy.rego index c193eb724..d545c9723 100644 --- a/policies/gcp/database_migration_service/migration_job/static_ip_connectivity/policy.rego +++ b/policies/gcp/database_migration_service/migration_job/static_ip_connectivity/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.migration_job.static_ip_connectivity -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.migration_job.vars conditions := [ diff --git a/policies/gcp/database_migration_service/migration_job/type/policy.rego b/policies/gcp/database_migration_service/migration_job/type/policy.rego index 14591cc44..af68e4e8f 100644 --- a/policies/gcp/database_migration_service/migration_job/type/policy.rego +++ b/policies/gcp/database_migration_service/migration_job/type/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.migration_job.type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.migration_job.vars conditions := [ diff --git a/policies/gcp/database_migration_service/migration_job/vpc_peering_connectivity/policy.rego b/policies/gcp/database_migration_service/migration_job/vpc_peering_connectivity/policy.rego index 95d5594cd..5af93b754 100644 --- a/policies/gcp/database_migration_service/migration_job/vpc_peering_connectivity/policy.rego +++ b/policies/gcp/database_migration_service/migration_job/vpc_peering_connectivity/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.migration_job.vpc_peering_connectivity -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.migration_job.vars conditions := [ diff --git a/policies/gcp/database_migration_service/private_connection/create_without_validation/policy.rego b/policies/gcp/database_migration_service/private_connection/create_without_validation/policy.rego index 3b8afadaf..1533d04fa 100644 --- a/policies/gcp/database_migration_service/private_connection/create_without_validation/policy.rego +++ b/policies/gcp/database_migration_service/private_connection/create_without_validation/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.private_connection.create_without_validation -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.private_connection.vars conditions := [ diff --git a/policies/gcp/database_migration_service/private_connection/location/policy.rego b/policies/gcp/database_migration_service/private_connection/location/policy.rego index 6465e5644..145185371 100644 --- a/policies/gcp/database_migration_service/private_connection/location/policy.rego +++ b/policies/gcp/database_migration_service/private_connection/location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.database_migration_service.private_connection.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.database_migration_service.private_connection.vars conditions := [ diff --git a/policies/gcp/dataform/google_dataform_repository/deletion_policy/policy.rego b/policies/gcp/dataform/google_dataform_repository/deletion_policy/policy.rego index c22071a6d..156d25ea5 100644 --- a/policies/gcp/dataform/google_dataform_repository/deletion_policy/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository/deletion_policy/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository.deletion_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository as repo # Disallow FORCE deletion policy on Dataform repositories. diff --git a/policies/gcp/dataform/google_dataform_repository/encryption/policy.rego b/policies/gcp/dataform/google_dataform_repository/encryption/policy.rego index 239cc32af..d003e127b 100644 --- a/policies/gcp/dataform/google_dataform_repository/encryption/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository/encryption/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository.encryption -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository as repo # Require CMEK on repositories (kms_key_name must be set) diff --git a/policies/gcp/dataform/google_dataform_repository/git_https_secret/policy.rego b/policies/gcp/dataform/google_dataform_repository/git_https_secret/policy.rego index ca1ecfff3..17eff93c1 100644 --- a/policies/gcp/dataform/google_dataform_repository/git_https_secret/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository/git_https_secret/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository.git_https_secret -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository as repo # Situation: If a Git remote is configured over HTTPS, diff --git a/policies/gcp/dataform/google_dataform_repository/git_required/policy.rego b/policies/gcp/dataform/google_dataform_repository/git_required/policy.rego index 928c909f8..ebd9b5f2f 100644 --- a/policies/gcp/dataform/google_dataform_repository/git_required/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository/git_required/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository.git_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository as repo # This policy enforces: if a repo configures git_remote_settings, diff --git a/policies/gcp/dataform/google_dataform_repository/git_ssh_auth/policy.rego b/policies/gcp/dataform/google_dataform_repository/git_ssh_auth/policy.rego index 87efc5e98..e0a9fcd07 100644 --- a/policies/gcp/dataform/google_dataform_repository/git_ssh_auth/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository/git_ssh_auth/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository.git_ssh_auth -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository as repo # This policy enforces: if a repo uses SSH authentication, diff --git a/policies/gcp/dataform/google_dataform_repository/labels_security_required/policy.rego b/policies/gcp/dataform/google_dataform_repository/labels_security_required/policy.rego index 81a8f5e04..3b75eb362 100644 --- a/policies/gcp/dataform/google_dataform_repository/labels_security_required/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository/labels_security_required/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository.labels_security_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository as repo # Security-oriented required labels diff --git a/policies/gcp/dataform/google_dataform_repository/region_allowlist/policy.rego b/policies/gcp/dataform/google_dataform_repository/region_allowlist/policy.rego index ffda7ba7f..71f939f12 100644 --- a/policies/gcp/dataform/google_dataform_repository/region_allowlist/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository/region_allowlist/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository.region_allowlist -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository as repo # Adjust the allowlist as needed diff --git a/policies/gcp/dataform/google_dataform_repository_iam/iam_no_public/policy.rego b/policies/gcp/dataform/google_dataform_repository_iam/iam_no_public/policy.rego index e79ef88bf..2ad86da13 100644 --- a/policies/gcp/dataform/google_dataform_repository_iam/iam_no_public/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository_iam/iam_no_public/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository_iam.iam_no_public -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository_iam as repo # Disallow public principals on repository IAM bindings diff --git a/policies/gcp/dataform/google_dataform_repository_release_config/cron_required/policy.rego b/policies/gcp/dataform/google_dataform_repository_release_config/cron_required/policy.rego index 642a99a60..63df6e5ba 100644 --- a/policies/gcp/dataform/google_dataform_repository_release_config/cron_required/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository_release_config/cron_required/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository_release_config.cron_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository_release_config as repo conditions := [ diff --git a/policies/gcp/dataform/google_dataform_repository_workflow_config/service_account_required/policy.rego b/policies/gcp/dataform/google_dataform_repository_workflow_config/service_account_required/policy.rego index a8cf03872..4f230fdab 100644 --- a/policies/gcp/dataform/google_dataform_repository_workflow_config/service_account_required/policy.rego +++ b/policies/gcp/dataform/google_dataform_repository_workflow_config/service_account_required/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataform.google_dataform_repository_workflow_config.service_account_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataform.google_dataform_repository_workflow_config as repo # Require a service account in invocation_config diff --git a/policies/gcp/dataproc_metastore/federation/deletion_protection/policy.rego b/policies/gcp/dataproc_metastore/federation/deletion_protection/policy.rego index 6ae2ace03..f897be2d7 100644 --- a/policies/gcp/dataproc_metastore/federation/deletion_protection/policy.rego +++ b/policies/gcp/dataproc_metastore/federation/deletion_protection/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataproc_metastore.federation.deletion_protection -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.federation.vars conditions := [ diff --git a/policies/gcp/dataproc_metastore/federation/location/policy.rego b/policies/gcp/dataproc_metastore/federation/location/policy.rego index 9f8604e17..b99abea13 100644 --- a/policies/gcp/dataproc_metastore/federation/location/policy.rego +++ b/policies/gcp/dataproc_metastore/federation/location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.dataproc_metastore.federation.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.federation.vars conditions := [ diff --git a/policies/gcp/dataproc_metastore/federation/metastore_type/policy.rego b/policies/gcp/dataproc_metastore/federation/metastore_type/policy.rego index a5015e47e..3ba841ed9 100644 --- a/policies/gcp/dataproc_metastore/federation/metastore_type/policy.rego +++ b/policies/gcp/dataproc_metastore/federation/metastore_type/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataproc_metastore.federation.metastore_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.federation.vars diff --git a/policies/gcp/dataproc_metastore/federation/name/policy.rego b/policies/gcp/dataproc_metastore/federation/name/policy.rego index b99b62d7c..a3ee65605 100644 --- a/policies/gcp/dataproc_metastore/federation/name/policy.rego +++ b/policies/gcp/dataproc_metastore/federation/name/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataproc_metastore.federation.name -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.federation.vars diff --git a/policies/gcp/dataproc_metastore/federation/version/policy.rego b/policies/gcp/dataproc_metastore/federation/version/policy.rego index 9bc3854c4..bae2c30c5 100644 --- a/policies/gcp/dataproc_metastore/federation/version/policy.rego +++ b/policies/gcp/dataproc_metastore/federation/version/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataproc_metastore.federation.version -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.federation.vars conditions := [ diff --git a/policies/gcp/dataproc_metastore/service/database_type/policy.rego b/policies/gcp/dataproc_metastore/service/database_type/policy.rego index 8092d492f..ed94e8ecc 100644 --- a/policies/gcp/dataproc_metastore/service/database_type/policy.rego +++ b/policies/gcp/dataproc_metastore/service/database_type/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.dataproc_metastore.service.database_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.service.vars diff --git a/policies/gcp/dataproc_metastore/service/deletion_protection/policy.rego b/policies/gcp/dataproc_metastore/service/deletion_protection/policy.rego index 871cd48a2..964ddf228 100644 --- a/policies/gcp/dataproc_metastore/service/deletion_protection/policy.rego +++ b/policies/gcp/dataproc_metastore/service/deletion_protection/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.dataproc_metastore.service.deletion_protection -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.service.vars diff --git a/policies/gcp/dataproc_metastore/service/encryption_config/policy.rego b/policies/gcp/dataproc_metastore/service/encryption_config/policy.rego index 5c8b544b6..ad601394d 100644 --- a/policies/gcp/dataproc_metastore/service/encryption_config/policy.rego +++ b/policies/gcp/dataproc_metastore/service/encryption_config/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.dataproc_metastore.service.encryption_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.service.vars diff --git a/policies/gcp/dataproc_metastore/service/location/policy.rego b/policies/gcp/dataproc_metastore/service/location/policy.rego index 63f2e33ca..eff70efb6 100644 --- a/policies/gcp/dataproc_metastore/service/location/policy.rego +++ b/policies/gcp/dataproc_metastore/service/location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.dataproc_metastore.service.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.service.vars conditions := [ diff --git a/policies/gcp/dataproc_metastore/service/metadata_integration/policy.rego b/policies/gcp/dataproc_metastore/service/metadata_integration/policy.rego index 12bd7ddbf..d42b3e96d 100644 --- a/policies/gcp/dataproc_metastore/service/metadata_integration/policy.rego +++ b/policies/gcp/dataproc_metastore/service/metadata_integration/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.dataproc_metastore.service.metadata_integration -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.service.vars diff --git a/policies/gcp/dataproc_metastore/service/port/policy.rego b/policies/gcp/dataproc_metastore/service/port/policy.rego index ad212c03a..45dd5100b 100644 --- a/policies/gcp/dataproc_metastore/service/port/policy.rego +++ b/policies/gcp/dataproc_metastore/service/port/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.dataproc_metastore.service.port -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.service.vars conditions := [ diff --git a/policies/gcp/dataproc_metastore/service/scheduled_backup/policy.rego b/policies/gcp/dataproc_metastore/service/scheduled_backup/policy.rego index 98f95330f..18e33158e 100644 --- a/policies/gcp/dataproc_metastore/service/scheduled_backup/policy.rego +++ b/policies/gcp/dataproc_metastore/service/scheduled_backup/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.dataproc_metastore.service.scheduled_backup -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.dataproc_metastore.service.vars conditions := [ diff --git a/policies/gcp/deploy/automation/service_account_validation/policy.rego b/policies/gcp/deploy/automation/service_account_validation/policy.rego index 96de05f59..6d66730d1 100644 --- a/policies/gcp/deploy/automation/service_account_validation/policy.rego +++ b/policies/gcp/deploy/automation/service_account_validation/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.automation.service_account_validation -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.automation.vars conditions := [ diff --git a/policies/gcp/deploy/automation/suspended_check/policy.rego b/policies/gcp/deploy/automation/suspended_check/policy.rego index 61cd346e4..6b1450ecc 100644 --- a/policies/gcp/deploy/automation/suspended_check/policy.rego +++ b/policies/gcp/deploy/automation/suspended_check/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.automation.suspended_check -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.automation.vars conditions := [ diff --git a/policies/gcp/deploy/custom_target_type/custom_actions_validation/policy.rego b/policies/gcp/deploy/custom_target_type/custom_actions_validation/policy.rego index 5ff40b50b..e3018ccb2 100644 --- a/policies/gcp/deploy/custom_target_type/custom_actions_validation/policy.rego +++ b/policies/gcp/deploy/custom_target_type/custom_actions_validation/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.custom_target_type.custom_actions_validation -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.custom_target_type.vars conditions := [ diff --git a/policies/gcp/deploy/custom_target_type_iam_binding/prohibited_members/policy.rego b/policies/gcp/deploy/custom_target_type_iam_binding/prohibited_members/policy.rego index 16ba63fbb..8e7ba5e82 100644 --- a/policies/gcp/deploy/custom_target_type_iam_binding/prohibited_members/policy.rego +++ b/policies/gcp/deploy/custom_target_type_iam_binding/prohibited_members/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.custom_target_type_iam_binding.prohibited_members -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.custom_target_type_iam_binding.vars conditions := [ diff --git a/policies/gcp/deploy/custom_target_type_iam_binding/required_role/policy.rego b/policies/gcp/deploy/custom_target_type_iam_binding/required_role/policy.rego index 263f34501..6cc5b0848 100644 --- a/policies/gcp/deploy/custom_target_type_iam_binding/required_role/policy.rego +++ b/policies/gcp/deploy/custom_target_type_iam_binding/required_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.custom_target_type_iam_binding.required_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.custom_target_type_iam_binding.vars conditions := [ diff --git a/policies/gcp/deploy/custom_target_type_iam_member/prohibited_member/policy.rego b/policies/gcp/deploy/custom_target_type_iam_member/prohibited_member/policy.rego index fcb258aab..f5dfec4c7 100644 --- a/policies/gcp/deploy/custom_target_type_iam_member/prohibited_member/policy.rego +++ b/policies/gcp/deploy/custom_target_type_iam_member/prohibited_member/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.custom_target_type_iam_member.prohibited_member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.custom_target_type_iam_member.vars conditions := [ diff --git a/policies/gcp/deploy/custom_target_type_iam_member/required_role/policy.rego b/policies/gcp/deploy/custom_target_type_iam_member/required_role/policy.rego index 87ae24eba..e308c84ff 100644 --- a/policies/gcp/deploy/custom_target_type_iam_member/required_role/policy.rego +++ b/policies/gcp/deploy/custom_target_type_iam_member/required_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.custom_target_type_iam_member.required_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.custom_target_type_iam_member.vars conditions := [ diff --git a/policies/gcp/deploy/custom_target_type_iam_policy/required_role/policy.rego b/policies/gcp/deploy/custom_target_type_iam_policy/required_role/policy.rego index aeeb99272..3376fded3 100644 --- a/policies/gcp/deploy/custom_target_type_iam_policy/required_role/policy.rego +++ b/policies/gcp/deploy/custom_target_type_iam_policy/required_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.custom_target_type_iam_policy.required_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.custom_target_type_iam_policy.vars conditions := [ diff --git a/policies/gcp/deploy/delivery_pipeline/serial_pipeline_validation/policy.rego b/policies/gcp/deploy/delivery_pipeline/serial_pipeline_validation/policy.rego index 4877f39cc..bf864790c 100644 --- a/policies/gcp/deploy/delivery_pipeline/serial_pipeline_validation/policy.rego +++ b/policies/gcp/deploy/delivery_pipeline/serial_pipeline_validation/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.delivery_pipeline.serial_pipeline_validation -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.delivery_pipeline.vars conditions := [ diff --git a/policies/gcp/deploy/delivery_pipeline/suspended_check/policy.rego b/policies/gcp/deploy/delivery_pipeline/suspended_check/policy.rego index ce5bfe3de..9f6b4b877 100644 --- a/policies/gcp/deploy/delivery_pipeline/suspended_check/policy.rego +++ b/policies/gcp/deploy/delivery_pipeline/suspended_check/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.delivery_pipeline.suspended_check -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.delivery_pipeline.vars conditions := [ diff --git a/policies/gcp/deploy/delivery_pipeline_iam_binding/prohibited_members/policy.rego b/policies/gcp/deploy/delivery_pipeline_iam_binding/prohibited_members/policy.rego index c51ddcfd9..2eeab18dc 100644 --- a/policies/gcp/deploy/delivery_pipeline_iam_binding/prohibited_members/policy.rego +++ b/policies/gcp/deploy/delivery_pipeline_iam_binding/prohibited_members/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.delivery_pipeline_iam_binding.prohibited_members -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.delivery_pipeline_iam_binding.vars conditions := [ diff --git a/policies/gcp/deploy/delivery_pipeline_iam_binding/required_role/policy.rego b/policies/gcp/deploy/delivery_pipeline_iam_binding/required_role/policy.rego index 2b2b25903..7ac52f2f3 100644 --- a/policies/gcp/deploy/delivery_pipeline_iam_binding/required_role/policy.rego +++ b/policies/gcp/deploy/delivery_pipeline_iam_binding/required_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.delivery_pipeline_iam_binding.required_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.delivery_pipeline_iam_binding.vars conditions := [ diff --git a/policies/gcp/deploy/delivery_pipeline_iam_member/prohibited_member/policy.rego b/policies/gcp/deploy/delivery_pipeline_iam_member/prohibited_member/policy.rego index d5b10ac47..765329154 100644 --- a/policies/gcp/deploy/delivery_pipeline_iam_member/prohibited_member/policy.rego +++ b/policies/gcp/deploy/delivery_pipeline_iam_member/prohibited_member/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.delivery_pipeline_iam_member.prohibited_member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.delivery_pipeline_iam_member.vars conditions := [ diff --git a/policies/gcp/deploy/delivery_pipeline_iam_member/required_role/policy.rego b/policies/gcp/deploy/delivery_pipeline_iam_member/required_role/policy.rego index 680376665..e5a8e018c 100644 --- a/policies/gcp/deploy/delivery_pipeline_iam_member/required_role/policy.rego +++ b/policies/gcp/deploy/delivery_pipeline_iam_member/required_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.delivery_pipeline_iam_member.required_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.delivery_pipeline_iam_member.vars conditions := [ diff --git a/policies/gcp/deploy/delivery_pipeline_iam_policy/required_role/policy.rego b/policies/gcp/deploy/delivery_pipeline_iam_policy/required_role/policy.rego index 57a72f948..a5bd09135 100644 --- a/policies/gcp/deploy/delivery_pipeline_iam_policy/required_role/policy.rego +++ b/policies/gcp/deploy/delivery_pipeline_iam_policy/required_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.delivery_pipeline_iam_policy.required_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.delivery_pipeline_iam_policy.vars conditions := [ diff --git a/policies/gcp/deploy/deploy_policy/suspended_check/policy.rego b/policies/gcp/deploy/deploy_policy/suspended_check/policy.rego index 1cbd2b131..9c349195a 100644 --- a/policies/gcp/deploy/deploy_policy/suspended_check/policy.rego +++ b/policies/gcp/deploy/deploy_policy/suspended_check/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.deploy_policy.suspended_check -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.deploy_policy.vars conditions := [ diff --git a/policies/gcp/deploy/target/gke_configuration/policy.rego b/policies/gcp/deploy/target/gke_configuration/policy.rego index 71a304c8a..e74054510 100644 --- a/policies/gcp/deploy/target/gke_configuration/policy.rego +++ b/policies/gcp/deploy/target/gke_configuration/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.target.gke_configuration -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.target.vars conditions := [ diff --git a/policies/gcp/deploy/target/require_approval_check/policy.rego b/policies/gcp/deploy/target/require_approval_check/policy.rego index ece552d09..83fbc781d 100644 --- a/policies/gcp/deploy/target/require_approval_check/policy.rego +++ b/policies/gcp/deploy/target/require_approval_check/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.target.require_approval_check -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.target.vars conditions := [ diff --git a/policies/gcp/deploy/target/run_configuration/policy.rego b/policies/gcp/deploy/target/run_configuration/policy.rego index 037335367..0294e6e84 100644 --- a/policies/gcp/deploy/target/run_configuration/policy.rego +++ b/policies/gcp/deploy/target/run_configuration/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.target.run_configuration -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.target.vars conditions := [ diff --git a/policies/gcp/deploy/target_iam_binding/prohibited_members/policy.rego b/policies/gcp/deploy/target_iam_binding/prohibited_members/policy.rego index e93e881ec..ad84ee7ed 100644 --- a/policies/gcp/deploy/target_iam_binding/prohibited_members/policy.rego +++ b/policies/gcp/deploy/target_iam_binding/prohibited_members/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.target_iam_binding.prohibited_members -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.target_iam_binding.vars conditions := [ diff --git a/policies/gcp/deploy/target_iam_binding/required_role/policy.rego b/policies/gcp/deploy/target_iam_binding/required_role/policy.rego index 799c0f369..276f32ccb 100644 --- a/policies/gcp/deploy/target_iam_binding/required_role/policy.rego +++ b/policies/gcp/deploy/target_iam_binding/required_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.target_iam_binding.required_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.target_iam_binding.vars conditions := [ diff --git a/policies/gcp/deploy/target_iam_member/prohibited_member/policy.rego b/policies/gcp/deploy/target_iam_member/prohibited_member/policy.rego index 6844404d8..5929125bd 100644 --- a/policies/gcp/deploy/target_iam_member/prohibited_member/policy.rego +++ b/policies/gcp/deploy/target_iam_member/prohibited_member/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.target_iam_member.prohibited_member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.target_iam_member.vars conditions := [ diff --git a/policies/gcp/deploy/target_iam_member/required_role/policy.rego b/policies/gcp/deploy/target_iam_member/required_role/policy.rego index 7baaf1ac1..c8e9af5c5 100644 --- a/policies/gcp/deploy/target_iam_member/required_role/policy.rego +++ b/policies/gcp/deploy/target_iam_member/required_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.target_iam_member.required_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.target_iam_member.vars conditions := [ diff --git a/policies/gcp/deploy/target_iam_policy/required_role/policy.rego b/policies/gcp/deploy/target_iam_policy/required_role/policy.rego index 62968b840..f36810b78 100644 --- a/policies/gcp/deploy/target_iam_policy/required_role/policy.rego +++ b/policies/gcp/deploy/target_iam_policy/required_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.deploy.target_iam_policy.required_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.deploy.target_iam_policy.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_account_connector/approved_locations/policy.rego b/policies/gcp/developer_connect/google_developer_connect_account_connector/approved_locations/policy.rego index 7b1e4ea5c..e2b6da2f6 100644 --- a/policies/gcp/developer_connect/google_developer_connect_account_connector/approved_locations/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_account_connector/approved_locations/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_account_connector.approved_locations -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_account_connector.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_account_connector/least_privilege_scopes/policy.rego b/policies/gcp/developer_connect/google_developer_connect_account_connector/least_privilege_scopes/policy.rego index 5c7aa27bc..b85f95d4f 100644 --- a/policies/gcp/developer_connect/google_developer_connect_account_connector/least_privilege_scopes/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_account_connector/least_privilege_scopes/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_account_connector.least_privilege_scopes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_account_connector.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_account_connector/system_provider_id/policy.rego b/policies/gcp/developer_connect/google_developer_connect_account_connector/system_provider_id/policy.rego index 071f7a4ed..e68f416a6 100644 --- a/policies/gcp/developer_connect/google_developer_connect_account_connector/system_provider_id/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_account_connector/system_provider_id/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_account_connector.system_provider_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_account_connector.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_connection/approved_location/policy.rego b/policies/gcp/developer_connect/google_developer_connect_connection/approved_location/policy.rego index 2475b5d78..644a0e4be 100644 --- a/policies/gcp/developer_connect/google_developer_connect_connection/approved_location/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_connection/approved_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_connection.approved_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_connection.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_connection/bitbucket_cloud_config_sub_attributes/policy.rego b/policies/gcp/developer_connect/google_developer_connect_connection/bitbucket_cloud_config_sub_attributes/policy.rego index 89d3f2511..1e6620ffc 100644 --- a/policies/gcp/developer_connect/google_developer_connect_connection/bitbucket_cloud_config_sub_attributes/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_connection/bitbucket_cloud_config_sub_attributes/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_connection.bitbucket_cloud_config_sub_attributes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_connection.vars common := ["projects/*/secrets/*/versions/*", [["pde2025"], ["bbc-webhook","bbc-read-cred","bbc-auth-cred"], ["latest"]]] diff --git a/policies/gcp/developer_connect/google_developer_connect_connection/bitbucket_data_center_config_sub_attributes/policy.rego b/policies/gcp/developer_connect/google_developer_connect_connection/bitbucket_data_center_config_sub_attributes/policy.rego index 37dd6a5b8..2c4627afe 100644 --- a/policies/gcp/developer_connect/google_developer_connect_connection/bitbucket_data_center_config_sub_attributes/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_connection/bitbucket_data_center_config_sub_attributes/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_connection.bitbucket_data_center_config_sub_attributes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_connection.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_connection/cmek_key_reference/policy.rego b/policies/gcp/developer_connect/google_developer_connect_connection/cmek_key_reference/policy.rego index a59d0ae05..adcfc4741 100644 --- a/policies/gcp/developer_connect/google_developer_connect_connection/cmek_key_reference/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_connection/cmek_key_reference/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_connection.cmek_key_reference -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_connection.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_connection/github_config_sub_attributes/policy.rego b/policies/gcp/developer_connect/google_developer_connect_connection/github_config_sub_attributes/policy.rego index 2e3b46bc7..47424cfc1 100644 --- a/policies/gcp/developer_connect/google_developer_connect_connection/github_config_sub_attributes/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_connection/github_config_sub_attributes/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_connection.github_config_sub_attributes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_connection.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_connection/github_enterprise_config_sub_attributes/policy.rego b/policies/gcp/developer_connect/google_developer_connect_connection/github_enterprise_config_sub_attributes/policy.rego index 4d9e33a58..21b7263ab 100644 --- a/policies/gcp/developer_connect/google_developer_connect_connection/github_enterprise_config_sub_attributes/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_connection/github_enterprise_config_sub_attributes/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_connection.github_enterprise_config_sub_attributes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_connection.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_connection/gitlab_config_sub_attributes/policy.rego b/policies/gcp/developer_connect/google_developer_connect_connection/gitlab_config_sub_attributes/policy.rego index aa41984da..c5b390498 100644 --- a/policies/gcp/developer_connect/google_developer_connect_connection/gitlab_config_sub_attributes/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_connection/gitlab_config_sub_attributes/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_connection.gitlab_config_sub_attributes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_connection.vars common := ["projects/*/secrets/*/versions/*", [["pde2025"], ["gitlab-webhook","gitlab-read-cred","gitlab-auth-cred"], ["latest"]]] diff --git a/policies/gcp/developer_connect/google_developer_connect_connection/gitlab_enterprise_config_sub_attributes/policy.rego b/policies/gcp/developer_connect/google_developer_connect_connection/gitlab_enterprise_config_sub_attributes/policy.rego index 60aa7b0ca..884e35ab6 100644 --- a/policies/gcp/developer_connect/google_developer_connect_connection/gitlab_enterprise_config_sub_attributes/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_connection/gitlab_enterprise_config_sub_attributes/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_connection.gitlab_enterprise_config_sub_attributes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_connection.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_clone_uri/policy.rego b/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_clone_uri/policy.rego index 6a37bf59a..25d533e6d 100644 --- a/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_clone_uri/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_clone_uri/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_git_repository_link.approved_clone_uri -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_git_repository_link.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_location/policy.rego b/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_location/policy.rego index 9c96e16cf..538d8a448 100644 --- a/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_location/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_git_repository_link.approved_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_git_repository_link.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_parent_connection/policy.rego b/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_parent_connection/policy.rego index 6cd976e7b..1c56311d5 100644 --- a/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_parent_connection/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_git_repository_link/approved_parent_connection/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_git_repository_link.approved_parent_connection -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_git_repository_link.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_insights_config/approved_location/policy.rego b/policies/gcp/developer_connect/google_developer_connect_insights_config/approved_location/policy.rego index 11a17e3f9..a47a62d47 100644 --- a/policies/gcp/developer_connect/google_developer_connect_insights_config/approved_location/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_insights_config/approved_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_insights_config.approved_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_insights_config.vars conditions := [ diff --git a/policies/gcp/developer_connect/google_developer_connect_insights_config/insights_security_baseline/policy.rego b/policies/gcp/developer_connect/google_developer_connect_insights_config/insights_security_baseline/policy.rego index d22eb6b88..ba3ade53e 100644 --- a/policies/gcp/developer_connect/google_developer_connect_insights_config/insights_security_baseline/policy.rego +++ b/policies/gcp/developer_connect/google_developer_connect_insights_config/insights_security_baseline/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.developer_connect.google_developer_connect_insights_config.insights_security_baseline -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.developer_connect.google_developer_connect_insights_config.vars allowed_ar_uri := ["*-docker.pkg.dev/*/*/*", [["australia-southeast1","australia-southeast2"], ["pde2025"], ["my-repo"], ["my-image"]]] diff --git a/policies/gcp/discovery_engine/chat_engine/chat_engine_config/policy.rego b/policies/gcp/discovery_engine/chat_engine/chat_engine_config/policy.rego index 6bcfcc415..ee9ad09b0 100644 --- a/policies/gcp/discovery_engine/chat_engine/chat_engine_config/policy.rego +++ b/policies/gcp/discovery_engine/chat_engine/chat_engine_config/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.chat_engine.chat_engine_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.chat_engine.vars #allow_cross_region diff --git a/policies/gcp/discovery_engine/chat_engine/chat_engine_location/policy.rego b/policies/gcp/discovery_engine/chat_engine/chat_engine_location/policy.rego index ae1f0e713..3b9c837bb 100644 --- a/policies/gcp/discovery_engine/chat_engine/chat_engine_location/policy.rego +++ b/policies/gcp/discovery_engine/chat_engine/chat_engine_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.chat_engine.chat_engine_location # Edit here -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.chat_engine.vars #location check diff --git a/policies/gcp/discovery_engine/cmek_config/cmek_config_kms_key/policy.rego b/policies/gcp/discovery_engine/cmek_config/cmek_config_kms_key/policy.rego index 890cd9903..22e4edc4b 100644 --- a/policies/gcp/discovery_engine/cmek_config/cmek_config_kms_key/policy.rego +++ b/policies/gcp/discovery_engine/cmek_config/cmek_config_kms_key/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.cmek_config.cmek_config_kms_key -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.cmek_config.vars #cmek_config diff --git a/policies/gcp/discovery_engine/cmek_config/cmek_config_location/policy.rego b/policies/gcp/discovery_engine/cmek_config/cmek_config_location/policy.rego index 58f8460da..5dec63220 100644 --- a/policies/gcp/discovery_engine/cmek_config/cmek_config_location/policy.rego +++ b/policies/gcp/discovery_engine/cmek_config/cmek_config_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.cmek_config.cmek_config_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.cmek_config.vars #cmek_config_location diff --git a/policies/gcp/discovery_engine/cmek_config/cmek_config_single_region_keys/policy.rego b/policies/gcp/discovery_engine/cmek_config/cmek_config_single_region_keys/policy.rego index efd6f1aa1..69ca8c791 100644 --- a/policies/gcp/discovery_engine/cmek_config/cmek_config_single_region_keys/policy.rego +++ b/policies/gcp/discovery_engine/cmek_config/cmek_config_single_region_keys/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.cmek_config.cmek_config_single_region_keys -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.cmek_config.vars #cmek_config_single_region_keys diff --git a/policies/gcp/discovery_engine/data_store/data_store_content_config/policy.rego b/policies/gcp/discovery_engine/data_store/data_store_content_config/policy.rego index 5106f3e79..77f918417 100644 --- a/policies/gcp/discovery_engine/data_store/data_store_content_config/policy.rego +++ b/policies/gcp/discovery_engine/data_store/data_store_content_config/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.data_store.data_store_content_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.data_store.vars #Data_store_config diff --git a/policies/gcp/discovery_engine/data_store/data_store_document_processing_config/policy.rego b/policies/gcp/discovery_engine/data_store/data_store_document_processing_config/policy.rego index da223abb4..d72e9ef1d 100644 --- a/policies/gcp/discovery_engine/data_store/data_store_document_processing_config/policy.rego +++ b/policies/gcp/discovery_engine/data_store/data_store_document_processing_config/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.data_store.data_store_document_processing_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.data_store.vars #document_processing_config diff --git a/policies/gcp/discovery_engine/data_store/data_store_kms_key_name/policy.rego b/policies/gcp/discovery_engine/data_store/data_store_kms_key_name/policy.rego index 0b1d21830..05ebc206e 100644 --- a/policies/gcp/discovery_engine/data_store/data_store_kms_key_name/policy.rego +++ b/policies/gcp/discovery_engine/data_store/data_store_kms_key_name/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.data_store.data_store_kms_key_name -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.data_store.vars #KMS_Key_Name diff --git a/policies/gcp/discovery_engine/data_store/data_store_location/policy.rego b/policies/gcp/discovery_engine/data_store/data_store_location/policy.rego index 76987af46..8de98c442 100644 --- a/policies/gcp/discovery_engine/data_store/data_store_location/policy.rego +++ b/policies/gcp/discovery_engine/data_store/data_store_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.data_store.data_store_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.data_store.vars #Data_store_location diff --git a/policies/gcp/discovery_engine/engine_schema/engine_schema_json/policy.rego b/policies/gcp/discovery_engine/engine_schema/engine_schema_json/policy.rego index 084cd345b..eb4779af4 100644 --- a/policies/gcp/discovery_engine/engine_schema/engine_schema_json/policy.rego +++ b/policies/gcp/discovery_engine/engine_schema/engine_schema_json/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.engine_schema.engine_schema_json -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.engine_schema.vars #engine_schema_json diff --git a/policies/gcp/discovery_engine/engine_schema/engine_schema_location/policy.rego b/policies/gcp/discovery_engine/engine_schema/engine_schema_location/policy.rego index fcd6d032c..166cdcf60 100644 --- a/policies/gcp/discovery_engine/engine_schema/engine_schema_location/policy.rego +++ b/policies/gcp/discovery_engine/engine_schema/engine_schema_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.engine_schema.engine_schema_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.engine_schema.vars #engine_schema_location diff --git a/policies/gcp/discovery_engine/search_engine/search_engine_industry_vertical/policy.rego b/policies/gcp/discovery_engine/search_engine/search_engine_industry_vertical/policy.rego index 3789444df..28be66bde 100644 --- a/policies/gcp/discovery_engine/search_engine/search_engine_industry_vertical/policy.rego +++ b/policies/gcp/discovery_engine/search_engine/search_engine_industry_vertical/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.discovery_engine.search_engine.search_engine_industry_vertical -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.discovery_engine.search_engine.vars #search_engine_industry_vertical diff --git a/policies/gcp/firebase_app_hosting/backend/codebase_repository/policy.rego b/policies/gcp/firebase_app_hosting/backend/codebase_repository/policy.rego index 2b2836164..a2d3aa993 100644 --- a/policies/gcp/firebase_app_hosting/backend/codebase_repository/policy.rego +++ b/policies/gcp/firebase_app_hosting/backend/codebase_repository/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_app_hosting.backend.codebase_repository -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_app_hosting.backend.vars conditions := [ diff --git a/policies/gcp/firebase_app_hosting/backend/location/policy.rego b/policies/gcp/firebase_app_hosting/backend/location/policy.rego index b69e7f171..f0259bc1c 100644 --- a/policies/gcp/firebase_app_hosting/backend/location/policy.rego +++ b/policies/gcp/firebase_app_hosting/backend/location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_app_hosting.backend.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_app_hosting.backend.vars conditions := [ diff --git a/policies/gcp/firebase_app_hosting/backend/serving_locality/policy.rego b/policies/gcp/firebase_app_hosting/backend/serving_locality/policy.rego index 00dcca127..9a64fad22 100644 --- a/policies/gcp/firebase_app_hosting/backend/serving_locality/policy.rego +++ b/policies/gcp/firebase_app_hosting/backend/serving_locality/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_app_hosting.backend.serving_locality -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_app_hosting.backend.vars conditions := [ diff --git a/policies/gcp/firebase_app_hosting/traffic/rollout_policy_codebase_branch/policy.rego b/policies/gcp/firebase_app_hosting/traffic/rollout_policy_codebase_branch/policy.rego index cfce41024..ed7e27409 100644 --- a/policies/gcp/firebase_app_hosting/traffic/rollout_policy_codebase_branch/policy.rego +++ b/policies/gcp/firebase_app_hosting/traffic/rollout_policy_codebase_branch/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_app_hosting.traffic.rollout_policy_codebase_branch -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_app_hosting.traffic.vars conditions := [ diff --git a/policies/gcp/firebase_hosting/google_firebase_hosting_custom_domain/custom_domain_verification/policy.rego b/policies/gcp/firebase_hosting/google_firebase_hosting_custom_domain/custom_domain_verification/policy.rego index 6a2183540..584c5cc14 100644 --- a/policies/gcp/firebase_hosting/google_firebase_hosting_custom_domain/custom_domain_verification/policy.rego +++ b/policies/gcp/firebase_hosting/google_firebase_hosting_custom_domain/custom_domain_verification/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_hosting.google_firebase_hosting_custom_domain.custom_domain_verification -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_hosting.google_firebase_hosting_custom_domain.vars conditions := [ diff --git a/policies/gcp/firebase_hosting/google_firebase_hosting_version/cache_control_secure/policy.rego b/policies/gcp/firebase_hosting/google_firebase_hosting_version/cache_control_secure/policy.rego index 44872ed1b..6ec724a1e 100644 --- a/policies/gcp/firebase_hosting/google_firebase_hosting_version/cache_control_secure/policy.rego +++ b/policies/gcp/firebase_hosting/google_firebase_hosting_version/cache_control_secure/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.cache_control_secure -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.vars conditions := [ diff --git a/policies/gcp/firebase_hosting/google_firebase_hosting_version/cors_policy_secure/policy.rego b/policies/gcp/firebase_hosting/google_firebase_hosting_version/cors_policy_secure/policy.rego index 00fa0ebc9..7b830b905 100644 --- a/policies/gcp/firebase_hosting/google_firebase_hosting_version/cors_policy_secure/policy.rego +++ b/policies/gcp/firebase_hosting/google_firebase_hosting_version/cors_policy_secure/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.cors_policy_secure -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.vars # NOTE diff --git a/policies/gcp/firebase_hosting/google_firebase_hosting_version/headers_security/policy.rego b/policies/gcp/firebase_hosting/google_firebase_hosting_version/headers_security/policy.rego index 91c7e5bf4..e7c90f02c 100644 --- a/policies/gcp/firebase_hosting/google_firebase_hosting_version/headers_security/policy.rego +++ b/policies/gcp/firebase_hosting/google_firebase_hosting_version/headers_security/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.headers_security -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.vars # We validate concrete, safe values so presence + correctness are both enforced. diff --git a/policies/gcp/firebase_hosting/google_firebase_hosting_version/redirect_rules_secure/policy.rego b/policies/gcp/firebase_hosting/google_firebase_hosting_version/redirect_rules_secure/policy.rego index a51d5baa5..435a57d09 100644 --- a/policies/gcp/firebase_hosting/google_firebase_hosting_version/redirect_rules_secure/policy.rego +++ b/policies/gcp/firebase_hosting/google_firebase_hosting_version/redirect_rules_secure/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.redirect_rules_secure -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.vars conditions := [ diff --git a/policies/gcp/firebase_hosting/google_firebase_hosting_version/rewrite_rules_secure/policy.rego b/policies/gcp/firebase_hosting/google_firebase_hosting_version/rewrite_rules_secure/policy.rego index 21cf2e5ee..9f5545bf2 100644 --- a/policies/gcp/firebase_hosting/google_firebase_hosting_version/rewrite_rules_secure/policy.rego +++ b/policies/gcp/firebase_hosting/google_firebase_hosting_version/rewrite_rules_secure/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.rewrite_rules_secure -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_hosting.google_firebase_hosting_version.vars conditions := [ diff --git a/policies/gcp/firebase_realtime_database/google_firebase_database_instance/desired_state/policy.rego b/policies/gcp/firebase_realtime_database/google_firebase_database_instance/desired_state/policy.rego index 0516a09d4..a9480701a 100644 --- a/policies/gcp/firebase_realtime_database/google_firebase_database_instance/desired_state/policy.rego +++ b/policies/gcp/firebase_realtime_database/google_firebase_database_instance/desired_state/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.firebase_realtime_database.google_firebase_database_instance.desired_state -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_realtime_database.google_firebase_database_instance.vars conditions := [ diff --git a/policies/gcp/firebase_realtime_database/google_firebase_database_instance/type/policy.rego b/policies/gcp/firebase_realtime_database/google_firebase_database_instance/type/policy.rego index da47a8eb7..5bc13ea46 100644 --- a/policies/gcp/firebase_realtime_database/google_firebase_database_instance/type/policy.rego +++ b/policies/gcp/firebase_realtime_database/google_firebase_database_instance/type/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.firebase_realtime_database.google_firebase_database_instance.type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firebase_realtime_database.google_firebase_database_instance.vars conditions := [ diff --git a/policies/gcp/firestore/firestore_backup_schedule/daily_recurrence/policy.rego b/policies/gcp/firestore/firestore_backup_schedule/daily_recurrence/policy.rego index e8872f43b..8fa6dacc1 100644 --- a/policies/gcp/firestore/firestore_backup_schedule/daily_recurrence/policy.rego +++ b/policies/gcp/firestore/firestore_backup_schedule/daily_recurrence/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firestore_backup_schedule.daily_recurrence -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firestore.firestore_backup_schedule.vars conditions := [ diff --git a/policies/gcp/firestore/firestore_backup_schedule/retention/policy.rego b/policies/gcp/firestore/firestore_backup_schedule/retention/policy.rego index 17f85230d..8f183793f 100644 --- a/policies/gcp/firestore/firestore_backup_schedule/retention/policy.rego +++ b/policies/gcp/firestore/firestore_backup_schedule/retention/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firestore_backup_schedule.retention -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firestore.firestore_backup_schedule.vars conditions := [ diff --git a/policies/gcp/firestore/firestore_backup_schedule/weekly_recurrence/policy.rego b/policies/gcp/firestore/firestore_backup_schedule/weekly_recurrence/policy.rego index 05bd1b7e1..cfa8c7a19 100644 --- a/policies/gcp/firestore/firestore_backup_schedule/weekly_recurrence/policy.rego +++ b/policies/gcp/firestore/firestore_backup_schedule/weekly_recurrence/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firestore_backup_schedule.weekly_recurrence -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firestore.firestore_backup_schedule.vars conditions := [ diff --git a/policies/gcp/firestore/firestore_database/app_engine_integration_mode/policy.rego b/policies/gcp/firestore/firestore_database/app_engine_integration_mode/policy.rego index b21606c11..14548e537 100644 --- a/policies/gcp/firestore/firestore_database/app_engine_integration_mode/policy.rego +++ b/policies/gcp/firestore/firestore_database/app_engine_integration_mode/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firestore_database.app_engine_integration_mode -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firestore.firestore_database.vars conditions := [ diff --git a/policies/gcp/firestore/firestore_database/concurrency_mode/policy.rego b/policies/gcp/firestore/firestore_database/concurrency_mode/policy.rego index c95a77403..93ee7ac24 100644 --- a/policies/gcp/firestore/firestore_database/concurrency_mode/policy.rego +++ b/policies/gcp/firestore/firestore_database/concurrency_mode/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firestore_database.concurrency_mode -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firestore.firestore_database.vars conditions := [ diff --git a/policies/gcp/firestore/firestore_database/location_id/policy.rego b/policies/gcp/firestore/firestore_database/location_id/policy.rego index 81d5531f5..82168fc7d 100644 --- a/policies/gcp/firestore/firestore_database/location_id/policy.rego +++ b/policies/gcp/firestore/firestore_database/location_id/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firestore_database.location_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firestore.firestore_database.vars conditions := [ diff --git a/policies/gcp/firestore/firestore_document/collection/policy.rego b/policies/gcp/firestore/firestore_document/collection/policy.rego index 571ad667e..0911f7b7f 100644 --- a/policies/gcp/firestore/firestore_document/collection/policy.rego +++ b/policies/gcp/firestore/firestore_document/collection/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firestore_document.collection -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firestore.firestore_document.vars conditions := [ diff --git a/policies/gcp/firestore/firestore_document/fields/policy.rego b/policies/gcp/firestore/firestore_document/fields/policy.rego index b86bec56e..e317410c9 100644 --- a/policies/gcp/firestore/firestore_document/fields/policy.rego +++ b/policies/gcp/firestore/firestore_document/fields/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firestore_document.fields -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firestore.firestore_document.vars import future.keywords.if diff --git a/policies/gcp/firestore/firestore_document/project/policy.rego b/policies/gcp/firestore/firestore_document/project/policy.rego index 6123a9354..75cbb0a27 100644 --- a/policies/gcp/firestore/firestore_document/project/policy.rego +++ b/policies/gcp/firestore/firestore_document/project/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.firestore_document.project -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.firestore.firestore_document.vars conditions := [ diff --git a/policies/gcp/gdce/cluster/cidr_blocks/policy.rego b/policies/gcp/gdce/cluster/cidr_blocks/policy.rego index 9df5e8c22..58ee584ab 100644 --- a/policies/gcp/gdce/cluster/cidr_blocks/policy.rego +++ b/policies/gcp/gdce/cluster/cidr_blocks/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gdce.cluster.cidr_blocks -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gdce.cluster.vars conditions := [ diff --git a/policies/gcp/gdce/cluster/maintenance_policy/policy.rego b/policies/gcp/gdce/cluster/maintenance_policy/policy.rego index a15a96222..9527e9d9e 100644 --- a/policies/gcp/gdce/cluster/maintenance_policy/policy.rego +++ b/policies/gcp/gdce/cluster/maintenance_policy/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gdce.cluster.maintenance_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gdce.cluster.vars conditions := [ diff --git a/policies/gcp/gdce/cluster/target_version/policy.rego b/policies/gcp/gdce/cluster/target_version/policy.rego index 47d3cbf7e..64e213b72 100644 --- a/policies/gcp/gdce/cluster/target_version/policy.rego +++ b/policies/gcp/gdce/cluster/target_version/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gdce.cluster.target_version -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gdce.cluster.vars conditions := [ diff --git a/policies/gcp/gdce/node_pool/basic_checks/policy.rego b/policies/gcp/gdce/node_pool/basic_checks/policy.rego index 778dcaf7f..4443048bb 100644 --- a/policies/gcp/gdce/node_pool/basic_checks/policy.rego +++ b/policies/gcp/gdce/node_pool/basic_checks/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.gdce.node_pool.basic_checks -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gdce.node_pool.vars # Shared vars conditions := [ diff --git a/policies/gcp/gdce/node_pool/disk_encryption/policy.rego b/policies/gcp/gdce/node_pool/disk_encryption/policy.rego index e7d933cc6..97c911ec3 100644 --- a/policies/gcp/gdce/node_pool/disk_encryption/policy.rego +++ b/policies/gcp/gdce/node_pool/disk_encryption/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gdce.node_pool.disk_encryption -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gdce.node_pool.vars conditions := [ diff --git a/policies/gcp/gdce/vpn_connection/vpc/policy.rego b/policies/gcp/gdce/vpn_connection/vpc/policy.rego index 72956d3d9..c46d70631 100644 --- a/policies/gcp/gdce/vpn_connection/vpc/policy.rego +++ b/policies/gcp/gdce/vpn_connection/vpc/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.gdce.vpn_connection.vpc -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.gdce.vpn_connection.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/required_domain/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/required_domain/policy.rego index 0f0dbec15..b135c1c4b 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/required_domain/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/required_domain/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_active_directory.required_domain -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_active_directory.vars diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_dns/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_dns/policy.rego index 71379f9f7..6b3b44beb 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_dns/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_dns/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_active_directory.valid_dns -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_active_directory.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_password/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_password/policy.rego index 6f54dbb9a..2280b668d 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_password/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_password/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_active_directory.valid_password -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_active_directory.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_username/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_username/policy.rego index f6810666a..40972118b 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_username/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_active_directory/valid_username/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_active_directory.valid_username -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_active_directory.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/allowed_location/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/allowed_location/policy.rego index c3788aa39..9ada8418f 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/allowed_location/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/allowed_source_volume/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/allowed_source_volume/policy.rego index 260560f9d..594bb343e 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/allowed_source_volume/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/allowed_source_volume/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup.allowed_source_volume -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/approved_vault_name/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/approved_vault_name/policy.rego index 54b5bf936..106e77df9 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/approved_vault_name/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup/approved_vault_name/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup.approved_vault_name -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_policy/allowed_location/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_policy/allowed_location/policy.rego index a1c218d32..faaa01fe9 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_policy/allowed_location/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_policy/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup_policy.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup_policy.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_policy/required_daily_backup_limit/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_policy/required_daily_backup_limit/policy.rego index 92547fdb0..2cd456593 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_policy/required_daily_backup_limit/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_policy/required_daily_backup_limit/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup_policy.required_daily_backup_limit -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup_policy.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_vault/allowed_location/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_vault/allowed_location/policy.rego index a9eb99bc0..5b513a10c 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_vault/allowed_location/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_backup_vault/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup_vault.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_backup_vault.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_kmsconfig/allowed_location/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_kmsconfig/allowed_location/policy.rego index 25f6d7a19..536a9a01f 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_kmsconfig/allowed_location/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_kmsconfig/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_kmsconfig.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_kmsconfig.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_kmsconfig/valid_crypto_key_name/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_kmsconfig/valid_crypto_key_name/policy.rego index 1f26e1482..7e1680dcc 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_kmsconfig/valid_crypto_key_name/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_kmsconfig/valid_crypto_key_name/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_kmsconfig.valid_crypto_key_name -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_kmsconfig.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_storage_pool/allowed_location/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_storage_pool/allowed_location/policy.rego index 3c669eb29..edd46c014 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_storage_pool/allowed_location/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_storage_pool/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_storage_pool.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_storage_pool.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_storage_pool/allowed_network/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_storage_pool/allowed_network/policy.rego index 6aa002ec9..767aff306 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_storage_pool/allowed_network/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_storage_pool/allowed_network/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_storage_pool.allowed_network -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_storage_pool.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume/valid_protocols/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume/valid_protocols/policy.rego index 15d53a8ef..c19b0aa8d 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume/valid_protocols/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume/valid_protocols/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume.valid_protocols -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume.vars diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_quota_rule/allowed_location/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_quota_rule/allowed_location/policy.rego index c3d1cd1f2..ee722bb2e 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_quota_rule/allowed_location/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_quota_rule/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_quota_rule.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_quota_rule.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_quota_rule/disk_limit_mib_range/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_quota_rule/disk_limit_mib_range/policy.rego index e31dd5997..84ec161ae 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_quota_rule/disk_limit_mib_range/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_quota_rule/disk_limit_mib_range/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_quota_rule.disk_limit_mib_range -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_quota_rule.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_replication/allowed_location/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_replication/allowed_location/policy.rego index 7aa5c6ff4..f93808731 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_replication/allowed_location/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_replication/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_replication.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_replication.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_replication/required_replication_schedule/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_replication/required_replication_schedule/policy.rego index 996e2eda2..bb3511e71 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_replication/required_replication_schedule/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_replication/required_replication_schedule/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_replication.required_replication_schedule -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_replication.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_snapshot/allowed_location/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_snapshot/allowed_location/policy.rego index 73bb33ab5..e1c080eca 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_snapshot/allowed_location/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_snapshot/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_snapshot.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_snapshot.vars conditions := [ diff --git a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_snapshot/allowed_volume_name/policy.rego b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_snapshot/allowed_volume_name/policy.rego index a1ee71ab1..f03bc62fb 100644 --- a/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_snapshot/allowed_volume_name/policy.rego +++ b/policies/gcp/google_cloud_netapp_volumes/google_netapp_volume_snapshot/allowed_volume_name/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_snapshot.allowed_volume_name -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloud_netapp_volumes.google_netapp_volume_snapshot.vars conditions := [ diff --git a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/env_variable/policy.rego b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/env_variable/policy.rego index e2f799f90..2b96910a6 100644 --- a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/env_variable/policy.rego +++ b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/env_variable/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.env_variable -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.vars diff --git a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/ingress_settings/policy.rego b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/ingress_settings/policy.rego index 92919b10a..37a1e5377 100644 --- a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/ingress_settings/policy.rego +++ b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/ingress_settings/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.ingress -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.vars conditions := [ diff --git a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/location/policy.rego b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/location/policy.rego index 4399e42d0..bef604134 100644 --- a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/location/policy.rego +++ b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.vars diff --git a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/timeout/policy.rego b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/timeout/policy.rego index b0513cc77..36a4c5659 100644 --- a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/timeout/policy.rego +++ b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/timeout/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.timeout -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.vars conditions := [ diff --git a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/vpc_connector/policy.rego b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/vpc_connector/policy.rego index 8d14017fc..2270439a4 100644 --- a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/vpc_connector/policy.rego +++ b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function/vpc_connector/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.vpc -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function.vars conditions := [ diff --git a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_member/member/policy.rego b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_member/member/policy.rego index 979881bcd..b02d64ed5 100644 --- a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_member/member/policy.rego +++ b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_member/member/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function_iam.member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function_iam.google_cloudfunctions2_function_iam_member.vars conditions := [ diff --git a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_member/role/policy.rego b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_member/role/policy.rego index 47dea61ca..085771cc2 100644 --- a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_member/role/policy.rego +++ b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_member/role/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function_iam.policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function_iam.google_cloudfunctions2_function_iam_member.vars conditions := [ diff --git a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_policy/cloud_function/policy.rego b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_policy/cloud_function/policy.rego index 8b820e4c0..26bc8de7a 100644 --- a/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_policy/cloud_function/policy.rego +++ b/policies/gcp/google_cloudfunction/google_cloudfunctions2_function_iam/google_cloudfunctions2_function_iam_policy/cloud_function/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function_iam.cloud_function -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_cloudfunction.google_cloudfunctions2_function_iam.google_cloudfunctions2_function_iam_policy.vars diff --git a/policies/gcp/google_dataproc_on_gdc/application_environment/spark_application_environment_config/policy.rego b/policies/gcp/google_dataproc_on_gdc/application_environment/spark_application_environment_config/policy.rego index 133d39bfc..ac9bdaeff 100644 --- a/policies/gcp/google_dataproc_on_gdc/application_environment/spark_application_environment_config/policy.rego +++ b/policies/gcp/google_dataproc_on_gdc/application_environment/spark_application_environment_config/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_dataproc_on_gdc.application_environment.spark_application_environment_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_dataproc_on_gdc.application_environment.vars conditions := [ diff --git a/policies/gcp/google_kms/google_kms_crypto_key/complaint_purpose/policy.rego b/policies/gcp/google_kms/google_kms_crypto_key/complaint_purpose/policy.rego index 81ebddfd1..5f53aed28 100644 --- a/policies/gcp/google_kms/google_kms_crypto_key/complaint_purpose/policy.rego +++ b/policies/gcp/google_kms/google_kms_crypto_key/complaint_purpose/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_crypto_key.complaint_purpose -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_kms.google_kms_crypto_key.vars conditions := [ diff --git a/policies/gcp/google_kms/google_kms_crypto_key/scheduled_destroy_duration/policy.rego b/policies/gcp/google_kms/google_kms_crypto_key/scheduled_destroy_duration/policy.rego index b9abc6e40..29be162d3 100644 --- a/policies/gcp/google_kms/google_kms_crypto_key/scheduled_destroy_duration/policy.rego +++ b/policies/gcp/google_kms/google_kms_crypto_key/scheduled_destroy_duration/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_crypto_key.scheduled_destroy_duration -import data.terraform.gcp.helpers as helpers +import data.terraform.helpers as helpers import data.terraform.gcp.security.google_kms.google_kms_crypto_key.vars as vars diff --git a/policies/gcp/google_kms/google_kms_crypto_key/scheduled_rotation_period/policy.rego b/policies/gcp/google_kms/google_kms_crypto_key/scheduled_rotation_period/policy.rego index ef365ddf2..af3695247 100644 --- a/policies/gcp/google_kms/google_kms_crypto_key/scheduled_rotation_period/policy.rego +++ b/policies/gcp/google_kms/google_kms_crypto_key/scheduled_rotation_period/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_crypto_key.scheduled_rotation_period -import data.terraform.gcp.helpers as helpers +import data.terraform.helpers as helpers import data.terraform.gcp.security.google_kms.google_kms_crypto_key.vars as vars diff --git a/policies/gcp/google_kms/google_kms_crypto_key_iam_binding/approved_role/policy.rego b/policies/gcp/google_kms/google_kms_crypto_key_iam_binding/approved_role/policy.rego index 242e4fa85..90fb04d55 100644 --- a/policies/gcp/google_kms/google_kms_crypto_key_iam_binding/approved_role/policy.rego +++ b/policies/gcp/google_kms/google_kms_crypto_key_iam_binding/approved_role/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_crypto_key_iam_binding.approved_role -import data.terraform.gcp.helpers as helpers +import data.terraform.helpers as helpers import data.terraform.gcp.security.google_kms.google_kms_crypto_key_iam_binding.vars as vars conditions := [ diff --git a/policies/gcp/google_kms/google_kms_crypto_key_version/state_allowed/policy.rego b/policies/gcp/google_kms/google_kms_crypto_key_version/state_allowed/policy.rego index 5aa7bd1dc..de1d2b70e 100644 --- a/policies/gcp/google_kms/google_kms_crypto_key_version/state_allowed/policy.rego +++ b/policies/gcp/google_kms/google_kms_crypto_key_version/state_allowed/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_crypto_key_version.state_allowed -import data.terraform.gcp.helpers as helpers +import data.terraform.helpers as helpers import data.terraform.gcp.security.google_kms.google_kms_crypto_key_version.vars conditions :=[ diff --git a/policies/gcp/google_kms/google_kms_ekm_connection/approved_location/policy.rego b/policies/gcp/google_kms/google_kms_ekm_connection/approved_location/policy.rego index 0c2529580..a52d1b6ce 100644 --- a/policies/gcp/google_kms/google_kms_ekm_connection/approved_location/policy.rego +++ b/policies/gcp/google_kms/google_kms_ekm_connection/approved_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_ekm_connection.approved_location -import data.terraform.gcp.helpers as helpers +import data.terraform.helpers as helpers import data.terraform.gcp.security.google_kms.google_kms_ekm_connection.vars as vars conditions := [ diff --git a/policies/gcp/google_kms/google_kms_ekm_connection/cert_hostname_match/policy.rego b/policies/gcp/google_kms/google_kms_ekm_connection/cert_hostname_match/policy.rego index 8cb0eb07d..716f6ca20 100644 --- a/policies/gcp/google_kms/google_kms_ekm_connection/cert_hostname_match/policy.rego +++ b/policies/gcp/google_kms/google_kms_ekm_connection/cert_hostname_match/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_ekm_connection.cert_hostname_match -import data.terraform.gcp.helpers as helpers +import data.terraform.helpers as helpers import data.terraform.gcp.security.google_kms.google_kms_ekm_connection.vars as vars conditions := [ diff --git a/policies/gcp/google_kms/google_kms_key_handle/approved_location/policy.rego b/policies/gcp/google_kms/google_kms_key_handle/approved_location/policy.rego index 617355465..85e8ca70b 100644 --- a/policies/gcp/google_kms/google_kms_key_handle/approved_location/policy.rego +++ b/policies/gcp/google_kms/google_kms_key_handle/approved_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_key_handle.approved_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_kms.google_kms_key_handle.vars conditions := [ diff --git a/policies/gcp/google_kms/google_kms_key_handle/approved_resources/policy.rego b/policies/gcp/google_kms/google_kms_key_handle/approved_resources/policy.rego index c7ecfdf5b..41d320c01 100644 --- a/policies/gcp/google_kms/google_kms_key_handle/approved_resources/policy.rego +++ b/policies/gcp/google_kms/google_kms_key_handle/approved_resources/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_key_handle.approved_resources -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_kms.google_kms_key_handle.vars conditions := [ diff --git a/policies/gcp/google_kms/google_kms_key_ring/allowed_location/policy.rego b/policies/gcp/google_kms/google_kms_key_ring/allowed_location/policy.rego index 78e8fb644..f51dce081 100644 --- a/policies/gcp/google_kms/google_kms_key_ring/allowed_location/policy.rego +++ b/policies/gcp/google_kms/google_kms_key_ring/allowed_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_key_ring.allowed_location -import data.terraform.gcp.helpers as helpers +import data.terraform.helpers as helpers import data.terraform.gcp.security.google_kms.google_kms_key_ring.vars as vars conditions :=[ diff --git a/policies/gcp/google_kms/google_kms_key_ring_import_job/import_method/policy.rego b/policies/gcp/google_kms/google_kms_key_ring_import_job/import_method/policy.rego index c8ea53290..c6f63b9ae 100644 --- a/policies/gcp/google_kms/google_kms_key_ring_import_job/import_method/policy.rego +++ b/policies/gcp/google_kms/google_kms_key_ring_import_job/import_method/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_key_ring_import_job.import_method -import data.terraform.gcp.helpers as helpers +import data.terraform.helpers as helpers import data.terraform.gcp.security.google_kms.google_kms_key_ring_import_job.vars as vars conditions := [ diff --git a/policies/gcp/google_kms/google_kms_key_ring_import_job/protection_level/policy.rego b/policies/gcp/google_kms/google_kms_key_ring_import_job/protection_level/policy.rego index e82bc459a..772405072 100644 --- a/policies/gcp/google_kms/google_kms_key_ring_import_job/protection_level/policy.rego +++ b/policies/gcp/google_kms/google_kms_key_ring_import_job/protection_level/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_key_ring_import_job.protection_level -import data.terraform.gcp.helpers as helpers +import data.terraform.helpers as helpers import data.terraform.gcp.security.google_kms.google_kms_key_ring_import_job.vars as vars conditions := [ diff --git a/policies/gcp/google_kms/google_kms_secret_ciphertext/crypto_key/policy.rego b/policies/gcp/google_kms/google_kms_secret_ciphertext/crypto_key/policy.rego index df1e61e10..5583aace3 100644 --- a/policies/gcp/google_kms/google_kms_secret_ciphertext/crypto_key/policy.rego +++ b/policies/gcp/google_kms/google_kms_secret_ciphertext/crypto_key/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.google_kms.google_kms_secret_ciphertext.crypto_key -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.google_kms.google_kms_secret_ciphertext.vars situations := [ diff --git a/policies/gcp/identity_aware_proxy/google_iap_app_engine_service_iam/member/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_app_engine_service_iam/member/policy.rego index a4aeaf92c..f63130a2c 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_app_engine_service_iam/member/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_app_engine_service_iam/member/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_app_engine_service_iam.member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_app_engine_service_iam.vars conditions := [ diff --git a/policies/gcp/identity_aware_proxy/google_iap_app_engine_service_iam/role/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_app_engine_service_iam/role/policy.rego index c7d13bd94..1280bf3b9 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_app_engine_service_iam/role/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_app_engine_service_iam/role/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_app_engine_service_iam.role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_app_engine_service_iam.vars # SECURITY POLICY for `role` (exact-match, helper-friendly) diff --git a/policies/gcp/identity_aware_proxy/google_iap_brand/application_title/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_brand/application_title/policy.rego index 25ff6f72e..68d0daed3 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_brand/application_title/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_brand/application_title/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_brand.application_title -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_brand.vars # c.tf title (allowed): "Cloud IAP – Customer Portal" diff --git a/policies/gcp/identity_aware_proxy/google_iap_brand/support_email/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_brand/support_email/policy.rego index ef7a32cfe..37243dd92 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_brand/support_email/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_brand/support_email/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_brand.support_email -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_brand.vars # SECURITY POLICY (exact-match; helper-friendly) diff --git a/policies/gcp/identity_aware_proxy/google_iap_settings/allowed_domain/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_settings/allowed_domain/policy.rego index 1cdf19234..6de89d485 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_settings/allowed_domain/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_settings/allowed_domain/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_settings.allowed_domain -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_settings.vars # Enforce Allowed Domains: feature enabled + corporate domain only diff --git a/policies/gcp/identity_aware_proxy/google_iap_settings/cookie_domain/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_settings/cookie_domain/policy.rego index 9738bfff2..546ace05f 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_settings/cookie_domain/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_settings/cookie_domain/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_settings.cookie_domain -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_settings.vars # SECURITY POLICY (exact-match; helper-friendly) diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/member/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/member/policy.rego index 391370e80..c111c3319 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/member/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/member/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_backend_service_iam.member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_backend_service_iam as vars # Exact-match conditions (helper-friendly) diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/role/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/role/policy.rego index b9f98429f..ca1ce0ec2 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/role/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/role/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_backend_service_iam.role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_backend_service_iam as vars conditions := [ diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/web_backend_service/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/web_backend_service/policy.rego index 778e78427..d6a33c41e 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/web_backend_service/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_backend_service_iam/web_backend_service/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_backend_service_iam.web_backend_service -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_backend_service_iam as vars conditions := [ diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/cloud_run_service_name/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/cloud_run_service_name/policy.rego index 48acbea1c..b4ce2e612 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/cloud_run_service_name/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/cloud_run_service_name/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_cloud_run_service_iam.cloud_run_service_name -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_cloud_run_service_iam as vars # 1) Block sensitive admin consoles diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/location/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/location/policy.rego index d0e217b29..0036708f4 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/location/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_cloud_run_service_iam.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_cloud_run_service_iam as vars conditions := [ diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/member/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/member/policy.rego index 05ce350dc..ba5843786 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/member/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/member/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_cloud_run_service_iam.member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_cloud_run_service_iam as vars conditions := [ diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/role/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/role/policy.rego index dec182073..bc4d61e26 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/role/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_cloud_run_service_iam/role/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_cloud_run_service_iam.role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_cloud_run_service_iam as vars conditions := [ diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_forwarding_rule_service_iam/forwarding_rule/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_forwarding_rule_service_iam/forwarding_rule/policy.rego index 079da1847..795dea252 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_forwarding_rule_service_iam/forwarding_rule/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_forwarding_rule_service_iam/forwarding_rule/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_forwarding_rule_service_iam.forwarding_rule_service_name -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_forwarding_rule_service_iam as vars conditions := [ diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_forwarding_rule_service_iam/project/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_forwarding_rule_service_iam/project/policy.rego index 3a3452be0..d302c7640 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_forwarding_rule_service_iam/project/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_forwarding_rule_service_iam/project/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_forwarding_rule_service_iam.project -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_forwarding_rule_service_iam as vars # Security goals: diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_iam/condition/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_iam/condition/policy.rego index 3a95057b0..a023f9c0f 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_iam/condition/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_iam/condition/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_iam.condition -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_iam as vars # Enforce: every IAP Web IAM binding must include a non-empty 'condition' block. diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_iam/member/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_iam/member/policy.rego index 3786d71fd..107d2c28f 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_iam/member/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_iam/member/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_iam.member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_iam as vars # Exact-match conditions to work with your helpers. diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_iam/role/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_iam/role/policy.rego index 297af405a..edc25019c 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_iam/role/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_iam/role/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_iam.role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_iam as vars # Enforce least-privilege role for IAP Web access. diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_type_compute_iam/member/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_type_compute_iam/member/policy.rego index 6b9ebb5d9..d0d785167 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_type_compute_iam/member/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_type_compute_iam/member/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_type_compute_iam.member -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_type_compute_iam.vars # Exact-match conditions (helper-friendly) diff --git a/policies/gcp/identity_aware_proxy/google_iap_web_type_compute_iam/role/policy.rego b/policies/gcp/identity_aware_proxy/google_iap_web_type_compute_iam/role/policy.rego index 00c5d328b..ad9977d78 100644 --- a/policies/gcp/identity_aware_proxy/google_iap_web_type_compute_iam/role/policy.rego +++ b/policies/gcp/identity_aware_proxy/google_iap_web_type_compute_iam/role/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.identity_aware_proxy.google_iap_web_type_compute_iam.role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.identity_aware_proxy.google_iap_web_type_compute_iam.vars conditions := [ diff --git a/policies/gcp/looker/core/cmek_required/policy.rego b/policies/gcp/looker/core/cmek_required/policy.rego index e2f9d1ec6..a3a825bfe 100644 --- a/policies/gcp/looker/core/cmek_required/policy.rego +++ b/policies/gcp/looker/core/cmek_required/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.looker.core.cmek_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars conditions := [ diff --git a/policies/gcp/looker/core/consumer_network_set/policy.rego b/policies/gcp/looker/core/consumer_network_set/policy.rego index b5115c286..4669ea421 100644 --- a/policies/gcp/looker/core/consumer_network_set/policy.rego +++ b/policies/gcp/looker/core/consumer_network_set/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.looker.core.consumer_network_set -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars conditions := [ diff --git a/policies/gcp/looker/core/custom_domain_when_private/policy.rego b/policies/gcp/looker/core/custom_domain_when_private/policy.rego index fd7c95649..ef8d8258c 100644 --- a/policies/gcp/looker/core/custom_domain_when_private/policy.rego +++ b/policies/gcp/looker/core/custom_domain_when_private/policy.rego @@ -1,7 +1,7 @@ # policies/gcp/looker/core/custom_domain_when_private/policy.rego package terraform.gcp.security.looker.core.custom_domain_when_private -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars # IF public_ip_enabled == false THEN custom_domain.domain must be set diff --git a/policies/gcp/looker/core/disallow_trial_editions/policy.rego b/policies/gcp/looker/core/disallow_trial_editions/policy.rego index 771baa52b..56e56765a 100644 --- a/policies/gcp/looker/core/disallow_trial_editions/policy.rego +++ b/policies/gcp/looker/core/disallow_trial_editions/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.looker.core.disallow_trial_editions -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars conditions := [ diff --git a/policies/gcp/looker/core/fips_required/policy.rego b/policies/gcp/looker/core/fips_required/policy.rego index 8d30aa78a..54d3f90e0 100644 --- a/policies/gcp/looker/core/fips_required/policy.rego +++ b/policies/gcp/looker/core/fips_required/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.looker.core.fips_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars conditions := [ diff --git a/policies/gcp/looker/core/maintenance_window_set/policy.rego b/policies/gcp/looker/core/maintenance_window_set/policy.rego index 19cd2889d..6751fa55c 100644 --- a/policies/gcp/looker/core/maintenance_window_set/policy.rego +++ b/policies/gcp/looker/core/maintenance_window_set/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.looker.core.maintenance_window_set -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars conditions := [ diff --git a/policies/gcp/looker/core/no_public_ip/policy.rego b/policies/gcp/looker/core/no_public_ip/policy.rego index 1195cb3f7..d492deb7a 100644 --- a/policies/gcp/looker/core/no_public_ip/policy.rego +++ b/policies/gcp/looker/core/no_public_ip/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.looker.core.no_public_ip -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars conditions := [ diff --git a/policies/gcp/looker/core/oauth_config_present/policy.rego b/policies/gcp/looker/core/oauth_config_present/policy.rego index 2c034dab2..7a2a9a472 100644 --- a/policies/gcp/looker/core/oauth_config_present/policy.rego +++ b/policies/gcp/looker/core/oauth_config_present/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.looker.core.oauth_config_present -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars conditions := [ diff --git a/policies/gcp/looker/core/private_connectivity_required/policy.rego b/policies/gcp/looker/core/private_connectivity_required/policy.rego index 5cf516494..367d40712 100644 --- a/policies/gcp/looker/core/private_connectivity_required/policy.rego +++ b/policies/gcp/looker/core/private_connectivity_required/policy.rego @@ -1,7 +1,7 @@ # policies/gcp/looker/core/private_connectivity_required/policy.rego package terraform.gcp.security.looker.core.private_connectivity_required -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars # Policy intent: diff --git a/policies/gcp/looker/core/psc_mode_hygiene/policy.rego b/policies/gcp/looker/core/psc_mode_hygiene/policy.rego index 93ca9e72d..8c686e080 100644 --- a/policies/gcp/looker/core/psc_mode_hygiene/policy.rego +++ b/policies/gcp/looker/core/psc_mode_hygiene/policy.rego @@ -1,7 +1,7 @@ # policies/gcp/looker/core/psc_mode_hygiene/policy.rego package terraform.gcp.security.looker.core.psc_mode_hygiene -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars # Intent: If PSC is enabled, BOTH public_ip_enabled and private_ip_enabled must be false. diff --git a/policies/gcp/looker/core/reserved_range_for_psa_psc/policy.rego b/policies/gcp/looker/core/reserved_range_for_psa_psc/policy.rego index 33edab338..39f9116e6 100644 --- a/policies/gcp/looker/core/reserved_range_for_psa_psc/policy.rego +++ b/policies/gcp/looker/core/reserved_range_for_psa_psc/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.looker.core.reserved_range_for_psa_psc -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.looker.core.vars conditions := [ diff --git a/policies/gcp/lustre/lustre_instance/allowed_location/policy.rego b/policies/gcp/lustre/lustre_instance/allowed_location/policy.rego index 01540da11..39917a527 100644 --- a/policies/gcp/lustre/lustre_instance/allowed_location/policy.rego +++ b/policies/gcp/lustre/lustre_instance/allowed_location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.lustre.lustre_instance.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.lustre.lustre_instance.vars diff --git a/policies/gcp/lustre/lustre_instance/allowed_vpc_network/policy.rego b/policies/gcp/lustre/lustre_instance/allowed_vpc_network/policy.rego index 518f179d9..ecc6b004c 100644 --- a/policies/gcp/lustre/lustre_instance/allowed_vpc_network/policy.rego +++ b/policies/gcp/lustre/lustre_instance/allowed_vpc_network/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.lustre.lustre_instance.allowed_vpc_network -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.lustre.lustre_instance.vars conditions := [ diff --git a/policies/gcp/lustre/lustre_instance/gke_support_enabled/policy.rego b/policies/gcp/lustre/lustre_instance/gke_support_enabled/policy.rego index bc6fd5371..2f0c191b3 100644 --- a/policies/gcp/lustre/lustre_instance/gke_support_enabled/policy.rego +++ b/policies/gcp/lustre/lustre_instance/gke_support_enabled/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.lustre.lustre_instance.gke_support_enabled -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.lustre.lustre_instance.vars conditions := [ diff --git a/policies/gcp/lustre/lustre_instance/valid_per_unit_storage_throughput/policy.rego b/policies/gcp/lustre/lustre_instance/valid_per_unit_storage_throughput/policy.rego index d08a29fca..a44ebaf8f 100644 --- a/policies/gcp/lustre/lustre_instance/valid_per_unit_storage_throughput/policy.rego +++ b/policies/gcp/lustre/lustre_instance/valid_per_unit_storage_throughput/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.lustre.lustre_instance.valid_per_unit_storage_throughput -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.lustre.lustre_instance.vars conditions := [ diff --git a/policies/gcp/managed_kafka/google_managed_kafka_acl/global_acls/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_acl/global_acls/policy.rego index 6fb7f5ed1..e1c53979e 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_acl/global_acls/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_acl/global_acls/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_acl.global_acls -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_acl.vars conditions := [ diff --git a/policies/gcp/managed_kafka/google_managed_kafka_acl/secured_acl_entries/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_acl/secured_acl_entries/policy.rego index bbdd1e379..33e11e316 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_acl/secured_acl_entries/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_acl/secured_acl_entries/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_acl.secured_acl_entries -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_acl.vars conditions := [ diff --git a/policies/gcp/managed_kafka/google_managed_kafka_acl/wildcard_principals/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_acl/wildcard_principals/policy.rego index 2661f01ef..662056abc 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_acl/wildcard_principals/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_acl/wildcard_principals/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_acl.wildcard_principals -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_acl.vars diff --git a/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_cluster/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_cluster/policy.rego index 4744704c3..d63a1a797 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_cluster/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_cluster/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_cluster.kafka_cluster -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_cluster.vars conditions := [ diff --git a/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_cmek_enforcement/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_cmek_enforcement/policy.rego index 7d82393dc..749060867 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_cmek_enforcement/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_cmek_enforcement/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_cluster.kafka_cmek_enforcement -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_cluster.vars conditions := [ diff --git a/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_mtls_enforcement/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_mtls_enforcement/policy.rego index 266a8e876..0a647d5d8 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_mtls_enforcement/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_cluster/kafka_mtls_enforcement/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_cluster.kafka_mtls_enforcement -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_cluster.vars diff --git a/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/cluster_binding/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/cluster_binding/policy.rego index c9035b435..7d80040d5 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/cluster_binding/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/cluster_binding/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_connect_cluster.cluster_binding -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_connect_cluster.vars conditions := [ diff --git a/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/disallow_public_exposure/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/disallow_public_exposure/policy.rego index 9daf84a5f..50310e314 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/disallow_public_exposure/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/disallow_public_exposure/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_connect_cluster.disallow_public_exposure -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_connect_cluster.vars conditions := [ diff --git a/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/enforce_private_networking/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/enforce_private_networking/policy.rego index a2b33e7a7..732c508b0 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/enforce_private_networking/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_connect_cluster/enforce_private_networking/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_connect_cluster.enforce_private_networking -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_connect_cluster.vars conditions := [ diff --git a/policies/gcp/managed_kafka/google_managed_kafka_connector/enforce_connector/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_connector/enforce_connector/policy.rego index 2412f93f7..57c15760f 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_connector/enforce_connector/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_connector/enforce_connector/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_connector.enforce_connector -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_connector.vars diff --git a/policies/gcp/managed_kafka/google_managed_kafka_connector/task_restart/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_connector/task_restart/policy.rego index b827cf929..50d387586 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_connector/task_restart/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_connector/task_restart/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_connector.task_restart -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_connector.vars conditions := [ diff --git a/policies/gcp/managed_kafka/google_managed_kafka_topic/secure_topic_config/policy.rego b/policies/gcp/managed_kafka/google_managed_kafka_topic/secure_topic_config/policy.rego index e01b093fb..c6c079fad 100644 --- a/policies/gcp/managed_kafka/google_managed_kafka_topic/secure_topic_config/policy.rego +++ b/policies/gcp/managed_kafka/google_managed_kafka_topic/secure_topic_config/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.managed_kafka.google_managed_kafka_topic.secure_topic_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.managed_kafka.google_managed_kafka_topic.vars conditions := [ diff --git a/policies/gcp/memcache/google_memcache_instance/authorized_network/policy.rego b/policies/gcp/memcache/google_memcache_instance/authorized_network/policy.rego index 503fc9cb6..755cc3020 100644 --- a/policies/gcp/memcache/google_memcache_instance/authorized_network/policy.rego +++ b/policies/gcp/memcache/google_memcache_instance/authorized_network/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.memcache.google_memcache_instance.authorized_network -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.memcache.google_memcache_instance.vars conditions := [ diff --git a/policies/gcp/memcache/google_memcache_instance/maintenance_policy/policy.rego b/policies/gcp/memcache/google_memcache_instance/maintenance_policy/policy.rego index c7a662871..9791c5161 100644 --- a/policies/gcp/memcache/google_memcache_instance/maintenance_policy/policy.rego +++ b/policies/gcp/memcache/google_memcache_instance/maintenance_policy/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.memcache.google_memcache_instance.maintenance_policy -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.memcache.google_memcache_instance.vars conditions := [ diff --git a/policies/gcp/memcache/google_memcache_instance/memcache_version/policy.rego b/policies/gcp/memcache/google_memcache_instance/memcache_version/policy.rego index 239528d87..c928ff271 100644 --- a/policies/gcp/memcache/google_memcache_instance/memcache_version/policy.rego +++ b/policies/gcp/memcache/google_memcache_instance/memcache_version/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.memcache.google_memcache_instance.memcache_version -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.memcache.google_memcache_instance.vars conditions := [ diff --git a/policies/gcp/memcache/google_memcache_instance/reserved_ip_range_id/policy.rego b/policies/gcp/memcache/google_memcache_instance/reserved_ip_range_id/policy.rego index 6116a6c91..6d930ab8f 100644 --- a/policies/gcp/memcache/google_memcache_instance/reserved_ip_range_id/policy.rego +++ b/policies/gcp/memcache/google_memcache_instance/reserved_ip_range_id/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.memcache.google_memcache_instance.reserved_ip_range_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.memcache.google_memcache_instance.vars conditions := [ diff --git a/policies/gcp/memorystore/memorystore_instance/authorization_mode/policy.rego b/policies/gcp/memorystore/memorystore_instance/authorization_mode/policy.rego index 38bb5fedb..aa8775ef2 100644 --- a/policies/gcp/memorystore/memorystore_instance/authorization_mode/policy.rego +++ b/policies/gcp/memorystore/memorystore_instance/authorization_mode/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.memorystore_instance.authorization_mode -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.memorystore.memorystore_instance.vars conditions := [ diff --git a/policies/gcp/memorystore/memorystore_instance/deletion_protection_config/policy.rego b/policies/gcp/memorystore/memorystore_instance/deletion_protection_config/policy.rego index e2d3a7d3d..2297e74c6 100644 --- a/policies/gcp/memorystore/memorystore_instance/deletion_protection_config/policy.rego +++ b/policies/gcp/memorystore/memorystore_instance/deletion_protection_config/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.memorystore_instance.deletion_protection_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.memorystore.memorystore_instance.vars conditions := [ diff --git a/policies/gcp/model_armor/google_model_armor_floorsetting/confidence_level/policy.rego b/policies/gcp/model_armor/google_model_armor_floorsetting/confidence_level/policy.rego index 0d40de02b..d8ce53a1a 100644 --- a/policies/gcp/model_armor/google_model_armor_floorsetting/confidence_level/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_floorsetting/confidence_level/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_floorsetting.confidence_level -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_floorsetting.vars diff --git a/policies/gcp/model_armor/google_model_armor_floorsetting/filter_config/policy.rego b/policies/gcp/model_armor/google_model_armor_floorsetting/filter_config/policy.rego index a6c941d0d..1dc6da99d 100644 --- a/policies/gcp/model_armor/google_model_armor_floorsetting/filter_config/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_floorsetting/filter_config/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_floorsetting.filter_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_floorsetting.vars diff --git a/policies/gcp/model_armor/google_model_armor_floorsetting/filter_config_sub_attributes/policy.rego b/policies/gcp/model_armor/google_model_armor_floorsetting/filter_config_sub_attributes/policy.rego index 6db78c624..fcaf48de1 100644 --- a/policies/gcp/model_armor/google_model_armor_floorsetting/filter_config_sub_attributes/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_floorsetting/filter_config_sub_attributes/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_floorsetting.filter_config_sub_attributes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_floorsetting.vars diff --git a/policies/gcp/model_armor/google_model_armor_floorsetting/filter_type/policy.rego b/policies/gcp/model_armor/google_model_armor_floorsetting/filter_type/policy.rego index 6b7004de5..7806cc79d 100644 --- a/policies/gcp/model_armor/google_model_armor_floorsetting/filter_type/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_floorsetting/filter_type/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_floorsetting.filter_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_floorsetting.vars diff --git a/policies/gcp/model_armor/google_model_armor_floorsetting/location/policy.rego b/policies/gcp/model_armor/google_model_armor_floorsetting/location/policy.rego index 11d485475..a05db27f4 100644 --- a/policies/gcp/model_armor/google_model_armor_floorsetting/location/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_floorsetting/location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_floorsetting.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_floorsetting.vars # Condition: location must always be "global" diff --git a/policies/gcp/model_armor/google_model_armor_template/confidence_level/policy.rego b/policies/gcp/model_armor/google_model_armor_template/confidence_level/policy.rego index 000f4801a..cc09b1817 100644 --- a/policies/gcp/model_armor/google_model_armor_template/confidence_level/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_template/confidence_level/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_template.confidence_level -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_template.vars diff --git a/policies/gcp/model_armor/google_model_armor_template/filter_config/policy.rego b/policies/gcp/model_armor/google_model_armor_template/filter_config/policy.rego index 17e138037..c5032e5e6 100644 --- a/policies/gcp/model_armor/google_model_armor_template/filter_config/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_template/filter_config/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_template.filter_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_template.vars diff --git a/policies/gcp/model_armor/google_model_armor_template/filter_config_sub_attributes/policy.rego b/policies/gcp/model_armor/google_model_armor_template/filter_config_sub_attributes/policy.rego index 386213119..8be4bfb7f 100644 --- a/policies/gcp/model_armor/google_model_armor_template/filter_config_sub_attributes/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_template/filter_config_sub_attributes/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_template.filter_config_sub_attributes -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_template.vars diff --git a/policies/gcp/model_armor/google_model_armor_template/filter_type/policy.rego b/policies/gcp/model_armor/google_model_armor_template/filter_type/policy.rego index 902a3e9eb..1afeac49b 100644 --- a/policies/gcp/model_armor/google_model_armor_template/filter_type/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_template/filter_type/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_template.filter_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_template.vars diff --git a/policies/gcp/model_armor/google_model_armor_template/location/policy.rego b/policies/gcp/model_armor/google_model_armor_template/location/policy.rego index e520430d1..5df5a8f8d 100644 --- a/policies/gcp/model_armor/google_model_armor_template/location/policy.rego +++ b/policies/gcp/model_armor/google_model_armor_template/location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.model_Armor.google_model_armor_template.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.model_Armor.google_model_armor_template.vars # Condition: location must always be "global" diff --git a/policies/gcp/network/policy.rego b/policies/gcp/network/policy.rego index 3ddce9424..eb5ae31af 100644 --- a/policies/gcp/network/policy.rego +++ b/policies/gcp/network/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.service_networking.network -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.service_networking.network.vars allowed_networks := vars.variables["allowed_networks"] diff --git a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/port/policy.rego b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/port/policy.rego index 841d32d5a..25353ffb0 100644 --- a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/port/policy.rego +++ b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/port/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.integration_connectors.google_integration_connectors_connection.port -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.integration_connectors.google_integration_connectors_connection.vars conditions := [ diff --git a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/secret_manager_secret/policy.rego b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/secret_manager_secret/policy.rego index 75ec8e833..af878a46c 100644 --- a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/secret_manager_secret/policy.rego +++ b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/secret_manager_secret/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.integration_connectors.google_integration_connectors_connection.secret_manager_secret -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.integration_connectors.google_integration_connectors_connection.vars conditions := [[ diff --git a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/ssl_config_trust_model/policy.rego b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/ssl_config_trust_model/policy.rego index 723417f9f..c630ebb40 100644 --- a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/ssl_config_trust_model/policy.rego +++ b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/ssl_config_trust_model/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.integration_connectors.google_integration_connectors_connection.ssl_config_trust_model -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.integration_connectors.google_integration_connectors_connection.vars conditions := [ diff --git a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/ssl_config_use_ssl/policy.rego b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/ssl_config_use_ssl/policy.rego index 72ed46032..4aa5ff066 100644 --- a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/ssl_config_use_ssl/policy.rego +++ b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/ssl_config_use_ssl/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.integration_connectors.google_integration_connectors_connection.ssl_config_use_ssl -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.integration_connectors.google_integration_connectors_connection.vars conditions := [ diff --git a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/user_password/policy.rego b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/user_password/policy.rego index 40939eaed..9085aae9f 100644 --- a/policies/gcp/new_integration_connectors/google_integration_connectors_connection/user_password/policy.rego +++ b/policies/gcp/new_integration_connectors/google_integration_connectors_connection/user_password/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.integration_connectors.google_integration_connectors_connection.user_password -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.integration_connectors.google_integration_connectors_connection.vars conditions := [ diff --git a/policies/gcp/new_integration_connectors/google_integration_connectors_endpoint/service_attachment/policy.rego b/policies/gcp/new_integration_connectors/google_integration_connectors_endpoint/service_attachment/policy.rego index fed595980..c1ca6cd2d 100644 --- a/policies/gcp/new_integration_connectors/google_integration_connectors_endpoint/service_attachment/policy.rego +++ b/policies/gcp/new_integration_connectors/google_integration_connectors_endpoint/service_attachment/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.integration_connectors.google_integration_connectors_endpoint.service_attachment -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.integration_connectors.google_integration_connectors_endpoint.vars conditions := [[ diff --git a/policies/gcp/new_integration_connectors/google_integration_connectors_managed_zone/dns_peer_binding/policy.rego b/policies/gcp/new_integration_connectors/google_integration_connectors_managed_zone/dns_peer_binding/policy.rego index abbcc3a48..74bfde4d0 100644 --- a/policies/gcp/new_integration_connectors/google_integration_connectors_managed_zone/dns_peer_binding/policy.rego +++ b/policies/gcp/new_integration_connectors/google_integration_connectors_managed_zone/dns_peer_binding/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.integration_connectors.google_integration_connectors_managed_zone.dns_peer_binding -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.integration_connectors.google_integration_connectors_managed_zone.vars conditions := [[ diff --git a/policies/gcp/new_integration_connectors/google_integration_connectors_managed_zone/managed_zone/policy.rego b/policies/gcp/new_integration_connectors/google_integration_connectors_managed_zone/managed_zone/policy.rego index 912670549..ccfc10f15 100644 --- a/policies/gcp/new_integration_connectors/google_integration_connectors_managed_zone/managed_zone/policy.rego +++ b/policies/gcp/new_integration_connectors/google_integration_connectors_managed_zone/managed_zone/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.integration_connectors.google_integration_connectors_managed_zone.managed_zone -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.integration_connectors.google_integration_connectors_managed_zone.vars conditions := [[ diff --git a/policies/gcp/os_config_v2/policy_orchestrator/action/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator/action/policy.rego index 1d18393a9..f8a0a4532 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator/action/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator/action/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator.action -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator.vars conditions := [ diff --git a/policies/gcp/os_config_v2/policy_orchestrator/orchestrated_resource/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator/orchestrated_resource/policy.rego index 4e05372d3..2f4a0824f 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator/orchestrated_resource/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator/orchestrated_resource/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator.orchestrated_resource -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator.vars conditions := [ diff --git a/policies/gcp/os_config_v2/policy_orchestrator/orchestration_scope/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator/orchestration_scope/policy.rego index a00a4bbf0..43f2a86ff 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator/orchestration_scope/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator/orchestration_scope/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator.orchestration_scope -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator.vars conditions := [ diff --git a/policies/gcp/os_config_v2/policy_orchestrator_for_folder/action/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator_for_folder/action/policy.rego index f9308aaf0..30e949ae5 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator_for_folder/action/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator_for_folder/action/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator_for_folder.action -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator_for_folder.vars conditions := [ diff --git a/policies/gcp/os_config_v2/policy_orchestrator_for_folder/orchestrated_resource/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator_for_folder/orchestrated_resource/policy.rego index 744480cc2..d513ff44d 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator_for_folder/orchestrated_resource/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator_for_folder/orchestrated_resource/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator_for_folder.orchestrated_resource -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator_for_folder.vars conditions := [ diff --git a/policies/gcp/os_config_v2/policy_orchestrator_for_folder/orchestration_scope/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator_for_folder/orchestration_scope/policy.rego index 0a83a7271..14913050d 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator_for_folder/orchestration_scope/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator_for_folder/orchestration_scope/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator_for_folder.orchestration_scope -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator_for_folder.vars conditions := [ diff --git a/policies/gcp/os_config_v2/policy_orchestrator_for_organization/action/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator_for_organization/action/policy.rego index e2a30fa28..28f9b7022 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator_for_organization/action/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator_for_organization/action/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator_for_organization.action -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator_for_organization.vars conditions := [ diff --git a/policies/gcp/os_config_v2/policy_orchestrator_for_organization/orchestrated_resource/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator_for_organization/orchestrated_resource/policy.rego index cfb442a01..a07da86d5 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator_for_organization/orchestrated_resource/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator_for_organization/orchestrated_resource/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator_for_organization.orchestrated_resource -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator_for_organization.vars conditions := [ diff --git a/policies/gcp/os_config_v2/policy_orchestrator_for_organization/organization_id/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator_for_organization/organization_id/policy.rego index 6192348c8..20ec76875 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator_for_organization/organization_id/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator_for_organization/organization_id/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator_for_organization.organization_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator_for_organization.vars conditions := [ diff --git a/policies/gcp/os_config_v2/policy_orchestrator_for_organization/policy_orchestrator_id/policy.rego b/policies/gcp/os_config_v2/policy_orchestrator_for_organization/policy_orchestrator_id/policy.rego index 4bcde4738..86ac5438b 100644 --- a/policies/gcp/os_config_v2/policy_orchestrator_for_organization/policy_orchestrator_id/policy.rego +++ b/policies/gcp/os_config_v2/policy_orchestrator_for_organization/policy_orchestrator_id/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.os_config_v2.policy_orchestrator_for_organization.policy_orchestrator_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.os_config_v2.policy_orchestrator_for_organization.vars conditions := [ diff --git a/policies/gcp/oslogin/google_compute_instance/block_project_ssh_keys/policy.rego b/policies/gcp/oslogin/google_compute_instance/block_project_ssh_keys/policy.rego index 2d1242d78..40dac5e12 100644 --- a/policies/gcp/oslogin/google_compute_instance/block_project_ssh_keys/policy.rego +++ b/policies/gcp/oslogin/google_compute_instance/block_project_ssh_keys/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.oslogin.google_compute_instance.block_project_ssh_keys -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.oslogin.google_compute_instance.vars conditions := [ diff --git a/policies/gcp/oslogin/google_compute_instance/disallow_legacy_metadata_ssh_keys/policy.rego b/policies/gcp/oslogin/google_compute_instance/disallow_legacy_metadata_ssh_keys/policy.rego index dd206eaef..20142e90b 100644 --- a/policies/gcp/oslogin/google_compute_instance/disallow_legacy_metadata_ssh_keys/policy.rego +++ b/policies/gcp/oslogin/google_compute_instance/disallow_legacy_metadata_ssh_keys/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.oslogin.google_compute_instance.disallow_legacy_metadata_ssh_keys -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.oslogin.google_compute_instance.vars conditions := [ diff --git a/policies/gcp/oslogin/google_compute_instance/enabled/policy.rego b/policies/gcp/oslogin/google_compute_instance/enabled/policy.rego index 2c5c2628f..8f8db42fd 100644 --- a/policies/gcp/oslogin/google_compute_instance/enabled/policy.rego +++ b/policies/gcp/oslogin/google_compute_instance/enabled/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.oslogin.google_compute_instance.enabled -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.oslogin.google_compute_instance.vars conditions := [ diff --git a/policies/gcp/oslogin/google_compute_instance/require_service_account/policy.rego b/policies/gcp/oslogin/google_compute_instance/require_service_account/policy.rego index b2c8b9e75..694ce1da3 100644 --- a/policies/gcp/oslogin/google_compute_instance/require_service_account/policy.rego +++ b/policies/gcp/oslogin/google_compute_instance/require_service_account/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.oslogin.google_compute_instance.require_service_account -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.oslogin.google_compute_instance.vars diff --git a/policies/gcp/oslogin/google_compute_instance/require_shielded_vm/policy.rego b/policies/gcp/oslogin/google_compute_instance/require_shielded_vm/policy.rego index 0cba50633..6721969bc 100644 --- a/policies/gcp/oslogin/google_compute_instance/require_shielded_vm/policy.rego +++ b/policies/gcp/oslogin/google_compute_instance/require_shielded_vm/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.oslogin.google_compute_instance.require_shielded_vm -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.oslogin.google_compute_instance.vars conditions := [ diff --git a/policies/gcp/oslogin/google_compute_instance/restrict_external_ip/policy.rego b/policies/gcp/oslogin/google_compute_instance/restrict_external_ip/policy.rego index a01d04b44..db90af577 100644 --- a/policies/gcp/oslogin/google_compute_instance/restrict_external_ip/policy.rego +++ b/policies/gcp/oslogin/google_compute_instance/restrict_external_ip/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.oslogin.google_compute_instance.restrict_external_ip -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.oslogin.google_compute_instance.vars conditions := [ diff --git a/policies/gcp/oslogin/google_compute_instance/twofa/policy.rego b/policies/gcp/oslogin/google_compute_instance/twofa/policy.rego index e3b8108db..aac99343e 100644 --- a/policies/gcp/oslogin/google_compute_instance/twofa/policy.rego +++ b/policies/gcp/oslogin/google_compute_instance/twofa/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.oslogin.google_compute_instance.twofa -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.oslogin.google_compute_instance.vars conditions := [ diff --git a/policies/gcp/parallelstore/google_parallelstore_instance/location/policy.rego b/policies/gcp/parallelstore/google_parallelstore_instance/location/policy.rego index 84546e127..3729278f5 100644 --- a/policies/gcp/parallelstore/google_parallelstore_instance/location/policy.rego +++ b/policies/gcp/parallelstore/google_parallelstore_instance/location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.parallelstore.google_parallelstore_instance.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.parallelstore.google_parallelstore_instance.vars conditions := [ diff --git a/policies/gcp/parameter_manager/parameter/encryption/policy.rego b/policies/gcp/parameter_manager/parameter/encryption/policy.rego index adf825ace..90fa1e13e 100644 --- a/policies/gcp/parameter_manager/parameter/encryption/policy.rego +++ b/policies/gcp/parameter_manager/parameter/encryption/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.parameter_manager.parameter.encryption -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.parameter_manager.parameter.vars conditions := [[ diff --git a/policies/gcp/parameter_manager/regional_parameter/allowed_location/policy.rego b/policies/gcp/parameter_manager/regional_parameter/allowed_location/policy.rego index 102625ab6..548646a1a 100644 --- a/policies/gcp/parameter_manager/regional_parameter/allowed_location/policy.rego +++ b/policies/gcp/parameter_manager/regional_parameter/allowed_location/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.parameter_manager.regional_parameter.allowed_location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.parameter_manager.regional_parameter.vars conditions := [[ diff --git a/policies/gcp/parameter_manager/regional_parameter/encryption/policy.rego b/policies/gcp/parameter_manager/regional_parameter/encryption/policy.rego index 27d1f5ce1..f56682f1b 100644 --- a/policies/gcp/parameter_manager/regional_parameter/encryption/policy.rego +++ b/policies/gcp/parameter_manager/regional_parameter/encryption/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.parameter_manager.regional_parameter.encryption -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.parameter_manager.regional_parameter.vars conditions := [[ diff --git a/policies/gcp/privileged_access_manager/entitlement/additional_notification_targets/policy.rego b/policies/gcp/privileged_access_manager/entitlement/additional_notification_targets/policy.rego index 9e73e97b7..fdc959e36 100644 --- a/policies/gcp/privileged_access_manager/entitlement/additional_notification_targets/policy.rego +++ b/policies/gcp/privileged_access_manager/entitlement/additional_notification_targets/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.privileged_access_manager.entitlement.additional_notification_targets -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.privileged_access_manager.entitlement.vars conditions := [ diff --git a/policies/gcp/privileged_access_manager/entitlement/approval_workflow/policy.rego b/policies/gcp/privileged_access_manager/entitlement/approval_workflow/policy.rego index a1096c934..df063ba8e 100644 --- a/policies/gcp/privileged_access_manager/entitlement/approval_workflow/policy.rego +++ b/policies/gcp/privileged_access_manager/entitlement/approval_workflow/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.privileged_access_manager.entitlement.approval_workflow -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.privileged_access_manager.entitlement.vars conditions := [ diff --git a/policies/gcp/privileged_access_manager/entitlement/eligible_users/policy.rego b/policies/gcp/privileged_access_manager/entitlement/eligible_users/policy.rego index bc49239fe..6de6564de 100644 --- a/policies/gcp/privileged_access_manager/entitlement/eligible_users/policy.rego +++ b/policies/gcp/privileged_access_manager/entitlement/eligible_users/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.privileged_access_manager.entitlement.eligible_users -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.privileged_access_manager.entitlement.vars conditions := [ diff --git a/policies/gcp/privileged_access_manager/entitlement/location/policy.rego b/policies/gcp/privileged_access_manager/entitlement/location/policy.rego index 8c7423bb2..05260309a 100644 --- a/policies/gcp/privileged_access_manager/entitlement/location/policy.rego +++ b/policies/gcp/privileged_access_manager/entitlement/location/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.privileged_access_manager.entitlement.location -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.privileged_access_manager.entitlement.vars conditions := [ diff --git a/policies/gcp/privileged_access_manager/entitlement/max_request_duration/policy.rego b/policies/gcp/privileged_access_manager/entitlement/max_request_duration/policy.rego index 7ba0ff156..f487f2a2d 100644 --- a/policies/gcp/privileged_access_manager/entitlement/max_request_duration/policy.rego +++ b/policies/gcp/privileged_access_manager/entitlement/max_request_duration/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.privileged_access_manager.entitlement.max_request_duration -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.privileged_access_manager.entitlement.vars conditions := [ diff --git a/policies/gcp/privileged_access_manager/entitlement/privileged_access/policy.rego b/policies/gcp/privileged_access_manager/entitlement/privileged_access/policy.rego index b86f6abf8..2036d5582 100644 --- a/policies/gcp/privileged_access_manager/entitlement/privileged_access/policy.rego +++ b/policies/gcp/privileged_access_manager/entitlement/privileged_access/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.privileged_access_manager.entitlement.privileged_access -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.privileged_access_manager.entitlement.vars conditions := [ diff --git a/policies/gcp/privileged_access_manager/entitlement/requester_justification_config/policy.rego b/policies/gcp/privileged_access_manager/entitlement/requester_justification_config/policy.rego index 5b32b6d30..a859c9fe6 100644 --- a/policies/gcp/privileged_access_manager/entitlement/requester_justification_config/policy.rego +++ b/policies/gcp/privileged_access_manager/entitlement/requester_justification_config/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.privileged_access_manager.entitlement.requester_justification_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.privileged_access_manager.entitlement.vars conditions := [ diff --git a/policies/gcp/recaptchaenterprise/key/allow_all_domains/policy.rego b/policies/gcp/recaptchaenterprise/key/allow_all_domains/policy.rego index 47c97ed08..620defb1f 100644 --- a/policies/gcp/recaptchaenterprise/key/allow_all_domains/policy.rego +++ b/policies/gcp/recaptchaenterprise/key/allow_all_domains/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.recaptchaenterprise.key.allow_all_domains -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.recaptchaenterprise.key.vars conditions := [ diff --git a/policies/gcp/recaptchaenterprise/key/allow_amp_traffic/policy.rego b/policies/gcp/recaptchaenterprise/key/allow_amp_traffic/policy.rego index 41a5e5073..551ea35b1 100644 --- a/policies/gcp/recaptchaenterprise/key/allow_amp_traffic/policy.rego +++ b/policies/gcp/recaptchaenterprise/key/allow_amp_traffic/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.recaptchaenterprise.key.allow_amp_traffic -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.recaptchaenterprise.key.vars conditions := [ diff --git a/policies/gcp/recaptchaenterprise/key/challenge_security_preference/policy.rego b/policies/gcp/recaptchaenterprise/key/challenge_security_preference/policy.rego index e4b1c0dd9..2163ba449 100644 --- a/policies/gcp/recaptchaenterprise/key/challenge_security_preference/policy.rego +++ b/policies/gcp/recaptchaenterprise/key/challenge_security_preference/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.recaptchaenterprise.key.challenge_security_preference -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.recaptchaenterprise.key.vars conditions := [ diff --git a/policies/gcp/recaptchaenterprise/key/integration_type/policy.rego b/policies/gcp/recaptchaenterprise/key/integration_type/policy.rego index fcbbf03e9..367805a55 100644 --- a/policies/gcp/recaptchaenterprise/key/integration_type/policy.rego +++ b/policies/gcp/recaptchaenterprise/key/integration_type/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.recaptchaenterprise.key.integration_type -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.recaptchaenterprise.key.vars conditions := [ diff --git a/policies/gcp/registries/analysis_note/expiration_time/policy.rego b/policies/gcp/registries/analysis_note/expiration_time/policy.rego index 194b6ef06..4aed8097e 100644 --- a/policies/gcp/registries/analysis_note/expiration_time/policy.rego +++ b/policies/gcp/registries/analysis_note/expiration_time/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.analysis_note.expiration_time -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.analysis_note.expiration_time.vars conditions := [ diff --git a/policies/gcp/scc/event_threat_detection_custom_module/config/policy.rego b/policies/gcp/scc/event_threat_detection_custom_module/config/policy.rego index b3a6a7912..7477e4733 100644 --- a/policies/gcp/scc/event_threat_detection_custom_module/config/policy.rego +++ b/policies/gcp/scc/event_threat_detection_custom_module/config/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.event_threat_detection_custom_module.config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.event_threat_detection_custom_module.vars conditions := [ diff --git a/policies/gcp/scc/event_threat_detection_custom_module/enablement_state/policy.rego b/policies/gcp/scc/event_threat_detection_custom_module/enablement_state/policy.rego index 7de655a59..5179379af 100644 --- a/policies/gcp/scc/event_threat_detection_custom_module/enablement_state/policy.rego +++ b/policies/gcp/scc/event_threat_detection_custom_module/enablement_state/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.scc.event_threat_detection_custom_module.enablement_state -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.event_threat_detection_custom_module.vars conditions := [ diff --git a/policies/gcp/scc/folder_custom_module/enablement_state/policy.rego b/policies/gcp/scc/folder_custom_module/enablement_state/policy.rego index 85f7a11e5..8be316407 100644 --- a/policies/gcp/scc/folder_custom_module/enablement_state/policy.rego +++ b/policies/gcp/scc/folder_custom_module/enablement_state/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.scc.folder_custom_module.enablement_state -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.folder_custom_module.vars conditions := [ diff --git a/policies/gcp/scc/google_scc_notification_config/allowed_organization/policy.rego b/policies/gcp/scc/google_scc_notification_config/allowed_organization/policy.rego index 9ba016081..38e3fdb25 100644 --- a/policies/gcp/scc/google_scc_notification_config/allowed_organization/policy.rego +++ b/policies/gcp/scc/google_scc_notification_config/allowed_organization/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.google_scc_notification_config.allowed_organization -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.google_scc_notification_config.vars conditions := [ diff --git a/policies/gcp/scc/google_scc_notification_config/pubsub_topic/policy.rego b/policies/gcp/scc/google_scc_notification_config/pubsub_topic/policy.rego index 1b6c93659..5a375d238 100644 --- a/policies/gcp/scc/google_scc_notification_config/pubsub_topic/policy.rego +++ b/policies/gcp/scc/google_scc_notification_config/pubsub_topic/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.google_scc_notification_config.pubsub_topic -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.google_scc_notification_config.vars conditions := [ diff --git a/policies/gcp/scc/google_scc_notification_config/streaming_config/policy.rego b/policies/gcp/scc/google_scc_notification_config/streaming_config/policy.rego index 19aa5dc74..fd25e3ca6 100644 --- a/policies/gcp/scc/google_scc_notification_config/streaming_config/policy.rego +++ b/policies/gcp/scc/google_scc_notification_config/streaming_config/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.google_scc_notification_config.streaming_config -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.google_scc_notification_config.vars conditions := [ diff --git a/policies/gcp/scc/google_scc_organization_scc_big_query_export/big_query_export_id/policy.rego b/policies/gcp/scc/google_scc_organization_scc_big_query_export/big_query_export_id/policy.rego index f10be0224..fd00de2d0 100644 --- a/policies/gcp/scc/google_scc_organization_scc_big_query_export/big_query_export_id/policy.rego +++ b/policies/gcp/scc/google_scc_organization_scc_big_query_export/big_query_export_id/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.google_scc_organization_scc_big_query_export.big_query_export_id -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.google_scc_organization_scc_big_query_export.vars conditions := [ diff --git a/policies/gcp/scc/google_scc_organization_scc_big_query_export/dataset/policy.rego b/policies/gcp/scc/google_scc_organization_scc_big_query_export/dataset/policy.rego index c6cee49b1..90cc130f3 100644 --- a/policies/gcp/scc/google_scc_organization_scc_big_query_export/dataset/policy.rego +++ b/policies/gcp/scc/google_scc_organization_scc_big_query_export/dataset/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.google_scc_organization_scc_big_query_export.dataset -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.google_scc_organization_scc_big_query_export.vars conditions := [ diff --git a/policies/gcp/scc/google_scc_organization_scc_big_query_export/required_filter/policy.rego b/policies/gcp/scc/google_scc_organization_scc_big_query_export/required_filter/policy.rego index 692adc16d..f7d5c710a 100644 --- a/policies/gcp/scc/google_scc_organization_scc_big_query_export/required_filter/policy.rego +++ b/policies/gcp/scc/google_scc_organization_scc_big_query_export/required_filter/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.google_scc_organization_scc_big_query_export.required_filter -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.google_scc_organization_scc_big_query_export.vars conditions := [ diff --git a/policies/gcp/scc/google_scc_source_iam_binding/allowed_role/policy.rego b/policies/gcp/scc/google_scc_source_iam_binding/allowed_role/policy.rego index 821b234f7..c7c917604 100644 --- a/policies/gcp/scc/google_scc_source_iam_binding/allowed_role/policy.rego +++ b/policies/gcp/scc/google_scc_source_iam_binding/allowed_role/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.google_scc_source_iam_binding.allowed_role -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.google_scc_source_iam_binding.vars conditions := [ diff --git a/policies/gcp/scc/google_scc_source_iam_binding/members/policy.rego b/policies/gcp/scc/google_scc_source_iam_binding/members/policy.rego index ffa06a0de..644d03154 100644 --- a/policies/gcp/scc/google_scc_source_iam_binding/members/policy.rego +++ b/policies/gcp/scc/google_scc_source_iam_binding/members/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.google_scc_source_iam_binding.members -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.google_scc_source_iam_binding.vars conditions := [ diff --git a/policies/gcp/scc/mute_config/filter/policy.rego b/policies/gcp/scc/mute_config/filter/policy.rego index 0312df350..1dfb99a65 100644 --- a/policies/gcp/scc/mute_config/filter/policy.rego +++ b/policies/gcp/scc/mute_config/filter/policy.rego @@ -1,6 +1,6 @@ package terraform.gcp.security.scc.mute_config.filter -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.mute_config.vars conditions := [ diff --git a/policies/gcp/scc/organization_custom_module/enablement_state/policy.rego b/policies/gcp/scc/organization_custom_module/enablement_state/policy.rego index f0e797257..27424b56c 100644 --- a/policies/gcp/scc/organization_custom_module/enablement_state/policy.rego +++ b/policies/gcp/scc/organization_custom_module/enablement_state/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.scc.organization_custom_module.enablement_state -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.organization_custom_module.vars conditions := [ diff --git a/policies/gcp/scc/project_custom_module/enablement_state/policy.rego b/policies/gcp/scc/project_custom_module/enablement_state/policy.rego index ce66c2006..7d688b393 100644 --- a/policies/gcp/scc/project_custom_module/enablement_state/policy.rego +++ b/policies/gcp/scc/project_custom_module/enablement_state/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security.scc.project_custom_module.enablement_state -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security.scc.project_custom_module.vars conditions := [ diff --git a/templates/gcp/policy.rego b/templates/gcp/policy.rego index 86198ff34..d2435ec1f 100644 --- a/templates/gcp/policy.rego +++ b/templates/gcp/policy.rego @@ -1,5 +1,5 @@ package terraform.gcp.security... # Edit here -import data.terraform.gcp.helpers +import data.terraform.helpers import data.terraform.gcp.security...vars # STEP 1: STUDY YOUR RESOURCE AND ITS ATTRIBUTES, THEN FILL IN THE VARS FILE From 00948cfe0e54eb597cad1b5b65f6436af60d7954 Mon Sep 17 00:00:00 2001 From: Paul Curtis <32033064+paulJRCurtis@users.noreply.github.com> Date: Thu, 18 Dec 2025 07:43:23 +1100 Subject: [PATCH 10/21] Enhance auto-test script to normalize policies root and remove shim (#253) Refactors how the auto-test script locates and loads shared policy helpers, ensuring robust and flexible handling of policy directory structures. The goal is to make it easier for users to run policy tests from service-specific directories while guaranteeing that the shared `_helpers` module is always available for OPA evaluation. Additionally, it removes a deprecated GCP helper shim, as all policies now use the unified helpers location. Key changes include: * Added a `normalize_policies_root` function in `auto_test.py` to traverse up from the user-provided policies directory to find the root containing the `_helpers` module. * Removed the obsolete `policies/gcp/_helpers/helpers.rego` shim, as GCP policies now directly use the unified `terraform.helpers` module. * Changed the `terraform show` command in `run_terraform_commands` to use a pipe (`| cat > plan.json`) for improved cross-platform compatibility. --- policies/gcp/_helpers/helpers.rego | 11 ------- scripts/auto_test/auto_test.py | 52 ++++++++++++++++++++++++++---- 2 files changed, 46 insertions(+), 17 deletions(-) delete mode 100644 policies/gcp/_helpers/helpers.rego diff --git a/policies/gcp/_helpers/helpers.rego b/policies/gcp/_helpers/helpers.rego deleted file mode 100644 index bf811d45f..000000000 --- a/policies/gcp/_helpers/helpers.rego +++ /dev/null @@ -1,11 +0,0 @@ -package terraform.gcp.helpers - -# Shim to redirect to common helpers at policies/_helpers/ -# This allows existing GCP policies to continue using terraform.gcp.helpers -# while the actual implementation has moved to terraform.helpers - -import data.terraform.helpers - -# Re-export the function that policies actually use -# In Rego, we need to wrap the function call, not assign it -get_multi_summary(situations, variables) = helpers.get_multi_summary(situations, variables) diff --git a/scripts/auto_test/auto_test.py b/scripts/auto_test/auto_test.py index 5cf2f2683..85b79bf27 100644 --- a/scripts/auto_test/auto_test.py +++ b/scripts/auto_test/auto_test.py @@ -8,6 +8,37 @@ from pathlib import Path +def normalize_policies_root(provided_root: Path) -> Path: + """ + Traverse up the directory tree to find the root containing _helpers module. + + This handles cases where users pass service-specific policy paths (e.g., + ./policies/gcp/service_name) but OPA needs access to the shared helpers + located at policies/_helpers. The function ensures OPA can always load + the terraform.helpers module and its dependencies. + + Args: + provided_root: The policies root directory provided by the user + + Returns: + The actual policies root containing _helpers directory + """ + current = Path(provided_root).resolve() + max_traversal = 5 # Safety limit to prevent infinite loops + + for _ in range(max_traversal): + if (current / "_helpers").exists(): + return current + parent = current.parent + if parent == current: # Reached filesystem root + break + current = parent + + # If helpers not found, return original path + # (will fail with OPA error showing undefined function) + return Path(provided_root).resolve() + + def extract_path_parts(path: Path): if len(path.parts) < 3: sys.exit(f"Invalid path: {path}") @@ -152,7 +183,7 @@ def run_terraform_commands(input_dir: Path, verbose: bool = False) -> Path | Non commands = [ ("terraform init -backend=false"), ("terraform plan -refresh=false -lock=false -input=false -out=plan"), - ("terraform show -json plan > plan.json") + ("terraform show -json plan | cat > plan.json") ] for cmd in commands: @@ -283,7 +314,15 @@ def cleanup_workspace(workdir: Path): except Exception as e: pass -def find_matching_pairs(inputs_root: Path, policies_root: Path): +def find_matching_pairs(inputs_root: Path, policies_base_root: Path, policies_search_root: Path): + """ + Find matching input/policy directory pairs. + + Args: + inputs_root: Root directory for Terraform input files + policies_base_root: The actual root containing _helpers (for OPA evaluation) + policies_search_root: The user-provided policies root (for path matching) + """ def is_leaf_terraform_dir(directory: Path) -> bool: # Must have .tf in this directory if not any(f.suffix == ".tf" for f in directory.glob("*.tf")): @@ -299,7 +338,7 @@ def is_leaf_terraform_dir(directory: Path) -> bool: for input_dir in input_dirs: relative = input_dir.relative_to(inputs_root) - policy_dir = policies_root / relative + policy_dir = policies_search_root / relative if policy_dir.is_dir(): pairs.append((input_dir, policy_dir)) else: @@ -316,9 +355,10 @@ def main(): args = parser.parse_args() inputs_root = Path(args.inputs) - policies_root = Path(args.policies) + policies_search_root = Path(args.policies) + policies_base_root = normalize_policies_root(policies_search_root) - pairs = find_matching_pairs(inputs_root, policies_root) + pairs = find_matching_pairs(inputs_root, policies_base_root, policies_search_root) if not pairs: print(" No matching input/policy pairs found.") sys.exit(1) @@ -326,7 +366,7 @@ def main(): results = [] failure_flag = False for input_dir, policy_dir in pairs: - result = run_policy_check_pair(input_dir, policy_dir, policies_root, verbose=args.verbose) + result = run_policy_check_pair(input_dir, policy_dir, policies_base_root, verbose=args.verbose) results.append(result) # Grouped summary by service -> resource From 3d7d8373b7f008db3cef8b96f9a7fcbb32fcbfa4 Mon Sep 17 00:00:00 2001 From: Paul Curtis <32033064+paulJRCurtis@users.noreply.github.com> Date: Tue, 20 Jan 2026 09:21:43 +1100 Subject: [PATCH 11/21] Feature/access context manager (#241) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Output of local run of auto-test - see my comment below for github auto-test results explanation. Summary of policy checks: Service: access_context_manager_vpc_service_controls Resource: google_access_context_manager_access_level Policy: require_admin_approval - ✅ Policy: os_type - ✅ Policy: region - ✅ Policy: combining_function - ✅ Policy: require_corp_owned - ✅ Policy: allowed_encryption_statuses - ✅ Policy: require_screen_lock - ✅ Policy: allowed_device_management_levels - ✅ Resource: google_access_context_manager_access_level_condition Policy: require_admin_approval - ✅ Policy: os_type - ✅ Policy: region - ✅ Policy: require_corp_owned - ✅ Policy: require_screen_lock - ✅ Resource: google_access_context_manager_access_levels Policy: os_type - ✅ Policy: region - ✅ Policy: require_screen_lock - ✅ Resource: google_access_context_manager_service_perimeter Policy: status - ✅ --- ...xt_manager_service_perimeter.template.json | 552 ++++++++++++++++++ .../.terraform.lock.hcl | 21 + .../allowed_device_management_levels/c.tf | 12 + .../config.tf | 17 + .../allowed_device_management_levels/nc.tf | 12 + .../.terraform.lock.hcl | 21 + .../allowed_encryption_statuses/c.tf | 12 + .../allowed_encryption_statuses/config.tf | 17 + .../allowed_encryption_statuses/nc.tf | 12 + .../combining_function/.terraform.lock.hcl | 21 + .../combining_function/c.tf | 15 + .../combining_function/config.tf | 17 + .../combining_function/nc.tf | 15 + .../os_type/.terraform.lock.hcl | 21 + .../os_type/c.tf | 12 + .../os_type/config.tf | 17 + .../os_type/nc.tf | 14 + .../os_type/plan.json | 1 + .../region/.terraform.lock.hcl | 21 + .../region/c.tf | 12 + .../region/config.tf | 17 + .../region/nc.tf | 14 + .../region/plan.json | 1 + .../.terraform.lock.hcl | 21 + .../require_admin_approval/c.tf | 12 + .../require_admin_approval/config.tf | 17 + .../require_admin_approval/nc.tf | 12 + .../require_corp_owned/.terraform.lock.hcl | 21 + .../require_corp_owned/c.tf | 12 + .../require_corp_owned/config.tf | 17 + .../require_corp_owned/nc.tf | 12 + .../require_screen_lock/.terraform.lock.hcl | 21 + .../require_screen_lock/c.tf | 12 + .../require_screen_lock/config.tf | 17 + .../require_screen_lock/nc.tf | 12 + .../require_screen_lock/plan.json | 1 + .../os_type/.terraform.lock.hcl | 21 + .../os_type/c.tf | 8 + .../os_type/config.tf | 42 ++ .../os_type/nc.tf | 8 + .../region/.terraform.lock.hcl | 21 + .../region/c.tf | 6 + .../region/config.tf | 42 ++ .../region/nc.tf | 8 + .../.terraform.lock.hcl | 21 + .../require_admin_approval/c.tf | 7 + .../require_admin_approval/config.tf | 42 ++ .../require_admin_approval/nc.tf | 6 + .../require_corp_owned/.terraform.lock.hcl | 21 + .../require_corp_owned/c.tf | 6 + .../require_corp_owned/config.tf | 42 ++ .../require_corp_owned/nc.tf | 6 + .../require_screen_lock/.terraform.lock.hcl | 21 + .../require_screen_lock/c.tf | 6 + .../require_screen_lock/config.tf | 42 ++ .../require_screen_lock/nc.tf | 6 + .../os_type/.terraform.lock.hcl | 21 + .../os_type/c.tf | 16 + .../os_type/config.tf | 17 + .../os_type/nc.tf | 16 + .../region/.terraform.lock.hcl | 21 + .../region/c.tf | 14 + .../region/config.tf | 17 + .../region/nc.tf | 16 + .../require_screen_lock/.terraform.lock.hcl | 21 + .../require_screen_lock/c.tf | 14 + .../require_screen_lock/config.tf | 17 + .../require_screen_lock/nc.tf | 14 + .../status/.terraform.lock.hcl | 21 + .../status/c.tf | 8 + .../status/config.tf | 17 + .../status/nc.tf | 19 + .../status/plan.json | 499 ++++++++++++++++ .../policy.rego | 24 + .../allowed_encryption_statuses/policy.rego | 24 + .../os_type/policy.rego | 24 + .../region/policy.rego | 22 + .../require_admin_approval/policy.rego | 24 + .../require_corp_owned/policy.rego | 24 + .../require_screen_lock/policy.rego | 24 + .../vars.rego | 8 + .../os_type/policy.rego | 24 + .../region/policy.rego | 22 + .../require_admin_approval/policy.rego | 24 + .../require_corp_owned/policy.rego | 24 + .../require_screen_lock/policy.rego | 24 + .../vars.rego | 8 + .../os_type/policy.rego | 24 + .../region/policy.rego | 22 + .../require_screen_lock/policy.rego | 24 + .../vars.rego | 8 + .../status/policy.rego | 30 + .../vars.rego | 8 + 93 files changed, 2627 insertions(+) create mode 100644 docs/gcp/Access_Context_Manager_(VPC_Service_Controls)/resource_json/access_context_manager_service_perimeter.template.json create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/plan.json create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/plan.json create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/plan.json create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/.terraform.lock.hcl create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/c.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/config.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/nc.tf create mode 100644 inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/plan.json create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/vars.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/vars.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/vars.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/policy.rego create mode 100644 policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/vars.rego diff --git a/docs/gcp/Access_Context_Manager_(VPC_Service_Controls)/resource_json/access_context_manager_service_perimeter.template.json b/docs/gcp/Access_Context_Manager_(VPC_Service_Controls)/resource_json/access_context_manager_service_perimeter.template.json new file mode 100644 index 000000000..26c575eca --- /dev/null +++ b/docs/gcp/Access_Context_Manager_(VPC_Service_Controls)/resource_json/access_context_manager_service_perimeter.template.json @@ -0,0 +1,552 @@ +{ + "resource_name": "access_context_manager_service_perimeter", + "subcategory": "Access Context Manager (VPC Service Controls)", + "arguments": { + "title": { + "description": "Human readable title. Must be unique within the Policy.", + "required": true, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null + }, + "parent": { + "description": "The AccessPolicy this ServicePerimeter lives in. Format: accessPolicies/{policy_id}", + "required": true, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null + }, + "name": { + "description": "Resource name for the ServicePerimeter. The short_name component must begin with a letter and only include alphanumeric and '_'. Format: accessPolicies/{policy_id}/servicePerimeters/{short_name}", + "required": true, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null + }, + "description": { + "description": "Description of the ServicePerimeter and its use. Does not affect behavior.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null + }, + "perimeter_type": { + "description": "Specifies the type of the Perimeter. There are two types: regular and bridge. Regular Service Perimeter contains resources, access levels, and restricted services. Every resource can be in at most ONE regular Service Perimeter. In addition to being in a regular service perimeter, a resource can also be in zero or more perimeter bridges. A perimeter bridge only contains resources. Cross project operations are permitted if all effected resources share some perimeter (whether bridge or regular). Perimeter Bridge does not contain access levels or services: those are governed entirely by the regular perimeter that resource is in. Perimeter Bridges are typically useful when building more complex topologies with many independent perimeters that need to share some data with a common perimeter, but should not be able to share data among themselves. Default value is `PERIMETER_TYPE_REGULAR`. Possible values are: `PERIMETER_TYPE_REGULAR`, `PERIMETER_TYPE_BRIDGE`.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null + }, + "status": { + "description": "ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries. Structure is [documented below](#nested_status).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "resources": { + "description": "A list of GCP resources that are inside of the service perimeter. Currently only projects are allowed. Format: projects/{project_number}", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "status" + }, + "access_levels": { + "description": "A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via GCP calls with request origins within the perimeter. For Service Perimeter Bridge, must be empty. Format: accessPolicies/{policy_id}/accessLevels/{access_level_name}", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "status" + }, + "restricted_services": { + "description": "GCP services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "status" + }, + "vpc_accessible_services": { + "description": "Specifies how APIs are allowed to communicate within the Service Perimeter. Structure is [documented below](#nested_status_vpc_accessible_services).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "status" + }, + "ingress_policies": { + "description": "List of `IngressPolicies` to apply to the perimeter. A perimeter may have multiple `IngressPolicies`, each of which is evaluated separately. Access is granted if any `Ingress Policy` grants it. Must be empty for a perimeter bridge. Structure is [documented below](#nested_status_ingress_policies).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "status" + }, + "egress_policies": { + "description": "List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge. Structure is [documented below](#nested_status_egress_policies).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "status" + } + } + }, + "spec": { + "description": "Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only allowed to be set when the `useExplicitDryRunSpec` flag is set. Structure is [documented below](#nested_spec).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "resources": { + "description": "A list of GCP resources that are inside of the service perimeter. Currently only projects are allowed. Format: projects/{project_number}", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "spec" + }, + "access_levels": { + "description": "A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via GCP calls with request origins within the perimeter. For Service Perimeter Bridge, must be empty. Format: accessPolicies/{policy_id}/accessLevels/{access_level_name}", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "spec" + }, + "restricted_services": { + "description": "GCP services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "spec" + }, + "vpc_accessible_services": { + "description": "Specifies how APIs are allowed to communicate within the Service Perimeter. Structure is [documented below](#nested_spec_vpc_accessible_services).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "spec" + }, + "ingress_policies": { + "description": "List of `IngressPolicies` to apply to the perimeter. A perimeter may have multiple `IngressPolicies`, each of which is evaluated separately. Access is granted if any `Ingress Policy` grants it. Must be empty for a perimeter bridge. Structure is [documented below](#nested_spec_ingress_policies).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "spec" + }, + "egress_policies": { + "description": "List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge. Structure is [documented below](#nested_spec_egress_policies).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "spec" + } + } + }, + "use_explicit_dry_run_spec": { + "description": "Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration (\"spec\") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config (\"status\") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. useExplicitDryRunSpec must bet set to True if any of the fields in the spec are set to non-default values.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null + }, + "vpc_accessible_services": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "enable_restriction": { + "description": "Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowedServices'.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "vpc_accessible_services" + }, + "allowed_services": { + "description": "The list of APIs usable within the Service Perimeter. Must be empty unless `enableRestriction` is True.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "vpc_accessible_services" + } + } + }, + "ingress_policies": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "ingress_from": { + "description": "Defines the conditions on the source of a request causing this `IngressPolicy` to apply. Structure is [documented below](#nested_spec_ingress_policies_ingress_policies_ingress_from).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "ingress_policies" + }, + "ingress_to": { + "description": "Defines the conditions on the `ApiOperation` and request destination that cause this `IngressPolicy` to apply. Structure is [documented below](#nested_spec_ingress_policies_ingress_policies_ingress_to).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "ingress_policies" + }, + "title": { + "description": "Human readable title. Must be unique within the perimeter. Does not affect behavior.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "ingress_policies" + } + } + }, + "ingress_from": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "identity_type": { + "description": "Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of `identities` field will be allowed access. Possible values are: `IDENTITY_TYPE_UNSPECIFIED`, `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "ingress_from" + }, + "identities": { + "description": "A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "ingress_from" + }, + "sources": { + "description": "Sources that this `IngressPolicy` authorizes access from. Structure is [documented below](#nested_spec_ingress_policies_ingress_policies_ingress_from_sources).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "ingress_from" + } + } + }, + "sources": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "access_level": { + "description": "An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "sources" + }, + "resource": { + "description": "A Google Cloud resource that is allowed to egress the perimeter. Requests from these resources are allowed to access data outside the perimeter. Currently only projects are allowed. Project format: `projects/{project_number}`. The resource may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "sources" + } + } + }, + "ingress_to": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "resources": { + "description": "A list of resources, currently only projects in the form `projects/`, protected by this `ServicePerimeter` that are allowed to be accessed by sources defined in the corresponding `IngressFrom`. A request matches if it contains a resource in this list. If `*` is specified for resources, then this `IngressTo` rule will authorize access to all resources inside the perimeter, provided that the request also matches the `operations` field.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "ingress_to" + }, + "roles": { + "description": "A list of IAM roles that represent the set of operations that the sources specified in the corresponding `IngressFrom` are allowed to perform.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "ingress_to" + }, + "operations": { + "description": "A list of `ApiOperations` the sources specified in corresponding `IngressFrom` are allowed to perform in this `ServicePerimeter`. Structure is [documented below](#nested_spec_ingress_policies_ingress_policies_ingress_to_operations).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "ingress_to" + } + } + }, + "operations": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "service_name": { + "description": "The name of the API whose methods or permissions the `IngressPolicy` or `EgressPolicy` want to allow. A single `ApiOperation` with serviceName field set to `*` will allow all methods AND permissions for all services.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "operations" + }, + "method_selectors": { + "description": "API methods or permissions to allow. Method or permission must belong to the service specified by `serviceName` field. A single MethodSelector entry with `*` specified for the `method` field will allow all methods AND permissions for the service specified in `serviceName`. Structure is [documented below](#nested_spec_egress_policies_egress_policies_egress_to_operations_operations_method_selectors).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "operations" + } + } + }, + "method_selectors": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "method": { + "description": "Value for `method` should be a valid method name for the corresponding `serviceName` in `ApiOperation`. If `*` used as value for method, then ALL methods and permissions are allowed.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "method_selectors" + }, + "permission": { + "description": "Value for permission should be a valid Cloud IAM permission for the corresponding `serviceName` in `ApiOperation`.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "method_selectors" + } + } + }, + "egress_policies": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "egress_from": { + "description": "Defines conditions on the source of a request causing this `EgressPolicy` to apply. Structure is [documented below](#nested_spec_egress_policies_egress_policies_egress_from).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_policies" + }, + "egress_to": { + "description": "Defines the conditions on the `ApiOperation` and destination resources that cause this `EgressPolicy` to apply. Structure is [documented below](#nested_spec_egress_policies_egress_policies_egress_to).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_policies" + }, + "title": { + "description": "Human readable title. Must be unique within the perimeter. Does not affect behavior.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_policies" + } + } + }, + "egress_from": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "identity_type": { + "description": "Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access. Possible values are: `IDENTITY_TYPE_UNSPECIFIED`, `ANY_IDENTITY`, `ANY_USER_ACCOUNT`, `ANY_SERVICE_ACCOUNT`.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_from" + }, + "sources": { + "description": "Sources that this EgressPolicy authorizes access from. Structure is [documented below](#nested_spec_egress_policies_egress_policies_egress_from_sources).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_from" + }, + "source_restriction": { + "description": "Whether to enforce traffic restrictions based on `sources` field. If the `sources` field is non-empty, then this field must be set to `SOURCE_RESTRICTION_ENABLED`. Possible values are: `SOURCE_RESTRICTION_UNSPECIFIED`, `SOURCE_RESTRICTION_ENABLED`, `SOURCE_RESTRICTION_DISABLED`.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_from" + }, + "identities": { + "description": "A list of identities that are allowed access through this `EgressPolicy`. Should be in the format of email address. The email address should represent individual user or service account only.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_from" + } + } + }, + "egress_to": { + "description": "", + "required": null, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null, + "arguments": { + "resources": { + "description": "A list of resources, currently only projects in the form `projects/`, that match this to stanza. A request matches if it contains a resource in this list. If * is specified for resources, then this `EgressTo` rule will authorize access to all resources outside the perimeter.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_to" + }, + "external_resources": { + "description": "A list of external resources that are allowed to be accessed. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_to" + }, + "roles": { + "description": "A list of IAM roles that represent the set of operations that the sources specified in the corresponding `EgressFrom` are allowed to perform.", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_to" + }, + "operations": { + "description": "A list of `ApiOperations` that this egress rule applies to. A request matches if it contains an operation/service in this list. Structure is [documented below](#nested_spec_egress_policies_egress_policies_egress_to_operations).", + "required": false, + "security_impact": null, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "egress_to" + } + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/c.tf new file mode 100644 index 000000000..d066451f2 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/c.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + allowed_device_management_levels = ["COMPLETE"] + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/nc.tf new file mode 100644 index 000000000..a9da6dfab --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/nc.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + allowed_device_management_levels = ["NONE"] + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/c.tf new file mode 100644 index 000000000..3991f9ed4 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/c.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + allowed_encryption_statuses = ["ENCRYPTED"] + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/nc.tf new file mode 100644 index 000000000..b80e67c59 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/nc.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + allowed_encryption_statuses = ["UNENCRYPTED"] + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/c.tf new file mode 100644 index 000000000..227aee06d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/c.tf @@ -0,0 +1,15 @@ +resource "google_access_context_manager_access_level" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "c" + title = "c-os_type" + basic { + combining_function = "AND" + conditions { + device_policy { + os_constraints { + os_type = "DESKTOP_CHROME_OS" + } + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/nc.tf new file mode 100644 index 000000000..f9f2a1bea --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/combining_function/nc.tf @@ -0,0 +1,15 @@ +resource "google_access_context_manager_access_level" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "nc" + title = "nc-os_type" + basic { + combining_function = "OR" + conditions { + device_policy { + os_constraints { + os_type = "DESKTOP_CHROME_OS" + } + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/c.tf new file mode 100644 index 000000000..d066451f2 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/c.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + allowed_device_management_levels = ["COMPLETE"] + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/nc.tf new file mode 100644 index 000000000..563309b78 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/nc.tf @@ -0,0 +1,14 @@ +resource "google_access_context_manager_access_level" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "nc" + title = "nc-os_type" + basic { + conditions { + device_policy { + os_constraints { + os_type = "OS_UNSPECIFIED" + } + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/plan.json b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/plan.json new file mode 100644 index 000000000..fb5950932 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/plan.json @@ -0,0 +1 @@ +{"format_version":"1.2","terraform_version":"1.12.2","planned_values":{"root_module":{"resources":[{"address":"google_access_context_manager_access_level.c-os_type","mode":"managed","type":"google_access_context_manager_access_level","name":"c-os_type","provider_name":"registry.terraform.io/hashicorp/google","schema_version":0,"values":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[{"allowed_device_management_levels":null,"allowed_encryption_statuses":null,"os_constraints":[{"minimum_version":null,"os_type":"DESKTOP_CHROME_OS","require_verified_chrome_os":null}],"require_admin_approval":null,"require_corp_owned":null,"require_screen_lock":null}],"ip_subnetworks":null,"members":null,"negate":null,"regions":null,"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"timeouts":null,"title":"chromeos_no_lock"},"sensitive_values":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{}]}],"vpc_network_sources":[]}]}],"custom":[]}},{"address":"google_access_context_manager_access_level.nc-os_type","mode":"managed","type":"google_access_context_manager_access_level","name":"nc-os_type","provider_name":"registry.terraform.io/hashicorp/google","schema_version":0,"values":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[{"allowed_device_management_levels":null,"allowed_encryption_statuses":null,"os_constraints":[{"minimum_version":null,"os_type":"ANDROID","require_verified_chrome_os":null},{"minimum_version":null,"os_type":"IOS","require_verified_chrome_os":null},{"minimum_version":null,"os_type":"OS_UNSPECIFIED","require_verified_chrome_os":null}],"require_admin_approval":null,"require_corp_owned":null,"require_screen_lock":null}],"ip_subnetworks":null,"members":null,"negate":null,"regions":null,"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"timeouts":null,"title":"chromeos_no_lock"},"sensitive_values":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{},{},{}]}],"vpc_network_sources":[]}]}],"custom":[]}},{"address":"google_access_context_manager_access_policy.access-policy","mode":"managed","type":"google_access_context_manager_access_policy","name":"access-policy","provider_name":"registry.terraform.io/hashicorp/google","schema_version":0,"values":{"parent":"organizations/123456789","scopes":null,"timeouts":null,"title":"my policy"},"sensitive_values":{}}]}},"resource_changes":[{"address":"google_access_context_manager_access_level.c-os_type","mode":"managed","type":"google_access_context_manager_access_level","name":"c-os_type","provider_name":"registry.terraform.io/hashicorp/google","change":{"actions":["create"],"before":null,"after":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[{"allowed_device_management_levels":null,"allowed_encryption_statuses":null,"os_constraints":[{"minimum_version":null,"os_type":"DESKTOP_CHROME_OS","require_verified_chrome_os":null}],"require_admin_approval":null,"require_corp_owned":null,"require_screen_lock":null}],"ip_subnetworks":null,"members":null,"negate":null,"regions":null,"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"timeouts":null,"title":"chromeos_no_lock"},"after_unknown":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{}]}],"vpc_network_sources":[]}]}],"custom":[],"id":true,"name":true,"parent":true},"before_sensitive":false,"after_sensitive":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{}]}],"vpc_network_sources":[]}]}],"custom":[]}}},{"address":"google_access_context_manager_access_level.nc-os_type","mode":"managed","type":"google_access_context_manager_access_level","name":"nc-os_type","provider_name":"registry.terraform.io/hashicorp/google","change":{"actions":["create"],"before":null,"after":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[{"allowed_device_management_levels":null,"allowed_encryption_statuses":null,"os_constraints":[{"minimum_version":null,"os_type":"ANDROID","require_verified_chrome_os":null},{"minimum_version":null,"os_type":"IOS","require_verified_chrome_os":null},{"minimum_version":null,"os_type":"OS_UNSPECIFIED","require_verified_chrome_os":null}],"require_admin_approval":null,"require_corp_owned":null,"require_screen_lock":null}],"ip_subnetworks":null,"members":null,"negate":null,"regions":null,"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"timeouts":null,"title":"chromeos_no_lock"},"after_unknown":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{},{},{}]}],"vpc_network_sources":[]}]}],"custom":[],"id":true,"name":true,"parent":true},"before_sensitive":false,"after_sensitive":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{},{},{}]}],"vpc_network_sources":[]}]}],"custom":[]}}},{"address":"google_access_context_manager_access_policy.access-policy","mode":"managed","type":"google_access_context_manager_access_policy","name":"access-policy","provider_name":"registry.terraform.io/hashicorp/google","change":{"actions":["create"],"before":null,"after":{"parent":"organizations/123456789","scopes":null,"timeouts":null,"title":"my policy"},"after_unknown":{"create_time":true,"id":true,"name":true,"update_time":true},"before_sensitive":false,"after_sensitive":{}}}],"configuration":{"provider_config":{"google":{"name":"google","full_name":"registry.terraform.io/hashicorp/google"}},"root_module":{"resources":[{"address":"google_access_context_manager_access_level.c-os_type","mode":"managed","type":"google_access_context_manager_access_level","name":"c-os_type","provider_config_key":"google","expressions":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{"os_type":{"constant_value":"DESKTOP_CHROME_OS"}}]}]}]}],"name":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"parent":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"title":{"constant_value":"chromeos_no_lock"}},"schema_version":0},{"address":"google_access_context_manager_access_level.nc-os_type","mode":"managed","type":"google_access_context_manager_access_level","name":"nc-os_type","provider_config_key":"google","expressions":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{"os_type":{"constant_value":"ANDROID"}},{"os_type":{"constant_value":"IOS"}},{"os_type":{"constant_value":"OS_UNSPECIFIED"}}]}]}]}],"name":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"parent":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"title":{"constant_value":"chromeos_no_lock"}},"schema_version":0},{"address":"google_access_context_manager_access_policy.access-policy","mode":"managed","type":"google_access_context_manager_access_policy","name":"access-policy","provider_config_key":"google","expressions":{"parent":{"constant_value":"organizations/123456789"},"title":{"constant_value":"my policy"}},"schema_version":0}]}},"relevant_attributes":[{"resource":"google_access_context_manager_access_policy.access-policy","attribute":["name"]}],"timestamp":"2025-12-03T05:19:51Z","applyable":true,"complete":true,"errored":false} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/c.tf new file mode 100644 index 000000000..1a2f084fd --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/c.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "c" + title = "c-region" + basic { + conditions { + regions = [ + "australia-southeast1","australia-southeast2", + ] + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/nc.tf new file mode 100644 index 000000000..aa05780aa --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/nc.tf @@ -0,0 +1,14 @@ +resource "google_access_context_manager_access_level" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "nc" + title = "nc-region" + basic { + conditions { + regions = [ + "CH", + "IT", + "US", + ] + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/plan.json b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/plan.json new file mode 100644 index 000000000..87ca2ec35 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/plan.json @@ -0,0 +1 @@ +{"format_version":"1.2","terraform_version":"1.12.2","planned_values":{"root_module":{"resources":[{"address":"google_access_context_manager_access_level.c","mode":"managed","type":"google_access_context_manager_access_level","name":"c","provider_name":"registry.terraform.io/hashicorp/google","schema_version":0,"values":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[],"ip_subnetworks":null,"members":null,"negate":null,"regions":["australia-southeast1","australia-southeast2"],"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"name":"c","timeouts":null,"title":"c-region"},"sensitive_values":{"basic":[{"conditions":[{"device_policy":[],"regions":[false,false],"vpc_network_sources":[]}]}],"custom":[]}},{"address":"google_access_context_manager_access_level.nc","mode":"managed","type":"google_access_context_manager_access_level","name":"nc","provider_name":"registry.terraform.io/hashicorp/google","schema_version":0,"values":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[],"ip_subnetworks":null,"members":null,"negate":null,"regions":["CH","IT","US"],"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"name":"nc","timeouts":null,"title":"nc-region"},"sensitive_values":{"basic":[{"conditions":[{"device_policy":[],"regions":[false,false,false],"vpc_network_sources":[]}]}],"custom":[]}},{"address":"google_access_context_manager_access_policy.access-policy","mode":"managed","type":"google_access_context_manager_access_policy","name":"access-policy","provider_name":"registry.terraform.io/hashicorp/google","schema_version":0,"values":{"parent":"organizations/123456789","scopes":null,"timeouts":null,"title":"my policy"},"sensitive_values":{}}]}},"resource_changes":[{"address":"google_access_context_manager_access_level.c","mode":"managed","type":"google_access_context_manager_access_level","name":"c","provider_name":"registry.terraform.io/hashicorp/google","change":{"actions":["create"],"before":null,"after":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[],"ip_subnetworks":null,"members":null,"negate":null,"regions":["australia-southeast1","australia-southeast2"],"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"name":"c","timeouts":null,"title":"c-region"},"after_unknown":{"basic":[{"conditions":[{"device_policy":[],"regions":[false,false],"vpc_network_sources":[]}]}],"custom":[],"id":true,"parent":true},"before_sensitive":false,"after_sensitive":{"basic":[{"conditions":[{"device_policy":[],"regions":[false,false],"vpc_network_sources":[]}]}],"custom":[]}}},{"address":"google_access_context_manager_access_level.nc","mode":"managed","type":"google_access_context_manager_access_level","name":"nc","provider_name":"registry.terraform.io/hashicorp/google","change":{"actions":["create"],"before":null,"after":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[],"ip_subnetworks":null,"members":null,"negate":null,"regions":["CH","IT","US"],"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"name":"nc","timeouts":null,"title":"nc-region"},"after_unknown":{"basic":[{"conditions":[{"device_policy":[],"regions":[false,false,false],"vpc_network_sources":[]}]}],"custom":[],"id":true,"parent":true},"before_sensitive":false,"after_sensitive":{"basic":[{"conditions":[{"device_policy":[],"regions":[false,false,false],"vpc_network_sources":[]}]}],"custom":[]}}},{"address":"google_access_context_manager_access_policy.access-policy","mode":"managed","type":"google_access_context_manager_access_policy","name":"access-policy","provider_name":"registry.terraform.io/hashicorp/google","change":{"actions":["create"],"before":null,"after":{"parent":"organizations/123456789","scopes":null,"timeouts":null,"title":"my policy"},"after_unknown":{"create_time":true,"id":true,"name":true,"update_time":true},"before_sensitive":false,"after_sensitive":{}}}],"configuration":{"provider_config":{"google":{"name":"google","full_name":"registry.terraform.io/hashicorp/google"}},"root_module":{"resources":[{"address":"google_access_context_manager_access_level.c","mode":"managed","type":"google_access_context_manager_access_level","name":"c","provider_config_key":"google","expressions":{"basic":[{"conditions":[{"regions":{"constant_value":["australia-southeast1","australia-southeast2"]}}]}],"name":{"constant_value":"c"},"parent":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"title":{"constant_value":"c-region"}},"schema_version":0},{"address":"google_access_context_manager_access_level.nc","mode":"managed","type":"google_access_context_manager_access_level","name":"nc","provider_config_key":"google","expressions":{"basic":[{"conditions":[{"regions":{"constant_value":["CH","IT","US"]}}]}],"name":{"constant_value":"nc"},"parent":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"title":{"constant_value":"nc-region"}},"schema_version":0},{"address":"google_access_context_manager_access_policy.access-policy","mode":"managed","type":"google_access_context_manager_access_policy","name":"access-policy","provider_config_key":"google","expressions":{"parent":{"constant_value":"organizations/123456789"},"title":{"constant_value":"my policy"}},"schema_version":0}]}},"relevant_attributes":[{"resource":"google_access_context_manager_access_policy.access-policy","attribute":["name"]}],"timestamp":"2025-12-04T04:36:33Z","applyable":true,"complete":true,"errored":false} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/c.tf new file mode 100644 index 000000000..d8c9a259d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/c.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_admin_approval = true + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/nc.tf new file mode 100644 index 000000000..d0ea90cfe --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/nc.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_admin_approval = false + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/c.tf new file mode 100644 index 000000000..626423c05 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/c.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_corp_owned = true + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/nc.tf new file mode 100644 index 000000000..e8133335d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/nc.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_corp_owned = false + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/c.tf new file mode 100644 index 000000000..1b31857f1 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/c.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "c" + title = "c-require-screen-lock" + basic { + conditions { + device_policy { + require_screen_lock = true + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/nc.tf new file mode 100644 index 000000000..4afc3a264 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/nc.tf @@ -0,0 +1,12 @@ +resource "google_access_context_manager_access_level" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "nc" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_screen_lock = false + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/plan.json b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/plan.json new file mode 100644 index 000000000..42e26af4b --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/plan.json @@ -0,0 +1 @@ +{"format_version":"1.2","terraform_version":"1.12.2","planned_values":{"root_module":{"resources":[{"address":"google_access_context_manager_access_level.c","mode":"managed","type":"google_access_context_manager_access_level","name":"c","provider_name":"registry.terraform.io/hashicorp/google","schema_version":0,"values":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[{"allowed_device_management_levels":null,"allowed_encryption_statuses":null,"os_constraints":[],"require_admin_approval":null,"require_corp_owned":null,"require_screen_lock":true}],"ip_subnetworks":null,"members":null,"negate":null,"regions":null,"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"timeouts":null,"title":"chromeos_no_lock"},"sensitive_values":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[]}],"vpc_network_sources":[]}]}],"custom":[]}},{"address":"google_access_context_manager_access_level.nc","mode":"managed","type":"google_access_context_manager_access_level","name":"nc","provider_name":"registry.terraform.io/hashicorp/google","schema_version":0,"values":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[{"allowed_device_management_levels":null,"allowed_encryption_statuses":null,"os_constraints":[{"minimum_version":null,"os_type":"DESKTOP_CHROME_OS","require_verified_chrome_os":null}],"require_admin_approval":null,"require_corp_owned":null,"require_screen_lock":true}],"ip_subnetworks":null,"members":null,"negate":null,"regions":["CH","IT","US"],"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"timeouts":null,"title":"chromeos_no_lock"},"sensitive_values":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{}]}],"regions":[false,false,false],"vpc_network_sources":[]}]}],"custom":[]}},{"address":"google_access_context_manager_access_policy.access-policy","mode":"managed","type":"google_access_context_manager_access_policy","name":"access-policy","provider_name":"registry.terraform.io/hashicorp/google","schema_version":0,"values":{"parent":"organizations/123456789","scopes":null,"timeouts":null,"title":"my policy"},"sensitive_values":{}}]}},"resource_changes":[{"address":"google_access_context_manager_access_level.c","mode":"managed","type":"google_access_context_manager_access_level","name":"c","provider_name":"registry.terraform.io/hashicorp/google","change":{"actions":["create"],"before":null,"after":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[{"allowed_device_management_levels":null,"allowed_encryption_statuses":null,"os_constraints":[],"require_admin_approval":null,"require_corp_owned":null,"require_screen_lock":true}],"ip_subnetworks":null,"members":null,"negate":null,"regions":null,"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"timeouts":null,"title":"chromeos_no_lock"},"after_unknown":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[]}],"vpc_network_sources":[]}]}],"custom":[],"id":true,"name":true,"parent":true},"before_sensitive":false,"after_sensitive":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[]}],"vpc_network_sources":[]}]}],"custom":[]}}},{"address":"google_access_context_manager_access_level.nc","mode":"managed","type":"google_access_context_manager_access_level","name":"nc","provider_name":"registry.terraform.io/hashicorp/google","change":{"actions":["create"],"before":null,"after":{"basic":[{"combining_function":"AND","conditions":[{"device_policy":[{"allowed_device_management_levels":null,"allowed_encryption_statuses":null,"os_constraints":[{"minimum_version":null,"os_type":"DESKTOP_CHROME_OS","require_verified_chrome_os":null}],"require_admin_approval":null,"require_corp_owned":null,"require_screen_lock":true}],"ip_subnetworks":null,"members":null,"negate":null,"regions":["CH","IT","US"],"required_access_levels":null,"vpc_network_sources":[]}]}],"custom":[],"description":null,"timeouts":null,"title":"chromeos_no_lock"},"after_unknown":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{}]}],"regions":[false,false,false],"vpc_network_sources":[]}]}],"custom":[],"id":true,"name":true,"parent":true},"before_sensitive":false,"after_sensitive":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{}]}],"regions":[false,false,false],"vpc_network_sources":[]}]}],"custom":[]}}},{"address":"google_access_context_manager_access_policy.access-policy","mode":"managed","type":"google_access_context_manager_access_policy","name":"access-policy","provider_name":"registry.terraform.io/hashicorp/google","change":{"actions":["create"],"before":null,"after":{"parent":"organizations/123456789","scopes":null,"timeouts":null,"title":"my policy"},"after_unknown":{"create_time":true,"id":true,"name":true,"update_time":true},"before_sensitive":false,"after_sensitive":{}}}],"configuration":{"provider_config":{"google":{"name":"google","full_name":"registry.terraform.io/hashicorp/google"}},"root_module":{"resources":[{"address":"google_access_context_manager_access_level.c","mode":"managed","type":"google_access_context_manager_access_level","name":"c","provider_config_key":"google","expressions":{"basic":[{"conditions":[{"device_policy":[{"require_screen_lock":{"constant_value":true}}]}]}],"name":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"parent":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"title":{"constant_value":"chromeos_no_lock"}},"schema_version":0},{"address":"google_access_context_manager_access_level.nc","mode":"managed","type":"google_access_context_manager_access_level","name":"nc","provider_config_key":"google","expressions":{"basic":[{"conditions":[{"device_policy":[{"os_constraints":[{"os_type":{"constant_value":"DESKTOP_CHROME_OS"}}],"require_screen_lock":{"constant_value":true}}],"regions":{"constant_value":["CH","IT","US"]}}]}],"name":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"parent":{"references":["google_access_context_manager_access_policy.access-policy.name","google_access_context_manager_access_policy.access-policy"]},"title":{"constant_value":"chromeos_no_lock"}},"schema_version":0},{"address":"google_access_context_manager_access_policy.access-policy","mode":"managed","type":"google_access_context_manager_access_policy","name":"access-policy","provider_config_key":"google","expressions":{"parent":{"constant_value":"organizations/123456789"},"title":{"constant_value":"my policy"}},"schema_version":0}]}},"relevant_attributes":[{"resource":"google_access_context_manager_access_policy.access-policy","attribute":["name"]}],"timestamp":"2025-12-02T04:18:21Z","applyable":true,"complete":true,"errored":false} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/c.tf new file mode 100644 index 000000000..7752b72cb --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/c.tf @@ -0,0 +1,8 @@ +resource "google_access_context_manager_access_level_condition" "c" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + device_policy { + os_constraints { + os_type = "DESKTOP_CHROME_OS" + } + } +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/config.tf new file mode 100644 index 000000000..6d934c4f0 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/config.tf @@ -0,0 +1,42 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} + +resource "google_access_context_manager_access_level" "access-level-service-account" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_screen_lock = true + os_constraints { + os_type = "DESKTOP_CHROME_OS" + } + } + regions = [ + "CH", + "IT", + "US", + ] + } + } + + lifecycle { + ignore_changes = [basic.0.conditions] + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/nc.tf new file mode 100644 index 000000000..6cf7aeede --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/nc.tf @@ -0,0 +1,8 @@ +resource "google_access_context_manager_access_level_condition" "nc" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + device_policy { + os_constraints { + os_type = "OS_UNSPECIFIED" + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/c.tf new file mode 100644 index 000000000..80adc94f7 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/c.tf @@ -0,0 +1,6 @@ +resource "google_access_context_manager_access_level_condition" "c" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + regions = [ + "australia-southeast1","australia-southeast2", + ] +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/config.tf new file mode 100644 index 000000000..6d934c4f0 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/config.tf @@ -0,0 +1,42 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} + +resource "google_access_context_manager_access_level" "access-level-service-account" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_screen_lock = true + os_constraints { + os_type = "DESKTOP_CHROME_OS" + } + } + regions = [ + "CH", + "IT", + "US", + ] + } + } + + lifecycle { + ignore_changes = [basic.0.conditions] + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/nc.tf new file mode 100644 index 000000000..ab9382f07 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/nc.tf @@ -0,0 +1,8 @@ +resource "google_access_context_manager_access_level_condition" "nc" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + regions = [ + "CH", + "IT", + "US", + ] +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/c.tf new file mode 100644 index 000000000..8409810e9 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/c.tf @@ -0,0 +1,7 @@ +resource "google_access_context_manager_access_level_condition" "c" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + device_policy { + + require_admin_approval = true + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/config.tf new file mode 100644 index 000000000..6d934c4f0 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/config.tf @@ -0,0 +1,42 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} + +resource "google_access_context_manager_access_level" "access-level-service-account" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_screen_lock = true + os_constraints { + os_type = "DESKTOP_CHROME_OS" + } + } + regions = [ + "CH", + "IT", + "US", + ] + } + } + + lifecycle { + ignore_changes = [basic.0.conditions] + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/nc.tf new file mode 100644 index 000000000..08778c5cf --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/nc.tf @@ -0,0 +1,6 @@ +resource "google_access_context_manager_access_level_condition" "nc" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + device_policy { + require_admin_approval = false + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/c.tf new file mode 100644 index 000000000..488b21d1f --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/c.tf @@ -0,0 +1,6 @@ +resource "google_access_context_manager_access_level_condition" "c" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + device_policy { + require_corp_owned = true + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/config.tf new file mode 100644 index 000000000..6d934c4f0 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/config.tf @@ -0,0 +1,42 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} + +resource "google_access_context_manager_access_level" "access-level-service-account" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_screen_lock = true + os_constraints { + os_type = "DESKTOP_CHROME_OS" + } + } + regions = [ + "CH", + "IT", + "US", + ] + } + } + + lifecycle { + ignore_changes = [basic.0.conditions] + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/nc.tf new file mode 100644 index 000000000..70bfdd7b8 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/nc.tf @@ -0,0 +1,6 @@ +resource "google_access_context_manager_access_level_condition" "nc" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + device_policy { + require_corp_owned = false + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/c.tf new file mode 100644 index 000000000..39edcd0aa --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/c.tf @@ -0,0 +1,6 @@ +resource "google_access_context_manager_access_level_condition" "c" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + device_policy { + require_screen_lock = true + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/config.tf new file mode 100644 index 000000000..6d934c4f0 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/config.tf @@ -0,0 +1,42 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} + +resource "google_access_context_manager_access_level" "access-level-service-account" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_screen_lock = true + os_constraints { + os_type = "DESKTOP_CHROME_OS" + } + } + regions = [ + "CH", + "IT", + "US", + ] + } + } + + lifecycle { + ignore_changes = [basic.0.conditions] + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/nc.tf new file mode 100644 index 000000000..bcc8aecf6 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/nc.tf @@ -0,0 +1,6 @@ +resource "google_access_context_manager_access_level_condition" "nc" { + access_level = google_access_context_manager_access_level.access-level-service-account.name + device_policy { + require_screen_lock = false + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/c.tf new file mode 100644 index 000000000..e27948852 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/c.tf @@ -0,0 +1,16 @@ +resource "google_access_context_manager_access_levels" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + access_levels { + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + os_constraints { + os_type = "DESKTOP_CHROME_OS" + } + } + } + } + } +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/nc.tf new file mode 100644 index 000000000..15c7a5a09 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/nc.tf @@ -0,0 +1,16 @@ +resource "google_access_context_manager_access_levels" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + access_levels { + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + os_constraints { + os_type = "OS_UNSPECIFIED" + } + } + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/c.tf new file mode 100644 index 000000000..bd99e17b2 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/c.tf @@ -0,0 +1,14 @@ +resource "google_access_context_manager_access_levels" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + access_levels { + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + regions = [ + "australia-southeast1","australia-southeast2", + ] + } + } + } +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/nc.tf new file mode 100644 index 000000000..57f865215 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/nc.tf @@ -0,0 +1,16 @@ +resource "google_access_context_manager_access_levels" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + access_levels { + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + regions = [ + "CH", + "IT", + "US", + ] + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/c.tf new file mode 100644 index 000000000..05edb76b1 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/c.tf @@ -0,0 +1,14 @@ +resource "google_access_context_manager_access_levels" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + access_levels { + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_screen_lock = true + } + } + } + } +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/nc.tf new file mode 100644 index 000000000..d16ad221d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/nc.tf @@ -0,0 +1,14 @@ +resource "google_access_context_manager_access_levels" "nc" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + access_levels { + name = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock" + title = "chromeos_no_lock" + basic { + conditions { + device_policy { + require_screen_lock = false + } + } + } + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/.terraform.lock.hcl b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/.terraform.lock.hcl new file mode 100644 index 000000000..653c7021d --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:axUhrDS/FeAEKHRKS57WfT0AkrNDC3d5DkWMMnk+fT4=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/c.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/c.tf new file mode 100644 index 000000000..14b189828 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/c.tf @@ -0,0 +1,8 @@ +resource "google_access_context_manager_service_perimeter" "c" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "c" + title = "restrict_storage" + status { + restricted_services = ["storage.googleapis.com"] + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/config.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/config.tf new file mode 100644 index 000000000..2ebebd496 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/config.tf @@ -0,0 +1,17 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} + + +resource "google_access_context_manager_access_policy" "access-policy" { + parent = "organizations/123456789" + title = "my policy" +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/nc.tf b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/nc.tf new file mode 100644 index 000000000..27e1b38a1 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/nc.tf @@ -0,0 +1,19 @@ +# null-restricted_services +resource "google_access_context_manager_service_perimeter" "nc1" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "nc1" + title = "restrict_storage" + status { + restricted_services = [] + } +} + +# permissive-restricted_services +resource "google_access_context_manager_service_perimeter" "nc2" { + parent = "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}" + name = "nc2" + title = "restrict_storage" + status { + restricted_services = ["*.googleapis.com"] + } +} \ No newline at end of file diff --git a/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/plan.json b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/plan.json new file mode 100644 index 000000000..e1ac4f822 --- /dev/null +++ b/inputs/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/plan.json @@ -0,0 +1,499 @@ +{ + "format_version": "1.2", + "terraform_version": "1.12.2", + "planned_values": { + "root_module": { + "resources": [ + { + "address": "google_access_context_manager_access_policy.access-policy", + "mode": "managed", + "type": "google_access_context_manager_access_policy", + "name": "access-policy", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "parent": "organizations/123456789", + "scopes": null, + "timeouts": null, + "title": "my policy" + }, + "sensitive_values": {} + }, + { + "address": "google_access_context_manager_service_perimeter.c", + "mode": "managed", + "type": "google_access_context_manager_service_perimeter", + "name": "c", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "description": null, + "perimeter_type": "PERIMETER_TYPE_REGULAR", + "spec": [], + "status": [ + { + "access_levels": null, + "egress_policies": [], + "ingress_policies": [], + "resources": null, + "restricted_services": [ + "storage.googleapis.com" + ], + "vpc_accessible_services": [] + } + ], + "timeouts": null, + "title": "restrict_storage", + "use_explicit_dry_run_spec": null + }, + "sensitive_values": { + "spec": [], + "status": [ + { + "egress_policies": [], + "ingress_policies": [], + "restricted_services": [ + false + ], + "vpc_accessible_services": [] + } + ] + } + }, + { + "address": "google_access_context_manager_service_perimeter.nc-null-restricted-services", + "mode": "managed", + "type": "google_access_context_manager_service_perimeter", + "name": "nc-null-restricted-services", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "description": null, + "perimeter_type": "PERIMETER_TYPE_REGULAR", + "spec": [], + "status": [ + { + "access_levels": null, + "egress_policies": [], + "ingress_policies": [], + "resources": null, + "restricted_services": null, + "vpc_accessible_services": [] + } + ], + "timeouts": null, + "title": "restrict_storage", + "use_explicit_dry_run_spec": null + }, + "sensitive_values": { + "spec": [], + "status": [ + { + "egress_policies": [], + "ingress_policies": [], + "vpc_accessible_services": [] + } + ] + } + }, + { + "address": "google_access_context_manager_service_perimeter.nc-permissive-restricted-services", + "mode": "managed", + "type": "google_access_context_manager_service_perimeter", + "name": "nc-permissive-restricted-services", + "provider_name": "registry.terraform.io/hashicorp/google", + "schema_version": 0, + "values": { + "description": null, + "perimeter_type": "PERIMETER_TYPE_REGULAR", + "spec": [], + "status": [ + { + "access_levels": null, + "egress_policies": [], + "ingress_policies": [], + "resources": null, + "restricted_services": [ + "*.googleapis.com" + ], + "vpc_accessible_services": [] + } + ], + "timeouts": null, + "title": "restrict_storage", + "use_explicit_dry_run_spec": null + }, + "sensitive_values": { + "spec": [], + "status": [ + { + "egress_policies": [], + "ingress_policies": [], + "restricted_services": [ + false + ], + "vpc_accessible_services": [] + } + ] + } + } + ] + } + }, + "resource_changes": [ + { + "address": "google_access_context_manager_access_policy.access-policy", + "mode": "managed", + "type": "google_access_context_manager_access_policy", + "name": "access-policy", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "parent": "organizations/123456789", + "scopes": null, + "timeouts": null, + "title": "my policy" + }, + "after_unknown": { + "create_time": true, + "id": true, + "name": true, + "update_time": true + }, + "before_sensitive": false, + "after_sensitive": {} + } + }, + { + "address": "google_access_context_manager_service_perimeter.c", + "mode": "managed", + "type": "google_access_context_manager_service_perimeter", + "name": "c", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": null, + "perimeter_type": "PERIMETER_TYPE_REGULAR", + "spec": [], + "status": [ + { + "access_levels": null, + "egress_policies": [], + "ingress_policies": [], + "resources": null, + "restricted_services": [ + "storage.googleapis.com" + ], + "vpc_accessible_services": [] + } + ], + "timeouts": null, + "title": "restrict_storage", + "use_explicit_dry_run_spec": null + }, + "after_unknown": { + "create_time": true, + "id": true, + "name": true, + "parent": true, + "spec": [], + "status": [ + { + "egress_policies": [], + "ingress_policies": [], + "restricted_services": [ + false + ], + "vpc_accessible_services": [] + } + ], + "update_time": true + }, + "before_sensitive": false, + "after_sensitive": { + "spec": [], + "status": [ + { + "egress_policies": [], + "ingress_policies": [], + "restricted_services": [ + false + ], + "vpc_accessible_services": [] + } + ] + } + } + }, + { + "address": "google_access_context_manager_service_perimeter.nc-null-restricted-services", + "mode": "managed", + "type": "google_access_context_manager_service_perimeter", + "name": "nc-null-restricted-services", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": null, + "perimeter_type": "PERIMETER_TYPE_REGULAR", + "spec": [], + "status": [ + { + "access_levels": null, + "egress_policies": [], + "ingress_policies": [], + "resources": null, + "restricted_services": null, + "vpc_accessible_services": [] + } + ], + "timeouts": null, + "title": "restrict_storage", + "use_explicit_dry_run_spec": null + }, + "after_unknown": { + "create_time": true, + "id": true, + "name": true, + "parent": true, + "spec": [], + "status": [ + { + "egress_policies": [], + "ingress_policies": [], + "vpc_accessible_services": [] + } + ], + "update_time": true + }, + "before_sensitive": false, + "after_sensitive": { + "spec": [], + "status": [ + { + "egress_policies": [], + "ingress_policies": [], + "vpc_accessible_services": [] + } + ] + } + } + }, + { + "address": "google_access_context_manager_service_perimeter.nc-permissive-restricted-services", + "mode": "managed", + "type": "google_access_context_manager_service_perimeter", + "name": "nc-permissive-restricted-services", + "provider_name": "registry.terraform.io/hashicorp/google", + "change": { + "actions": [ + "create" + ], + "before": null, + "after": { + "description": null, + "perimeter_type": "PERIMETER_TYPE_REGULAR", + "spec": [], + "status": [ + { + "access_levels": null, + "egress_policies": [], + "ingress_policies": [], + "resources": null, + "restricted_services": [ + "*.googleapis.com" + ], + "vpc_accessible_services": [] + } + ], + "timeouts": null, + "title": "restrict_storage", + "use_explicit_dry_run_spec": null + }, + "after_unknown": { + "create_time": true, + "id": true, + "name": true, + "parent": true, + "spec": [], + "status": [ + { + "egress_policies": [], + "ingress_policies": [], + "restricted_services": [ + false + ], + "vpc_accessible_services": [] + } + ], + "update_time": true + }, + "before_sensitive": false, + "after_sensitive": { + "spec": [], + "status": [ + { + "egress_policies": [], + "ingress_policies": [], + "restricted_services": [ + false + ], + "vpc_accessible_services": [] + } + ] + } + } + } + ], + "configuration": { + "provider_config": { + "google": { + "name": "google", + "full_name": "registry.terraform.io/hashicorp/google" + } + }, + "root_module": { + "resources": [ + { + "address": "google_access_context_manager_access_policy.access-policy", + "mode": "managed", + "type": "google_access_context_manager_access_policy", + "name": "access-policy", + "provider_config_key": "google", + "expressions": { + "parent": { + "constant_value": "organizations/123456789" + }, + "title": { + "constant_value": "my policy" + } + }, + "schema_version": 0 + }, + { + "address": "google_access_context_manager_service_perimeter.c", + "mode": "managed", + "type": "google_access_context_manager_service_perimeter", + "name": "c", + "provider_config_key": "google", + "expressions": { + "name": { + "references": [ + "google_access_context_manager_access_policy.access-policy.name", + "google_access_context_manager_access_policy.access-policy" + ] + }, + "parent": { + "references": [ + "google_access_context_manager_access_policy.access-policy.name", + "google_access_context_manager_access_policy.access-policy" + ] + }, + "status": [ + { + "restricted_services": { + "constant_value": [ + "storage.googleapis.com" + ] + } + } + ], + "title": { + "constant_value": "restrict_storage" + } + }, + "schema_version": 0 + }, + { + "address": "google_access_context_manager_service_perimeter.nc-null-restricted-services", + "mode": "managed", + "type": "google_access_context_manager_service_perimeter", + "name": "nc-null-restricted-services", + "provider_config_key": "google", + "expressions": { + "name": { + "references": [ + "google_access_context_manager_access_policy.access-policy.name", + "google_access_context_manager_access_policy.access-policy" + ] + }, + "parent": { + "references": [ + "google_access_context_manager_access_policy.access-policy.name", + "google_access_context_manager_access_policy.access-policy" + ] + }, + "status": [ + { + "restricted_services": { + "constant_value": [] + } + } + ], + "title": { + "constant_value": "restrict_storage" + } + }, + "schema_version": 0 + }, + { + "address": "google_access_context_manager_service_perimeter.nc-permissive-restricted-services", + "mode": "managed", + "type": "google_access_context_manager_service_perimeter", + "name": "nc-permissive-restricted-services", + "provider_config_key": "google", + "expressions": { + "name": { + "references": [ + "google_access_context_manager_access_policy.access-policy.name", + "google_access_context_manager_access_policy.access-policy" + ] + }, + "parent": { + "references": [ + "google_access_context_manager_access_policy.access-policy.name", + "google_access_context_manager_access_policy.access-policy" + ] + }, + "status": [ + { + "restricted_services": { + "constant_value": [ + "*.googleapis.com" + ] + } + } + ], + "title": { + "constant_value": "restrict_storage" + } + }, + "schema_version": 0 + } + ] + } + }, + "relevant_attributes": [ + { + "resource": "google_access_context_manager_access_policy.access-policy", + "attribute": [ + "name" + ] + } + ], + "timestamp": "2025-11-23T02:10:56Z", + "applyable": true, + "complete": true, + "errored": false +} \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/policy.rego new file mode 100644 index 000000000..6a2927a3d --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_device_management_levels/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.allowed_device_management_levels + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.vars + +conditions := [ + [ + { + "situation_description": "A list of allowed device management levels. An empty list allows all management levels. Each value may be one of: MANAGEMENT_UNSPECIFIED, NONE, BASIC, COMPLETE", + "remedies": ["Update allowed_device_management_levels to include only allowed values as per organizational policy."] + }, + { + "condition": "os_type is not in blacklist", + "attribute_path": ["basic", 0, "conditions", 0, "device_policy", 0, "allowed_device_management_levels"], + "values": ["COMPLETE"], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/policy.rego new file mode 100644 index 000000000..3b62ae6d8 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/allowed_encryption_statuses/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.allowed_encryption_statuses + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.vars + +conditions := [ + [ + { + "situation_description": "A list of allowed encryptions statuses. An empty list allows all statuses. Each value may be one of: ENCRYPTION_UNSPECIFIED, ENCRYPTION_UNSUPPORTED, UNENCRYPTED, ENCRYPTED.", + "remedies": ["Update allowed_encryption_statuses to include only allowed values as per organizational policy."] + }, + { + "condition": "os_type is not in blacklist", + "attribute_path": ["basic", 0, "conditions", 0, "device_policy", 0, "allowed_encryption_statuses"], + "values": ["ENCRYPTED"], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/policy.rego new file mode 100644 index 000000000..72d679f4a --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/os_type/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.os_type + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.vars + +conditions := [ + [ + { + "situation_description": "Ensure access is not granted to unspecified or unsupported OS types.", + "remedies": ["Update os_constraints to explicitly include only supported OS types."] + }, + { + "condition": "os_type is in whitelist", + "attribute_path": ["basic", 0, "conditions", 0, "device_policy", 0, "os_constraints", 0, "os_type"], + "values": ["DESKTOP_WINDOWS","DESKTOP_LINUX","DESKTOP_MAC"], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/policy.rego new file mode 100644 index 000000000..178c76769 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/region/policy.rego @@ -0,0 +1,22 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.region + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.vars + +conditions := [ + [ + {"situation_description" : "Must be in Australia Region", + "remedies":[ "Change regions to Aus"]}, + { + "condition": "Region is not Aus", + "attribute_path" : ["basic", 0, "conditions", 0, "regions"], + "values" : ["australia-southeast1","australia-southeast2"], + "policy_type" : "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/policy.rego new file mode 100644 index 000000000..57c9ce3d0 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_admin_approval/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.require_admin_approval + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.vars + +conditions := [ + [ + { + "situation_description": "Whether the device needs to be approved by the customer admin.", + "remedies": ["Update require_admin_approval to include only allowed values as per organizational policy."] + }, + { + "condition": "os_type is not in blacklist", + "attribute_path": ["basic", 0, "conditions", 0, "device_policy", 0, "require_admin_approval"], + "values": [true], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/policy.rego new file mode 100644 index 000000000..c8b5af41d --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_corp_owned/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.require_corp_owned + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.vars + +conditions := [ + [ + { + "situation_description": "Whether the device needs to be corp owned.", + "remedies": ["Update require_corp_owned to include only allowed values as per organizational policy."] + }, + { + "condition": "os_type is not in blacklist", + "attribute_path": ["basic", 0, "conditions", 0, "device_policy", 0, "require_corp_owned"], + "values": [true], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/policy.rego new file mode 100644 index 000000000..9790e2562 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/require_screen_lock/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.require_screen_lock + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.vars + +conditions := [ + [ + { + "situation_description": "Whether or not screenlock is required for the DevicePolicy to be true.", + "remedies": ["Update screen lock requirement in device policy."] + }, + { + "condition": "screen_lock is true", + "attribute_path": ["basic", 0, "conditions", 0, "device_policy", 0, "require_screen_lock"], + "values": true, + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/vars.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/vars.rego new file mode 100644 index 000000000..c2736d230 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level/vars.rego @@ -0,0 +1,8 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level.vars + + +variables := { + "friendly_resource_name": "access_level", + "resource_type": "google_access_context_manager_access_level", + "resource_value_name" : "name" +} diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/policy.rego new file mode 100644 index 000000000..3b6c06d5d --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/os_type/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.os_type + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.vars + +conditions := [ + [ + { + "situation_description": "Ensure access is not granted to unspecified or unsupported OS types.", + "remedies": ["Update os_constraints to explicitly include only supported OS types."] + }, + { + "condition": "os_type is in whitelist", + "attribute_path": ["device_policy", 0, "os_constraints", 0, "os_type"], + "values": ["DESKTOP_WINDOWS","DESKTOP_LINUX","DESKTOP_MAC"], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/policy.rego new file mode 100644 index 000000000..783484ab1 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/region/policy.rego @@ -0,0 +1,22 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.region + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.vars + +conditions := [ + [ + {"situation_description" : "Must be in Australia Region", + "remedies":[ "Change regions to Aus"]}, + { + "condition": "Region is not Aus", + "attribute_path" : ["regions"], + "values" : ["australia-southeast1","australia-southeast2"], + "policy_type" : "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/policy.rego new file mode 100644 index 000000000..1ed17aed3 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_admin_approval/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.require_admin_approval + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.vars + +conditions := [ + [ + { + "situation_description": "Whether the device needs to be approved by the customer admin.", + "remedies": ["Update require_admin_approval to true."] + }, + { + "condition": "require_admin_approval is true", + "attribute_path": ["device_policy", 0, "require_admin_approval"], + "values": [true], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/policy.rego new file mode 100644 index 000000000..ccf8a86d5 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_corp_owned/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.require_corp_owned + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.vars + +conditions := [ + [ + { + "situation_description": "Whether the device needs to be corp owned.", + "remedies": ["Update require_corp_owned to true."] + }, + { + "condition": "require_corp_owned is true", + "attribute_path": ["device_policy", 0, "require_corp_owned"], + "values": [true], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/policy.rego new file mode 100644 index 000000000..1bfef3ec2 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/require_screen_lock/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.require_screen_lock + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.vars + +conditions := [ + [ + { + "situation_description": "EWhether or not screenlock is required for the DevicePolicy to be true.", + "remedies": ["Update require_screen_lock to true."] + }, + { + "condition": "require_screen_lock is true", + "attribute_path": ["device_policy", 0, "require_screen_lock"], + "values": [true], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/vars.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/vars.rego new file mode 100644 index 000000000..6ada9f4cf --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_level_condition/vars.rego @@ -0,0 +1,8 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_level_condition.vars + + +variables := { + "friendly_resource_name": "access_level_condition", + "resource_type": "google_access_context_manager_access_level_condition", + "resource_value_name" : "name" +} diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/policy.rego new file mode 100644 index 000000000..b8a9e22e7 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/os_type/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_levels.os_type + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_levels.vars + +conditions := [ + [ + { + "situation_description": "Ensure access is not granted to unspecified or unsupported OS types.", + "remedies": ["Update os_constraints to explicitly include only supported OS types."] + }, + { + "condition": "os_type is in whitelist", + "attribute_path": ["access_levels", 0, "basic", 0, "conditions", 0, "device_policy", 0, "os_constraints", 0, "os_type"], + "values": ["DESKTOP_WINDOWS","DESKTOP_LINUX","DESKTOP_MAC"], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/policy.rego new file mode 100644 index 000000000..eac728a04 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/region/policy.rego @@ -0,0 +1,22 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_levels.region + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_levels.vars + +conditions := [ + [ + {"situation_description" : "Must be in Australia Region", + "remedies":[ "Change regions to Aus"]}, + { + "condition": "Region is not Aus", + "attribute_path" : ["access_levels", 0, "basic", 0, "conditions", 0, "regions"], + "values" : ["australia-southeast1","australia-southeast2"], + "policy_type" : "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/policy.rego new file mode 100644 index 000000000..7c9f83d18 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/require_screen_lock/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_levels.require_screen_lock + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_levels.vars + +conditions := [ + [ + { + "situation_description": "EWhether or not screenlock is required for the DevicePolicy to be true.", + "remedies": ["Update require_screen_lock to true."] + }, + { + "condition": "require_screen_lock is true", + "attribute_path": ["access_levels", 0, "basic", 0, "conditions", 0, "device_policy", 0, "require_screen_lock"], + "values": [true], + "policy_type": "whitelist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/vars.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/vars.rego new file mode 100644 index 000000000..978027f3a --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_access_levels/vars.rego @@ -0,0 +1,8 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_access_levels.vars + + +variables := { + "friendly_resource_name": "access_levels", + "resource_type": "google_access_context_manager_access_levels", + "resource_value_name" : "name" +} diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/policy.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/policy.rego new file mode 100644 index 000000000..9d8a90120 --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/status/policy.rego @@ -0,0 +1,30 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_service_perimeter.status + +import data.terraform.helpers +import data.terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_service_perimeter.vars + +conditions := [ + [ + { + "situation_description": "Ensure restricted services is not empty (no protection) or to general.", + "remedies": ["Update status/restricted_services to explicitly include only required service calls."] + }, + { + "condition": "restricted_services is not an empty list", + "attribute_path": ["status", 0, "restricted_services"], + "values": null, + "policy_type": "blacklist" + }, + { + "condition": "restricted_services is too permissive", + "attribute_path": ["status", 0, "restricted_services"], + "values": ["*"], + "policy_type": "element blacklist" + } + ] +] + +result := helpers.get_multi_summary(conditions, vars.variables) + +message := result.message +details := result.details \ No newline at end of file diff --git a/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/vars.rego b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/vars.rego new file mode 100644 index 000000000..881d561ef --- /dev/null +++ b/policies/gcp/access_context_manager_vpc_service_controls/google_access_context_manager_service_perimeter/vars.rego @@ -0,0 +1,8 @@ +package terraform.gcp.security.access_context_manager_vpc_service_controls.google_access_context_manager_service_perimeter.vars + + +variables := { + "friendly_resource_name": "service_perimeter", + "resource_type": "google_access_context_manager_service_perimeter", + "resource_value_name" : "name" +} From 10a7f1cf5470413c4ae2d40cd87f64359a5222c7 Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Tue, 20 Jan 2026 16:45:26 +0700 Subject: [PATCH 12/21] fixing --- inputs/gcp/biglake/backup/policy.rego | 27 +++++++++++++++++++ inputs/gcp/biglake/data_access/policy.rego | 27 +++++++++++++++++++ .../gcp/biglake/login_management/policy.rego | 26 ++++++++++++++++++ .../biglake/network_configuration/policy.rego | 27 +++++++++++++++++++ inputs/gcp/biglake/service_access/policy.rego | 27 +++++++++++++++++++ inputs/gcp/biglake/vars.rego | 7 +++++ .../apikeys/allowed_api_targets/policy.rego | 4 +++ .../policy.rego | 4 +++ .../disallow_public_server_ips/policy.rego | 4 +++ .../disallow_wildcard_methods/policy.rego | 4 +++ .../enforce_key_restrictions/policy.rego | 4 +++ policies/gcp/biglake/backup/policy.rego | 4 +++ policies/gcp/biglake/data_access/policy.rego | 4 +++ .../gcp/biglake/login_management/policy.rego | 4 +++ .../biglake/network_configuration/policy.rego | 4 +++ .../gcp/biglake/service_access/policy.rego | 4 +++ 16 files changed, 181 insertions(+) create mode 100644 inputs/gcp/biglake/backup/policy.rego create mode 100644 inputs/gcp/biglake/data_access/policy.rego create mode 100644 inputs/gcp/biglake/login_management/policy.rego create mode 100644 inputs/gcp/biglake/network_configuration/policy.rego create mode 100644 inputs/gcp/biglake/service_access/policy.rego create mode 100644 inputs/gcp/biglake/vars.rego diff --git a/inputs/gcp/biglake/backup/policy.rego b/inputs/gcp/biglake/backup/policy.rego new file mode 100644 index 000000000..adfc58f09 --- /dev/null +++ b/inputs/gcp/biglake/backup/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_service.backup + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "Backup policy for BigLake is not configured or is insufficient.", + "remedies":[ + "Ensure regular backups are configured and validated for BigLake data." + ] + }, + { + "condition": "Check that backup schedules and retention periods are configured for BigLake.", + "attribute_path" : ["backup_config", 0, "schedule"], + "values" : [ + "daily", + "weekly" + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/inputs/gcp/biglake/data_access/policy.rego b/inputs/gcp/biglake/data_access/policy.rego new file mode 100644 index 000000000..d57671b7d --- /dev/null +++ b/inputs/gcp/biglake/data_access/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_service.data_access + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "Data in BigLake is exposed without proper encryption.", + "remedies":[ + "Ensure data at rest and in transit is encrypted." + ] + }, + { + "condition": "Check that data storage is encrypted using AES-256 or a stronger algorithm.", + "attribute_path" : ["data_storage", 0, "encryption"], + "values" : [ + "AES-256", + "Google-managed encryption keys" + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/inputs/gcp/biglake/login_management/policy.rego b/inputs/gcp/biglake/login_management/policy.rego new file mode 100644 index 000000000..ee3d73209 --- /dev/null +++ b/inputs/gcp/biglake/login_management/policy.rego @@ -0,0 +1,26 @@ +package terraform.gcp.security.biglake.google_biglake_service.login_management + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "Users are not required to use multi-factor authentication for accessing BigLake.", + "remedies":[ + "Enforce multi-factor authentication for all users accessing BigLake." + ] + }, + { + "condition": "Check that multi-factor authentication (MFA) is enabled for user accounts.", + "attribute_path" : ["user_accounts", 0, "mfa_enabled"], + "values" : [ + true + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/inputs/gcp/biglake/network_configuration/policy.rego b/inputs/gcp/biglake/network_configuration/policy.rego new file mode 100644 index 000000000..3b8f84e46 --- /dev/null +++ b/inputs/gcp/biglake/network_configuration/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_service.network_configuration + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "BigLake network is exposed to unapproved IP ranges.", + "remedies":[ + "Limit network access to approved IP ranges." + ] + }, + { + "condition": "Check that the network is restricted to approved IP ranges only.", + "attribute_path" : ["network_config", 0, "allowed_ip_ranges"], + "values" : [ + "10.0.0.0/24", + "192.168.0.0/16" + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/inputs/gcp/biglake/service_access/policy.rego b/inputs/gcp/biglake/service_access/policy.rego new file mode 100644 index 000000000..5cf0fd1a2 --- /dev/null +++ b/inputs/gcp/biglake/service_access/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_service.service_access + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_service.vars + +conditions := [ + [ + { + "situation_description" : "Service account has broader access than allowed for BigLake service.", + "remedies":[ + "Restrict service account access to BigLake only." + ] + }, + { + "condition": "Check that the service account has permissions limited to BigLake service only.", + "attribute_path" : ["service_accounts", 0, "permissions"], + "values" : [ + "biglake.data.read", + "biglake.data.write" + ], + "policy_type" : "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/inputs/gcp/biglake/vars.rego b/inputs/gcp/biglake/vars.rego new file mode 100644 index 000000000..a42f8552c --- /dev/null +++ b/inputs/gcp/biglake/vars.rego @@ -0,0 +1,7 @@ +package terraform.gcp.security.biglake.google_biglake_service.vars + +variables := { + "friendly_resource_name": "BigLake Service", + "resource_type": "google_biglake_service", + "resource_value_name" : "name" +} diff --git a/policies/gcp/apikeys/allowed_api_targets/policy.rego b/policies/gcp/apikeys/allowed_api_targets/policy.rego index 610585e44..b2f337b66 100644 --- a/policies/gcp/apikeys/allowed_api_targets/policy.rego +++ b/policies/gcp/apikeys/allowed_api_targets/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.apikeys.google_apikeys_key.allowed_api_targets +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/apikeys/disallow_public_browser_referrers/policy.rego b/policies/gcp/apikeys/disallow_public_browser_referrers/policy.rego index 418762004..3754de028 100644 --- a/policies/gcp/apikeys/disallow_public_browser_referrers/policy.rego +++ b/policies/gcp/apikeys/disallow_public_browser_referrers/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_browser_referrers +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/apikeys/disallow_public_server_ips/policy.rego b/policies/gcp/apikeys/disallow_public_server_ips/policy.rego index 380cad0c2..8b88c8b8d 100644 --- a/policies/gcp/apikeys/disallow_public_server_ips/policy.rego +++ b/policies/gcp/apikeys/disallow_public_server_ips/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_server_ips +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/apikeys/disallow_wildcard_methods/policy.rego b/policies/gcp/apikeys/disallow_wildcard_methods/policy.rego index 6cee54bf2..7bbf2c86c 100644 --- a/policies/gcp/apikeys/disallow_wildcard_methods/policy.rego +++ b/policies/gcp/apikeys/disallow_wildcard_methods/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.apikeys.google_apikeys_key.disallow_wildcard_methods +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/apikeys/enforce_key_restrictions/policy.rego b/policies/gcp/apikeys/enforce_key_restrictions/policy.rego index 0a54c6749..93886b0f2 100644 --- a/policies/gcp/apikeys/enforce_key_restrictions/policy.rego +++ b/policies/gcp/apikeys/enforce_key_restrictions/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.apikeys.google_apikeys_key.require_restrictions +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/biglake/backup/policy.rego b/policies/gcp/biglake/backup/policy.rego index 2112b6776..72cdd3e74 100644 --- a/policies/gcp/biglake/backup/policy.rego +++ b/policies/gcp/biglake/backup/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.biglake.google_biglake_service.backup +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.biglake.google_biglake_service.vars conditions := [ diff --git a/policies/gcp/biglake/data_access/policy.rego b/policies/gcp/biglake/data_access/policy.rego index b0e4f7e08..a7c777788 100644 --- a/policies/gcp/biglake/data_access/policy.rego +++ b/policies/gcp/biglake/data_access/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.biglake.google_biglake_service.data_access +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.biglake.google_biglake_service.vars conditions := [ diff --git a/policies/gcp/biglake/login_management/policy.rego b/policies/gcp/biglake/login_management/policy.rego index e6851e878..2a8899b4c 100644 --- a/policies/gcp/biglake/login_management/policy.rego +++ b/policies/gcp/biglake/login_management/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.biglake.google_biglake_service.login_management +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.biglake.google_biglake_service.vars conditions := [ diff --git a/policies/gcp/biglake/network_configuration/policy.rego b/policies/gcp/biglake/network_configuration/policy.rego index d9c7d8486..72f400834 100644 --- a/policies/gcp/biglake/network_configuration/policy.rego +++ b/policies/gcp/biglake/network_configuration/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.biglake.google_biglake_service.network_configuration +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.biglake.google_biglake_service.vars conditions := [ diff --git a/policies/gcp/biglake/service_access/policy.rego b/policies/gcp/biglake/service_access/policy.rego index def25823c..138d49371 100644 --- a/policies/gcp/biglake/service_access/policy.rego +++ b/policies/gcp/biglake/service_access/policy.rego @@ -1,6 +1,10 @@ package terraform.gcp.security.biglake.google_biglake_service.service_access +<<<<<<< HEAD import data.terraform.gcp.helpers +======= +import data.terraform.helpers +>>>>>>> 3380726 (fixing) import data.terraform.gcp.security.biglake.google_biglake_service.vars conditions := [ From 5826b9840585841e02f1cd78ca296cf0643666c1 Mon Sep 17 00:00:00 2001 From: trongnhanphan223878459 Date: Mon, 26 Jan 2026 20:58:51 +0700 Subject: [PATCH 13/21] fixing errors --- .../allowed_api_targets/policy.rego | 4 --- .../policy.rego | 4 --- .../disallow_public_server_ips/policy.rego | 4 --- .../disallow_wildcard_methods/policy.rego | 4 --- .../enforce_key_restrictions/policy.rego | 4 --- .../{ => google_apikeys_key}/vars.rego | 0 policies/gcp/biglake/backup/policy.rego | 31 ------------------- policies/gcp/biglake/data_access/policy.rego | 31 ------------------- .../backup/policy.rego | 0 .../data_access/policy.rego | 0 .../login_management/policy.rego | 0 .../network_configuration/policy.rego | 0 .../service_access/policy.rego | 0 .../biglake/google_biglake_service}/vars.rego | 0 .../gcp/biglake/login_management/policy.rego | 30 ------------------ .../biglake/network_configuration/policy.rego | 31 ------------------- .../gcp/biglake/service_access/policy.rego | 31 ------------------- policies/gcp/biglake/vars.rego | 7 ----- 18 files changed, 181 deletions(-) rename policies/gcp/apikeys/{ => google_apikeys_key}/allowed_api_targets/policy.rego (92%) rename policies/gcp/apikeys/{ => google_apikeys_key}/disallow_public_browser_referrers/policy.rego (92%) rename policies/gcp/apikeys/{ => google_apikeys_key}/disallow_public_server_ips/policy.rego (92%) rename policies/gcp/apikeys/{ => google_apikeys_key}/disallow_wildcard_methods/policy.rego (91%) rename policies/gcp/apikeys/{ => google_apikeys_key}/enforce_key_restrictions/policy.rego (92%) rename policies/gcp/apikeys/{ => google_apikeys_key}/vars.rego (100%) delete mode 100644 policies/gcp/biglake/backup/policy.rego delete mode 100644 policies/gcp/biglake/data_access/policy.rego rename {inputs/gcp/biglake => policies/gcp/biglake/google_biglake_service}/backup/policy.rego (100%) rename {inputs/gcp/biglake => policies/gcp/biglake/google_biglake_service}/data_access/policy.rego (100%) rename {inputs/gcp/biglake => policies/gcp/biglake/google_biglake_service}/login_management/policy.rego (100%) rename {inputs/gcp/biglake => policies/gcp/biglake/google_biglake_service}/network_configuration/policy.rego (100%) rename {inputs/gcp/biglake => policies/gcp/biglake/google_biglake_service}/service_access/policy.rego (100%) rename {inputs/gcp/biglake => policies/gcp/biglake/google_biglake_service}/vars.rego (100%) delete mode 100644 policies/gcp/biglake/login_management/policy.rego delete mode 100644 policies/gcp/biglake/network_configuration/policy.rego delete mode 100644 policies/gcp/biglake/service_access/policy.rego delete mode 100644 policies/gcp/biglake/vars.rego diff --git a/policies/gcp/apikeys/allowed_api_targets/policy.rego b/policies/gcp/apikeys/google_apikeys_key/allowed_api_targets/policy.rego similarity index 92% rename from policies/gcp/apikeys/allowed_api_targets/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/allowed_api_targets/policy.rego index b2f337b66..f3ddf086c 100644 --- a/policies/gcp/apikeys/allowed_api_targets/policy.rego +++ b/policies/gcp/apikeys/google_apikeys_key/allowed_api_targets/policy.rego @@ -1,10 +1,6 @@ package terraform.gcp.security.apikeys.google_apikeys_key.allowed_api_targets -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= import data.terraform.helpers ->>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/apikeys/disallow_public_browser_referrers/policy.rego b/policies/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/policy.rego similarity index 92% rename from policies/gcp/apikeys/disallow_public_browser_referrers/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/policy.rego index 3754de028..0f62a1ca4 100644 --- a/policies/gcp/apikeys/disallow_public_browser_referrers/policy.rego +++ b/policies/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/policy.rego @@ -1,10 +1,6 @@ package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_browser_referrers -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= import data.terraform.helpers ->>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/apikeys/disallow_public_server_ips/policy.rego b/policies/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/policy.rego similarity index 92% rename from policies/gcp/apikeys/disallow_public_server_ips/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/policy.rego index 8b88c8b8d..4cabd3bf4 100644 --- a/policies/gcp/apikeys/disallow_public_server_ips/policy.rego +++ b/policies/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/policy.rego @@ -1,10 +1,6 @@ package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_server_ips -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= import data.terraform.helpers ->>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/apikeys/disallow_wildcard_methods/policy.rego b/policies/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/policy.rego similarity index 91% rename from policies/gcp/apikeys/disallow_wildcard_methods/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/policy.rego index 7bbf2c86c..41ae4a2d1 100644 --- a/policies/gcp/apikeys/disallow_wildcard_methods/policy.rego +++ b/policies/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/policy.rego @@ -1,10 +1,6 @@ package terraform.gcp.security.apikeys.google_apikeys_key.disallow_wildcard_methods -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= import data.terraform.helpers ->>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/apikeys/enforce_key_restrictions/policy.rego b/policies/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/policy.rego similarity index 92% rename from policies/gcp/apikeys/enforce_key_restrictions/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/policy.rego index 93886b0f2..d60bbae69 100644 --- a/policies/gcp/apikeys/enforce_key_restrictions/policy.rego +++ b/policies/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/policy.rego @@ -1,10 +1,6 @@ package terraform.gcp.security.apikeys.google_apikeys_key.require_restrictions -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= import data.terraform.helpers ->>>>>>> 3380726 (fixing) import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ diff --git a/policies/gcp/apikeys/vars.rego b/policies/gcp/apikeys/google_apikeys_key/vars.rego similarity index 100% rename from policies/gcp/apikeys/vars.rego rename to policies/gcp/apikeys/google_apikeys_key/vars.rego diff --git a/policies/gcp/biglake/backup/policy.rego b/policies/gcp/biglake/backup/policy.rego deleted file mode 100644 index 72cdd3e74..000000000 --- a/policies/gcp/biglake/backup/policy.rego +++ /dev/null @@ -1,31 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_service.backup - -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= -import data.terraform.helpers ->>>>>>> 3380726 (fixing) -import data.terraform.gcp.security.biglake.google_biglake_service.vars - -conditions := [ - [ - { - "situation_description" : "Backup policy for BigLake is not configured or is insufficient.", - "remedies":[ - "Ensure regular backups are configured and validated for BigLake data." - ] - }, - { - "condition": "Check that backup schedules and retention periods are configured for BigLake.", - "attribute_path" : ["backup_config", 0, "schedule"], - "values" : [ - "daily", - "weekly" - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/data_access/policy.rego b/policies/gcp/biglake/data_access/policy.rego deleted file mode 100644 index a7c777788..000000000 --- a/policies/gcp/biglake/data_access/policy.rego +++ /dev/null @@ -1,31 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_service.data_access - -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= -import data.terraform.helpers ->>>>>>> 3380726 (fixing) -import data.terraform.gcp.security.biglake.google_biglake_service.vars - -conditions := [ - [ - { - "situation_description" : "Data in BigLake is exposed without proper encryption.", - "remedies":[ - "Ensure data at rest and in transit is encrypted." - ] - }, - { - "condition": "Check that data storage is encrypted using AES-256 or a stronger algorithm.", - "attribute_path" : ["data_storage", 0, "encryption"], - "values" : [ - "AES-256", - "Google-managed encryption keys" - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/inputs/gcp/biglake/backup/policy.rego b/policies/gcp/biglake/google_biglake_service/backup/policy.rego similarity index 100% rename from inputs/gcp/biglake/backup/policy.rego rename to policies/gcp/biglake/google_biglake_service/backup/policy.rego diff --git a/inputs/gcp/biglake/data_access/policy.rego b/policies/gcp/biglake/google_biglake_service/data_access/policy.rego similarity index 100% rename from inputs/gcp/biglake/data_access/policy.rego rename to policies/gcp/biglake/google_biglake_service/data_access/policy.rego diff --git a/inputs/gcp/biglake/login_management/policy.rego b/policies/gcp/biglake/google_biglake_service/login_management/policy.rego similarity index 100% rename from inputs/gcp/biglake/login_management/policy.rego rename to policies/gcp/biglake/google_biglake_service/login_management/policy.rego diff --git a/inputs/gcp/biglake/network_configuration/policy.rego b/policies/gcp/biglake/google_biglake_service/network_configuration/policy.rego similarity index 100% rename from inputs/gcp/biglake/network_configuration/policy.rego rename to policies/gcp/biglake/google_biglake_service/network_configuration/policy.rego diff --git a/inputs/gcp/biglake/service_access/policy.rego b/policies/gcp/biglake/google_biglake_service/service_access/policy.rego similarity index 100% rename from inputs/gcp/biglake/service_access/policy.rego rename to policies/gcp/biglake/google_biglake_service/service_access/policy.rego diff --git a/inputs/gcp/biglake/vars.rego b/policies/gcp/biglake/google_biglake_service/vars.rego similarity index 100% rename from inputs/gcp/biglake/vars.rego rename to policies/gcp/biglake/google_biglake_service/vars.rego diff --git a/policies/gcp/biglake/login_management/policy.rego b/policies/gcp/biglake/login_management/policy.rego deleted file mode 100644 index 2a8899b4c..000000000 --- a/policies/gcp/biglake/login_management/policy.rego +++ /dev/null @@ -1,30 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_service.login_management - -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= -import data.terraform.helpers ->>>>>>> 3380726 (fixing) -import data.terraform.gcp.security.biglake.google_biglake_service.vars - -conditions := [ - [ - { - "situation_description" : "Users are not required to use multi-factor authentication for accessing BigLake.", - "remedies":[ - "Enforce multi-factor authentication for all users accessing BigLake." - ] - }, - { - "condition": "Check that multi-factor authentication (MFA) is enabled for user accounts.", - "attribute_path" : ["user_accounts", 0, "mfa_enabled"], - "values" : [ - true - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/network_configuration/policy.rego b/policies/gcp/biglake/network_configuration/policy.rego deleted file mode 100644 index 72f400834..000000000 --- a/policies/gcp/biglake/network_configuration/policy.rego +++ /dev/null @@ -1,31 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_service.network_configuration - -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= -import data.terraform.helpers ->>>>>>> 3380726 (fixing) -import data.terraform.gcp.security.biglake.google_biglake_service.vars - -conditions := [ - [ - { - "situation_description" : "BigLake network is exposed to unapproved IP ranges.", - "remedies":[ - "Limit network access to approved IP ranges." - ] - }, - { - "condition": "Check that the network is restricted to approved IP ranges only.", - "attribute_path" : ["network_config", 0, "allowed_ip_ranges"], - "values" : [ - "10.0.0.0/24", - "192.168.0.0/16" - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/service_access/policy.rego b/policies/gcp/biglake/service_access/policy.rego deleted file mode 100644 index 138d49371..000000000 --- a/policies/gcp/biglake/service_access/policy.rego +++ /dev/null @@ -1,31 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_service.service_access - -<<<<<<< HEAD -import data.terraform.gcp.helpers -======= -import data.terraform.helpers ->>>>>>> 3380726 (fixing) -import data.terraform.gcp.security.biglake.google_biglake_service.vars - -conditions := [ - [ - { - "situation_description" : "Service account has broader access than allowed for BigLake service.", - "remedies":[ - "Restrict service account access to BigLake only." - ] - }, - { - "condition": "Check that the service account has permissions limited to BigLake service only.", - "attribute_path" : ["service_accounts", 0, "permissions"], - "values" : [ - "biglake.data.read", - "biglake.data.write" - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/vars.rego b/policies/gcp/biglake/vars.rego deleted file mode 100644 index a42f8552c..000000000 --- a/policies/gcp/biglake/vars.rego +++ /dev/null @@ -1,7 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_service.vars - -variables := { - "friendly_resource_name": "BigLake Service", - "resource_type": "google_biglake_service", - "resource_value_name" : "name" -} From fbf85fc8ffab403fa2a87427259968e5d85b9da3 Mon Sep 17 00:00:00 2001 From: HxyBean <146651714+HxyBean@users.noreply.github.com> Date: Tue, 27 Jan 2026 19:19:07 +0700 Subject: [PATCH 14/21] add gendoc --- docs/gcp/Apikeys/apikeys_key.md | 70 +++++++++++++++++++ docs/gcp/Biglake/biglake_catalog.md | 15 ++++ docs/gcp/Biglake/biglake_database.md | 23 ++++++ docs/gcp/Biglake/biglake_table.md | 33 +++++++++ .../apikeys_key/allowed_api_target/c.tf | 6 ++ .../apikeys_key/allowed_api_target/config.tf | 11 +++ .../apikeys_key/allowed_api_target/nc.tf | 6 ++ .../allowed_api_targets/.terraform.lock.hcl | 21 ++++++ .../allowed_api_targets/c.tf | 12 ++++ .../allowed_api_targets/config.tf | 11 +++ .../allowed_api_targets/nc.tf | 12 ++++ .../.terraform.lock.hcl | 21 ++++++ .../disallow_public_browser_referrers/c.tf | 18 +++++ .../config.tf | 11 +++ .../disallow_public_browser_referrers/nc.tf | 19 +++++ .../.terraform.lock.hcl | 21 ++++++ .../disallow_public_server_ips/c.tf | 18 +++++ .../disallow_public_server_ips/config.tf | 11 +++ .../disallow_public_server_ips/nc.tf | 19 +++++ .../.terraform.lock.hcl | 21 ++++++ .../disallow_wildcard_methods/c.tf | 16 +++++ .../disallow_wildcard_methods/config.tf | 11 +++ .../disallow_wildcard_methods/nc.tf | 16 +++++ .../.terraform.lock.hcl | 21 ++++++ .../enforce_key_restrictions/c.tf | 11 +++ .../enforce_key_restrictions/config.tf | 11 +++ .../enforce_key_restrictions/nc.tf | 6 ++ .../backup/.terraform.lock.hcl | 21 ++++++ .../google_biglake_service/backup/c.tf | 11 +++ .../google_biglake_service/backup/config.tf | 11 +++ .../google_biglake_service/backup/nc.tf | 11 +++ .../data_access/.terraform.lock.hcl | 21 ++++++ .../google_biglake_service/data_access/c.tf | 10 +++ .../data_access/config.tf | 11 +++ .../google_biglake_service/data_access/nc.tf | 10 +++ .../login_management/.terraform.lock.hcl | 21 ++++++ .../login_management/c.tf | 10 +++ .../login_management/config.tf | 11 +++ .../login_management/nc.tf | 10 +++ .../network_configuration/.terraform.lock.hcl | 21 ++++++ .../network_configuration/c.tf | 10 +++ .../network_configuration/config.tf | 11 +++ .../network_configuration/nc.tf | 10 +++ .../service_access/.terraform.lock.hcl | 21 ++++++ .../service_access/c.tf | 12 ++++ .../service_access/config.tf | 11 +++ .../service_access/nc.tf | 12 ++++ 47 files changed, 737 insertions(+) create mode 100644 docs/gcp/Apikeys/apikeys_key.md create mode 100644 docs/gcp/Biglake/biglake_catalog.md create mode 100644 docs/gcp/Biglake/biglake_database.md create mode 100644 docs/gcp/Biglake/biglake_table.md create mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_target/c.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_target/config.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_target/nc.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/backup/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_service/backup/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/backup/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/backup/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/data_access/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_service/data_access/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/data_access/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/data_access/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/login_management/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_service/login_management/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/login_management/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/login_management/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/network_configuration/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_service/network_configuration/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/network_configuration/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/network_configuration/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/service_access/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_service/service_access/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/service_access/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_service/service_access/nc.tf diff --git a/docs/gcp/Apikeys/apikeys_key.md b/docs/gcp/Apikeys/apikeys_key.md new file mode 100644 index 000000000..03b1a735c --- /dev/null +++ b/docs/gcp/Apikeys/apikeys_key.md @@ -0,0 +1,70 @@ +## 🛡️ Policy Deployment Engine: `apikeys_key` + +This section provides a concise policy evaluation for the `apikeys_key` resource in GCP. + +Reference: [Terraform Registry – apikeys_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/apikeys_key) + +--- + +## Argument Reference + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `name` | The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`. - - - | true | false | None | None | None | +| `display_name` | Human-readable display name of this API key. Modifiable by user. | false | false | None | None | None | +| `project` | The project for the resource | false | false | None | None | None | +| `restrictions` | Key restrictions. | false | false | None | None | None | +| `android_key_restrictions` | | false | false | None | None | None | +| `allowed_applications` | | false | false | None | None | None | +| `api_targets` | | false | false | None | None | None | +| `browser_key_restrictions` | | false | false | None | None | None | +| `ios_key_restrictions` | | false | false | None | None | None | +| `server_key_restrictions` | | false | false | None | None | None | + +### restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `android_key_restrictions` | The Android apps that are allowed to use the key. | false | true | API key restrictions limit how and where the key can be used. API keys without restrictions may be abused or used outside their intended context. | At least one restriction block is defined | No restrictions are configured | +| `api_targets` | A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed. | false | false | None | None | None | +| `browser_key_restrictions` | The HTTP referrers (websites) that are allowed to use the key. | false | false | None | None | None | +| `ios_key_restrictions` | The iOS apps that are allowed to use the key. | false | false | None | None | None | +| `server_key_restrictions` | The IP addresses of callers that are allowed to use the key. | false | false | None | None | None | + +### android_key_restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `allowed_applications` | A list of Android applications that are allowed to make API calls with this key. | true | false | Restricting Android applications ensures that only trusted mobile apps can use the API key. | None | None | + +### allowed_applications Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `package_name` | The package name of the application. | true | false | None | None | None | +| `sha1_fingerprint` | The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter. | true | false | None | None | None | + +### api_targets Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `methods` | Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*` | false | true | Allowing wildcard methods significantly increases the attack surface of the API key. | ['TranslateText', 'DetectLanguage'] | ['*'] | +| `service` | The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project. | true | true | Restricting API targets ensures that the API key can only be used with explicitly approved Google Cloud services. | translate.googleapis.com | * | + +### browser_key_restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `allowed_referrers` | A list of regular expressions for the referrer URLs that are allowed to make API calls with this key. | true | true | Restricting browser referrers prevents unauthorized websites from using the API key. | ['https://example.com'] | ['*'] | + +### ios_key_restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `allowed_bundle_ids` | A list of bundle IDs that are allowed when making API calls with this key. | true | true | Restricting iOS bundle IDs ensures that only trusted iOS applications can use the API key. | None | None | + +### server_key_restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `allowed_ips` | A list of the caller IP addresses that are allowed to make API calls with this key. | true | true | Restricting server IP addresses ensures that only trusted network locations can use the API key. | ['203.0.113.0/24'] | ['0.0.0.0/0'] | diff --git a/docs/gcp/Biglake/biglake_catalog.md b/docs/gcp/Biglake/biglake_catalog.md new file mode 100644 index 000000000..017b735c4 --- /dev/null +++ b/docs/gcp/Biglake/biglake_catalog.md @@ -0,0 +1,15 @@ +## 🛡️ Policy Deployment Engine: `biglake_catalog` + +This section provides a concise policy evaluation for the `biglake_catalog` resource in GCP. + +Reference: [Terraform Registry – biglake_catalog](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_catalog) + +--- + +## Argument Reference + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `location` | The geographic location where the Catalog should reside. | true | true | The catalog location determines where metadata is stored and affects data residency, compliance, and regulatory requirements. | Catalog is created in an approved region | Catalog is created in an unapproved or unrestricted region | +| `name` | The name of the Catalog. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId} | true | false | None | None | None | +| `project` | If it is not provided, the provider project is used. | false | true | Explicitly specifying the project ensures that the catalog is created within the intended security boundary and access controls. | Project is explicitly specified | Project is omitted or points to an unintended project | diff --git a/docs/gcp/Biglake/biglake_database.md b/docs/gcp/Biglake/biglake_database.md new file mode 100644 index 000000000..7939cd3f9 --- /dev/null +++ b/docs/gcp/Biglake/biglake_database.md @@ -0,0 +1,23 @@ +## 🛡️ Policy Deployment Engine: `biglake_database` + +This section provides a concise policy evaluation for the `biglake_database` resource in GCP. + +Reference: [Terraform Registry – biglake_database](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_database) + +--- + +## Argument Reference + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `type` | The database type. | true | false | None | None | None | +| `hive_options` | Options of a Hive database. Structure is [documented below](#nested_hive_options). | true | false | None | None | None | +| `catalog` | The parent catalog. | true | false | None | None | None | +| `name` | The name of the database. | true | false | None | None | None | + +### hive_options Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `location_uri` | Cloud Storage folder URI where the database data is stored, starting with "gs://". | false | true | The storage location defines where database data is physically stored. Incorrect configuration may expose sensitive data or violate data residency requirements. | Storage location points to a controlled and private Cloud Storage bucket | Storage location points to an uncontrolled or public bucket | +| `parameters` | Stores user supplied Hive database parameters. An object containing a list of"key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. | false | false | None | None | None | diff --git a/docs/gcp/Biglake/biglake_table.md b/docs/gcp/Biglake/biglake_table.md new file mode 100644 index 000000000..9ecb3279f --- /dev/null +++ b/docs/gcp/Biglake/biglake_table.md @@ -0,0 +1,33 @@ +## 🛡️ Policy Deployment Engine: `biglake_table` + +This section provides a concise policy evaluation for the `biglake_table` resource in GCP. + +Reference: [Terraform Registry – biglake_table](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_table) + +--- + +## Argument Reference + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `name` | Output only. The name of the Table. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId} | true | false | None | None | None | +| `type` | The database type. Possible values are: `HIVE`. | false | false | None | None | None | +| `hive_options` | Options of a Hive table. Structure is [documented below](#nested_hive_options). | false | false | None | None | None | +| `database` | The id of the parent database. | false | false | None | None | None | +| `storage_descriptor` | | false | false | None | None | None | + +### hive_options Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `parameters` | Stores user supplied Hive table parameters. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. | false | false | None | None | None | +| `table_type` | Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE. | false | false | None | None | None | +| `storage_descriptor` | Stores physical storage information on the data. Structure is [documented below](#nested_hive_options_storage_descriptor). | false | false | None | None | None | + +### storage_descriptor Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `location_uri` | Cloud Storage folder URI where the table data is stored, starting with "gs://". | false | true | The table storage location determines where table data is stored and must be secured to prevent unauthorized data access. | Table data is stored in a secured Cloud Storage bucket | Table data is stored in an unsecured or public bucket | +| `input_format` | The fully qualified Java class name of the input format. | false | false | None | None | None | +| `output_format` | The fully qualified Java class name of the output format. | false | false | None | None | None | diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_target/c.tf b/inputs/gcp/apikeys/apikeys_key/allowed_api_target/c.tf new file mode 100644 index 000000000..6adf2edcd --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/allowed_api_target/c.tf @@ -0,0 +1,6 @@ +# Describe your resource type here +# Keep "c" as the name to indicate that this resource and its attributes are compliant + +resource "RESOURCE TYPE" "c" { + +} \ No newline at end of file diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_target/config.tf b/inputs/gcp/apikeys/apikeys_key/allowed_api_target/config.tf new file mode 100644 index 000000000..9f4356520 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/allowed_api_target/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} \ No newline at end of file diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_target/nc.tf b/inputs/gcp/apikeys/apikeys_key/allowed_api_target/nc.tf new file mode 100644 index 000000000..76e41151f --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/allowed_api_target/nc.tf @@ -0,0 +1,6 @@ +# Describe your resource type here +# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant + +resource "RESOURCE TYPE" "nc" { + +} \ No newline at end of file diff --git a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf new file mode 100644 index 000000000..5f1aea048 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf @@ -0,0 +1,12 @@ +# Compliant example for allowed_api_targets policy + +resource "google_apikeys_key" "c" { + name = "apikey-allowed-api-targets-compliant" + display_name = "Compliant API key for allowed_api_targets test" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + } +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf new file mode 100644 index 000000000..8358e7aa4 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf @@ -0,0 +1,12 @@ +# Non-compliant example for allowed_api_targets policy + +resource "google_apikeys_key" "nc" { + name = "apikey-allowed-api-targets-non-compliant" + display_name = "Non-compliant API key for allowed_api_targets test" + + restrictions { + api_targets { + service = "storage.googleapis.com" + } + } +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf new file mode 100644 index 000000000..01b5fda4e --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf @@ -0,0 +1,18 @@ +# Compliant example for disallow_public_browser_referrers + +resource "google_apikeys_key" "c" { + name = "apikey-browser-referrer-compliant" + display_name = "Compliant browser key (no public referrers)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + browser_key_restrictions { + allowed_referrers = [ + "https://example.com/*" + ] + } + } +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf new file mode 100644 index 000000000..dac788313 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf @@ -0,0 +1,19 @@ +# Non-compliant example for disallow_public_browser_referrers + +resource "google_apikeys_key" "nc" { + name = "apikey-browser-referrer-non-compliant" + display_name = "Non-compliant browser key (public referrers)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + browser_key_restrictions { + allowed_referrers = [ + "*", + "https://example.com/*" + ] + } + } +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf new file mode 100644 index 000000000..a484e0cb4 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf @@ -0,0 +1,18 @@ +# Compliant example for disallow_public_server_ips + +resource "google_apikeys_key" "c" { + name = "apikey-server-ips-compliant" + display_name = "Compliant server key (restricted IPs)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + server_key_restrictions { + allowed_ips = [ + "10.0.0.0/8" + ] + } + } +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf new file mode 100644 index 000000000..1e0101694 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf @@ -0,0 +1,19 @@ +# Non-compliant example for disallow_public_server_ips + +resource "google_apikeys_key" "nc" { + name = "apikey-server-ips-non-compliant" + display_name = "Non-compliant server key (public IP range)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + server_key_restrictions { + allowed_ips = [ + "0.0.0.0/0", + "10.0.0.0/8" + ] + } + } +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf new file mode 100644 index 000000000..7261932ca --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf @@ -0,0 +1,16 @@ +# Compliant example for disallow_wildcard_methods + +resource "google_apikeys_key" "c" { + name = "apikey-wildcard-methods-compliant" + display_name = "Compliant key (no wildcard methods)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + methods = [ + "GET", + "POST" + ] + } + } +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf new file mode 100644 index 000000000..b26886a4a --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf @@ -0,0 +1,16 @@ +# Non-compliant example for disallow_wildcard_methods + +resource "google_apikeys_key" "nc" { + name = "apikey-wildcard-methods-non-compliant" + display_name = "Non-compliant key (wildcard methods)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + methods = [ + "*", + "GET" + ] + } + } +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf new file mode 100644 index 000000000..3644d9b27 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf @@ -0,0 +1,11 @@ +# Compliant example for require_restrictions + +resource "google_apikeys_key" "c" { + name = "apikey-restrictions-compliant" + display_name = "Compliant key (has restrictions)" + restrictions { + api_targets { + service = "maps.googleapis.com" + } + } +} diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf new file mode 100644 index 000000000..e42a9b8b5 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf @@ -0,0 +1,6 @@ +# Non-compliant example for require_restrictions + +resource "google_apikeys_key" "nc" { + name = "apikey-restrictions-non-compliant" + display_name = "Non-compliant key (no restrictions)" +} diff --git a/inputs/gcp/biglake/google_biglake_service/backup/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/backup/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/backup/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_service/backup/c.tf b/inputs/gcp/biglake/google_biglake_service/backup/c.tf new file mode 100644 index 000000000..43c9907f6 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/backup/c.tf @@ -0,0 +1,11 @@ +# Compliant example for backup policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-service-compliant" + description = "Compliant backup configuration" + + backup_config { + schedule = "daily" + retention_period = "30d" + } +} diff --git a/inputs/gcp/biglake/google_biglake_service/backup/config.tf b/inputs/gcp/biglake/google_biglake_service/backup/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/backup/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/backup/nc.tf b/inputs/gcp/biglake/google_biglake_service/backup/nc.tf new file mode 100644 index 000000000..02d39f841 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/backup/nc.tf @@ -0,0 +1,11 @@ +# Non-compliant example for backup policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-service-non-compliant" + description = "Non-compliant backup configuration" + + backup_config { + schedule = "monthly" + retention_period = "10d" + } +} diff --git a/inputs/gcp/biglake/google_biglake_service/data_access/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/data_access/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/data_access/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_service/data_access/c.tf b/inputs/gcp/biglake/google_biglake_service/data_access/c.tf new file mode 100644 index 000000000..296d6d940 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/data_access/c.tf @@ -0,0 +1,10 @@ +# Compliant example for data access policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-data-compliant" + description = "Compliant data access with encryption" + + data_access { + encryption = "AES-256" + } +} diff --git a/inputs/gcp/biglake/google_biglake_service/data_access/config.tf b/inputs/gcp/biglake/google_biglake_service/data_access/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/data_access/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/data_access/nc.tf b/inputs/gcp/biglake/google_biglake_service/data_access/nc.tf new file mode 100644 index 000000000..23c0157b7 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/data_access/nc.tf @@ -0,0 +1,10 @@ +# Non-compliant example for data access policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-data-non-compliant" + description = "Non-compliant data access without encryption" + + data_access { + encryption = "None" + } +} diff --git a/inputs/gcp/biglake/google_biglake_service/login_management/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/login_management/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/login_management/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_service/login_management/c.tf b/inputs/gcp/biglake/google_biglake_service/login_management/c.tf new file mode 100644 index 000000000..4ba121308 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/login_management/c.tf @@ -0,0 +1,10 @@ +# Compliant example for login management policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-login-compliant" + description = "Compliant login account with MFA enabled" + + login_management { + mfa_enabled = true + } +} diff --git a/inputs/gcp/biglake/google_biglake_service/login_management/config.tf b/inputs/gcp/biglake/google_biglake_service/login_management/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/login_management/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/login_management/nc.tf b/inputs/gcp/biglake/google_biglake_service/login_management/nc.tf new file mode 100644 index 000000000..f07ba7e70 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/login_management/nc.tf @@ -0,0 +1,10 @@ +# Non-compliant example for login management policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-login-non-compliant" + description = "Non-compliant login account without MFA" + + login_management { + mfa_enabled = false + } +} diff --git a/inputs/gcp/biglake/google_biglake_service/network_configuration/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/network_configuration/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/network_configuration/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_service/network_configuration/c.tf b/inputs/gcp/biglake/google_biglake_service/network_configuration/c.tf new file mode 100644 index 000000000..42517493a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/network_configuration/c.tf @@ -0,0 +1,10 @@ +# Compliant example for network configuration policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-network-compliant" + description = "Compliant network configuration" + + network_configuration { + allowed_ip_ranges = ["10.0.0.0/24", "192.168.0.0/16"] + } +} diff --git a/inputs/gcp/biglake/google_biglake_service/network_configuration/config.tf b/inputs/gcp/biglake/google_biglake_service/network_configuration/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/network_configuration/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/network_configuration/nc.tf b/inputs/gcp/biglake/google_biglake_service/network_configuration/nc.tf new file mode 100644 index 000000000..0c089eff1 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/network_configuration/nc.tf @@ -0,0 +1,10 @@ +# Non-compliant example for network configuration policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-network-non-compliant" + description = "Non-compliant network configuration" + + network_configuration { + allowed_ip_ranges = ["0.0.0.0/0"] + } +} diff --git a/inputs/gcp/biglake/google_biglake_service/service_access/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/service_access/.terraform.lock.hcl new file mode 100644 index 000000000..dc6bd4f38 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/service_access/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.15.0" + hashes = [ + "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", + "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", + "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", + "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", + "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", + "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", + "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", + "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", + "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", + "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", + "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", + "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_service/service_access/c.tf b/inputs/gcp/biglake/google_biglake_service/service_access/c.tf new file mode 100644 index 000000000..42e3d02a2 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/service_access/c.tf @@ -0,0 +1,12 @@ +# Compliant example for service access policy + +resource "google_biglake_service" "c" { + resource_name = "biglake-service-access-compliant" + description = "Compliant service access" + + service_access { + api_targets { + service = "maps.googleapis.com" + } + } +} diff --git a/inputs/gcp/biglake/google_biglake_service/service_access/config.tf b/inputs/gcp/biglake/google_biglake_service/service_access/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/service_access/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/service_access/nc.tf b/inputs/gcp/biglake/google_biglake_service/service_access/nc.tf new file mode 100644 index 000000000..50948b962 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_service/service_access/nc.tf @@ -0,0 +1,12 @@ +# Non-compliant example for service access policy + +resource "google_biglake_service" "nc" { + resource_name = "biglake-service-access-non-compliant" + description = "Non-compliant service access" + + service_access { + api_targets { + service = "storage.googleapis.com" + } + } +} From 35d3fb48a5b1c6a96c7285dab9c381b60c32ea98 Mon Sep 17 00:00:00 2001 From: HxyBean <146651714+HxyBean@users.noreply.github.com> Date: Tue, 27 Jan 2026 19:25:11 +0700 Subject: [PATCH 15/21] add docgen --- .../Apikeys/resource_json/apikeys_key.json | 77 +++++++++++-------- .../resource_json/biglake_catalog.json | 20 ++--- .../resource_json/biglake_database.json | 18 ++--- .../Biglake/resource_json/biglake_table.json | 24 +++--- .../allowed_api_targets/.terraform.lock.hcl | 21 ----- inputs/gcp/apikeys/allowed_api_targets/c.tf | 12 --- .../gcp/apikeys/allowed_api_targets/config.tf | 11 --- inputs/gcp/apikeys/allowed_api_targets/nc.tf | 12 --- .../apikeys_key/allowed_api_target/c.tf | 6 -- .../apikeys_key/allowed_api_target/config.tf | 11 --- .../apikeys_key/allowed_api_target/nc.tf | 6 -- .../.terraform.lock.hcl | 21 ----- .../disallow_public_browser_referrers/c.tf | 18 ----- .../config.tf | 11 --- .../disallow_public_browser_referrers/nc.tf | 19 ----- .../.terraform.lock.hcl | 21 ----- .../apikeys/disallow_public_server_ips/c.tf | 18 ----- .../disallow_public_server_ips/config.tf | 11 --- .../apikeys/disallow_public_server_ips/nc.tf | 19 ----- .../.terraform.lock.hcl | 21 ----- .../apikeys/disallow_wildcard_methods/c.tf | 16 ---- .../disallow_wildcard_methods/config.tf | 11 --- .../apikeys/disallow_wildcard_methods/nc.tf | 16 ---- .../.terraform.lock.hcl | 21 ----- .../gcp/apikeys/enforce_key_restrictions/c.tf | 11 --- .../enforce_key_restrictions/config.tf | 11 --- .../apikeys/enforce_key_restrictions/nc.tf | 6 -- inputs/gcp/biglake/backup/.terraform.lock.hcl | 21 ----- inputs/gcp/biglake/backup/c.tf | 11 --- inputs/gcp/biglake/backup/config.tf | 11 --- inputs/gcp/biglake/backup/nc.tf | 11 --- .../biglake/data_access/.terraform.lock.hcl | 21 ----- inputs/gcp/biglake/data_access/c.tf | 10 --- inputs/gcp/biglake/data_access/config.tf | 11 --- inputs/gcp/biglake/data_access/nc.tf | 10 --- .../login_management/.terraform.lock.hcl | 21 ----- inputs/gcp/biglake/login_management/c.tf | 10 --- inputs/gcp/biglake/login_management/config.tf | 11 --- inputs/gcp/biglake/login_management/nc.tf | 10 --- .../network_configuration/.terraform.lock.hcl | 21 ----- inputs/gcp/biglake/network_configuration/c.tf | 10 --- .../biglake/network_configuration/config.tf | 11 --- .../gcp/biglake/network_configuration/nc.tf | 10 --- .../service_access/.terraform.lock.hcl | 21 ----- inputs/gcp/biglake/service_access/c.tf | 12 --- inputs/gcp/biglake/service_access/config.tf | 11 --- inputs/gcp/biglake/service_access/nc.tf | 12 --- 47 files changed, 76 insertions(+), 659 deletions(-) delete mode 100644 inputs/gcp/apikeys/allowed_api_targets/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/allowed_api_targets/c.tf delete mode 100644 inputs/gcp/apikeys/allowed_api_targets/config.tf delete mode 100644 inputs/gcp/apikeys/allowed_api_targets/nc.tf delete mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_target/c.tf delete mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_target/config.tf delete mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_target/nc.tf delete mode 100644 inputs/gcp/apikeys/disallow_public_browser_referrers/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/disallow_public_browser_referrers/c.tf delete mode 100644 inputs/gcp/apikeys/disallow_public_browser_referrers/config.tf delete mode 100644 inputs/gcp/apikeys/disallow_public_browser_referrers/nc.tf delete mode 100644 inputs/gcp/apikeys/disallow_public_server_ips/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/disallow_public_server_ips/c.tf delete mode 100644 inputs/gcp/apikeys/disallow_public_server_ips/config.tf delete mode 100644 inputs/gcp/apikeys/disallow_public_server_ips/nc.tf delete mode 100644 inputs/gcp/apikeys/disallow_wildcard_methods/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/disallow_wildcard_methods/c.tf delete mode 100644 inputs/gcp/apikeys/disallow_wildcard_methods/config.tf delete mode 100644 inputs/gcp/apikeys/disallow_wildcard_methods/nc.tf delete mode 100644 inputs/gcp/apikeys/enforce_key_restrictions/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/enforce_key_restrictions/c.tf delete mode 100644 inputs/gcp/apikeys/enforce_key_restrictions/config.tf delete mode 100644 inputs/gcp/apikeys/enforce_key_restrictions/nc.tf delete mode 100644 inputs/gcp/biglake/backup/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/backup/c.tf delete mode 100644 inputs/gcp/biglake/backup/config.tf delete mode 100644 inputs/gcp/biglake/backup/nc.tf delete mode 100644 inputs/gcp/biglake/data_access/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/data_access/c.tf delete mode 100644 inputs/gcp/biglake/data_access/config.tf delete mode 100644 inputs/gcp/biglake/data_access/nc.tf delete mode 100644 inputs/gcp/biglake/login_management/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/login_management/c.tf delete mode 100644 inputs/gcp/biglake/login_management/config.tf delete mode 100644 inputs/gcp/biglake/login_management/nc.tf delete mode 100644 inputs/gcp/biglake/network_configuration/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/network_configuration/c.tf delete mode 100644 inputs/gcp/biglake/network_configuration/config.tf delete mode 100644 inputs/gcp/biglake/network_configuration/nc.tf delete mode 100644 inputs/gcp/biglake/service_access/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/service_access/c.tf delete mode 100644 inputs/gcp/biglake/service_access/config.tf delete mode 100644 inputs/gcp/biglake/service_access/nc.tf diff --git a/docs/gcp/Apikeys/resource_json/apikeys_key.json b/docs/gcp/Apikeys/resource_json/apikeys_key.json index bf853cce4..5629f011a 100644 --- a/docs/gcp/Apikeys/resource_json/apikeys_key.json +++ b/docs/gcp/Apikeys/resource_json/apikeys_key.json @@ -5,7 +5,7 @@ "name": { "description": "The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`. - - -", "required": true, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -14,7 +14,7 @@ "display_name": { "description": "Human-readable display name of this API key. Modifiable by user.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -23,7 +23,7 @@ "project": { "description": "The project for the resource", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -32,7 +32,7 @@ "restrictions": { "description": "Key restrictions.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -41,10 +41,10 @@ "android_key_restrictions": { "description": "The Android apps that are allowed to use the key.", "required": false, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, + "security_impact": true, + "rationale": "API key restrictions limit how and where the key can be used. API keys without restrictions may be abused or used outside their intended context.", + "compliant": "At least one restriction block is defined", + "non-compliant": "No restrictions are configured", "parent": "restrictions" }, "api_targets": { @@ -88,7 +88,7 @@ "android_key_restrictions": { "description": "", "required": null, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -98,7 +98,7 @@ "description": "A list of Android applications that are allowed to make API calls with this key.", "required": true, "security_impact": null, - "rationale": null, + "rationale": "Restricting Android applications ensures that only trusted mobile apps can use the API key.", "compliant": null, "non-compliant": null, "parent": "android_key_restrictions" @@ -137,7 +137,7 @@ "api_targets": { "description": "", "required": null, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -146,19 +146,24 @@ "methods": { "description": "Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*`", "required": false, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, + "security_impact": true, + "rationale": "Allowing wildcard methods significantly increases the attack surface of the API key.", + "compliant": [ + "TranslateText", + "DetectLanguage" + ], + "non-compliant": [ + "*" + ], "parent": "api_targets" }, "service": { "description": "The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project.", "required": true, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, + "security_impact": true, + "rationale": "Restricting API targets ensures that the API key can only be used with explicitly approved Google Cloud services.", + "compliant": "translate.googleapis.com", + "non-compliant": "*", "parent": "api_targets" } } @@ -166,7 +171,7 @@ "browser_key_restrictions": { "description": "", "required": null, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -175,10 +180,14 @@ "allowed_referrers": { "description": "A list of regular expressions for the referrer URLs that are allowed to make API calls with this key.", "required": true, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, + "security_impact": true, + "rationale": "Restricting browser referrers prevents unauthorized websites from using the API key.", + "compliant": [ + "https://example.com" + ], + "non-compliant": [ + "*" + ], "parent": "browser_key_restrictions" } } @@ -186,7 +195,7 @@ "ios_key_restrictions": { "description": "", "required": null, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -195,8 +204,8 @@ "allowed_bundle_ids": { "description": "A list of bundle IDs that are allowed when making API calls with this key.", "required": true, - "security_impact": null, - "rationale": null, + "security_impact": true, + "rationale": "Restricting iOS bundle IDs ensures that only trusted iOS applications can use the API key.", "compliant": null, "non-compliant": null, "parent": "ios_key_restrictions" @@ -206,7 +215,7 @@ "server_key_restrictions": { "description": "", "required": null, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -215,10 +224,14 @@ "allowed_ips": { "description": "A list of the caller IP addresses that are allowed to make API calls with this key.", "required": true, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, + "security_impact": true, + "rationale": "Restricting server IP addresses ensures that only trusted network locations can use the API key.", + "compliant": [ + "203.0.113.0/24" + ], + "non-compliant": [ + "0.0.0.0/0" + ], "parent": "server_key_restrictions" } } diff --git a/docs/gcp/Biglake/resource_json/biglake_catalog.json b/docs/gcp/Biglake/resource_json/biglake_catalog.json index 34d36b4b2..c8d385529 100644 --- a/docs/gcp/Biglake/resource_json/biglake_catalog.json +++ b/docs/gcp/Biglake/resource_json/biglake_catalog.json @@ -5,16 +5,16 @@ "location": { "description": "The geographic location where the Catalog should reside.", "required": true, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, + "security_impact": true, + "rationale": "The catalog location determines where metadata is stored and affects data residency, compliance, and regulatory requirements.", + "compliant": "Catalog is created in an approved region", + "non-compliant": "Catalog is created in an unapproved or unrestricted region", "parent": null }, "name": { "description": "The name of the Catalog. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}", "required": true, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -22,11 +22,11 @@ }, "project": { "description": "If it is not provided, the provider project is used.", - "required": null, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, + "required": false, + "security_impact": true, + "rationale": "Explicitly specifying the project ensures that the catalog is created within the intended security boundary and access controls.", + "compliant": "Project is explicitly specified", + "non-compliant": "Project is omitted or points to an unintended project", "parent": null } } diff --git a/docs/gcp/Biglake/resource_json/biglake_database.json b/docs/gcp/Biglake/resource_json/biglake_database.json index 2302ffe93..0c9e31ac4 100644 --- a/docs/gcp/Biglake/resource_json/biglake_database.json +++ b/docs/gcp/Biglake/resource_json/biglake_database.json @@ -5,7 +5,7 @@ "type": { "description": "The database type.", "required": true, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -14,7 +14,7 @@ "hive_options": { "description": "Options of a Hive database. Structure is [documented below](#nested_hive_options).", "required": true, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -23,16 +23,16 @@ "location_uri": { "description": "Cloud Storage folder URI where the database data is stored, starting with \"gs://\".", "required": false, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, + "security_impact": true, + "rationale": "The storage location defines where database data is physically stored. Incorrect configuration may expose sensitive data or violate data residency requirements.", + "compliant": "Storage location points to a controlled and private Cloud Storage bucket", + "non-compliant": "Storage location points to an uncontrolled or public bucket", "parent": "hive_options" }, "parameters": { "description": "Stores user supplied Hive database parameters. An object containing a list of\"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -43,7 +43,7 @@ "catalog": { "description": "The parent catalog.", "required": true, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -52,7 +52,7 @@ "name": { "description": "The name of the database.", "required": true, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, diff --git a/docs/gcp/Biglake/resource_json/biglake_table.json b/docs/gcp/Biglake/resource_json/biglake_table.json index 7a9e24997..bdcb1d011 100644 --- a/docs/gcp/Biglake/resource_json/biglake_table.json +++ b/docs/gcp/Biglake/resource_json/biglake_table.json @@ -5,7 +5,7 @@ "name": { "description": "Output only. The name of the Table. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId}", "required": true, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -14,7 +14,7 @@ "type": { "description": "The database type. Possible values are: `HIVE`.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -23,7 +23,7 @@ "hive_options": { "description": "Options of a Hive table. Structure is [documented below](#nested_hive_options).", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -32,7 +32,7 @@ "parameters": { "description": "Stores user supplied Hive table parameters. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -41,7 +41,7 @@ "table_type": { "description": "Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -50,7 +50,7 @@ "storage_descriptor": { "description": "Stores physical storage information on the data. Structure is [documented below](#nested_hive_options_storage_descriptor).", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -79,16 +79,16 @@ "location_uri": { "description": "Cloud Storage folder URI where the table data is stored, starting with \"gs://\".", "required": false, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, + "security_impact": true, + "rationale": "The table storage location determines where table data is stored and must be secured to prevent unauthorized data access.", + "compliant": "Table data is stored in a secured Cloud Storage bucket", + "non-compliant": "Table data is stored in an unsecured or public bucket", "parent": "storage_descriptor" }, "input_format": { "description": "The fully qualified Java class name of the input format.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, @@ -97,7 +97,7 @@ "output_format": { "description": "The fully qualified Java class name of the output format.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, diff --git a/inputs/gcp/apikeys/allowed_api_targets/.terraform.lock.hcl b/inputs/gcp/apikeys/allowed_api_targets/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/allowed_api_targets/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/allowed_api_targets/c.tf b/inputs/gcp/apikeys/allowed_api_targets/c.tf deleted file mode 100644 index 5f1aea048..000000000 --- a/inputs/gcp/apikeys/allowed_api_targets/c.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Compliant example for allowed_api_targets policy - -resource "google_apikeys_key" "c" { - name = "apikey-allowed-api-targets-compliant" - display_name = "Compliant API key for allowed_api_targets test" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - } -} diff --git a/inputs/gcp/apikeys/allowed_api_targets/config.tf b/inputs/gcp/apikeys/allowed_api_targets/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/allowed_api_targets/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/allowed_api_targets/nc.tf b/inputs/gcp/apikeys/allowed_api_targets/nc.tf deleted file mode 100644 index 8358e7aa4..000000000 --- a/inputs/gcp/apikeys/allowed_api_targets/nc.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Non-compliant example for allowed_api_targets policy - -resource "google_apikeys_key" "nc" { - name = "apikey-allowed-api-targets-non-compliant" - display_name = "Non-compliant API key for allowed_api_targets test" - - restrictions { - api_targets { - service = "storage.googleapis.com" - } - } -} diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_target/c.tf b/inputs/gcp/apikeys/apikeys_key/allowed_api_target/c.tf deleted file mode 100644 index 6adf2edcd..000000000 --- a/inputs/gcp/apikeys/apikeys_key/allowed_api_target/c.tf +++ /dev/null @@ -1,6 +0,0 @@ -# Describe your resource type here -# Keep "c" as the name to indicate that this resource and its attributes are compliant - -resource "RESOURCE TYPE" "c" { - -} \ No newline at end of file diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_target/config.tf b/inputs/gcp/apikeys/apikeys_key/allowed_api_target/config.tf deleted file mode 100644 index 9f4356520..000000000 --- a/inputs/gcp/apikeys/apikeys_key/allowed_api_target/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ###### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} \ No newline at end of file diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_target/nc.tf b/inputs/gcp/apikeys/apikeys_key/allowed_api_target/nc.tf deleted file mode 100644 index 76e41151f..000000000 --- a/inputs/gcp/apikeys/apikeys_key/allowed_api_target/nc.tf +++ /dev/null @@ -1,6 +0,0 @@ -# Describe your resource type here -# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant - -resource "RESOURCE TYPE" "nc" { - -} \ No newline at end of file diff --git a/inputs/gcp/apikeys/disallow_public_browser_referrers/.terraform.lock.hcl b/inputs/gcp/apikeys/disallow_public_browser_referrers/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/disallow_public_browser_referrers/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/disallow_public_browser_referrers/c.tf b/inputs/gcp/apikeys/disallow_public_browser_referrers/c.tf deleted file mode 100644 index 01b5fda4e..000000000 --- a/inputs/gcp/apikeys/disallow_public_browser_referrers/c.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Compliant example for disallow_public_browser_referrers - -resource "google_apikeys_key" "c" { - name = "apikey-browser-referrer-compliant" - display_name = "Compliant browser key (no public referrers)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - - browser_key_restrictions { - allowed_referrers = [ - "https://example.com/*" - ] - } - } -} diff --git a/inputs/gcp/apikeys/disallow_public_browser_referrers/config.tf b/inputs/gcp/apikeys/disallow_public_browser_referrers/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/disallow_public_browser_referrers/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/disallow_public_browser_referrers/nc.tf b/inputs/gcp/apikeys/disallow_public_browser_referrers/nc.tf deleted file mode 100644 index dac788313..000000000 --- a/inputs/gcp/apikeys/disallow_public_browser_referrers/nc.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Non-compliant example for disallow_public_browser_referrers - -resource "google_apikeys_key" "nc" { - name = "apikey-browser-referrer-non-compliant" - display_name = "Non-compliant browser key (public referrers)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - - browser_key_restrictions { - allowed_referrers = [ - "*", - "https://example.com/*" - ] - } - } -} diff --git a/inputs/gcp/apikeys/disallow_public_server_ips/.terraform.lock.hcl b/inputs/gcp/apikeys/disallow_public_server_ips/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/disallow_public_server_ips/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/disallow_public_server_ips/c.tf b/inputs/gcp/apikeys/disallow_public_server_ips/c.tf deleted file mode 100644 index a484e0cb4..000000000 --- a/inputs/gcp/apikeys/disallow_public_server_ips/c.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Compliant example for disallow_public_server_ips - -resource "google_apikeys_key" "c" { - name = "apikey-server-ips-compliant" - display_name = "Compliant server key (restricted IPs)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - - server_key_restrictions { - allowed_ips = [ - "10.0.0.0/8" - ] - } - } -} diff --git a/inputs/gcp/apikeys/disallow_public_server_ips/config.tf b/inputs/gcp/apikeys/disallow_public_server_ips/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/disallow_public_server_ips/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/disallow_public_server_ips/nc.tf b/inputs/gcp/apikeys/disallow_public_server_ips/nc.tf deleted file mode 100644 index 1e0101694..000000000 --- a/inputs/gcp/apikeys/disallow_public_server_ips/nc.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Non-compliant example for disallow_public_server_ips - -resource "google_apikeys_key" "nc" { - name = "apikey-server-ips-non-compliant" - display_name = "Non-compliant server key (public IP range)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - - server_key_restrictions { - allowed_ips = [ - "0.0.0.0/0", - "10.0.0.0/8" - ] - } - } -} diff --git a/inputs/gcp/apikeys/disallow_wildcard_methods/.terraform.lock.hcl b/inputs/gcp/apikeys/disallow_wildcard_methods/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/disallow_wildcard_methods/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/disallow_wildcard_methods/c.tf b/inputs/gcp/apikeys/disallow_wildcard_methods/c.tf deleted file mode 100644 index 7261932ca..000000000 --- a/inputs/gcp/apikeys/disallow_wildcard_methods/c.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Compliant example for disallow_wildcard_methods - -resource "google_apikeys_key" "c" { - name = "apikey-wildcard-methods-compliant" - display_name = "Compliant key (no wildcard methods)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - methods = [ - "GET", - "POST" - ] - } - } -} diff --git a/inputs/gcp/apikeys/disallow_wildcard_methods/config.tf b/inputs/gcp/apikeys/disallow_wildcard_methods/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/disallow_wildcard_methods/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/disallow_wildcard_methods/nc.tf b/inputs/gcp/apikeys/disallow_wildcard_methods/nc.tf deleted file mode 100644 index b26886a4a..000000000 --- a/inputs/gcp/apikeys/disallow_wildcard_methods/nc.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Non-compliant example for disallow_wildcard_methods - -resource "google_apikeys_key" "nc" { - name = "apikey-wildcard-methods-non-compliant" - display_name = "Non-compliant key (wildcard methods)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - methods = [ - "*", - "GET" - ] - } - } -} diff --git a/inputs/gcp/apikeys/enforce_key_restrictions/.terraform.lock.hcl b/inputs/gcp/apikeys/enforce_key_restrictions/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/enforce_key_restrictions/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/enforce_key_restrictions/c.tf b/inputs/gcp/apikeys/enforce_key_restrictions/c.tf deleted file mode 100644 index 3644d9b27..000000000 --- a/inputs/gcp/apikeys/enforce_key_restrictions/c.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Compliant example for require_restrictions - -resource "google_apikeys_key" "c" { - name = "apikey-restrictions-compliant" - display_name = "Compliant key (has restrictions)" - restrictions { - api_targets { - service = "maps.googleapis.com" - } - } -} diff --git a/inputs/gcp/apikeys/enforce_key_restrictions/config.tf b/inputs/gcp/apikeys/enforce_key_restrictions/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/enforce_key_restrictions/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/enforce_key_restrictions/nc.tf b/inputs/gcp/apikeys/enforce_key_restrictions/nc.tf deleted file mode 100644 index e42a9b8b5..000000000 --- a/inputs/gcp/apikeys/enforce_key_restrictions/nc.tf +++ /dev/null @@ -1,6 +0,0 @@ -# Non-compliant example for require_restrictions - -resource "google_apikeys_key" "nc" { - name = "apikey-restrictions-non-compliant" - display_name = "Non-compliant key (no restrictions)" -} diff --git a/inputs/gcp/biglake/backup/.terraform.lock.hcl b/inputs/gcp/biglake/backup/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/backup/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/backup/c.tf b/inputs/gcp/biglake/backup/c.tf deleted file mode 100644 index 43c9907f6..000000000 --- a/inputs/gcp/biglake/backup/c.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Compliant example for backup policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-service-compliant" - description = "Compliant backup configuration" - - backup_config { - schedule = "daily" - retention_period = "30d" - } -} diff --git a/inputs/gcp/biglake/backup/config.tf b/inputs/gcp/biglake/backup/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/backup/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/backup/nc.tf b/inputs/gcp/biglake/backup/nc.tf deleted file mode 100644 index 02d39f841..000000000 --- a/inputs/gcp/biglake/backup/nc.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Non-compliant example for backup policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-service-non-compliant" - description = "Non-compliant backup configuration" - - backup_config { - schedule = "monthly" - retention_period = "10d" - } -} diff --git a/inputs/gcp/biglake/data_access/.terraform.lock.hcl b/inputs/gcp/biglake/data_access/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/data_access/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/data_access/c.tf b/inputs/gcp/biglake/data_access/c.tf deleted file mode 100644 index 296d6d940..000000000 --- a/inputs/gcp/biglake/data_access/c.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Compliant example for data access policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-data-compliant" - description = "Compliant data access with encryption" - - data_access { - encryption = "AES-256" - } -} diff --git a/inputs/gcp/biglake/data_access/config.tf b/inputs/gcp/biglake/data_access/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/data_access/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/data_access/nc.tf b/inputs/gcp/biglake/data_access/nc.tf deleted file mode 100644 index 23c0157b7..000000000 --- a/inputs/gcp/biglake/data_access/nc.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Non-compliant example for data access policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-data-non-compliant" - description = "Non-compliant data access without encryption" - - data_access { - encryption = "None" - } -} diff --git a/inputs/gcp/biglake/login_management/.terraform.lock.hcl b/inputs/gcp/biglake/login_management/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/login_management/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/login_management/c.tf b/inputs/gcp/biglake/login_management/c.tf deleted file mode 100644 index 4ba121308..000000000 --- a/inputs/gcp/biglake/login_management/c.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Compliant example for login management policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-login-compliant" - description = "Compliant login account with MFA enabled" - - login_management { - mfa_enabled = true - } -} diff --git a/inputs/gcp/biglake/login_management/config.tf b/inputs/gcp/biglake/login_management/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/login_management/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/login_management/nc.tf b/inputs/gcp/biglake/login_management/nc.tf deleted file mode 100644 index f07ba7e70..000000000 --- a/inputs/gcp/biglake/login_management/nc.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Non-compliant example for login management policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-login-non-compliant" - description = "Non-compliant login account without MFA" - - login_management { - mfa_enabled = false - } -} diff --git a/inputs/gcp/biglake/network_configuration/.terraform.lock.hcl b/inputs/gcp/biglake/network_configuration/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/network_configuration/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/network_configuration/c.tf b/inputs/gcp/biglake/network_configuration/c.tf deleted file mode 100644 index 42517493a..000000000 --- a/inputs/gcp/biglake/network_configuration/c.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Compliant example for network configuration policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-network-compliant" - description = "Compliant network configuration" - - network_configuration { - allowed_ip_ranges = ["10.0.0.0/24", "192.168.0.0/16"] - } -} diff --git a/inputs/gcp/biglake/network_configuration/config.tf b/inputs/gcp/biglake/network_configuration/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/network_configuration/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/network_configuration/nc.tf b/inputs/gcp/biglake/network_configuration/nc.tf deleted file mode 100644 index 0c089eff1..000000000 --- a/inputs/gcp/biglake/network_configuration/nc.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Non-compliant example for network configuration policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-network-non-compliant" - description = "Non-compliant network configuration" - - network_configuration { - allowed_ip_ranges = ["0.0.0.0/0"] - } -} diff --git a/inputs/gcp/biglake/service_access/.terraform.lock.hcl b/inputs/gcp/biglake/service_access/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/service_access/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/service_access/c.tf b/inputs/gcp/biglake/service_access/c.tf deleted file mode 100644 index 42e3d02a2..000000000 --- a/inputs/gcp/biglake/service_access/c.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Compliant example for service access policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-service-access-compliant" - description = "Compliant service access" - - service_access { - api_targets { - service = "maps.googleapis.com" - } - } -} diff --git a/inputs/gcp/biglake/service_access/config.tf b/inputs/gcp/biglake/service_access/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/service_access/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/service_access/nc.tf b/inputs/gcp/biglake/service_access/nc.tf deleted file mode 100644 index 50948b962..000000000 --- a/inputs/gcp/biglake/service_access/nc.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Non-compliant example for service access policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-service-access-non-compliant" - description = "Non-compliant service access" - - service_access { - api_targets { - service = "storage.googleapis.com" - } - } -} From f5da6170d1639312bb574a0cb947d96984a963ce Mon Sep 17 00:00:00 2001 From: trongnhanphan Date: Tue, 27 Jan 2026 21:53:56 +0700 Subject: [PATCH 16/21] Revert "add gendoc" This reverts commit fbf85fc8ffab403fa2a87427259968e5d85b9da3. --- docs/gcp/Apikeys/apikeys_key.md | 70 ------------------- docs/gcp/Biglake/biglake_catalog.md | 15 ---- docs/gcp/Biglake/biglake_database.md | 23 ------ docs/gcp/Biglake/biglake_table.md | 33 --------- .../allowed_api_targets/.terraform.lock.hcl | 21 ------ .../allowed_api_targets/c.tf | 12 ---- .../allowed_api_targets/config.tf | 11 --- .../allowed_api_targets/nc.tf | 12 ---- .../.terraform.lock.hcl | 21 ------ .../disallow_public_browser_referrers/c.tf | 18 ----- .../config.tf | 11 --- .../disallow_public_browser_referrers/nc.tf | 19 ----- .../.terraform.lock.hcl | 21 ------ .../disallow_public_server_ips/c.tf | 18 ----- .../disallow_public_server_ips/config.tf | 11 --- .../disallow_public_server_ips/nc.tf | 19 ----- .../.terraform.lock.hcl | 21 ------ .../disallow_wildcard_methods/c.tf | 16 ----- .../disallow_wildcard_methods/config.tf | 11 --- .../disallow_wildcard_methods/nc.tf | 16 ----- .../.terraform.lock.hcl | 21 ------ .../enforce_key_restrictions/c.tf | 11 --- .../enforce_key_restrictions/config.tf | 11 --- .../enforce_key_restrictions/nc.tf | 6 -- .../backup/.terraform.lock.hcl | 21 ------ .../google_biglake_service/backup/c.tf | 11 --- .../google_biglake_service/backup/config.tf | 11 --- .../google_biglake_service/backup/nc.tf | 11 --- .../data_access/.terraform.lock.hcl | 21 ------ .../google_biglake_service/data_access/c.tf | 10 --- .../data_access/config.tf | 11 --- .../google_biglake_service/data_access/nc.tf | 10 --- .../login_management/.terraform.lock.hcl | 21 ------ .../login_management/c.tf | 10 --- .../login_management/config.tf | 11 --- .../login_management/nc.tf | 10 --- .../network_configuration/.terraform.lock.hcl | 21 ------ .../network_configuration/c.tf | 10 --- .../network_configuration/config.tf | 11 --- .../network_configuration/nc.tf | 10 --- .../service_access/.terraform.lock.hcl | 21 ------ .../service_access/c.tf | 12 ---- .../service_access/config.tf | 11 --- .../service_access/nc.tf | 12 ---- 44 files changed, 714 deletions(-) delete mode 100644 docs/gcp/Apikeys/apikeys_key.md delete mode 100644 docs/gcp/Biglake/biglake_catalog.md delete mode 100644 docs/gcp/Biglake/biglake_database.md delete mode 100644 docs/gcp/Biglake/biglake_table.md delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf delete mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/backup/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_service/backup/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/backup/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/backup/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/data_access/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_service/data_access/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/data_access/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/data_access/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/login_management/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_service/login_management/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/login_management/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/login_management/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/network_configuration/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_service/network_configuration/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/network_configuration/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/network_configuration/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/service_access/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_service/service_access/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/service_access/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_service/service_access/nc.tf diff --git a/docs/gcp/Apikeys/apikeys_key.md b/docs/gcp/Apikeys/apikeys_key.md deleted file mode 100644 index 03b1a735c..000000000 --- a/docs/gcp/Apikeys/apikeys_key.md +++ /dev/null @@ -1,70 +0,0 @@ -## 🛡️ Policy Deployment Engine: `apikeys_key` - -This section provides a concise policy evaluation for the `apikeys_key` resource in GCP. - -Reference: [Terraform Registry – apikeys_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/apikeys_key) - ---- - -## Argument Reference - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `name` | The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`. - - - | true | false | None | None | None | -| `display_name` | Human-readable display name of this API key. Modifiable by user. | false | false | None | None | None | -| `project` | The project for the resource | false | false | None | None | None | -| `restrictions` | Key restrictions. | false | false | None | None | None | -| `android_key_restrictions` | | false | false | None | None | None | -| `allowed_applications` | | false | false | None | None | None | -| `api_targets` | | false | false | None | None | None | -| `browser_key_restrictions` | | false | false | None | None | None | -| `ios_key_restrictions` | | false | false | None | None | None | -| `server_key_restrictions` | | false | false | None | None | None | - -### restrictions Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `android_key_restrictions` | The Android apps that are allowed to use the key. | false | true | API key restrictions limit how and where the key can be used. API keys without restrictions may be abused or used outside their intended context. | At least one restriction block is defined | No restrictions are configured | -| `api_targets` | A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed. | false | false | None | None | None | -| `browser_key_restrictions` | The HTTP referrers (websites) that are allowed to use the key. | false | false | None | None | None | -| `ios_key_restrictions` | The iOS apps that are allowed to use the key. | false | false | None | None | None | -| `server_key_restrictions` | The IP addresses of callers that are allowed to use the key. | false | false | None | None | None | - -### android_key_restrictions Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `allowed_applications` | A list of Android applications that are allowed to make API calls with this key. | true | false | Restricting Android applications ensures that only trusted mobile apps can use the API key. | None | None | - -### allowed_applications Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `package_name` | The package name of the application. | true | false | None | None | None | -| `sha1_fingerprint` | The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter. | true | false | None | None | None | - -### api_targets Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `methods` | Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*` | false | true | Allowing wildcard methods significantly increases the attack surface of the API key. | ['TranslateText', 'DetectLanguage'] | ['*'] | -| `service` | The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project. | true | true | Restricting API targets ensures that the API key can only be used with explicitly approved Google Cloud services. | translate.googleapis.com | * | - -### browser_key_restrictions Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `allowed_referrers` | A list of regular expressions for the referrer URLs that are allowed to make API calls with this key. | true | true | Restricting browser referrers prevents unauthorized websites from using the API key. | ['https://example.com'] | ['*'] | - -### ios_key_restrictions Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `allowed_bundle_ids` | A list of bundle IDs that are allowed when making API calls with this key. | true | true | Restricting iOS bundle IDs ensures that only trusted iOS applications can use the API key. | None | None | - -### server_key_restrictions Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `allowed_ips` | A list of the caller IP addresses that are allowed to make API calls with this key. | true | true | Restricting server IP addresses ensures that only trusted network locations can use the API key. | ['203.0.113.0/24'] | ['0.0.0.0/0'] | diff --git a/docs/gcp/Biglake/biglake_catalog.md b/docs/gcp/Biglake/biglake_catalog.md deleted file mode 100644 index 017b735c4..000000000 --- a/docs/gcp/Biglake/biglake_catalog.md +++ /dev/null @@ -1,15 +0,0 @@ -## 🛡️ Policy Deployment Engine: `biglake_catalog` - -This section provides a concise policy evaluation for the `biglake_catalog` resource in GCP. - -Reference: [Terraform Registry – biglake_catalog](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_catalog) - ---- - -## Argument Reference - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `location` | The geographic location where the Catalog should reside. | true | true | The catalog location determines where metadata is stored and affects data residency, compliance, and regulatory requirements. | Catalog is created in an approved region | Catalog is created in an unapproved or unrestricted region | -| `name` | The name of the Catalog. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId} | true | false | None | None | None | -| `project` | If it is not provided, the provider project is used. | false | true | Explicitly specifying the project ensures that the catalog is created within the intended security boundary and access controls. | Project is explicitly specified | Project is omitted or points to an unintended project | diff --git a/docs/gcp/Biglake/biglake_database.md b/docs/gcp/Biglake/biglake_database.md deleted file mode 100644 index 7939cd3f9..000000000 --- a/docs/gcp/Biglake/biglake_database.md +++ /dev/null @@ -1,23 +0,0 @@ -## 🛡️ Policy Deployment Engine: `biglake_database` - -This section provides a concise policy evaluation for the `biglake_database` resource in GCP. - -Reference: [Terraform Registry – biglake_database](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_database) - ---- - -## Argument Reference - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `type` | The database type. | true | false | None | None | None | -| `hive_options` | Options of a Hive database. Structure is [documented below](#nested_hive_options). | true | false | None | None | None | -| `catalog` | The parent catalog. | true | false | None | None | None | -| `name` | The name of the database. | true | false | None | None | None | - -### hive_options Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `location_uri` | Cloud Storage folder URI where the database data is stored, starting with "gs://". | false | true | The storage location defines where database data is physically stored. Incorrect configuration may expose sensitive data or violate data residency requirements. | Storage location points to a controlled and private Cloud Storage bucket | Storage location points to an uncontrolled or public bucket | -| `parameters` | Stores user supplied Hive database parameters. An object containing a list of"key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. | false | false | None | None | None | diff --git a/docs/gcp/Biglake/biglake_table.md b/docs/gcp/Biglake/biglake_table.md deleted file mode 100644 index 9ecb3279f..000000000 --- a/docs/gcp/Biglake/biglake_table.md +++ /dev/null @@ -1,33 +0,0 @@ -## 🛡️ Policy Deployment Engine: `biglake_table` - -This section provides a concise policy evaluation for the `biglake_table` resource in GCP. - -Reference: [Terraform Registry – biglake_table](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_table) - ---- - -## Argument Reference - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `name` | Output only. The name of the Table. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId} | true | false | None | None | None | -| `type` | The database type. Possible values are: `HIVE`. | false | false | None | None | None | -| `hive_options` | Options of a Hive table. Structure is [documented below](#nested_hive_options). | false | false | None | None | None | -| `database` | The id of the parent database. | false | false | None | None | None | -| `storage_descriptor` | | false | false | None | None | None | - -### hive_options Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `parameters` | Stores user supplied Hive table parameters. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. | false | false | None | None | None | -| `table_type` | Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE. | false | false | None | None | None | -| `storage_descriptor` | Stores physical storage information on the data. Structure is [documented below](#nested_hive_options_storage_descriptor). | false | false | None | None | None | - -### storage_descriptor Block - -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `location_uri` | Cloud Storage folder URI where the table data is stored, starting with "gs://". | false | true | The table storage location determines where table data is stored and must be secured to prevent unauthorized data access. | Table data is stored in a secured Cloud Storage bucket | Table data is stored in an unsecured or public bucket | -| `input_format` | The fully qualified Java class name of the input format. | false | false | None | None | None | -| `output_format` | The fully qualified Java class name of the output format. | false | false | None | None | None | diff --git a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf deleted file mode 100644 index 5f1aea048..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Compliant example for allowed_api_targets policy - -resource "google_apikeys_key" "c" { - name = "apikey-allowed-api-targets-compliant" - display_name = "Compliant API key for allowed_api_targets test" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - } -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf deleted file mode 100644 index 8358e7aa4..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Non-compliant example for allowed_api_targets policy - -resource "google_apikeys_key" "nc" { - name = "apikey-allowed-api-targets-non-compliant" - display_name = "Non-compliant API key for allowed_api_targets test" - - restrictions { - api_targets { - service = "storage.googleapis.com" - } - } -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf deleted file mode 100644 index 01b5fda4e..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Compliant example for disallow_public_browser_referrers - -resource "google_apikeys_key" "c" { - name = "apikey-browser-referrer-compliant" - display_name = "Compliant browser key (no public referrers)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - - browser_key_restrictions { - allowed_referrers = [ - "https://example.com/*" - ] - } - } -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf deleted file mode 100644 index dac788313..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Non-compliant example for disallow_public_browser_referrers - -resource "google_apikeys_key" "nc" { - name = "apikey-browser-referrer-non-compliant" - display_name = "Non-compliant browser key (public referrers)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - - browser_key_restrictions { - allowed_referrers = [ - "*", - "https://example.com/*" - ] - } - } -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf deleted file mode 100644 index a484e0cb4..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf +++ /dev/null @@ -1,18 +0,0 @@ -# Compliant example for disallow_public_server_ips - -resource "google_apikeys_key" "c" { - name = "apikey-server-ips-compliant" - display_name = "Compliant server key (restricted IPs)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - - server_key_restrictions { - allowed_ips = [ - "10.0.0.0/8" - ] - } - } -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf deleted file mode 100644 index 1e0101694..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf +++ /dev/null @@ -1,19 +0,0 @@ -# Non-compliant example for disallow_public_server_ips - -resource "google_apikeys_key" "nc" { - name = "apikey-server-ips-non-compliant" - display_name = "Non-compliant server key (public IP range)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - } - - server_key_restrictions { - allowed_ips = [ - "0.0.0.0/0", - "10.0.0.0/8" - ] - } - } -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf deleted file mode 100644 index 7261932ca..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Compliant example for disallow_wildcard_methods - -resource "google_apikeys_key" "c" { - name = "apikey-wildcard-methods-compliant" - display_name = "Compliant key (no wildcard methods)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - methods = [ - "GET", - "POST" - ] - } - } -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf deleted file mode 100644 index b26886a4a..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Non-compliant example for disallow_wildcard_methods - -resource "google_apikeys_key" "nc" { - name = "apikey-wildcard-methods-non-compliant" - display_name = "Non-compliant key (wildcard methods)" - - restrictions { - api_targets { - service = "maps.googleapis.com" - methods = [ - "*", - "GET" - ] - } - } -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf deleted file mode 100644 index 3644d9b27..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Compliant example for require_restrictions - -resource "google_apikeys_key" "c" { - name = "apikey-restrictions-compliant" - display_name = "Compliant key (has restrictions)" - restrictions { - api_targets { - service = "maps.googleapis.com" - } - } -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf deleted file mode 100644 index e42a9b8b5..000000000 --- a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf +++ /dev/null @@ -1,6 +0,0 @@ -# Non-compliant example for require_restrictions - -resource "google_apikeys_key" "nc" { - name = "apikey-restrictions-non-compliant" - display_name = "Non-compliant key (no restrictions)" -} diff --git a/inputs/gcp/biglake/google_biglake_service/backup/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/backup/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/google_biglake_service/backup/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_service/backup/c.tf b/inputs/gcp/biglake/google_biglake_service/backup/c.tf deleted file mode 100644 index 43c9907f6..000000000 --- a/inputs/gcp/biglake/google_biglake_service/backup/c.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Compliant example for backup policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-service-compliant" - description = "Compliant backup configuration" - - backup_config { - schedule = "daily" - retention_period = "30d" - } -} diff --git a/inputs/gcp/biglake/google_biglake_service/backup/config.tf b/inputs/gcp/biglake/google_biglake_service/backup/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_service/backup/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/backup/nc.tf b/inputs/gcp/biglake/google_biglake_service/backup/nc.tf deleted file mode 100644 index 02d39f841..000000000 --- a/inputs/gcp/biglake/google_biglake_service/backup/nc.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Non-compliant example for backup policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-service-non-compliant" - description = "Non-compliant backup configuration" - - backup_config { - schedule = "monthly" - retention_period = "10d" - } -} diff --git a/inputs/gcp/biglake/google_biglake_service/data_access/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/data_access/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/google_biglake_service/data_access/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_service/data_access/c.tf b/inputs/gcp/biglake/google_biglake_service/data_access/c.tf deleted file mode 100644 index 296d6d940..000000000 --- a/inputs/gcp/biglake/google_biglake_service/data_access/c.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Compliant example for data access policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-data-compliant" - description = "Compliant data access with encryption" - - data_access { - encryption = "AES-256" - } -} diff --git a/inputs/gcp/biglake/google_biglake_service/data_access/config.tf b/inputs/gcp/biglake/google_biglake_service/data_access/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_service/data_access/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/data_access/nc.tf b/inputs/gcp/biglake/google_biglake_service/data_access/nc.tf deleted file mode 100644 index 23c0157b7..000000000 --- a/inputs/gcp/biglake/google_biglake_service/data_access/nc.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Non-compliant example for data access policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-data-non-compliant" - description = "Non-compliant data access without encryption" - - data_access { - encryption = "None" - } -} diff --git a/inputs/gcp/biglake/google_biglake_service/login_management/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/login_management/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/google_biglake_service/login_management/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_service/login_management/c.tf b/inputs/gcp/biglake/google_biglake_service/login_management/c.tf deleted file mode 100644 index 4ba121308..000000000 --- a/inputs/gcp/biglake/google_biglake_service/login_management/c.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Compliant example for login management policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-login-compliant" - description = "Compliant login account with MFA enabled" - - login_management { - mfa_enabled = true - } -} diff --git a/inputs/gcp/biglake/google_biglake_service/login_management/config.tf b/inputs/gcp/biglake/google_biglake_service/login_management/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_service/login_management/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/login_management/nc.tf b/inputs/gcp/biglake/google_biglake_service/login_management/nc.tf deleted file mode 100644 index f07ba7e70..000000000 --- a/inputs/gcp/biglake/google_biglake_service/login_management/nc.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Non-compliant example for login management policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-login-non-compliant" - description = "Non-compliant login account without MFA" - - login_management { - mfa_enabled = false - } -} diff --git a/inputs/gcp/biglake/google_biglake_service/network_configuration/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/network_configuration/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/google_biglake_service/network_configuration/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_service/network_configuration/c.tf b/inputs/gcp/biglake/google_biglake_service/network_configuration/c.tf deleted file mode 100644 index 42517493a..000000000 --- a/inputs/gcp/biglake/google_biglake_service/network_configuration/c.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Compliant example for network configuration policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-network-compliant" - description = "Compliant network configuration" - - network_configuration { - allowed_ip_ranges = ["10.0.0.0/24", "192.168.0.0/16"] - } -} diff --git a/inputs/gcp/biglake/google_biglake_service/network_configuration/config.tf b/inputs/gcp/biglake/google_biglake_service/network_configuration/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_service/network_configuration/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/network_configuration/nc.tf b/inputs/gcp/biglake/google_biglake_service/network_configuration/nc.tf deleted file mode 100644 index 0c089eff1..000000000 --- a/inputs/gcp/biglake/google_biglake_service/network_configuration/nc.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Non-compliant example for network configuration policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-network-non-compliant" - description = "Non-compliant network configuration" - - network_configuration { - allowed_ip_ranges = ["0.0.0.0/0"] - } -} diff --git a/inputs/gcp/biglake/google_biglake_service/service_access/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_service/service_access/.terraform.lock.hcl deleted file mode 100644 index dc6bd4f38..000000000 --- a/inputs/gcp/biglake/google_biglake_service/service_access/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.15.0" - hashes = [ - "h1:JMqoemYaZPvkMk1MjlMxkodfcXbRcp9a+vA5f0s5tKY=", - "zh:0f1b4ebaae76bcf9f3cd783dbf43d488f5b1bb8443acb78e0d409cf7c72e5fb0", - "zh:29e5d86c8de9876389c2203340d7307c04fa143c5532e4c91427e2c8a509e501", - "zh:57d825d084a93aadb7e89da506f7508400a6cb147bf1f7fce4f8077465358df7", - "zh:5c78918448839744282769cd1c610b02eaa64599524800678e89b9613003bac8", - "zh:62a9096f26c0fb5fe21db287cc61a3911289018677917db461f436dccebfb984", - "zh:76abfc13ee5e06059ed442e602dd6dd123de2ec2259b4dfb112dba3057df6870", - "zh:8b1703a703dde218391b9886e42183a48abae27855de9254ddead7d7dc2dd52b", - "zh:aebd20e72d9e160b1f850e0f9f9fda6519528e72e22d580708df3f5fb9a7acfc", - "zh:d3e87e46743c9430c2b22fe41d92caf0c4994d621b1fb5292da96b4dba530c8a", - "zh:e4d41c7b21e90d79c55ae2ac819a26074fc0e59822fbd3dbecd6e4d7252b54d6", - "zh:f501d1b77eb4263c13064675f7ef88d65412ce5e8a4c87b19a1b40202075b7ca", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_service/service_access/c.tf b/inputs/gcp/biglake/google_biglake_service/service_access/c.tf deleted file mode 100644 index 42e3d02a2..000000000 --- a/inputs/gcp/biglake/google_biglake_service/service_access/c.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Compliant example for service access policy - -resource "google_biglake_service" "c" { - resource_name = "biglake-service-access-compliant" - description = "Compliant service access" - - service_access { - api_targets { - service = "maps.googleapis.com" - } - } -} diff --git a/inputs/gcp/biglake/google_biglake_service/service_access/config.tf b/inputs/gcp/biglake/google_biglake_service/service_access/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_service/service_access/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_service/service_access/nc.tf b/inputs/gcp/biglake/google_biglake_service/service_access/nc.tf deleted file mode 100644 index 50948b962..000000000 --- a/inputs/gcp/biglake/google_biglake_service/service_access/nc.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Non-compliant example for service access policy - -resource "google_biglake_service" "nc" { - resource_name = "biglake-service-access-non-compliant" - description = "Non-compliant service access" - - service_access { - api_targets { - service = "storage.googleapis.com" - } - } -} From b58f32e4856ace04ff2fa7149cc096cf90a9d04c Mon Sep 17 00:00:00 2001 From: trongnhanphan Date: Tue, 27 Jan 2026 23:41:31 +0700 Subject: [PATCH 17/21] fixing --- docs/gcp/Apikeys/apikeys_key.md | 70 +++++++++++++++++++ docs/gcp/Biglake/biglake_catalog.md | 15 ++++ docs/gcp/Biglake/biglake_database.md | 23 ++++++ docs/gcp/Biglake/biglake_table.md | 33 +++++++++ .../allowed_api_targets/.terraform.lock.hcl | 21 ++++++ .../apikeys_key/allowed_api_targets/c.tf | 12 ++++ .../apikeys_key/allowed_api_targets/config.tf | 11 +++ .../apikeys_key/allowed_api_targets/nc.tf | 12 ++++ .../.terraform.lock.hcl | 21 ++++++ .../disallow_public_browser_referrers/c.tf | 18 +++++ .../config.tf | 11 +++ .../disallow_public_browser_referrers/nc.tf | 19 +++++ .../.terraform.lock.hcl | 21 ++++++ .../disallow_public_server_ips/c.tf | 18 +++++ .../disallow_public_server_ips/config.tf | 11 +++ .../disallow_public_server_ips/nc.tf | 19 +++++ .../.terraform.lock.hcl | 21 ++++++ .../disallow_wildcard_methods/c.tf | 16 +++++ .../disallow_wildcard_methods/config.tf | 11 +++ .../disallow_wildcard_methods/nc.tf | 16 +++++ .../.terraform.lock.hcl | 21 ++++++ .../apikeys_key/enforce_key_restrictions/c.tf | 11 +++ .../enforce_key_restrictions/config.tf | 11 +++ .../enforce_key_restrictions/nc.tf | 6 ++ .../network_configuration/.terraform.lock.hcl | 21 ++++++ .../network_configuration/c.tf | 10 +++ .../network_configuration/config.tf | 11 +++ .../network_configuration/nc.tf | 10 +++ .../login_management/.terraform.lock.hcl | 21 ++++++ .../login_management/c.tf | 10 +++ .../login_management/config.tf | 11 +++ .../login_management/nc.tf | 10 +++ .../service_access/.terraform.lock.hcl | 21 ++++++ .../service_access/c.tf | 12 ++++ .../service_access/config.tf | 11 +++ .../service_access/nc.tf | 12 ++++ .../backup/.terraform.lock.hcl | 21 ++++++ .../biglake/google_biglake_table/backup/c.tf | 11 +++ .../google_biglake_table/backup/config.tf | 11 +++ .../biglake/google_biglake_table/backup/nc.tf | 11 +++ .../data_access/.terraform.lock.hcl | 21 ++++++ .../google_biglake_table/data_access/c.tf | 10 +++ .../data_access/config.tf | 11 +++ .../google_biglake_table/data_access/nc.tf | 10 +++ .../allowed_api_targets/policy.rego | 0 .../policy.rego | 4 +- .../disallow_public_server_ips/policy.rego | 4 +- .../disallow_wildcard_methods/policy.rego | 4 +- .../enforce_key_restrictions/policy.rego | 4 +- .../vars.rego | 0 .../network_configuration/policy.rego | 4 +- .../biglake/google_biglake_catalog/vars.rego | 7 ++ .../login_management/policy.rego | 4 +- .../service_access/policy.rego | 4 +- .../biglake/google_biglake_database/vars.rego | 7 ++ .../biglake/google_biglake_service/vars.rego | 7 -- .../backup/policy.rego | 4 +- .../data_access/policy.rego | 4 +- .../biglake/google_biglake_table/vars.rego | 7 ++ 59 files changed, 753 insertions(+), 25 deletions(-) create mode 100644 docs/gcp/Apikeys/apikeys_key.md create mode 100644 docs/gcp/Biglake/biglake_catalog.md create mode 100644 docs/gcp/Biglake/biglake_database.md create mode 100644 docs/gcp/Biglake/biglake_table.md create mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_targets/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_targets/c.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_targets/config.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_targets/nc.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/c.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/config.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/nc.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/c.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/config.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/nc.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/c.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/config.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/nc.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/.terraform.lock.hcl create mode 100644 inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/c.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/config.tf create mode 100644 inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_catalog/network_configuration/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_catalog/network_configuration/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_catalog/network_configuration/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_catalog/network_configuration/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/login_management/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_database/login_management/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/login_management/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/login_management/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/service_access/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_database/service_access/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/service_access/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/service_access/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/backup/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_table/backup/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/backup/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/backup/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/data_access/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_table/data_access/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/data_access/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/data_access/nc.tf rename policies/gcp/apikeys/{google_apikeys_key => apikeys_key}/allowed_api_targets/policy.rego (100%) rename policies/gcp/apikeys/{google_apikeys_key => apikeys_key}/disallow_public_browser_referrers/policy.rego (83%) rename policies/gcp/apikeys/{google_apikeys_key => apikeys_key}/disallow_public_server_ips/policy.rego (83%) rename policies/gcp/apikeys/{google_apikeys_key => apikeys_key}/disallow_wildcard_methods/policy.rego (82%) rename policies/gcp/apikeys/{google_apikeys_key => apikeys_key}/enforce_key_restrictions/policy.rego (85%) rename policies/gcp/apikeys/{google_apikeys_key => apikeys_key}/vars.rego (100%) rename policies/gcp/biglake/{google_biglake_service => google_biglake_catalog}/network_configuration/policy.rego (84%) create mode 100644 policies/gcp/biglake/google_biglake_catalog/vars.rego rename policies/gcp/biglake/{google_biglake_service => google_biglake_database}/login_management/policy.rego (82%) rename policies/gcp/biglake/{google_biglake_service => google_biglake_database}/service_access/policy.rego (83%) create mode 100644 policies/gcp/biglake/google_biglake_database/vars.rego delete mode 100644 policies/gcp/biglake/google_biglake_service/vars.rego rename policies/gcp/biglake/{google_biglake_service => google_biglake_table}/backup/policy.rego (83%) rename policies/gcp/biglake/{google_biglake_service => google_biglake_table}/data_access/policy.rego (83%) create mode 100644 policies/gcp/biglake/google_biglake_table/vars.rego diff --git a/docs/gcp/Apikeys/apikeys_key.md b/docs/gcp/Apikeys/apikeys_key.md new file mode 100644 index 000000000..03b1a735c --- /dev/null +++ b/docs/gcp/Apikeys/apikeys_key.md @@ -0,0 +1,70 @@ +## 🛡️ Policy Deployment Engine: `apikeys_key` + +This section provides a concise policy evaluation for the `apikeys_key` resource in GCP. + +Reference: [Terraform Registry – apikeys_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/apikeys_key) + +--- + +## Argument Reference + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `name` | The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`. - - - | true | false | None | None | None | +| `display_name` | Human-readable display name of this API key. Modifiable by user. | false | false | None | None | None | +| `project` | The project for the resource | false | false | None | None | None | +| `restrictions` | Key restrictions. | false | false | None | None | None | +| `android_key_restrictions` | | false | false | None | None | None | +| `allowed_applications` | | false | false | None | None | None | +| `api_targets` | | false | false | None | None | None | +| `browser_key_restrictions` | | false | false | None | None | None | +| `ios_key_restrictions` | | false | false | None | None | None | +| `server_key_restrictions` | | false | false | None | None | None | + +### restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `android_key_restrictions` | The Android apps that are allowed to use the key. | false | true | API key restrictions limit how and where the key can be used. API keys without restrictions may be abused or used outside their intended context. | At least one restriction block is defined | No restrictions are configured | +| `api_targets` | A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed. | false | false | None | None | None | +| `browser_key_restrictions` | The HTTP referrers (websites) that are allowed to use the key. | false | false | None | None | None | +| `ios_key_restrictions` | The iOS apps that are allowed to use the key. | false | false | None | None | None | +| `server_key_restrictions` | The IP addresses of callers that are allowed to use the key. | false | false | None | None | None | + +### android_key_restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `allowed_applications` | A list of Android applications that are allowed to make API calls with this key. | true | false | Restricting Android applications ensures that only trusted mobile apps can use the API key. | None | None | + +### allowed_applications Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `package_name` | The package name of the application. | true | false | None | None | None | +| `sha1_fingerprint` | The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter. | true | false | None | None | None | + +### api_targets Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `methods` | Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*` | false | true | Allowing wildcard methods significantly increases the attack surface of the API key. | ['TranslateText', 'DetectLanguage'] | ['*'] | +| `service` | The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project. | true | true | Restricting API targets ensures that the API key can only be used with explicitly approved Google Cloud services. | translate.googleapis.com | * | + +### browser_key_restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `allowed_referrers` | A list of regular expressions for the referrer URLs that are allowed to make API calls with this key. | true | true | Restricting browser referrers prevents unauthorized websites from using the API key. | ['https://example.com'] | ['*'] | + +### ios_key_restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `allowed_bundle_ids` | A list of bundle IDs that are allowed when making API calls with this key. | true | true | Restricting iOS bundle IDs ensures that only trusted iOS applications can use the API key. | None | None | + +### server_key_restrictions Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `allowed_ips` | A list of the caller IP addresses that are allowed to make API calls with this key. | true | true | Restricting server IP addresses ensures that only trusted network locations can use the API key. | ['203.0.113.0/24'] | ['0.0.0.0/0'] | diff --git a/docs/gcp/Biglake/biglake_catalog.md b/docs/gcp/Biglake/biglake_catalog.md new file mode 100644 index 000000000..017b735c4 --- /dev/null +++ b/docs/gcp/Biglake/biglake_catalog.md @@ -0,0 +1,15 @@ +## 🛡️ Policy Deployment Engine: `biglake_catalog` + +This section provides a concise policy evaluation for the `biglake_catalog` resource in GCP. + +Reference: [Terraform Registry – biglake_catalog](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_catalog) + +--- + +## Argument Reference + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `location` | The geographic location where the Catalog should reside. | true | true | The catalog location determines where metadata is stored and affects data residency, compliance, and regulatory requirements. | Catalog is created in an approved region | Catalog is created in an unapproved or unrestricted region | +| `name` | The name of the Catalog. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId} | true | false | None | None | None | +| `project` | If it is not provided, the provider project is used. | false | true | Explicitly specifying the project ensures that the catalog is created within the intended security boundary and access controls. | Project is explicitly specified | Project is omitted or points to an unintended project | diff --git a/docs/gcp/Biglake/biglake_database.md b/docs/gcp/Biglake/biglake_database.md new file mode 100644 index 000000000..7939cd3f9 --- /dev/null +++ b/docs/gcp/Biglake/biglake_database.md @@ -0,0 +1,23 @@ +## 🛡️ Policy Deployment Engine: `biglake_database` + +This section provides a concise policy evaluation for the `biglake_database` resource in GCP. + +Reference: [Terraform Registry – biglake_database](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_database) + +--- + +## Argument Reference + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `type` | The database type. | true | false | None | None | None | +| `hive_options` | Options of a Hive database. Structure is [documented below](#nested_hive_options). | true | false | None | None | None | +| `catalog` | The parent catalog. | true | false | None | None | None | +| `name` | The name of the database. | true | false | None | None | None | + +### hive_options Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `location_uri` | Cloud Storage folder URI where the database data is stored, starting with "gs://". | false | true | The storage location defines where database data is physically stored. Incorrect configuration may expose sensitive data or violate data residency requirements. | Storage location points to a controlled and private Cloud Storage bucket | Storage location points to an uncontrolled or public bucket | +| `parameters` | Stores user supplied Hive database parameters. An object containing a list of"key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. | false | false | None | None | None | diff --git a/docs/gcp/Biglake/biglake_table.md b/docs/gcp/Biglake/biglake_table.md new file mode 100644 index 000000000..9ecb3279f --- /dev/null +++ b/docs/gcp/Biglake/biglake_table.md @@ -0,0 +1,33 @@ +## 🛡️ Policy Deployment Engine: `biglake_table` + +This section provides a concise policy evaluation for the `biglake_table` resource in GCP. + +Reference: [Terraform Registry – biglake_table](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_table) + +--- + +## Argument Reference + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `name` | Output only. The name of the Table. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId} | true | false | None | None | None | +| `type` | The database type. Possible values are: `HIVE`. | false | false | None | None | None | +| `hive_options` | Options of a Hive table. Structure is [documented below](#nested_hive_options). | false | false | None | None | None | +| `database` | The id of the parent database. | false | false | None | None | None | +| `storage_descriptor` | | false | false | None | None | None | + +### hive_options Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `parameters` | Stores user supplied Hive table parameters. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. | false | false | None | None | None | +| `table_type` | Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE. | false | false | None | None | None | +| `storage_descriptor` | Stores physical storage information on the data. Structure is [documented below](#nested_hive_options_storage_descriptor). | false | false | None | None | None | + +### storage_descriptor Block + +| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | +|----------|-------------|----------|-----------------|-----------|-----------|---------------| +| `location_uri` | Cloud Storage folder URI where the table data is stored, starting with "gs://". | false | true | The table storage location determines where table data is stored and must be secured to prevent unauthorized data access. | Table data is stored in a secured Cloud Storage bucket | Table data is stored in an unsecured or public bucket | +| `input_format` | The fully qualified Java class name of the input format. | false | false | None | None | None | +| `output_format` | The fully qualified Java class name of the output format. | false | false | None | None | None | diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/.terraform.lock.hcl new file mode 100644 index 000000000..894abb857 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.12.0" + hashes = [ + "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", + "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", + "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", + "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", + "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", + "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", + "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", + "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", + "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", + "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", + "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", + "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/c.tf b/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/c.tf new file mode 100644 index 000000000..5f1aea048 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/c.tf @@ -0,0 +1,12 @@ +# Compliant example for allowed_api_targets policy + +resource "google_apikeys_key" "c" { + name = "apikey-allowed-api-targets-compliant" + display_name = "Compliant API key for allowed_api_targets test" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + } +} diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/config.tf b/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/nc.tf b/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/nc.tf new file mode 100644 index 000000000..8358e7aa4 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/nc.tf @@ -0,0 +1,12 @@ +# Non-compliant example for allowed_api_targets policy + +resource "google_apikeys_key" "nc" { + name = "apikey-allowed-api-targets-non-compliant" + display_name = "Non-compliant API key for allowed_api_targets test" + + restrictions { + api_targets { + service = "storage.googleapis.com" + } + } +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl new file mode 100644 index 000000000..5698484ba --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.16.0" + hashes = [ + "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", + "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", + "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", + "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", + "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", + "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", + "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", + "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", + "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", + "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", + "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", + "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/c.tf b/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/c.tf new file mode 100644 index 000000000..01b5fda4e --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/c.tf @@ -0,0 +1,18 @@ +# Compliant example for disallow_public_browser_referrers + +resource "google_apikeys_key" "c" { + name = "apikey-browser-referrer-compliant" + display_name = "Compliant browser key (no public referrers)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + browser_key_restrictions { + allowed_referrers = [ + "https://example.com/*" + ] + } + } +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/config.tf b/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/nc.tf b/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/nc.tf new file mode 100644 index 000000000..dac788313 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/nc.tf @@ -0,0 +1,19 @@ +# Non-compliant example for disallow_public_browser_referrers + +resource "google_apikeys_key" "nc" { + name = "apikey-browser-referrer-non-compliant" + display_name = "Non-compliant browser key (public referrers)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + browser_key_restrictions { + allowed_referrers = [ + "*", + "https://example.com/*" + ] + } + } +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/.terraform.lock.hcl new file mode 100644 index 000000000..5698484ba --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.16.0" + hashes = [ + "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", + "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", + "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", + "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", + "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", + "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", + "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", + "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", + "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", + "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", + "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", + "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/c.tf b/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/c.tf new file mode 100644 index 000000000..a484e0cb4 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/c.tf @@ -0,0 +1,18 @@ +# Compliant example for disallow_public_server_ips + +resource "google_apikeys_key" "c" { + name = "apikey-server-ips-compliant" + display_name = "Compliant server key (restricted IPs)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + server_key_restrictions { + allowed_ips = [ + "10.0.0.0/8" + ] + } + } +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/config.tf b/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/nc.tf b/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/nc.tf new file mode 100644 index 000000000..1e0101694 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/nc.tf @@ -0,0 +1,19 @@ +# Non-compliant example for disallow_public_server_ips + +resource "google_apikeys_key" "nc" { + name = "apikey-server-ips-non-compliant" + display_name = "Non-compliant server key (public IP range)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + } + + server_key_restrictions { + allowed_ips = [ + "0.0.0.0/0", + "10.0.0.0/8" + ] + } + } +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl new file mode 100644 index 000000000..5698484ba --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.16.0" + hashes = [ + "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", + "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", + "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", + "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", + "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", + "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", + "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", + "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", + "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", + "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", + "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", + "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/c.tf b/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/c.tf new file mode 100644 index 000000000..7261932ca --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/c.tf @@ -0,0 +1,16 @@ +# Compliant example for disallow_wildcard_methods + +resource "google_apikeys_key" "c" { + name = "apikey-wildcard-methods-compliant" + display_name = "Compliant key (no wildcard methods)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + methods = [ + "GET", + "POST" + ] + } + } +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/config.tf b/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/nc.tf b/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/nc.tf new file mode 100644 index 000000000..b26886a4a --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/nc.tf @@ -0,0 +1,16 @@ +# Non-compliant example for disallow_wildcard_methods + +resource "google_apikeys_key" "nc" { + name = "apikey-wildcard-methods-non-compliant" + display_name = "Non-compliant key (wildcard methods)" + + restrictions { + api_targets { + service = "maps.googleapis.com" + methods = [ + "*", + "GET" + ] + } + } +} diff --git a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/.terraform.lock.hcl new file mode 100644 index 000000000..5698484ba --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.16.0" + hashes = [ + "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", + "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", + "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", + "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", + "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", + "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", + "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", + "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", + "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", + "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", + "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", + "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/c.tf b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/c.tf new file mode 100644 index 000000000..3644d9b27 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/c.tf @@ -0,0 +1,11 @@ +# Compliant example for require_restrictions + +resource "google_apikeys_key" "c" { + name = "apikey-restrictions-compliant" + display_name = "Compliant key (has restrictions)" + restrictions { + api_targets { + service = "maps.googleapis.com" + } + } +} diff --git a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/config.tf b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/nc.tf b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/nc.tf new file mode 100644 index 000000000..e42a9b8b5 --- /dev/null +++ b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/nc.tf @@ -0,0 +1,6 @@ +# Non-compliant example for require_restrictions + +resource "google_apikeys_key" "nc" { + name = "apikey-restrictions-non-compliant" + display_name = "Non-compliant key (no restrictions)" +} diff --git a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/.terraform.lock.hcl new file mode 100644 index 000000000..5698484ba --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.16.0" + hashes = [ + "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", + "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", + "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", + "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", + "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", + "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", + "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", + "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", + "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", + "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", + "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", + "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/c.tf b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/c.tf new file mode 100644 index 000000000..749ad0637 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/c.tf @@ -0,0 +1,10 @@ +# Compliant example for network configuration policy + +resource "google_biglake_catalog" "c" { + resource_name = "biglake-network-compliant" + description = "Compliant network configuration" + + network_configuration { + allowed_ip_ranges = ["10.0.0.0/24", "192.168.0.0/16"] + } +} diff --git a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/config.tf b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/nc.tf b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/nc.tf new file mode 100644 index 000000000..6a1c7841e --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/nc.tf @@ -0,0 +1,10 @@ +# Non-compliant example for network configuration policy + +resource "google_biglake_catalog" "nc" { + resource_name = "biglake-network-non-compliant" + description = "Non-compliant network configuration" + + network_configuration { + allowed_ip_ranges = ["0.0.0.0/0"] + } +} diff --git a/inputs/gcp/biglake/google_biglake_database/login_management/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_database/login_management/.terraform.lock.hcl new file mode 100644 index 000000000..5698484ba --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/login_management/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.16.0" + hashes = [ + "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", + "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", + "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", + "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", + "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", + "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", + "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", + "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", + "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", + "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", + "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", + "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_database/login_management/c.tf b/inputs/gcp/biglake/google_biglake_database/login_management/c.tf new file mode 100644 index 000000000..dd5eed31b --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/login_management/c.tf @@ -0,0 +1,10 @@ +# Compliant example for login management policy + +resource "google_biglake_database" "c" { + resource_name = "biglake-login-compliant" + description = "Compliant login account with MFA enabled" + + login_management { + mfa_enabled = true + } +} diff --git a/inputs/gcp/biglake/google_biglake_database/login_management/config.tf b/inputs/gcp/biglake/google_biglake_database/login_management/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/login_management/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_database/login_management/nc.tf b/inputs/gcp/biglake/google_biglake_database/login_management/nc.tf new file mode 100644 index 000000000..436730541 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/login_management/nc.tf @@ -0,0 +1,10 @@ +# Non-compliant example for login management policy + +resource "google_biglake_database" "nc" { + resource_name = "biglake-login-non-compliant" + description = "Non-compliant login account without MFA" + + login_management { + mfa_enabled = false + } +} diff --git a/inputs/gcp/biglake/google_biglake_database/service_access/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_database/service_access/.terraform.lock.hcl new file mode 100644 index 000000000..5698484ba --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/service_access/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.16.0" + hashes = [ + "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", + "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", + "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", + "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", + "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", + "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", + "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", + "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", + "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", + "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", + "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", + "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_database/service_access/c.tf b/inputs/gcp/biglake/google_biglake_database/service_access/c.tf new file mode 100644 index 000000000..acebfd064 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/service_access/c.tf @@ -0,0 +1,12 @@ +# Compliant example for service access policy + +resource "google_biglake_database" "c" { + resource_name = "biglake-service-access-compliant" + description = "Compliant service access" + + service_access { + api_targets { + service = "maps.googleapis.com" + } + } +} diff --git a/inputs/gcp/biglake/google_biglake_database/service_access/config.tf b/inputs/gcp/biglake/google_biglake_database/service_access/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/service_access/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_database/service_access/nc.tf b/inputs/gcp/biglake/google_biglake_database/service_access/nc.tf new file mode 100644 index 000000000..068da31f1 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/service_access/nc.tf @@ -0,0 +1,12 @@ +# Non-compliant example for service access policy + +resource "google_biglake_database" "nc" { + resource_name = "biglake-service-access-non-compliant" + description = "Non-compliant service access" + + service_access { + api_targets { + service = "storage.googleapis.com" + } + } +} diff --git a/inputs/gcp/biglake/google_biglake_table/backup/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_table/backup/.terraform.lock.hcl new file mode 100644 index 000000000..5698484ba --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/backup/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.16.0" + hashes = [ + "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", + "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", + "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", + "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", + "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", + "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", + "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", + "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", + "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", + "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", + "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", + "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_table/backup/c.tf b/inputs/gcp/biglake/google_biglake_table/backup/c.tf new file mode 100644 index 000000000..4dfa82c4b --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/backup/c.tf @@ -0,0 +1,11 @@ +# Compliant example for backup policy + +resource "google_biglake_table" "c" { + resource_name = "biglake-service-compliant" + description = "Compliant backup configuration" + + backup_config { + schedule = "daily" + retention_period = "30d" + } +} diff --git a/inputs/gcp/biglake/google_biglake_table/backup/config.tf b/inputs/gcp/biglake/google_biglake_table/backup/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/backup/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_table/backup/nc.tf b/inputs/gcp/biglake/google_biglake_table/backup/nc.tf new file mode 100644 index 000000000..9934b1e97 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/backup/nc.tf @@ -0,0 +1,11 @@ +# Non-compliant example for backup policy + +resource "google_biglake_table" "nc" { + resource_name = "biglake-service-non-compliant" + description = "Non-compliant backup configuration" + + backup_config { + schedule = "monthly" + retention_period = "10d" + } +} diff --git a/inputs/gcp/biglake/google_biglake_table/data_access/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_table/data_access/.terraform.lock.hcl new file mode 100644 index 000000000..5698484ba --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/data_access/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.16.0" + hashes = [ + "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", + "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", + "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", + "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", + "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", + "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", + "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", + "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", + "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", + "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", + "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", + "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_table/data_access/c.tf b/inputs/gcp/biglake/google_biglake_table/data_access/c.tf new file mode 100644 index 000000000..d6fccdb22 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/data_access/c.tf @@ -0,0 +1,10 @@ +# Compliant example for data access policy + +resource "google_biglake_table" "c" { + resource_name = "biglake-data-compliant" + description = "Compliant data access with encryption" + + data_access { + encryption = "AES-256" + } +} diff --git a/inputs/gcp/biglake/google_biglake_table/data_access/config.tf b/inputs/gcp/biglake/google_biglake_table/data_access/config.tf new file mode 100644 index 000000000..cd0ae3946 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/data_access/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ##### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_table/data_access/nc.tf b/inputs/gcp/biglake/google_biglake_table/data_access/nc.tf new file mode 100644 index 000000000..b03209fed --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/data_access/nc.tf @@ -0,0 +1,10 @@ +# Non-compliant example for data access policy + +resource "google_biglake_table" "nc" { + resource_name = "biglake-data-non-compliant" + description = "Non-compliant data access without encryption" + + data_access { + encryption = "None" + } +} diff --git a/policies/gcp/apikeys/google_apikeys_key/allowed_api_targets/policy.rego b/policies/gcp/apikeys/apikeys_key/allowed_api_targets/policy.rego similarity index 100% rename from policies/gcp/apikeys/google_apikeys_key/allowed_api_targets/policy.rego rename to policies/gcp/apikeys/apikeys_key/allowed_api_targets/policy.rego diff --git a/policies/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/policy.rego b/policies/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/policy.rego similarity index 83% rename from policies/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/policy.rego rename to policies/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/policy.rego index 0f62a1ca4..3004da969 100644 --- a/policies/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/policy.rego +++ b/policies/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_browser_referrers +package terraform.gcp.security.apikeys.apikeys_key.disallow_public_browser_referrers import data.terraform.helpers -import data.terraform.gcp.security.apikeys.google_apikeys_key.vars +import data.terraform.gcp.security.apikeys.apikeys_key.vars conditions := [ [ diff --git a/policies/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/policy.rego b/policies/gcp/apikeys/apikeys_key/disallow_public_server_ips/policy.rego similarity index 83% rename from policies/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/policy.rego rename to policies/gcp/apikeys/apikeys_key/disallow_public_server_ips/policy.rego index 4cabd3bf4..44a90d99c 100644 --- a/policies/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/policy.rego +++ b/policies/gcp/apikeys/apikeys_key/disallow_public_server_ips/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_server_ips +package terraform.gcp.security.apikeys.apikeys_key.disallow_public_server_ips import data.terraform.helpers -import data.terraform.gcp.security.apikeys.google_apikeys_key.vars +import data.terraform.gcp.security.apikeys.apikeys_key.vars conditions := [ [ diff --git a/policies/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/policy.rego b/policies/gcp/apikeys/apikeys_key/disallow_wildcard_methods/policy.rego similarity index 82% rename from policies/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/policy.rego rename to policies/gcp/apikeys/apikeys_key/disallow_wildcard_methods/policy.rego index 41ae4a2d1..8a3cc628b 100644 --- a/policies/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/policy.rego +++ b/policies/gcp/apikeys/apikeys_key/disallow_wildcard_methods/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.apikeys.google_apikeys_key.disallow_wildcard_methods +package terraform.gcp.security.apikeys.apikeys_key.disallow_wildcard_methods import data.terraform.helpers -import data.terraform.gcp.security.apikeys.google_apikeys_key.vars +import data.terraform.gcp.security.apikeys.apikeys_key.vars conditions := [ [ diff --git a/policies/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/policy.rego b/policies/gcp/apikeys/apikeys_key/enforce_key_restrictions/policy.rego similarity index 85% rename from policies/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/policy.rego rename to policies/gcp/apikeys/apikeys_key/enforce_key_restrictions/policy.rego index d60bbae69..376577dfd 100644 --- a/policies/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/policy.rego +++ b/policies/gcp/apikeys/apikeys_key/enforce_key_restrictions/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.apikeys.google_apikeys_key.require_restrictions +package terraform.gcp.security.apikeys.apikeys_key.require_restrictions import data.terraform.helpers -import data.terraform.gcp.security.apikeys.google_apikeys_key.vars +import data.terraform.gcp.security.apikeys.apikeys_key.vars conditions := [ [ diff --git a/policies/gcp/apikeys/google_apikeys_key/vars.rego b/policies/gcp/apikeys/apikeys_key/vars.rego similarity index 100% rename from policies/gcp/apikeys/google_apikeys_key/vars.rego rename to policies/gcp/apikeys/apikeys_key/vars.rego diff --git a/policies/gcp/biglake/google_biglake_service/network_configuration/policy.rego b/policies/gcp/biglake/google_biglake_catalog/network_configuration/policy.rego similarity index 84% rename from policies/gcp/biglake/google_biglake_service/network_configuration/policy.rego rename to policies/gcp/biglake/google_biglake_catalog/network_configuration/policy.rego index 3b8f84e46..5c84104e7 100644 --- a/policies/gcp/biglake/google_biglake_service/network_configuration/policy.rego +++ b/policies/gcp/biglake/google_biglake_catalog/network_configuration/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.biglake.google_biglake_service.network_configuration +package terraform.gcp.security.biglake.google_biglake_catalog.network_configuration import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_service.vars +import data.terraform.gcp.security.biglake.google_biglake_catalog.vars conditions := [ [ diff --git a/policies/gcp/biglake/google_biglake_catalog/vars.rego b/policies/gcp/biglake/google_biglake_catalog/vars.rego new file mode 100644 index 000000000..7693ef0f8 --- /dev/null +++ b/policies/gcp/biglake/google_biglake_catalog/vars.rego @@ -0,0 +1,7 @@ +package terraform.gcp.security.biglake.google_biglake_service.biglake_catalog.vars + +variables := { + "friendly_resource_name": "BigLake Cataglog", + "resource_type": "google_biglake_catalog", + "resource_value_name" : "name" +} diff --git a/policies/gcp/biglake/google_biglake_service/login_management/policy.rego b/policies/gcp/biglake/google_biglake_database/login_management/policy.rego similarity index 82% rename from policies/gcp/biglake/google_biglake_service/login_management/policy.rego rename to policies/gcp/biglake/google_biglake_database/login_management/policy.rego index ee3d73209..0846dce0c 100644 --- a/policies/gcp/biglake/google_biglake_service/login_management/policy.rego +++ b/policies/gcp/biglake/google_biglake_database/login_management/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.biglake.google_biglake_service.login_management +package terraform.gcp.security.biglake.google_biglake_database.login_management import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_service.vars +import data.terraform.gcp.security.biglake.google_biglake_database.vars conditions := [ [ diff --git a/policies/gcp/biglake/google_biglake_service/service_access/policy.rego b/policies/gcp/biglake/google_biglake_database/service_access/policy.rego similarity index 83% rename from policies/gcp/biglake/google_biglake_service/service_access/policy.rego rename to policies/gcp/biglake/google_biglake_database/service_access/policy.rego index 5cf0fd1a2..970c8cd7c 100644 --- a/policies/gcp/biglake/google_biglake_service/service_access/policy.rego +++ b/policies/gcp/biglake/google_biglake_database/service_access/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.biglake.google_biglake_service.service_access +package terraform.gcp.security.biglake.google_biglake_database.service_access import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_service.vars +import data.terraform.gcp.security.biglake.google_biglake_database.vars conditions := [ [ diff --git a/policies/gcp/biglake/google_biglake_database/vars.rego b/policies/gcp/biglake/google_biglake_database/vars.rego new file mode 100644 index 000000000..7f20ddab2 --- /dev/null +++ b/policies/gcp/biglake/google_biglake_database/vars.rego @@ -0,0 +1,7 @@ +package terraform.gcp.security.biglake.google_biglake_database.vars + +variables := { + "friendly_resource_name": "BigLake Database", + "resource_type": "google_biglake_database", + "resource_value_name" : "name" +} diff --git a/policies/gcp/biglake/google_biglake_service/vars.rego b/policies/gcp/biglake/google_biglake_service/vars.rego deleted file mode 100644 index a42f8552c..000000000 --- a/policies/gcp/biglake/google_biglake_service/vars.rego +++ /dev/null @@ -1,7 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_service.vars - -variables := { - "friendly_resource_name": "BigLake Service", - "resource_type": "google_biglake_service", - "resource_value_name" : "name" -} diff --git a/policies/gcp/biglake/google_biglake_service/backup/policy.rego b/policies/gcp/biglake/google_biglake_table/backup/policy.rego similarity index 83% rename from policies/gcp/biglake/google_biglake_service/backup/policy.rego rename to policies/gcp/biglake/google_biglake_table/backup/policy.rego index adfc58f09..c19c76d0e 100644 --- a/policies/gcp/biglake/google_biglake_service/backup/policy.rego +++ b/policies/gcp/biglake/google_biglake_table/backup/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.biglake.google_biglake_service.backup +package terraform.gcp.security.biglake.google_biglake_table.backup import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_service.vars +import data.terraform.gcp.security.biglake.google_biglake_table.vars conditions := [ [ diff --git a/policies/gcp/biglake/google_biglake_service/data_access/policy.rego b/policies/gcp/biglake/google_biglake_table/data_access/policy.rego similarity index 83% rename from policies/gcp/biglake/google_biglake_service/data_access/policy.rego rename to policies/gcp/biglake/google_biglake_table/data_access/policy.rego index d57671b7d..a9f627c52 100644 --- a/policies/gcp/biglake/google_biglake_service/data_access/policy.rego +++ b/policies/gcp/biglake/google_biglake_table/data_access/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.biglake.google_biglake_service.data_access +package terraform.gcp.security.biglake.google_biglake_table.data_access import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_service.vars +import data.terraform.gcp.security.biglake.google_biglake_table.vars conditions := [ [ diff --git a/policies/gcp/biglake/google_biglake_table/vars.rego b/policies/gcp/biglake/google_biglake_table/vars.rego new file mode 100644 index 000000000..fba26191b --- /dev/null +++ b/policies/gcp/biglake/google_biglake_table/vars.rego @@ -0,0 +1,7 @@ +package terraform.gcp.security.biglake.google_biglake_table.vars + +variables := { + "friendly_resource_name": "BigLake Table", + "resource_type": "google_biglake_table", + "resource_value_name" : "name" +} From 2a2a7a7a9cccfdb0ce1f298d12bcc5751c5230bc Mon Sep 17 00:00:00 2001 From: trongnhanphan Date: Wed, 28 Jan 2026 17:22:03 +0700 Subject: [PATCH 18/21] fix --- .../.terraform.lock.hcl | 21 --------------- .../.terraform.lock.hcl | 21 --------------- .../.terraform.lock.hcl | 21 --------------- .../.terraform.lock.hcl | 21 --------------- .../enforce_key_restrictions/nc.tf | 6 ----- .../allowed_api_targets/.terraform.lock.hcl | 21 +++++++++++++++ .../allowed_api_targets/c.tf | 2 +- .../allowed_api_targets/config.tf | 0 .../allowed_api_targets/nc.tf | 2 +- .../.terraform.lock.hcl | 21 +++++++++++++++ .../disallow_public_browser_referrers/c.tf | 2 +- .../config.tf | 0 .../disallow_public_browser_referrers/nc.tf | 2 +- .../.terraform.lock.hcl | 21 +++++++++++++++ .../disallow_public_server_ips/c.tf | 2 +- .../disallow_public_server_ips/config.tf | 0 .../disallow_public_server_ips/nc.tf | 2 +- .../.terraform.lock.hcl | 21 +++++++++++++++ .../disallow_wildcard_methods/c.tf | 2 +- .../disallow_wildcard_methods/config.tf | 0 .../disallow_wildcard_methods/nc.tf | 2 +- .../.terraform.lock.hcl | 21 +++++++++++++++ .../enforce_key_restrictions/c.tf | 4 +-- .../enforce_key_restrictions/config.tf | 0 .../enforce_key_restrictions/nc.tf | 5 ++++ .../location_allowlist/.terraform.lock.hcl | 21 +++++++++++++++ .../location_allowlist/c.tf | 7 +++++ .../location_allowlist/config.tf | 11 ++++++++ .../location_allowlist/nc.tf | 7 +++++ .../network_configuration/.terraform.lock.hcl | 21 --------------- .../network_configuration/c.tf | 10 ------- .../network_configuration/config.tf | 11 -------- .../network_configuration/nc.tf | 10 ------- .../require_project/.terraform.lock.hcl | 21 +++++++++++++++ .../require_project/c.tf | 8 ++++++ .../require_project/config.tf | 11 ++++++++ .../require_project/nc.tf | 7 +++++ .../enforce_type_hive/.terraform.lock.hcl | 21 +++++++++++++++ .../enforce_type_hive/c.tf | 12 +++++++++ .../enforce_type_hive/config.tf | 11 ++++++++ .../enforce_type_hive/nc.tf | 12 +++++++++ .../.terraform.lock.hcl | 21 +++++++++++++++ .../location_uri_allowlist/c.tf | 12 +++++++++ .../location_uri_allowlist/config.tf | 11 ++++++++ .../location_uri_allowlist/nc.tf | 12 +++++++++ .../login_management/.terraform.lock.hcl | 21 --------------- .../login_management/c.tf | 10 ------- .../login_management/config.tf | 11 -------- .../login_management/nc.tf | 10 ------- .../service_access/.terraform.lock.hcl | 21 --------------- .../service_access/c.tf | 12 --------- .../service_access/config.tf | 11 -------- .../service_access/nc.tf | 12 --------- .../backup/.terraform.lock.hcl | 21 --------------- .../biglake/google_biglake_table/backup/c.tf | 11 -------- .../google_biglake_table/backup/config.tf | 11 -------- .../biglake/google_biglake_table/backup/nc.tf | 11 -------- .../data_access/.terraform.lock.hcl | 21 --------------- .../google_biglake_table/data_access/c.tf | 10 ------- .../data_access/config.tf | 11 -------- .../google_biglake_table/data_access/nc.tf | 10 ------- .../.terraform.lock.hcl | 21 +++++++++++++++ .../storage_location_allowlist/c.tf | 14 ++++++++++ .../storage_location_allowlist/config.tf | 11 ++++++++ .../storage_location_allowlist/nc.tf | 14 ++++++++++ .../allowed_api_targets/policy.rego | 0 .../policy.rego | 4 +-- .../disallow_public_server_ips/policy.rego | 4 +-- .../disallow_wildcard_methods/policy.rego | 4 +-- .../enforce_key_restrictions/policy.rego | 4 +-- .../vars.rego | 0 .../location_allowlist/policy.rego | 24 +++++++++++++++++ .../network_configuration/policy.rego | 27 ------------------- .../require_project/policy.rego | 24 +++++++++++++++++ .../biglake/google_biglake_catalog/vars.rego | 2 +- .../enforce_type_hive/policy.rego | 24 +++++++++++++++++ .../location_uri_allowlist/policy.rego | 24 +++++++++++++++++ .../login_management/policy.rego | 26 ------------------ .../service_access/policy.rego | 27 ------------------- .../google_biglake_table/backup/policy.rego | 27 ------------------- .../data_access/policy.rego | 27 ------------------- .../storage_location_allowlist/policy.rego | 24 +++++++++++++++++ .../folder_generator/cache/user_state.json | 4 +-- 83 files changed, 516 insertions(+), 511 deletions(-) delete mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/.terraform.lock.hcl delete mode 100644 inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/nc.tf create mode 100644 inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/allowed_api_targets/c.tf (81%) rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/allowed_api_targets/config.tf (100%) rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/allowed_api_targets/nc.tf (80%) create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_public_browser_referrers/c.tf (86%) rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_public_browser_referrers/config.tf (100%) rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_public_browser_referrers/nc.tf (86%) create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_public_server_ips/c.tf (87%) rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_public_server_ips/config.tf (100%) rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_public_server_ips/nc.tf (87%) create mode 100644 inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_wildcard_methods/c.tf (84%) rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_wildcard_methods/config.tf (100%) rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_wildcard_methods/nc.tf (83%) create mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/enforce_key_restrictions/c.tf (63%) rename inputs/gcp/apikeys/{apikeys_key => google_apikeys_key}/enforce_key_restrictions/config.tf (100%) create mode 100644 inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_catalog/location_allowlist/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_catalog/location_allowlist/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_catalog/location_allowlist/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_catalog/location_allowlist/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_catalog/network_configuration/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_catalog/network_configuration/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_catalog/network_configuration/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_catalog/network_configuration/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_catalog/require_project/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_catalog/require_project/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_catalog/require_project/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_catalog/require_project/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/enforce_type_hive/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_database/enforce_type_hive/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/enforce_type_hive/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/enforce_type_hive/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_database/login_management/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_database/login_management/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_database/login_management/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_database/login_management/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_database/service_access/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_database/service_access/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_database/service_access/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_database/service_access/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_table/backup/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_table/backup/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_table/backup/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_table/backup/nc.tf delete mode 100644 inputs/gcp/biglake/google_biglake_table/data_access/.terraform.lock.hcl delete mode 100644 inputs/gcp/biglake/google_biglake_table/data_access/c.tf delete mode 100644 inputs/gcp/biglake/google_biglake_table/data_access/config.tf delete mode 100644 inputs/gcp/biglake/google_biglake_table/data_access/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/nc.tf rename policies/gcp/apikeys/{apikeys_key => google_apikeys_key}/allowed_api_targets/policy.rego (100%) rename policies/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_public_browser_referrers/policy.rego (83%) rename policies/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_public_server_ips/policy.rego (83%) rename policies/gcp/apikeys/{apikeys_key => google_apikeys_key}/disallow_wildcard_methods/policy.rego (82%) rename policies/gcp/apikeys/{apikeys_key => google_apikeys_key}/enforce_key_restrictions/policy.rego (85%) rename policies/gcp/apikeys/{apikeys_key => google_apikeys_key}/vars.rego (100%) create mode 100644 policies/gcp/biglake/google_biglake_catalog/location_allowlist/policy.rego delete mode 100644 policies/gcp/biglake/google_biglake_catalog/network_configuration/policy.rego create mode 100644 policies/gcp/biglake/google_biglake_catalog/require_project/policy.rego create mode 100644 policies/gcp/biglake/google_biglake_database/enforce_type_hive/policy.rego create mode 100644 policies/gcp/biglake/google_biglake_database/location_uri_allowlist/policy.rego delete mode 100644 policies/gcp/biglake/google_biglake_database/login_management/policy.rego delete mode 100644 policies/gcp/biglake/google_biglake_database/service_access/policy.rego delete mode 100644 policies/gcp/biglake/google_biglake_table/backup/policy.rego delete mode 100644 policies/gcp/biglake/google_biglake_table/data_access/policy.rego create mode 100644 policies/gcp/biglake/google_biglake_table/storage_location_allowlist/policy.rego diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl deleted file mode 100644 index 5698484ba..000000000 --- a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.16.0" - hashes = [ - "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", - "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", - "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", - "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", - "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", - "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", - "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", - "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", - "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", - "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", - "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", - "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/.terraform.lock.hcl deleted file mode 100644 index 5698484ba..000000000 --- a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.16.0" - hashes = [ - "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", - "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", - "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", - "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", - "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", - "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", - "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", - "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", - "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", - "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", - "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", - "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl deleted file mode 100644 index 5698484ba..000000000 --- a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.16.0" - hashes = [ - "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", - "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", - "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", - "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", - "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", - "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", - "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", - "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", - "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", - "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", - "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", - "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/.terraform.lock.hcl deleted file mode 100644 index 5698484ba..000000000 --- a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.16.0" - hashes = [ - "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", - "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", - "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", - "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", - "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", - "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", - "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", - "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", - "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", - "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", - "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", - "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/nc.tf b/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/nc.tf deleted file mode 100644 index e42a9b8b5..000000000 --- a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/nc.tf +++ /dev/null @@ -1,6 +0,0 @@ -# Non-compliant example for require_restrictions - -resource "google_apikeys_key" "nc" { - name = "apikey-restrictions-non-compliant" - display_name = "Non-compliant key (no restrictions)" -} diff --git a/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/c.tf b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf similarity index 81% rename from inputs/gcp/apikeys/apikeys_key/allowed_api_targets/c.tf rename to inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf index 5f1aea048..7dbd5a92d 100644 --- a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/c.tf +++ b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/c.tf @@ -1,7 +1,7 @@ # Compliant example for allowed_api_targets policy resource "google_apikeys_key" "c" { - name = "apikey-allowed-api-targets-compliant" + name = "apikey_allowed_api_targets_compliant" display_name = "Compliant API key for allowed_api_targets test" restrictions { diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/config.tf b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf similarity index 100% rename from inputs/gcp/apikeys/apikeys_key/allowed_api_targets/config.tf rename to inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/config.tf diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf similarity index 80% rename from inputs/gcp/apikeys/apikeys_key/allowed_api_targets/nc.tf rename to inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf index 8358e7aa4..7735b47be 100644 --- a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/nc.tf +++ b/inputs/gcp/apikeys/google_apikeys_key/allowed_api_targets/nc.tf @@ -1,7 +1,7 @@ # Non-compliant example for allowed_api_targets policy resource "google_apikeys_key" "nc" { - name = "apikey-allowed-api-targets-non-compliant" + name = "apikey_allowed_api-targets_non_compliant" display_name = "Non-compliant API key for allowed_api_targets test" restrictions { diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/c.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf similarity index 86% rename from inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/c.tf rename to inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf index 01b5fda4e..54952af7c 100644 --- a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/c.tf +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/c.tf @@ -1,7 +1,7 @@ # Compliant example for disallow_public_browser_referrers resource "google_apikeys_key" "c" { - name = "apikey-browser-referrer-compliant" + name = "apikey_browser_referrer_compliant" display_name = "Compliant browser key (no public referrers)" restrictions { diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/config.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf similarity index 100% rename from inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/config.tf rename to inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/config.tf diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf similarity index 86% rename from inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/nc.tf rename to inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf index dac788313..f3591077c 100644 --- a/inputs/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/nc.tf +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/nc.tf @@ -1,7 +1,7 @@ # Non-compliant example for disallow_public_browser_referrers resource "google_apikeys_key" "nc" { - name = "apikey-browser-referrer-non-compliant" + name = "apikey_browser_referrer_non_compliant" display_name = "Non-compliant browser key (public referrers)" restrictions { diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/c.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf similarity index 87% rename from inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/c.tf rename to inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf index a484e0cb4..709528316 100644 --- a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/c.tf +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/c.tf @@ -1,7 +1,7 @@ # Compliant example for disallow_public_server_ips resource "google_apikeys_key" "c" { - name = "apikey-server-ips-compliant" + name = "apikey_server_ips_compliant" display_name = "Compliant server key (restricted IPs)" restrictions { diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/config.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf similarity index 100% rename from inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/config.tf rename to inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/config.tf diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf similarity index 87% rename from inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/nc.tf rename to inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf index 1e0101694..9fe44e736 100644 --- a/inputs/gcp/apikeys/apikeys_key/disallow_public_server_ips/nc.tf +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/nc.tf @@ -1,7 +1,7 @@ # Non-compliant example for disallow_public_server_ips resource "google_apikeys_key" "nc" { - name = "apikey-server-ips-non-compliant" + name = "apikey_server_ips_non_compliant" display_name = "Non-compliant server key (public IP range)" restrictions { diff --git a/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/c.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf similarity index 84% rename from inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/c.tf rename to inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf index 7261932ca..2e8cfd4ed 100644 --- a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/c.tf +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/c.tf @@ -1,7 +1,7 @@ # Compliant example for disallow_wildcard_methods resource "google_apikeys_key" "c" { - name = "apikey-wildcard-methods-compliant" + name = "apikey_wildcard_methods_compliant" display_name = "Compliant key (no wildcard methods)" restrictions { diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/config.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf similarity index 100% rename from inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/config.tf rename to inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/config.tf diff --git a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf similarity index 83% rename from inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/nc.tf rename to inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf index b26886a4a..b07b337d9 100644 --- a/inputs/gcp/apikeys/apikeys_key/disallow_wildcard_methods/nc.tf +++ b/inputs/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/nc.tf @@ -1,7 +1,7 @@ # Non-compliant example for disallow_wildcard_methods resource "google_apikeys_key" "nc" { - name = "apikey-wildcard-methods-non-compliant" + name = "apikey_wildcard_methods_non_compliant" display_name = "Non-compliant key (wildcard methods)" restrictions { diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/c.tf b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf similarity index 63% rename from inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/c.tf rename to inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf index 3644d9b27..96d3e0dac 100644 --- a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/c.tf +++ b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/c.tf @@ -1,7 +1,7 @@ -# Compliant example for require_restrictions +# Compliant example for enforce_key_restrictions resource "google_apikeys_key" "c" { - name = "apikey-restrictions-compliant" + name = "apikey_restrictions_compliant" display_name = "Compliant key (has restrictions)" restrictions { api_targets { diff --git a/inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/config.tf b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf similarity index 100% rename from inputs/gcp/apikeys/apikeys_key/enforce_key_restrictions/config.tf rename to inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/config.tf diff --git a/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf new file mode 100644 index 000000000..f629c65c2 --- /dev/null +++ b/inputs/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/nc.tf @@ -0,0 +1,5 @@ +# Non-compliant example for enforce_key_restrictions +resource "google_apikeys_key" "nc" { + name = "apikey_restrictions_non_compliant" + display_name = "Non-compliant key (no restrictions)" +} diff --git a/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/c.tf b/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/c.tf new file mode 100644 index 000000000..68ecbe94c --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/c.tf @@ -0,0 +1,7 @@ +# Describe your resource type here +# Keep "c" as the name to indicate that this resource and its attributes are compliant + +resource "google_biglake_catalog" "c" { + name = "location_allowlist_compliant" + location = "AU" +} \ No newline at end of file diff --git a/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/config.tf b/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/config.tf new file mode 100644 index 000000000..9f4356520 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} \ No newline at end of file diff --git a/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/nc.tf b/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/nc.tf new file mode 100644 index 000000000..26b89e444 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/location_allowlist/nc.tf @@ -0,0 +1,7 @@ +# Describe your resource type here +# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant + +resource "google_biglake_catalog" "nc" { + name = "location_allowlist_non-compliant" + location = "EU" +} \ No newline at end of file diff --git a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/.terraform.lock.hcl deleted file mode 100644 index 5698484ba..000000000 --- a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.16.0" - hashes = [ - "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", - "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", - "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", - "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", - "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", - "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", - "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", - "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", - "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", - "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", - "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", - "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/c.tf b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/c.tf deleted file mode 100644 index 749ad0637..000000000 --- a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/c.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Compliant example for network configuration policy - -resource "google_biglake_catalog" "c" { - resource_name = "biglake-network-compliant" - description = "Compliant network configuration" - - network_configuration { - allowed_ip_ranges = ["10.0.0.0/24", "192.168.0.0/16"] - } -} diff --git a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/config.tf b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/nc.tf b/inputs/gcp/biglake/google_biglake_catalog/network_configuration/nc.tf deleted file mode 100644 index 6a1c7841e..000000000 --- a/inputs/gcp/biglake/google_biglake_catalog/network_configuration/nc.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Non-compliant example for network configuration policy - -resource "google_biglake_catalog" "nc" { - resource_name = "biglake-network-non-compliant" - description = "Non-compliant network configuration" - - network_configuration { - allowed_ip_ranges = ["0.0.0.0/0"] - } -} diff --git a/inputs/gcp/biglake/google_biglake_catalog/require_project/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_catalog/require_project/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/require_project/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_catalog/require_project/c.tf b/inputs/gcp/biglake/google_biglake_catalog/require_project/c.tf new file mode 100644 index 000000000..e8c7446dd --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/require_project/c.tf @@ -0,0 +1,8 @@ +# Describe your resource type here +# Keep "c" as the name to indicate that this resource and its attributes are compliant + +resource "google_biglake_catalog" "c" { + name = "require_project_compliant" + location = "AU" + project = var.project_id +} diff --git a/inputs/gcp/biglake/google_biglake_catalog/require_project/config.tf b/inputs/gcp/biglake/google_biglake_catalog/require_project/config.tf new file mode 100644 index 000000000..9f4356520 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/require_project/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} \ No newline at end of file diff --git a/inputs/gcp/biglake/google_biglake_catalog/require_project/nc.tf b/inputs/gcp/biglake/google_biglake_catalog/require_project/nc.tf new file mode 100644 index 000000000..036bfcf3a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_catalog/require_project/nc.tf @@ -0,0 +1,7 @@ +# Describe your resource type here +# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant + +resource "google_biglake_catalog" "nc" { + name = "require_project_non_compliant" + location = "EU" +} diff --git a/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/c.tf b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/c.tf new file mode 100644 index 000000000..5c8b8175a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/c.tf @@ -0,0 +1,12 @@ +# Describe your resource type here +# Keep "c" as the name to indicate that this resource and its attributes are compliant + +resource "google_biglake_database" "c" { + name = "enforce_type_hive_compliant" + catalog = google_biglake_catalog.catalog.id + type = "HIVE" + + hive_options { + location_uri = "gs://org-au-biglake-metadata/metadata/" + } +} diff --git a/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/config.tf b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/config.tf new file mode 100644 index 000000000..9f4356520 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} \ No newline at end of file diff --git a/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/nc.tf b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/nc.tf new file mode 100644 index 000000000..657360f5b --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/nc.tf @@ -0,0 +1,12 @@ +# Describe your resource type here +# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant + +resource "google_biglake_database" "nc" { + name = "enforce_type_hive_non_compliant" + catalog = google_biglake_catalog.catalog.id + type = "ICEBERG" # not allowed + + hive_options { + location_uri = "gs://org-au-biglake-metadata/metadata/" + } +} diff --git a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/c.tf b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/c.tf new file mode 100644 index 000000000..a49bb4cb2 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/c.tf @@ -0,0 +1,12 @@ +# Describe your resource type here +# Keep "c" as the name to indicate that this resource and its attributes are compliant + +resource "google_biglake_database" "c" { + name = "location_uri_allowlist_compliant" + catalog = google_biglake_catalog.catalog.id + type = "HIVE" + + hive_options { + location_uri = "gs://org-au-biglake-metadata/metadata/" + } +} diff --git a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/config.tf b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/config.tf new file mode 100644 index 000000000..9f4356520 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} \ No newline at end of file diff --git a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf new file mode 100644 index 000000000..f3577c502 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf @@ -0,0 +1,12 @@ +# Describe your resource type here +# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant + +resource "google_biglake_database" "database" { + name = "location_uri_allowlist_non_compliant" + catalog = google_biglake_catalog.catalog.id + type = "HIVE" + + hive_options { + location_uri = "gs://random-public-bucket/metadata/" + } +} diff --git a/inputs/gcp/biglake/google_biglake_database/login_management/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_database/login_management/.terraform.lock.hcl deleted file mode 100644 index 5698484ba..000000000 --- a/inputs/gcp/biglake/google_biglake_database/login_management/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.16.0" - hashes = [ - "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", - "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", - "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", - "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", - "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", - "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", - "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", - "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", - "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", - "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", - "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", - "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_database/login_management/c.tf b/inputs/gcp/biglake/google_biglake_database/login_management/c.tf deleted file mode 100644 index dd5eed31b..000000000 --- a/inputs/gcp/biglake/google_biglake_database/login_management/c.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Compliant example for login management policy - -resource "google_biglake_database" "c" { - resource_name = "biglake-login-compliant" - description = "Compliant login account with MFA enabled" - - login_management { - mfa_enabled = true - } -} diff --git a/inputs/gcp/biglake/google_biglake_database/login_management/config.tf b/inputs/gcp/biglake/google_biglake_database/login_management/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_database/login_management/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_database/login_management/nc.tf b/inputs/gcp/biglake/google_biglake_database/login_management/nc.tf deleted file mode 100644 index 436730541..000000000 --- a/inputs/gcp/biglake/google_biglake_database/login_management/nc.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Non-compliant example for login management policy - -resource "google_biglake_database" "nc" { - resource_name = "biglake-login-non-compliant" - description = "Non-compliant login account without MFA" - - login_management { - mfa_enabled = false - } -} diff --git a/inputs/gcp/biglake/google_biglake_database/service_access/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_database/service_access/.terraform.lock.hcl deleted file mode 100644 index 5698484ba..000000000 --- a/inputs/gcp/biglake/google_biglake_database/service_access/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.16.0" - hashes = [ - "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", - "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", - "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", - "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", - "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", - "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", - "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", - "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", - "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", - "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", - "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", - "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_database/service_access/c.tf b/inputs/gcp/biglake/google_biglake_database/service_access/c.tf deleted file mode 100644 index acebfd064..000000000 --- a/inputs/gcp/biglake/google_biglake_database/service_access/c.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Compliant example for service access policy - -resource "google_biglake_database" "c" { - resource_name = "biglake-service-access-compliant" - description = "Compliant service access" - - service_access { - api_targets { - service = "maps.googleapis.com" - } - } -} diff --git a/inputs/gcp/biglake/google_biglake_database/service_access/config.tf b/inputs/gcp/biglake/google_biglake_database/service_access/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_database/service_access/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_database/service_access/nc.tf b/inputs/gcp/biglake/google_biglake_database/service_access/nc.tf deleted file mode 100644 index 068da31f1..000000000 --- a/inputs/gcp/biglake/google_biglake_database/service_access/nc.tf +++ /dev/null @@ -1,12 +0,0 @@ -# Non-compliant example for service access policy - -resource "google_biglake_database" "nc" { - resource_name = "biglake-service-access-non-compliant" - description = "Non-compliant service access" - - service_access { - api_targets { - service = "storage.googleapis.com" - } - } -} diff --git a/inputs/gcp/biglake/google_biglake_table/backup/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_table/backup/.terraform.lock.hcl deleted file mode 100644 index 5698484ba..000000000 --- a/inputs/gcp/biglake/google_biglake_table/backup/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.16.0" - hashes = [ - "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", - "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", - "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", - "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", - "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", - "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", - "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", - "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", - "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", - "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", - "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", - "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_table/backup/c.tf b/inputs/gcp/biglake/google_biglake_table/backup/c.tf deleted file mode 100644 index 4dfa82c4b..000000000 --- a/inputs/gcp/biglake/google_biglake_table/backup/c.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Compliant example for backup policy - -resource "google_biglake_table" "c" { - resource_name = "biglake-service-compliant" - description = "Compliant backup configuration" - - backup_config { - schedule = "daily" - retention_period = "30d" - } -} diff --git a/inputs/gcp/biglake/google_biglake_table/backup/config.tf b/inputs/gcp/biglake/google_biglake_table/backup/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_table/backup/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_table/backup/nc.tf b/inputs/gcp/biglake/google_biglake_table/backup/nc.tf deleted file mode 100644 index 9934b1e97..000000000 --- a/inputs/gcp/biglake/google_biglake_table/backup/nc.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Non-compliant example for backup policy - -resource "google_biglake_table" "nc" { - resource_name = "biglake-service-non-compliant" - description = "Non-compliant backup configuration" - - backup_config { - schedule = "monthly" - retention_period = "10d" - } -} diff --git a/inputs/gcp/biglake/google_biglake_table/data_access/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_table/data_access/.terraform.lock.hcl deleted file mode 100644 index 5698484ba..000000000 --- a/inputs/gcp/biglake/google_biglake_table/data_access/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.16.0" - hashes = [ - "h1:o+dOw75zzgpJAUdjEa2a2T62OEThcEr52/4CymRAewA=", - "zh:1cd6f0926e5884998965675d3fbdc5e5abd7335d3f5f83571226be7f50f44443", - "zh:2bc3e3db662df08755af37d23c856f0ec3b8474f629f042ad3af228ff1c3cb5a", - "zh:41869013f786bff8c2ba35e203e84b6c3ec9ff623d6cea6796f5f0204719e907", - "zh:493213e16cb8de6a39b0d6b327faab7909f32ad973fb937d2b3bc4faa07c911a", - "zh:5e9df66ddeef9fcf77acd6185fe880e6b3725b98850ea3b47ef726c44dc04a71", - "zh:6b9e8f83316cf660549a4032342107bb41a7e549eba923f69aefa1ae5ab80a3f", - "zh:6da9316ca7c70d4997c4a62cd534f674e02888e351cb189f7b77b5a03e803773", - "zh:7d1b1dc7c04924dd203e9c5d2041fb732b1e2556b4041c9272a786d37924be7c", - "zh:86dcafef126ad72b592582d8fdb2591d8a2cb45ff85e5f5ff0ac76fbbd7be1bb", - "zh:8a8994c67297336ede3ded9d2558104d49de6fdfa85b88dc99b50030d68158cf", - "zh:a67d8b4774cdb45fb13e73e15885e229561a8b8f46d9f0069b81bf4d3ca03c4a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/inputs/gcp/biglake/google_biglake_table/data_access/c.tf b/inputs/gcp/biglake/google_biglake_table/data_access/c.tf deleted file mode 100644 index d6fccdb22..000000000 --- a/inputs/gcp/biglake/google_biglake_table/data_access/c.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Compliant example for data access policy - -resource "google_biglake_table" "c" { - resource_name = "biglake-data-compliant" - description = "Compliant data access with encryption" - - data_access { - encryption = "AES-256" - } -} diff --git a/inputs/gcp/biglake/google_biglake_table/data_access/config.tf b/inputs/gcp/biglake/google_biglake_table/data_access/config.tf deleted file mode 100644 index cd0ae3946..000000000 --- a/inputs/gcp/biglake/google_biglake_table/data_access/config.tf +++ /dev/null @@ -1,11 +0,0 @@ -##### DO NOT EDIT ##### - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - } -} - -provider "google" {} diff --git a/inputs/gcp/biglake/google_biglake_table/data_access/nc.tf b/inputs/gcp/biglake/google_biglake_table/data_access/nc.tf deleted file mode 100644 index b03209fed..000000000 --- a/inputs/gcp/biglake/google_biglake_table/data_access/nc.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Non-compliant example for data access policy - -resource "google_biglake_table" "nc" { - resource_name = "biglake-data-non-compliant" - description = "Non-compliant data access without encryption" - - data_access { - encryption = "None" - } -} diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/c.tf b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/c.tf new file mode 100644 index 000000000..ef14c7cd8 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/c.tf @@ -0,0 +1,14 @@ +# Describe your resource type here +# Keep "c" as the name to indicate that this resource and its attributes are compliant + +resource "google_biglake_table" "c" { + name = "storage_location_allowlist_compliant" + database = google_biglake_database.database.id + type = "HIVE" + + hive_options { + storage_descriptor { + location_uri = "gs://org-au-biglake-data/data/" + } + } +} diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/config.tf b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/config.tf new file mode 100644 index 000000000..9f4356520 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} \ No newline at end of file diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/nc.tf b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/nc.tf new file mode 100644 index 000000000..bf60d0953 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/nc.tf @@ -0,0 +1,14 @@ +# Describe your resource type here +# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant + +resource "google_biglake_table" "nc" { + name = "storage_location_allowlist_non_compliant" + database = google_biglake_database.database.id + type = "HIVE" + + hive_options { + storage_descriptor { + location_uri = "gs://random-public-bucket/data/" + } + } +} diff --git a/policies/gcp/apikeys/apikeys_key/allowed_api_targets/policy.rego b/policies/gcp/apikeys/google_apikeys_key/allowed_api_targets/policy.rego similarity index 100% rename from policies/gcp/apikeys/apikeys_key/allowed_api_targets/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/allowed_api_targets/policy.rego diff --git a/policies/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/policy.rego b/policies/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/policy.rego similarity index 83% rename from policies/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/policy.rego index 3004da969..0f62a1ca4 100644 --- a/policies/gcp/apikeys/apikeys_key/disallow_public_browser_referrers/policy.rego +++ b/policies/gcp/apikeys/google_apikeys_key/disallow_public_browser_referrers/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.apikeys.apikeys_key.disallow_public_browser_referrers +package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_browser_referrers import data.terraform.helpers -import data.terraform.gcp.security.apikeys.apikeys_key.vars +import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ [ diff --git a/policies/gcp/apikeys/apikeys_key/disallow_public_server_ips/policy.rego b/policies/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/policy.rego similarity index 83% rename from policies/gcp/apikeys/apikeys_key/disallow_public_server_ips/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/policy.rego index 44a90d99c..4cabd3bf4 100644 --- a/policies/gcp/apikeys/apikeys_key/disallow_public_server_ips/policy.rego +++ b/policies/gcp/apikeys/google_apikeys_key/disallow_public_server_ips/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.apikeys.apikeys_key.disallow_public_server_ips +package terraform.gcp.security.apikeys.google_apikeys_key.disallow_public_server_ips import data.terraform.helpers -import data.terraform.gcp.security.apikeys.apikeys_key.vars +import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ [ diff --git a/policies/gcp/apikeys/apikeys_key/disallow_wildcard_methods/policy.rego b/policies/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/policy.rego similarity index 82% rename from policies/gcp/apikeys/apikeys_key/disallow_wildcard_methods/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/policy.rego index 8a3cc628b..41ae4a2d1 100644 --- a/policies/gcp/apikeys/apikeys_key/disallow_wildcard_methods/policy.rego +++ b/policies/gcp/apikeys/google_apikeys_key/disallow_wildcard_methods/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.apikeys.apikeys_key.disallow_wildcard_methods +package terraform.gcp.security.apikeys.google_apikeys_key.disallow_wildcard_methods import data.terraform.helpers -import data.terraform.gcp.security.apikeys.apikeys_key.vars +import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ [ diff --git a/policies/gcp/apikeys/apikeys_key/enforce_key_restrictions/policy.rego b/policies/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/policy.rego similarity index 85% rename from policies/gcp/apikeys/apikeys_key/enforce_key_restrictions/policy.rego rename to policies/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/policy.rego index 376577dfd..e287e9659 100644 --- a/policies/gcp/apikeys/apikeys_key/enforce_key_restrictions/policy.rego +++ b/policies/gcp/apikeys/google_apikeys_key/enforce_key_restrictions/policy.rego @@ -1,7 +1,7 @@ -package terraform.gcp.security.apikeys.apikeys_key.require_restrictions +package terraform.gcp.security.apikeys.google_apikeys_key.enforce_key_restrictions import data.terraform.helpers -import data.terraform.gcp.security.apikeys.apikeys_key.vars +import data.terraform.gcp.security.apikeys.google_apikeys_key.vars conditions := [ [ diff --git a/policies/gcp/apikeys/apikeys_key/vars.rego b/policies/gcp/apikeys/google_apikeys_key/vars.rego similarity index 100% rename from policies/gcp/apikeys/apikeys_key/vars.rego rename to policies/gcp/apikeys/google_apikeys_key/vars.rego diff --git a/policies/gcp/biglake/google_biglake_catalog/location_allowlist/policy.rego b/policies/gcp/biglake/google_biglake_catalog/location_allowlist/policy.rego new file mode 100644 index 000000000..56cec9705 --- /dev/null +++ b/policies/gcp/biglake/google_biglake_catalog/location_allowlist/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.biglake.google_biglake_catalog.location_allowlist + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_catalog.vars + +conditions := [ + [ + { + "situation_description": "BigLake Catalog is created in an unapproved location", + "remedies": [ + "Change the location to an approved value" + ] + }, + { + "condition": "Allow only approved catalog locations", + "attribute_path": ["location"], + "values": ["AU"], + "policy_type": "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_catalog/network_configuration/policy.rego b/policies/gcp/biglake/google_biglake_catalog/network_configuration/policy.rego deleted file mode 100644 index 5c84104e7..000000000 --- a/policies/gcp/biglake/google_biglake_catalog/network_configuration/policy.rego +++ /dev/null @@ -1,27 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_catalog.network_configuration - -import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_catalog.vars - -conditions := [ - [ - { - "situation_description" : "BigLake network is exposed to unapproved IP ranges.", - "remedies":[ - "Limit network access to approved IP ranges." - ] - }, - { - "condition": "Check that the network is restricted to approved IP ranges only.", - "attribute_path" : ["network_config", 0, "allowed_ip_ranges"], - "values" : [ - "10.0.0.0/24", - "192.168.0.0/16" - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_catalog/require_project/policy.rego b/policies/gcp/biglake/google_biglake_catalog/require_project/policy.rego new file mode 100644 index 000000000..50bc96713 --- /dev/null +++ b/policies/gcp/biglake/google_biglake_catalog/require_project/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.biglake.google_biglake_catalog.require_project + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_catalog.vars + +conditions := [ + [ + { + "situation_description": "BigLake Catalog does not explicitly set the project", + "remedies": [ + "Add project = var.project_id to the google_biglake_catalog resource" + ] + }, + { + "condition": "Ensure project is explicitly set on the catalog", + "attribute_path": ["project"], + "values": ["*"], + "policy_type": "pattern whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_catalog/vars.rego b/policies/gcp/biglake/google_biglake_catalog/vars.rego index 7693ef0f8..c41b4e62e 100644 --- a/policies/gcp/biglake/google_biglake_catalog/vars.rego +++ b/policies/gcp/biglake/google_biglake_catalog/vars.rego @@ -1,4 +1,4 @@ -package terraform.gcp.security.biglake.google_biglake_service.biglake_catalog.vars +package terraform.gcp.security.biglake.google_biglake_catalog.vars variables := { "friendly_resource_name": "BigLake Cataglog", diff --git a/policies/gcp/biglake/google_biglake_database/enforce_type_hive/policy.rego b/policies/gcp/biglake/google_biglake_database/enforce_type_hive/policy.rego new file mode 100644 index 000000000..23ef7c66f --- /dev/null +++ b/policies/gcp/biglake/google_biglake_database/enforce_type_hive/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.biglake.google_biglake_database.enforce_type_hive + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_database.vars + +conditions := [ + [ + { + "situation_description": "BigLake Database type is not HIVE", + "remedies": [ + "Set type = \"HIVE\" for the google_biglake_database resource" + ] + }, + { + "condition": "Only allow HIVE database type", + "attribute_path": ["type"], + "values": ["HIVE"], + "policy_type": "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_database/location_uri_allowlist/policy.rego b/policies/gcp/biglake/google_biglake_database/location_uri_allowlist/policy.rego new file mode 100644 index 000000000..bf3e323b0 --- /dev/null +++ b/policies/gcp/biglake/google_biglake_database/location_uri_allowlist/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.biglake.google_biglake_database.location_uri_allowlist + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_database.vars + +conditions := [ + [ + { + "situation_description": "BigLake Database hive_options.location_uri is not using an approved GCS location", + "remedies": [ + "Change hive_options.location_uri to an approved GCS bucket/prefix (example: gs://org-au-biglake-metadata/*)" + ] + }, + { + "condition": "Restrict hive_options.location_uri to approved GCS prefixes", + "attribute_path": ["hive_options", "location_uri"], + "values": ["gs://org-au-biglake-metadata/*"], + "policy_type": "pattern whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_database/login_management/policy.rego b/policies/gcp/biglake/google_biglake_database/login_management/policy.rego deleted file mode 100644 index 0846dce0c..000000000 --- a/policies/gcp/biglake/google_biglake_database/login_management/policy.rego +++ /dev/null @@ -1,26 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_database.login_management - -import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_database.vars - -conditions := [ - [ - { - "situation_description" : "Users are not required to use multi-factor authentication for accessing BigLake.", - "remedies":[ - "Enforce multi-factor authentication for all users accessing BigLake." - ] - }, - { - "condition": "Check that multi-factor authentication (MFA) is enabled for user accounts.", - "attribute_path" : ["user_accounts", 0, "mfa_enabled"], - "values" : [ - true - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_database/service_access/policy.rego b/policies/gcp/biglake/google_biglake_database/service_access/policy.rego deleted file mode 100644 index 970c8cd7c..000000000 --- a/policies/gcp/biglake/google_biglake_database/service_access/policy.rego +++ /dev/null @@ -1,27 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_database.service_access - -import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_database.vars - -conditions := [ - [ - { - "situation_description" : "Service account has broader access than allowed for BigLake service.", - "remedies":[ - "Restrict service account access to BigLake only." - ] - }, - { - "condition": "Check that the service account has permissions limited to BigLake service only.", - "attribute_path" : ["service_accounts", 0, "permissions"], - "values" : [ - "biglake.data.read", - "biglake.data.write" - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_table/backup/policy.rego b/policies/gcp/biglake/google_biglake_table/backup/policy.rego deleted file mode 100644 index c19c76d0e..000000000 --- a/policies/gcp/biglake/google_biglake_table/backup/policy.rego +++ /dev/null @@ -1,27 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_table.backup - -import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_table.vars - -conditions := [ - [ - { - "situation_description" : "Backup policy for BigLake is not configured or is insufficient.", - "remedies":[ - "Ensure regular backups are configured and validated for BigLake data." - ] - }, - { - "condition": "Check that backup schedules and retention periods are configured for BigLake.", - "attribute_path" : ["backup_config", 0, "schedule"], - "values" : [ - "daily", - "weekly" - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_table/data_access/policy.rego b/policies/gcp/biglake/google_biglake_table/data_access/policy.rego deleted file mode 100644 index a9f627c52..000000000 --- a/policies/gcp/biglake/google_biglake_table/data_access/policy.rego +++ /dev/null @@ -1,27 +0,0 @@ -package terraform.gcp.security.biglake.google_biglake_table.data_access - -import data.terraform.helpers -import data.terraform.gcp.security.biglake.google_biglake_table.vars - -conditions := [ - [ - { - "situation_description" : "Data in BigLake is exposed without proper encryption.", - "remedies":[ - "Ensure data at rest and in transit is encrypted." - ] - }, - { - "condition": "Check that data storage is encrypted using AES-256 or a stronger algorithm.", - "attribute_path" : ["data_storage", 0, "encryption"], - "values" : [ - "AES-256", - "Google-managed encryption keys" - ], - "policy_type" : "whitelist" - } - ] -] - -message := helpers.get_multi_summary(conditions, vars.variables).message -details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_table/storage_location_allowlist/policy.rego b/policies/gcp/biglake/google_biglake_table/storage_location_allowlist/policy.rego new file mode 100644 index 000000000..b85c7fbc8 --- /dev/null +++ b/policies/gcp/biglake/google_biglake_table/storage_location_allowlist/policy.rego @@ -0,0 +1,24 @@ +package terraform.gcp.security.biglake.google_biglake_table.storage_location_allowlist # Edit here + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_table.vars + +conditions := [ + [ + { + "situation_description": "BigLake Table data is stored outside the approved GCS location", + "remedies": [ + "Change hive_options.storage_descriptor.location_uri to an approved bucket/prefix (example: gs://org-au-biglake-data/*)" + ] + }, + { + "condition": "Restrict table storage location to approved GCS prefixes", + "attribute_path": ["hive_options", "storage_descriptor", "location_uri"], + "values": ["gs://org-au-biglake-data/*"], + "policy_type": "pattern whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/scripts/folder_generator/cache/user_state.json b/scripts/folder_generator/cache/user_state.json index 1c474a1c6..bf43de764 100644 --- a/scripts/folder_generator/cache/user_state.json +++ b/scripts/folder_generator/cache/user_state.json @@ -1,5 +1,5 @@ { "cloud": "GCP", - "service": "API_Gateway", - "resource": "api_gateway_api" + "service": "Biglake", + "resource": "biglake_table" } \ No newline at end of file From 51001867f07bde327d19adfa5cb5419989f2fcd6 Mon Sep 17 00:00:00 2001 From: trongnhanphan Date: Sat, 31 Jan 2026 16:34:14 +0700 Subject: [PATCH 19/21] Generate Markdown Documentation --- docs/gcp/Apikeys/apikeys_key.md | 82 ++- .../Apikeys/resource_json/apikeys_key.json | 311 ++++----- docs/gcp/Biglake/biglake_catalog.md | 12 +- docs/gcp/Biglake/biglake_database.md | 18 +- docs/gcp/Biglake/biglake_table.md | 32 +- .../resource_json/biglake_catalog.json | 38 +- .../resource_json/biglake_database.json | 60 +- .../Biglake/resource_json/biglake_table.json | 130 ++-- .../_history/2026-01-31T08-47-59.567218Z.json | 15 + .../_history/2026-01-31T08-48-48.505255Z.json | 17 + .../allowed_api_targets/.terraform.lock.hcl | 21 - uv.lock | 617 ++++++++++++++++++ 12 files changed, 966 insertions(+), 387 deletions(-) create mode 100644 docs/gcp/_history/2026-01-31T08-47-59.567218Z.json create mode 100644 docs/gcp/_history/2026-01-31T08-48-48.505255Z.json delete mode 100644 inputs/gcp/apikeys/apikeys_key/allowed_api_targets/.terraform.lock.hcl create mode 100644 uv.lock diff --git a/docs/gcp/Apikeys/apikeys_key.md b/docs/gcp/Apikeys/apikeys_key.md index 03b1a735c..842d7fe2a 100644 --- a/docs/gcp/Apikeys/apikeys_key.md +++ b/docs/gcp/Apikeys/apikeys_key.md @@ -1,8 +1,8 @@ -## 🛡️ Policy Deployment Engine: `apikeys_key` +## 🛡️ Policy Deployment Engine: `google_apikeys_key` -This section provides a concise policy evaluation for the `apikeys_key` resource in GCP. +This section provides a concise policy evaluation for the `google_apikeys_key` resource in GCP. -Reference: [Terraform Registry – apikeys_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/apikeys_key) +Reference: [Terraform Registry – google_apikeys_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_apikeys_key) --- @@ -10,61 +10,55 @@ Reference: [Terraform Registry – apikeys_key](https://registry.terraform.io/pr | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | |----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `name` | The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`. - - - | true | false | None | None | None | -| `display_name` | Human-readable display name of this API key. Modifiable by user. | false | false | None | None | None | -| `project` | The project for the resource | false | false | None | None | None | -| `restrictions` | Key restrictions. | false | false | None | None | None | -| `android_key_restrictions` | | false | false | None | None | None | -| `allowed_applications` | | false | false | None | None | None | -| `api_targets` | | false | false | None | None | None | -| `browser_key_restrictions` | | false | false | None | None | None | -| `ios_key_restrictions` | | false | false | None | None | None | -| `server_key_restrictions` | | false | false | None | None | None | +| `name` | The resource name of the API key. | true | false | None | None | None | +| `display_name` | Human-readable display name of the API key. | false | false | None | None | None | +| `project` | The project that the API key belongs to. | false | false | None | None | None | +| `restrictions` | Restrictions applied to the API key. | false | false | None | None | None | ### restrictions Block | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | |----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `android_key_restrictions` | The Android apps that are allowed to use the key. | false | true | API key restrictions limit how and where the key can be used. API keys without restrictions may be abused or used outside their intended context. | At least one restriction block is defined | No restrictions are configured | -| `api_targets` | A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed. | false | false | None | None | None | -| `browser_key_restrictions` | The HTTP referrers (websites) that are allowed to use the key. | false | false | None | None | None | -| `ios_key_restrictions` | The iOS apps that are allowed to use the key. | false | false | None | None | None | -| `server_key_restrictions` | The IP addresses of callers that are allowed to use the key. | false | false | None | None | None | +| `api_targets` | API targets that this API key is allowed to use. | false | false | None | None | None | +| `browser_key_restrictions` | Browser restrictions for the API key. | false | false | None | None | None | +| `server_key_restrictions` | Server restrictions for the API key. | false | false | None | None | None | +| `android_key_restrictions` | Android application restrictions for the API key. | false | false | None | None | None | +| `ios_key_restrictions` | iOS application restrictions for the API key. | false | false | None | None | None | -### android_key_restrictions Block +### api_targets Block -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `allowed_applications` | A list of Android applications that are allowed to make API calls with this key. | true | false | Restricting Android applications ensures that only trusted mobile apps can use the API key. | None | None | + | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | + |----------|-------------|----------|-----------------|-----------|-----------|---------------| + | `service` | The service that this API key is allowed to call. | true | true | Restricting API targets ensures that the API key can only be used with approved Google Cloud services, reducing the risk of misuse. | ['maps.googleapis.com', 'places.googleapis.com', 'translate.googleapis.com'] | ['*'] | + | `methods` | The allowed methods for the specified API target. | false | true | Limiting callable methods reduces the attack surface of the API key and prevents unintended API usage. | ['TranslateText', 'DetectLanguage'] | ['*'] | -### allowed_applications Block +### browser_key_restrictions Block -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `package_name` | The package name of the application. | true | false | None | None | None | -| `sha1_fingerprint` | The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter. | true | false | None | None | None | + | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | + |----------|-------------|----------|-----------------|-----------|-----------|---------------| + | `allowed_referrers` | Allowed HTTP referrers for browser usage. | false | true | Restricting HTTP referrers prevents unauthorized websites from using the API key. | ['https://example.com'] | ['*'] | -### api_targets Block +### server_key_restrictions Block -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `methods` | Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*` | false | true | Allowing wildcard methods significantly increases the attack surface of the API key. | ['TranslateText', 'DetectLanguage'] | ['*'] | -| `service` | The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project. | true | true | Restricting API targets ensures that the API key can only be used with explicitly approved Google Cloud services. | translate.googleapis.com | * | + | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | + |----------|-------------|----------|-----------------|-----------|-----------|---------------| + | `allowed_ips` | Allowed IP addresses for server usage. | false | true | Restricting server IP addresses ensures that only trusted network locations can use the API key. | ['203.0.113.0/24'] | ['0.0.0.0/0'] | -### browser_key_restrictions Block +### android_key_restrictions Block -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `allowed_referrers` | A list of regular expressions for the referrer URLs that are allowed to make API calls with this key. | true | true | Restricting browser referrers prevents unauthorized websites from using the API key. | ['https://example.com'] | ['*'] | + | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | + |----------|-------------|----------|-----------------|-----------|-----------|---------------| + | `allowed_applications` | Allowed Android applications. | false | false | None | None | None | -### ios_key_restrictions Block +### allowed_applications Block -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `allowed_bundle_ids` | A list of bundle IDs that are allowed when making API calls with this key. | true | true | Restricting iOS bundle IDs ensures that only trusted iOS applications can use the API key. | None | None | + | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | + |----------|-------------|----------|-----------------|-----------|-----------|---------------| + | `package_name` | The package name of the Android application. | true | true | Restricting Android package names ensures that only trusted mobile applications can use the API key. | com.example.app | * | + | `sha1_fingerprint` | The SHA1 fingerprint of the Android application certificate. | true | true | Restricting SHA1 fingerprints prevents unauthorised Android applications from using the API key. | AA:BB:CC:DD:EE:FF | * | -### server_key_restrictions Block +### ios_key_restrictions Block -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `allowed_ips` | A list of the caller IP addresses that are allowed to make API calls with this key. | true | true | Restricting server IP addresses ensures that only trusted network locations can use the API key. | ['203.0.113.0/24'] | ['0.0.0.0/0'] | + | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | + |----------|-------------|----------|-----------------|-----------|-----------|---------------| + | `allowed_bundle_ids` | Allowed iOS bundle identifiers. | false | true | Restricting iOS bundle identifiers ensures that only trusted iOS applications can use the API key. | ['com.example.iosapp'] | ['*'] | diff --git a/docs/gcp/Apikeys/resource_json/apikeys_key.json b/docs/gcp/Apikeys/resource_json/apikeys_key.json index 5629f011a..70e04a98c 100644 --- a/docs/gcp/Apikeys/resource_json/apikeys_key.json +++ b/docs/gcp/Apikeys/resource_json/apikeys_key.json @@ -1,9 +1,14 @@ { - "resource_name": "apikeys_key", + "_metadata": { + "provider": "gcp", + "version": "v5.29.0", + "generated_at": "2026-01-31T08:47:59.566381+00:00" + }, + "resource_name": "google_apikeys_key", "subcategory": "Apikeys", "arguments": { "name": { - "description": "The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`. - - -", + "description": "The resource name of the API key.", "required": true, "security_impact": false, "rationale": null, @@ -12,7 +17,7 @@ "parent": null }, "display_name": { - "description": "Human-readable display name of this API key. Modifiable by user.", + "description": "Human-readable display name of the API key.", "required": false, "security_impact": false, "rationale": null, @@ -21,7 +26,7 @@ "parent": null }, "project": { - "description": "The project for the resource", + "description": "The project that the API key belongs to.", "required": false, "security_impact": false, "rationale": null, @@ -30,7 +35,7 @@ "parent": null }, "restrictions": { - "description": "Key restrictions.", + "description": "Restrictions applied to the API key.", "required": false, "security_impact": false, "rationale": null, @@ -38,201 +43,157 @@ "non-compliant": null, "parent": null, "arguments": { - "android_key_restrictions": { - "description": "The Android apps that are allowed to use the key.", - "required": false, - "security_impact": true, - "rationale": "API key restrictions limit how and where the key can be used. API keys without restrictions may be abused or used outside their intended context.", - "compliant": "At least one restriction block is defined", - "non-compliant": "No restrictions are configured", - "parent": "restrictions" - }, "api_targets": { - "description": "A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed.", + "description": "API targets that this API key is allowed to use.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, - "parent": "restrictions" + "parent": "restrictions", + "arguments": { + "service": { + "description": "The service that this API key is allowed to call.", + "required": true, + "security_impact": true, + "rationale": "Restricting API targets ensures that the API key can only be used with approved Google Cloud services, reducing the risk of misuse.", + "compliant": [ + "maps.googleapis.com", + "places.googleapis.com", + "translate.googleapis.com" + ], + "non-compliant": [ + "*" + ], + "parent": "api_targets" + }, + "methods": { + "description": "The allowed methods for the specified API target.", + "required": false, + "security_impact": true, + "rationale": "Limiting callable methods reduces the attack surface of the API key and prevents unintended API usage.", + "compliant": [ + "TranslateText", + "DetectLanguage" + ], + "non-compliant": [ + "*" + ], + "parent": "api_targets" + } + } }, "browser_key_restrictions": { - "description": "The HTTP referrers (websites) that are allowed to use the key.", + "description": "Browser restrictions for the API key.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, - "parent": "restrictions" + "parent": "restrictions", + "arguments": { + "allowed_referrers": { + "description": "Allowed HTTP referrers for browser usage.", + "required": false, + "security_impact": true, + "rationale": "Restricting HTTP referrers prevents unauthorized websites from using the API key.", + "compliant": [ + "https://example.com" + ], + "non-compliant": [ + "*" + ], + "parent": "browser_key_restrictions" + } + } }, - "ios_key_restrictions": { - "description": "The iOS apps that are allowed to use the key.", + "server_key_restrictions": { + "description": "Server restrictions for the API key.", "required": false, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, - "parent": "restrictions" + "parent": "restrictions", + "arguments": { + "allowed_ips": { + "description": "Allowed IP addresses for server usage.", + "required": false, + "security_impact": true, + "rationale": "Restricting server IP addresses ensures that only trusted network locations can use the API key.", + "compliant": [ + "203.0.113.0/24" + ], + "non-compliant": [ + "0.0.0.0/0" + ], + "parent": "server_key_restrictions" + } + } }, - "server_key_restrictions": { - "description": "The IP addresses of callers that are allowed to use the key.", + "android_key_restrictions": { + "description": "Android application restrictions for the API key.", "required": false, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": "restrictions" - } - } - }, - "android_key_restrictions": { - "description": "", - "required": null, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": null, - "arguments": { - "allowed_applications": { - "description": "A list of Android applications that are allowed to make API calls with this key.", - "required": true, - "security_impact": null, - "rationale": "Restricting Android applications ensures that only trusted mobile apps can use the API key.", - "compliant": null, - "non-compliant": null, - "parent": "android_key_restrictions" - } - } - }, - "allowed_applications": { - "description": "", - "required": null, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": null, - "arguments": { - "package_name": { - "description": "The package name of the application.", - "required": true, - "security_impact": null, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, - "parent": "allowed_applications" + "parent": "restrictions", + "arguments": { + "allowed_applications": { + "description": "Allowed Android applications.", + "required": false, + "security_impact": false, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "android_key_restrictions", + "arguments": { + "package_name": { + "description": "The package name of the Android application.", + "required": true, + "security_impact": true, + "rationale": "Restricting Android package names ensures that only trusted mobile applications can use the API key.", + "compliant": "com.example.app", + "non-compliant": "*", + "parent": "allowed_applications" + }, + "sha1_fingerprint": { + "description": "The SHA1 fingerprint of the Android application certificate.", + "required": true, + "security_impact": true, + "rationale": "Restricting SHA1 fingerprints prevents unauthorised Android applications from using the API key.", + "compliant": "AA:BB:CC:DD:EE:FF", + "non-compliant": "*", + "parent": "allowed_applications" + } + } + } + } }, - "sha1_fingerprint": { - "description": "The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter.", - "required": true, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": "allowed_applications" - } - } - }, - "api_targets": { - "description": "", - "required": null, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": null, - "arguments": { - "methods": { - "description": "Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*`", + "ios_key_restrictions": { + "description": "iOS application restrictions for the API key.", "required": false, - "security_impact": true, - "rationale": "Allowing wildcard methods significantly increases the attack surface of the API key.", - "compliant": [ - "TranslateText", - "DetectLanguage" - ], - "non-compliant": [ - "*" - ], - "parent": "api_targets" - }, - "service": { - "description": "The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project.", - "required": true, - "security_impact": true, - "rationale": "Restricting API targets ensures that the API key can only be used with explicitly approved Google Cloud services.", - "compliant": "translate.googleapis.com", - "non-compliant": "*", - "parent": "api_targets" - } - } - }, - "browser_key_restrictions": { - "description": "", - "required": null, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": null, - "arguments": { - "allowed_referrers": { - "description": "A list of regular expressions for the referrer URLs that are allowed to make API calls with this key.", - "required": true, - "security_impact": true, - "rationale": "Restricting browser referrers prevents unauthorized websites from using the API key.", - "compliant": [ - "https://example.com" - ], - "non-compliant": [ - "*" - ], - "parent": "browser_key_restrictions" - } - } - }, - "ios_key_restrictions": { - "description": "", - "required": null, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": null, - "arguments": { - "allowed_bundle_ids": { - "description": "A list of bundle IDs that are allowed when making API calls with this key.", - "required": true, - "security_impact": true, - "rationale": "Restricting iOS bundle IDs ensures that only trusted iOS applications can use the API key.", + "security_impact": false, + "rationale": null, "compliant": null, "non-compliant": null, - "parent": "ios_key_restrictions" - } - } - }, - "server_key_restrictions": { - "description": "", - "required": null, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": null, - "arguments": { - "allowed_ips": { - "description": "A list of the caller IP addresses that are allowed to make API calls with this key.", - "required": true, - "security_impact": true, - "rationale": "Restricting server IP addresses ensures that only trusted network locations can use the API key.", - "compliant": [ - "203.0.113.0/24" - ], - "non-compliant": [ - "0.0.0.0/0" - ], - "parent": "server_key_restrictions" + "parent": "restrictions", + "arguments": { + "allowed_bundle_ids": { + "description": "Allowed iOS bundle identifiers.", + "required": false, + "security_impact": true, + "rationale": "Restricting iOS bundle identifiers ensures that only trusted iOS applications can use the API key.", + "compliant": [ + "com.example.iosapp" + ], + "non-compliant": [ + "*" + ], + "parent": "ios_key_restrictions" + } + } } } } diff --git a/docs/gcp/Biglake/biglake_catalog.md b/docs/gcp/Biglake/biglake_catalog.md index 017b735c4..b8906e342 100644 --- a/docs/gcp/Biglake/biglake_catalog.md +++ b/docs/gcp/Biglake/biglake_catalog.md @@ -1,8 +1,8 @@ -## 🛡️ Policy Deployment Engine: `biglake_catalog` +## 🛡️ Policy Deployment Engine: `google_biglake_catalog` -This section provides a concise policy evaluation for the `biglake_catalog` resource in GCP. +This section provides a concise policy evaluation for the `google_biglake_catalog` resource in GCP. -Reference: [Terraform Registry – biglake_catalog](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_catalog) +Reference: [Terraform Registry – google_biglake_catalog](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_biglake_catalog) --- @@ -10,6 +10,6 @@ Reference: [Terraform Registry – biglake_catalog](https://registry.terraform.i | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | |----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `location` | The geographic location where the Catalog should reside. | true | true | The catalog location determines where metadata is stored and affects data residency, compliance, and regulatory requirements. | Catalog is created in an approved region | Catalog is created in an unapproved or unrestricted region | -| `name` | The name of the Catalog. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId} | true | false | None | None | None | -| `project` | If it is not provided, the provider project is used. | false | true | Explicitly specifying the project ensures that the catalog is created within the intended security boundary and access controls. | Project is explicitly specified | Project is omitted or points to an unintended project | +| `name` | The name of the BigLake catalog. | true | false | None | None | None | +| `project` | The project in which the BigLake catalog is created. | false | true | Explicitly specifying the project ensures that the catalog is created within the intended security boundary and governance scope. | my-secure-project | None | +| `location` | The location of the BigLake catalog. | true | true | The catalog location determines where metadata is stored and affects data residency, compliance, and regulatory requirements. | ['au'] | ['eu'] | diff --git a/docs/gcp/Biglake/biglake_database.md b/docs/gcp/Biglake/biglake_database.md index 7939cd3f9..fccf1a99e 100644 --- a/docs/gcp/Biglake/biglake_database.md +++ b/docs/gcp/Biglake/biglake_database.md @@ -1,8 +1,8 @@ -## 🛡️ Policy Deployment Engine: `biglake_database` +## 🛡️ Policy Deployment Engine: `google_biglake_database` -This section provides a concise policy evaluation for the `biglake_database` resource in GCP. +This section provides a concise policy evaluation for the `google_biglake_database` resource in GCP. -Reference: [Terraform Registry – biglake_database](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_database) +Reference: [Terraform Registry – google_biglake_database](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_biglake_database) --- @@ -10,14 +10,14 @@ Reference: [Terraform Registry – biglake_database](https://registry.terraform. | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | |----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `type` | The database type. | true | false | None | None | None | -| `hive_options` | Options of a Hive database. Structure is [documented below](#nested_hive_options). | true | false | None | None | None | -| `catalog` | The parent catalog. | true | false | None | None | None | -| `name` | The name of the database. | true | false | None | None | None | +| `name` | The name of the BigLake database. | true | false | None | None | None | +| `catalog` | The BigLake catalog that contains this database. | true | false | None | None | None | +| `type` | The type of the BigLake database. | true | false | None | None | None | +| `hive_options` | Hive-specific options for the BigLake database. | false | false | None | None | None | ### hive_options Block | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | |----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `location_uri` | Cloud Storage folder URI where the database data is stored, starting with "gs://". | false | true | The storage location defines where database data is physically stored. Incorrect configuration may expose sensitive data or violate data residency requirements. | Storage location points to a controlled and private Cloud Storage bucket | Storage location points to an uncontrolled or public bucket | -| `parameters` | Stores user supplied Hive database parameters. An object containing a list of"key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. | false | false | None | None | None | +| `location_uri` | The Cloud Storage location where the database data is stored. | true | true | The storage location determines where database data is physically stored. Misconfigured or public storage locations may lead to unauthorised data access or violations of data residency requirements. | gs://secure-private-bucket/database-path | gs://public-bucket/database-path | +| `parameters` | Custom parameters for the Hive database. | false | false | None | None | None | diff --git a/docs/gcp/Biglake/biglake_table.md b/docs/gcp/Biglake/biglake_table.md index 9ecb3279f..a5656ce23 100644 --- a/docs/gcp/Biglake/biglake_table.md +++ b/docs/gcp/Biglake/biglake_table.md @@ -1,8 +1,8 @@ -## 🛡️ Policy Deployment Engine: `biglake_table` +## 🛡️ Policy Deployment Engine: `google_biglake_table` -This section provides a concise policy evaluation for the `biglake_table` resource in GCP. +This section provides a concise policy evaluation for the `google_biglake_table` resource in GCP. -Reference: [Terraform Registry – biglake_table](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/biglake_table) +Reference: [Terraform Registry – google_biglake_table](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_biglake_table) --- @@ -10,24 +10,22 @@ Reference: [Terraform Registry – biglake_table](https://registry.terraform.io/ | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | |----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `name` | Output only. The name of the Table. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId} | true | false | None | None | None | -| `type` | The database type. Possible values are: `HIVE`. | false | false | None | None | None | -| `hive_options` | Options of a Hive table. Structure is [documented below](#nested_hive_options). | false | false | None | None | None | -| `database` | The id of the parent database. | false | false | None | None | None | -| `storage_descriptor` | | false | false | None | None | None | +| `name` | The name of the BigLake table. | true | false | None | None | None | +| `database` | The BigLake database that contains this table. | true | false | None | None | None | +| `type` | The type of the BigLake table. | true | false | None | None | None | +| `hive_options` | Hive-specific options for the BigLake table. | false | false | None | None | None | ### hive_options Block | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | |----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `parameters` | Stores user supplied Hive table parameters. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. | false | false | None | None | None | -| `table_type` | Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE. | false | false | None | None | None | -| `storage_descriptor` | Stores physical storage information on the data. Structure is [documented below](#nested_hive_options_storage_descriptor). | false | false | None | None | None | +| `storage_descriptor` | Storage descriptor for the BigLake table. | true | false | None | None | None | -### storage_descriptor Block +### storage_descriptor Block -| Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | -|----------|-------------|----------|-----------------|-----------|-----------|---------------| -| `location_uri` | Cloud Storage folder URI where the table data is stored, starting with "gs://". | false | true | The table storage location determines where table data is stored and must be secured to prevent unauthorized data access. | Table data is stored in a secured Cloud Storage bucket | Table data is stored in an unsecured or public bucket | -| `input_format` | The fully qualified Java class name of the input format. | false | false | None | None | None | -| `output_format` | The fully qualified Java class name of the output format. | false | false | None | None | None | + | Argument | Description | Required | Security Impact | Rationale | Compliant | Non-Compliant | + |----------|-------------|----------|-----------------|-----------|-----------|---------------| + | `location_uri` | The Cloud Storage location where table data is stored. | true | true | The table storage location determines where data is physically stored. Insecure or public locations may expose sensitive data or violate data governance requirements. | gs://secure-private-bucket/table-path | gs://public-bucket/table-path | + | `input_format` | The input format of the table data. | false | false | None | None | None | + | `output_format` | The output format of the table data. | false | false | None | None | None | + | `parameters` | Custom parameters for the table storage descriptor. | false | false | None | None | None | diff --git a/docs/gcp/Biglake/resource_json/biglake_catalog.json b/docs/gcp/Biglake/resource_json/biglake_catalog.json index c8d385529..20ac6158d 100644 --- a/docs/gcp/Biglake/resource_json/biglake_catalog.json +++ b/docs/gcp/Biglake/resource_json/biglake_catalog.json @@ -1,18 +1,13 @@ { - "resource_name": "biglake_catalog", + "_metadata": { + "provider": "gcp", + "version": "v5.29.0" + }, + "resource_name": "google_biglake_catalog", "subcategory": "Biglake", "arguments": { - "location": { - "description": "The geographic location where the Catalog should reside.", - "required": true, - "security_impact": true, - "rationale": "The catalog location determines where metadata is stored and affects data residency, compliance, and regulatory requirements.", - "compliant": "Catalog is created in an approved region", - "non-compliant": "Catalog is created in an unapproved or unrestricted region", - "parent": null - }, "name": { - "description": "The name of the Catalog. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}", + "description": "The name of the BigLake catalog.", "required": true, "security_impact": false, "rationale": null, @@ -21,12 +16,25 @@ "parent": null }, "project": { - "description": "If it is not provided, the provider project is used.", + "description": "The project in which the BigLake catalog is created.", "required": false, "security_impact": true, - "rationale": "Explicitly specifying the project ensures that the catalog is created within the intended security boundary and access controls.", - "compliant": "Project is explicitly specified", - "non-compliant": "Project is omitted or points to an unintended project", + "rationale": "Explicitly specifying the project ensures that the catalog is created within the intended security boundary and governance scope.", + "compliant": "my-secure-project", + "non-compliant": null, + "parent": null + }, + "location": { + "description": "The location of the BigLake catalog.", + "required": true, + "security_impact": true, + "rationale": "The catalog location determines where metadata is stored and affects data residency, compliance, and regulatory requirements.", + "compliant": [ + "au" + ], + "non-compliant": [ + "eu" + ], "parent": null } } diff --git a/docs/gcp/Biglake/resource_json/biglake_database.json b/docs/gcp/Biglake/resource_json/biglake_database.json index 0c9e31ac4..619800d30 100644 --- a/docs/gcp/Biglake/resource_json/biglake_database.json +++ b/docs/gcp/Biglake/resource_json/biglake_database.json @@ -1,9 +1,31 @@ { - "resource_name": "biglake_database", + "_metadata": { + "provider": "gcp", + "version": "v5.29.0" + }, + "resource_name": "google_biglake_database", "subcategory": "Biglake", "arguments": { + "name": { + "description": "The name of the BigLake database.", + "required": true, + "security_impact": false, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null + }, + "catalog": { + "description": "The BigLake catalog that contains this database.", + "required": true, + "security_impact": false, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": null + }, "type": { - "description": "The database type.", + "description": "The type of the BigLake database.", "required": true, "security_impact": false, "rationale": null, @@ -12,8 +34,8 @@ "parent": null }, "hive_options": { - "description": "Options of a Hive database. Structure is [documented below](#nested_hive_options).", - "required": true, + "description": "Hive-specific options for the BigLake database.", + "required": false, "security_impact": false, "rationale": null, "compliant": null, @@ -21,16 +43,16 @@ "parent": null, "arguments": { "location_uri": { - "description": "Cloud Storage folder URI where the database data is stored, starting with \"gs://\".", - "required": false, + "description": "The Cloud Storage location where the database data is stored.", + "required": true, "security_impact": true, - "rationale": "The storage location defines where database data is physically stored. Incorrect configuration may expose sensitive data or violate data residency requirements.", - "compliant": "Storage location points to a controlled and private Cloud Storage bucket", - "non-compliant": "Storage location points to an uncontrolled or public bucket", + "rationale": "The storage location determines where database data is physically stored. Misconfigured or public storage locations may lead to unauthorised data access or violations of data residency requirements.", + "compliant": "gs://secure-private-bucket/database-path", + "non-compliant": "gs://public-bucket/database-path", "parent": "hive_options" }, "parameters": { - "description": "Stores user supplied Hive database parameters. An object containing a list of\"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.", + "description": "Custom parameters for the Hive database.", "required": false, "security_impact": false, "rationale": null, @@ -39,24 +61,6 @@ "parent": "hive_options" } } - }, - "catalog": { - "description": "The parent catalog.", - "required": true, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": null - }, - "name": { - "description": "The name of the database.", - "required": true, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": null } } } \ No newline at end of file diff --git a/docs/gcp/Biglake/resource_json/biglake_table.json b/docs/gcp/Biglake/resource_json/biglake_table.json index bdcb1d011..1d6b9ef88 100644 --- a/docs/gcp/Biglake/resource_json/biglake_table.json +++ b/docs/gcp/Biglake/resource_json/biglake_table.json @@ -1,9 +1,13 @@ { - "resource_name": "biglake_table", + "_metadata": { + "provider": "gcp", + "version": "v5.29.0" + }, + "resource_name": "google_biglake_table", "subcategory": "Biglake", "arguments": { "name": { - "description": "Output only. The name of the Table. Format: projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId}", + "description": "The name of the BigLake table.", "required": true, "security_impact": false, "rationale": null, @@ -11,97 +15,79 @@ "non-compliant": null, "parent": null }, - "type": { - "description": "The database type. Possible values are: `HIVE`.", - "required": false, + "database": { + "description": "The BigLake database that contains this table.", + "required": true, "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, "parent": null }, - "hive_options": { - "description": "Options of a Hive table. Structure is [documented below](#nested_hive_options).", - "required": false, + "type": { + "description": "The type of the BigLake table.", + "required": true, "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, - "parent": null, - "arguments": { - "parameters": { - "description": "Stores user supplied Hive table parameters. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.", - "required": false, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": "hive_options" - }, - "table_type": { - "description": "Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE.", - "required": false, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": "hive_options" - }, - "storage_descriptor": { - "description": "Stores physical storage information on the data. Structure is [documented below](#nested_hive_options_storage_descriptor).", - "required": false, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": "hive_options" - } - } - }, - "database": { - "description": "The id of the parent database.", - "required": false, - "security_impact": null, - "rationale": null, - "compliant": null, - "non-compliant": null, "parent": null }, - "storage_descriptor": { - "description": "", - "required": null, - "security_impact": null, + "hive_options": { + "description": "Hive-specific options for the BigLake table.", + "required": false, + "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, "parent": null, "arguments": { - "location_uri": { - "description": "Cloud Storage folder URI where the table data is stored, starting with \"gs://\".", - "required": false, - "security_impact": true, - "rationale": "The table storage location determines where table data is stored and must be secured to prevent unauthorized data access.", - "compliant": "Table data is stored in a secured Cloud Storage bucket", - "non-compliant": "Table data is stored in an unsecured or public bucket", - "parent": "storage_descriptor" - }, - "input_format": { - "description": "The fully qualified Java class name of the input format.", - "required": false, - "security_impact": false, - "rationale": null, - "compliant": null, - "non-compliant": null, - "parent": "storage_descriptor" - }, - "output_format": { - "description": "The fully qualified Java class name of the output format.", - "required": false, + "storage_descriptor": { + "description": "Storage descriptor for the BigLake table.", + "required": true, "security_impact": false, "rationale": null, "compliant": null, "non-compliant": null, - "parent": "storage_descriptor" + "parent": "hive_options", + "arguments": { + "location_uri": { + "description": "The Cloud Storage location where table data is stored.", + "required": true, + "security_impact": true, + "rationale": "The table storage location determines where data is physically stored. Insecure or public locations may expose sensitive data or violate data governance requirements.", + "compliant": "gs://secure-private-bucket/table-path", + "non-compliant": "gs://public-bucket/table-path", + "parent": "storage_descriptor" + }, + "input_format": { + "description": "The input format of the table data.", + "required": false, + "security_impact": false, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "storage_descriptor" + }, + "output_format": { + "description": "The output format of the table data.", + "required": false, + "security_impact": false, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "storage_descriptor" + }, + "parameters": { + "description": "Custom parameters for the table storage descriptor.", + "required": false, + "security_impact": false, + "rationale": null, + "compliant": null, + "non-compliant": null, + "parent": "storage_descriptor" + } + } } } } diff --git a/docs/gcp/_history/2026-01-31T08-47-59.567218Z.json b/docs/gcp/_history/2026-01-31T08-47-59.567218Z.json new file mode 100644 index 000000000..a0da76380 --- /dev/null +++ b/docs/gcp/_history/2026-01-31T08-47-59.567218Z.json @@ -0,0 +1,15 @@ +{ + "dry_run": false, + "provider": "gcp", + "version": "v5.29.0", + "generated_at": "2026-01-31T08:47:59.567218Z", + "resources": { + "Apikeys": [ + "google_apikeys_key" + ] + }, + "statistics": { + "total_services": 1, + "total_resources": 1 + } +} \ No newline at end of file diff --git a/docs/gcp/_history/2026-01-31T08-48-48.505255Z.json b/docs/gcp/_history/2026-01-31T08-48-48.505255Z.json new file mode 100644 index 000000000..f8a92c4d5 --- /dev/null +++ b/docs/gcp/_history/2026-01-31T08-48-48.505255Z.json @@ -0,0 +1,17 @@ +{ + "dry_run": false, + "provider": "gcp", + "version": "v5.29.0", + "generated_at": "2026-01-31T08:48:48.505255Z", + "resources": { + "Biglake": [ + "google_biglake_catalog", + "google_biglake_database", + "google_biglake_table" + ] + }, + "statistics": { + "total_services": 1, + "total_resources": 3 + } +} \ No newline at end of file diff --git a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/.terraform.lock.hcl b/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/.terraform.lock.hcl deleted file mode 100644 index 894abb857..000000000 --- a/inputs/gcp/apikeys/apikeys_key/allowed_api_targets/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/google" { - version = "7.12.0" - hashes = [ - "h1:vd1110nYSvbUdAM3MDtQD97ikZvuyDgKExlzTwutYqw=", - "zh:38722ec7777543c23e22e02695e53dd5c94644022647c3c79e11e587063d4d2b", - "zh:417b12b69c91c12e3fcefee38744b7a37bae73b706e3071c714151a623a6b0e9", - "zh:4902cea92c78b462beaf053de03d0d55fb2241d41ca3379b4568ba247f667fa9", - "zh:50ccce39d403ba477943e6652ccb6913092d9dcce1d55533b00b66062888db3d", - "zh:56dccfe5df28cfe368d93c37ad6c46a16e76da61482fd0bfc83676b1423cecf5", - "zh:7265fca2921e5e300da5d8de7e28b658c0863fdda9da696c5b97dbd3122c17c2", - "zh:8317467e828178a6db9ddabe431bb13935c00bfb5e4b4d9760bd56f7ae596eca", - "zh:84cc9d9277422a0d6c80d2bd204642d8776ddbba23feb94cf2760bb5f15410bc", - "zh:8f79d72e7ed4e36d01560ce5fc944dc7e0387fa0f8272a4345fc6ae896e8f575", - "zh:98c3d756beca036f84e7840e2099ff7359e9a246cd9a35386e03ce65032b3f5f", - "zh:a07e3ca19673d28da9289ca28dfb83204fa6636f642b8cf46de8caaf526b7dde", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/uv.lock b/uv.lock new file mode 100644 index 000000000..dbd16a6f2 --- /dev/null +++ b/uv.lock @@ -0,0 +1,617 @@ +version = 1 +revision = 3 +requires-python = ">=3.11" + +[[package]] +name = "annotated-types" +version = "0.7.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/ee/67/531ea369ba64dcff5ec9c3402f9f51bf748cec26dde048a2f973a4eea7f5/annotated_types-0.7.0.tar.gz", hash = "sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89", size = 16081, upload-time = "2024-05-20T21:33:25.928Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/78/b6/6307fbef88d9b5ee7421e68d78a9f162e0da4900bc5f5793f6d3d0e34fb8/annotated_types-0.7.0-py3-none-any.whl", hash = "sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53", size = 13643, upload-time = "2024-05-20T21:33:24.1Z" }, +] + +[[package]] +name = "attrs" +version = "25.4.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/6b/5c/685e6633917e101e5dcb62b9dd76946cbb57c26e133bae9e0cd36033c0a9/attrs-25.4.0.tar.gz", hash = "sha256:16d5969b87f0859ef33a48b35d55ac1be6e42ae49d5e853b597db70c35c57e11", size = 934251, upload-time = "2025-10-06T13:54:44.725Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/3a/2a/7cc015f5b9f5db42b7d48157e23356022889fc354a2813c15934b7cb5c0e/attrs-25.4.0-py3-none-any.whl", hash = "sha256:adcf7e2a1fb3b36ac48d97835bb6d8ade15b8dcce26aba8bf1d14847b57a3373", size = 67615, upload-time = "2025-10-06T13:54:43.17Z" }, +] + +[[package]] +name = "colorama" +version = "0.4.6" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44", size = 27697, upload-time = "2022-10-25T02:36:22.414Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335, upload-time = "2022-10-25T02:36:20.889Z" }, +] + +[[package]] +name = "coverage" +version = "7.13.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/ad/49/349848445b0e53660e258acbcc9b0d014895b6739237920886672240f84b/coverage-7.13.2.tar.gz", hash = "sha256:044c6951ec37146b72a50cc81ef02217d27d4c3640efd2640311393cbbf143d3", size = 826523, upload-time = "2026-01-25T13:00:04.889Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/6c/01/abca50583a8975bb6e1c59eff67ed8e48bb127c07dad5c28d9e96ccc09ec/coverage-7.13.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:060ebf6f2c51aff5ba38e1f43a2095e087389b1c69d559fde6049a4b0001320e", size = 218971, upload-time = "2026-01-25T12:57:36.953Z" }, + { url = "https://files.pythonhosted.org/packages/eb/0e/b6489f344d99cd1e5b4d5e1be52dfd3f8a3dc5112aa6c33948da8cabad4e/coverage-7.13.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:c1ea8ca9db5e7469cd364552985e15911548ea5b69c48a17291f0cac70484b2e", size = 219473, upload-time = "2026-01-25T12:57:38.934Z" }, + { url = "https://files.pythonhosted.org/packages/17/11/db2f414915a8e4ec53f60b17956c27f21fb68fcf20f8a455ce7c2ccec638/coverage-7.13.2-cp311-cp311-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:b780090d15fd58f07cf2011943e25a5f0c1c894384b13a216b6c86c8a8a7c508", size = 249896, upload-time = "2026-01-25T12:57:40.365Z" }, + { url = "https://files.pythonhosted.org/packages/80/06/0823fe93913663c017e508e8810c998c8ebd3ec2a5a85d2c3754297bdede/coverage-7.13.2-cp311-cp311-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:88a800258d83acb803c38175b4495d293656d5fac48659c953c18e5f539a274b", size = 251810, upload-time = "2026-01-25T12:57:42.045Z" }, + { url = "https://files.pythonhosted.org/packages/61/dc/b151c3cc41b28cdf7f0166c5fa1271cbc305a8ec0124cce4b04f74791a18/coverage-7.13.2-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6326e18e9a553e674d948536a04a80d850a5eeefe2aae2e6d7cf05d54046c01b", size = 253920, upload-time = "2026-01-25T12:57:44.026Z" }, + { url = "https://files.pythonhosted.org/packages/2d/35/e83de0556e54a4729a2b94ea816f74ce08732e81945024adee46851c2264/coverage-7.13.2-cp311-cp311-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:59562de3f797979e1ff07c587e2ac36ba60ca59d16c211eceaa579c266c5022f", size = 250025, upload-time = "2026-01-25T12:57:45.624Z" }, + { url = "https://files.pythonhosted.org/packages/39/67/af2eb9c3926ce3ea0d58a0d2516fcbdacf7a9fc9559fe63076beaf3f2596/coverage-7.13.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:27ba1ed6f66b0e2d61bfa78874dffd4f8c3a12f8e2b5410e515ab345ba7bc9c3", size = 251612, upload-time = "2026-01-25T12:57:47.713Z" }, + { url = "https://files.pythonhosted.org/packages/26/62/5be2e25f3d6c711d23b71296f8b44c978d4c8b4e5b26871abfc164297502/coverage-7.13.2-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:8be48da4d47cc68754ce643ea50b3234557cbefe47c2f120495e7bd0a2756f2b", size = 249670, upload-time = "2026-01-25T12:57:49.378Z" }, + { url = "https://files.pythonhosted.org/packages/b3/51/400d1b09a8344199f9b6a6fc1868005d766b7ea95e7882e494fa862ca69c/coverage-7.13.2-cp311-cp311-musllinux_1_2_riscv64.whl", hash = "sha256:2a47a4223d3361b91176aedd9d4e05844ca67d7188456227b6bf5e436630c9a1", size = 249395, upload-time = "2026-01-25T12:57:50.86Z" }, + { url = "https://files.pythonhosted.org/packages/e0/36/f02234bc6e5230e2f0a63fd125d0a2093c73ef20fdf681c7af62a140e4e7/coverage-7.13.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:c6f141b468740197d6bd38f2b26ade124363228cc3f9858bd9924ab059e00059", size = 250298, upload-time = "2026-01-25T12:57:52.287Z" }, + { url = "https://files.pythonhosted.org/packages/b0/06/713110d3dd3151b93611c9cbfc65c15b4156b44f927fced49ac0b20b32a4/coverage-7.13.2-cp311-cp311-win32.whl", hash = "sha256:89567798404af067604246e01a49ef907d112edf2b75ef814b1364d5ce267031", size = 221485, upload-time = "2026-01-25T12:57:53.876Z" }, + { url = "https://files.pythonhosted.org/packages/16/0c/3ae6255fa1ebcb7dec19c9a59e85ef5f34566d1265c70af5b2fc981da834/coverage-7.13.2-cp311-cp311-win_amd64.whl", hash = "sha256:21dd57941804ae2ac7e921771a5e21bbf9aabec317a041d164853ad0a96ce31e", size = 222421, upload-time = "2026-01-25T12:57:55.433Z" }, + { url = "https://files.pythonhosted.org/packages/b5/37/fabc3179af4d61d89ea47bd04333fec735cd5e8b59baad44fed9fc4170d7/coverage-7.13.2-cp311-cp311-win_arm64.whl", hash = "sha256:10758e0586c134a0bafa28f2d37dd2cdb5e4a90de25c0fc0c77dabbad46eca28", size = 221088, upload-time = "2026-01-25T12:57:57.41Z" }, + { url = "https://files.pythonhosted.org/packages/46/39/e92a35f7800222d3f7b2cbb7bbc3b65672ae8d501cb31801b2d2bd7acdf1/coverage-7.13.2-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:f106b2af193f965d0d3234f3f83fc35278c7fb935dfbde56ae2da3dd2c03b84d", size = 219142, upload-time = "2026-01-25T12:58:00.448Z" }, + { url = "https://files.pythonhosted.org/packages/45/7a/8bf9e9309c4c996e65c52a7c5a112707ecdd9fbaf49e10b5a705a402bbb4/coverage-7.13.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:78f45d21dc4d5d6bd29323f0320089ef7eae16e4bef712dff79d184fa7330af3", size = 219503, upload-time = "2026-01-25T12:58:02.451Z" }, + { url = "https://files.pythonhosted.org/packages/87/93/17661e06b7b37580923f3f12406ac91d78aeed293fb6da0b69cc7957582f/coverage-7.13.2-cp312-cp312-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:fae91dfecd816444c74531a9c3d6ded17a504767e97aa674d44f638107265b99", size = 251006, upload-time = "2026-01-25T12:58:04.059Z" }, + { url = "https://files.pythonhosted.org/packages/12/f0/f9e59fb8c310171497f379e25db060abef9fa605e09d63157eebec102676/coverage-7.13.2-cp312-cp312-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:264657171406c114787b441484de620e03d8f7202f113d62fcd3d9688baa3e6f", size = 253750, upload-time = "2026-01-25T12:58:05.574Z" }, + { url = "https://files.pythonhosted.org/packages/e5/b1/1935e31add2232663cf7edd8269548b122a7d100047ff93475dbaaae673e/coverage-7.13.2-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ae47d8dcd3ded0155afbb59c62bd8ab07ea0fd4902e1c40567439e6db9dcaf2f", size = 254862, upload-time = "2026-01-25T12:58:07.647Z" }, + { url = "https://files.pythonhosted.org/packages/af/59/b5e97071ec13df5f45da2b3391b6cdbec78ba20757bc92580a5b3d5fa53c/coverage-7.13.2-cp312-cp312-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:8a0b33e9fd838220b007ce8f299114d406c1e8edb21336af4c97a26ecfd185aa", size = 251420, upload-time = "2026-01-25T12:58:09.309Z" }, + { url = "https://files.pythonhosted.org/packages/3f/75/9495932f87469d013dc515fb0ce1aac5fa97766f38f6b1a1deb1ee7b7f3a/coverage-7.13.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:b3becbea7f3ce9a2d4d430f223ec15888e4deb31395840a79e916368d6004cce", size = 252786, upload-time = "2026-01-25T12:58:10.909Z" }, + { url = "https://files.pythonhosted.org/packages/6a/59/af550721f0eb62f46f7b8cb7e6f1860592189267b1c411a4e3a057caacee/coverage-7.13.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:f819c727a6e6eeb8711e4ce63d78c620f69630a2e9d53bc95ca5379f57b6ba94", size = 250928, upload-time = "2026-01-25T12:58:12.449Z" }, + { url = "https://files.pythonhosted.org/packages/9b/b1/21b4445709aae500be4ab43bbcfb4e53dc0811c3396dcb11bf9f23fd0226/coverage-7.13.2-cp312-cp312-musllinux_1_2_riscv64.whl", hash = "sha256:4f7b71757a3ab19f7ba286e04c181004c1d61be921795ee8ba6970fd0ec91da5", size = 250496, upload-time = "2026-01-25T12:58:14.047Z" }, + { url = "https://files.pythonhosted.org/packages/ba/b1/0f5d89dfe0392990e4f3980adbde3eb34885bc1effb2dc369e0bf385e389/coverage-7.13.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:b7fc50d2afd2e6b4f6f2f403b70103d280a8e0cb35320cbbe6debcda02a1030b", size = 252373, upload-time = "2026-01-25T12:58:15.976Z" }, + { url = "https://files.pythonhosted.org/packages/01/c9/0cf1a6a57a9968cc049a6b896693faa523c638a5314b1fc374eb2b2ac904/coverage-7.13.2-cp312-cp312-win32.whl", hash = "sha256:292250282cf9bcf206b543d7608bda17ca6fc151f4cbae949fc7e115112fbd41", size = 221696, upload-time = "2026-01-25T12:58:17.517Z" }, + { url = "https://files.pythonhosted.org/packages/4d/05/d7540bf983f09d32803911afed135524570f8c47bb394bf6206c1dc3a786/coverage-7.13.2-cp312-cp312-win_amd64.whl", hash = "sha256:eeea10169fac01549a7921d27a3e517194ae254b542102267bef7a93ed38c40e", size = 222504, upload-time = "2026-01-25T12:58:19.115Z" }, + { url = "https://files.pythonhosted.org/packages/15/8b/1a9f037a736ced0a12aacf6330cdaad5008081142a7070bc58b0f7930cbc/coverage-7.13.2-cp312-cp312-win_arm64.whl", hash = "sha256:2a5b567f0b635b592c917f96b9a9cb3dbd4c320d03f4bf94e9084e494f2e8894", size = 221120, upload-time = "2026-01-25T12:58:21.334Z" }, + { url = "https://files.pythonhosted.org/packages/a7/f0/3d3eac7568ab6096ff23791a526b0048a1ff3f49d0e236b2af6fb6558e88/coverage-7.13.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:ed75de7d1217cf3b99365d110975f83af0528c849ef5180a12fd91b5064df9d6", size = 219168, upload-time = "2026-01-25T12:58:23.376Z" }, + { url = "https://files.pythonhosted.org/packages/a3/a6/f8b5cfeddbab95fdef4dcd682d82e5dcff7a112ced57a959f89537ee9995/coverage-7.13.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:97e596de8fa9bada4d88fde64a3f4d37f1b6131e4faa32bad7808abc79887ddc", size = 219537, upload-time = "2026-01-25T12:58:24.932Z" }, + { url = "https://files.pythonhosted.org/packages/7b/e6/8d8e6e0c516c838229d1e41cadcec91745f4b1031d4db17ce0043a0423b4/coverage-7.13.2-cp313-cp313-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:68c86173562ed4413345410c9480a8d64864ac5e54a5cda236748031e094229f", size = 250528, upload-time = "2026-01-25T12:58:26.567Z" }, + { url = "https://files.pythonhosted.org/packages/8e/78/befa6640f74092b86961f957f26504c8fba3d7da57cc2ab7407391870495/coverage-7.13.2-cp313-cp313-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:7be4d613638d678b2b3773b8f687537b284d7074695a43fe2fbbfc0e31ceaed1", size = 253132, upload-time = "2026-01-25T12:58:28.251Z" }, + { url = "https://files.pythonhosted.org/packages/9d/10/1630db1edd8ce675124a2ee0f7becc603d2bb7b345c2387b4b95c6907094/coverage-7.13.2-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d7f63ce526a96acd0e16c4af8b50b64334239550402fb1607ce6a584a6d62ce9", size = 254374, upload-time = "2026-01-25T12:58:30.294Z" }, + { url = "https://files.pythonhosted.org/packages/ed/1d/0d9381647b1e8e6d310ac4140be9c428a0277330991e0c35bdd751e338a4/coverage-7.13.2-cp313-cp313-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:406821f37f864f968e29ac14c3fccae0fec9fdeba48327f0341decf4daf92d7c", size = 250762, upload-time = "2026-01-25T12:58:32.036Z" }, + { url = "https://files.pythonhosted.org/packages/43/e4/5636dfc9a7c871ee8776af83ee33b4c26bc508ad6cee1e89b6419a366582/coverage-7.13.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:ee68e5a4e3e5443623406b905db447dceddffee0dceb39f4e0cd9ec2a35004b5", size = 252502, upload-time = "2026-01-25T12:58:33.961Z" }, + { url = "https://files.pythonhosted.org/packages/02/2a/7ff2884d79d420cbb2d12fed6fff727b6d0ef27253140d3cdbbd03187ee0/coverage-7.13.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:2ee0e58cca0c17dd9c6c1cdde02bb705c7b3fbfa5f3b0b5afeda20d4ebff8ef4", size = 250463, upload-time = "2026-01-25T12:58:35.529Z" }, + { url = "https://files.pythonhosted.org/packages/91/c0/ba51087db645b6c7261570400fc62c89a16278763f36ba618dc8657a187b/coverage-7.13.2-cp313-cp313-musllinux_1_2_riscv64.whl", hash = "sha256:6e5bbb5018bf76a56aabdb64246b5288d5ae1b7d0dd4d0534fe86df2c2992d1c", size = 250288, upload-time = "2026-01-25T12:58:37.226Z" }, + { url = "https://files.pythonhosted.org/packages/03/07/44e6f428551c4d9faf63ebcefe49b30e5c89d1be96f6a3abd86a52da9d15/coverage-7.13.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:a55516c68ef3e08e134e818d5e308ffa6b1337cc8b092b69b24287bf07d38e31", size = 252063, upload-time = "2026-01-25T12:58:38.821Z" }, + { url = "https://files.pythonhosted.org/packages/c2/67/35b730ad7e1859dd57e834d1bc06080d22d2f87457d53f692fce3f24a5a9/coverage-7.13.2-cp313-cp313-win32.whl", hash = "sha256:5b20211c47a8abf4abc3319d8ce2464864fa9f30c5fcaf958a3eed92f4f1fef8", size = 221716, upload-time = "2026-01-25T12:58:40.484Z" }, + { url = "https://files.pythonhosted.org/packages/0d/82/e5fcf5a97c72f45fc14829237a6550bf49d0ab882ac90e04b12a69db76b4/coverage-7.13.2-cp313-cp313-win_amd64.whl", hash = "sha256:14f500232e521201cf031549fb1ebdfc0a40f401cf519157f76c397e586c3beb", size = 222522, upload-time = "2026-01-25T12:58:43.247Z" }, + { url = "https://files.pythonhosted.org/packages/b1/f1/25d7b2f946d239dd2d6644ca2cc060d24f97551e2af13b6c24c722ae5f97/coverage-7.13.2-cp313-cp313-win_arm64.whl", hash = "sha256:9779310cb5a9778a60c899f075a8514c89fa6d10131445c2207fc893e0b14557", size = 221145, upload-time = "2026-01-25T12:58:45Z" }, + { url = "https://files.pythonhosted.org/packages/9e/f7/080376c029c8f76fadfe43911d0daffa0cbdc9f9418a0eead70c56fb7f4b/coverage-7.13.2-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:e64fa5a1e41ce5df6b547cbc3d3699381c9e2c2c369c67837e716ed0f549d48e", size = 219861, upload-time = "2026-01-25T12:58:46.586Z" }, + { url = "https://files.pythonhosted.org/packages/42/11/0b5e315af5ab35f4c4a70e64d3314e4eec25eefc6dec13be3a7d5ffe8ac5/coverage-7.13.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:b01899e82a04085b6561eb233fd688474f57455e8ad35cd82286463ba06332b7", size = 220207, upload-time = "2026-01-25T12:58:48.277Z" }, + { url = "https://files.pythonhosted.org/packages/b2/0c/0874d0318fb1062117acbef06a09cf8b63f3060c22265adaad24b36306b7/coverage-7.13.2-cp313-cp313t-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:838943bea48be0e2768b0cf7819544cdedc1bbb2f28427eabb6eb8c9eb2285d3", size = 261504, upload-time = "2026-01-25T12:58:49.904Z" }, + { url = "https://files.pythonhosted.org/packages/83/5e/1cd72c22ecb30751e43a72f40ba50fcef1b7e93e3ea823bd9feda8e51f9a/coverage-7.13.2-cp313-cp313t-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:93d1d25ec2b27e90bcfef7012992d1f5121b51161b8bffcda756a816cf13c2c3", size = 263582, upload-time = "2026-01-25T12:58:51.582Z" }, + { url = "https://files.pythonhosted.org/packages/9b/da/8acf356707c7a42df4d0657020308e23e5a07397e81492640c186268497c/coverage-7.13.2-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:93b57142f9621b0d12349c43fc7741fe578e4bc914c1e5a54142856cfc0bf421", size = 266008, upload-time = "2026-01-25T12:58:53.234Z" }, + { url = "https://files.pythonhosted.org/packages/41/41/ea1730af99960309423c6ea8d6a4f1fa5564b2d97bd1d29dda4b42611f04/coverage-7.13.2-cp313-cp313t-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:f06799ae1bdfff7ccb8665d75f8291c69110ba9585253de254688aa8a1ccc6c5", size = 260762, upload-time = "2026-01-25T12:58:55.372Z" }, + { url = "https://files.pythonhosted.org/packages/22/fa/02884d2080ba71db64fdc127b311db60e01fe6ba797d9c8363725e39f4d5/coverage-7.13.2-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:7f9405ab4f81d490811b1d91c7a20361135a2df4c170e7f0b747a794da5b7f23", size = 263571, upload-time = "2026-01-25T12:58:57.52Z" }, + { url = "https://files.pythonhosted.org/packages/d2/6b/4083aaaeba9b3112f55ac57c2ce7001dc4d8fa3fcc228a39f09cc84ede27/coverage-7.13.2-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:f9ab1d5b86f8fbc97a5b3cd6280a3fd85fef3b028689d8a2c00918f0d82c728c", size = 261200, upload-time = "2026-01-25T12:58:59.255Z" }, + { url = "https://files.pythonhosted.org/packages/e9/d2/aea92fa36d61955e8c416ede9cf9bf142aa196f3aea214bb67f85235a050/coverage-7.13.2-cp313-cp313t-musllinux_1_2_riscv64.whl", hash = "sha256:f674f59712d67e841525b99e5e2b595250e39b529c3bda14764e4f625a3fa01f", size = 260095, upload-time = "2026-01-25T12:59:01.066Z" }, + { url = "https://files.pythonhosted.org/packages/0d/ae/04ffe96a80f107ea21b22b2367175c621da920063260a1c22f9452fd7866/coverage-7.13.2-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:c6cadac7b8ace1ba9144feb1ae3cb787a6065ba6d23ffc59a934b16406c26573", size = 262284, upload-time = "2026-01-25T12:59:02.802Z" }, + { url = "https://files.pythonhosted.org/packages/1c/7a/6f354dcd7dfc41297791d6fb4e0d618acb55810bde2c1fd14b3939e05c2b/coverage-7.13.2-cp313-cp313t-win32.whl", hash = "sha256:14ae4146465f8e6e6253eba0cccd57423e598a4cb925958b240c805300918343", size = 222389, upload-time = "2026-01-25T12:59:04.563Z" }, + { url = "https://files.pythonhosted.org/packages/8d/d5/080ad292a4a3d3daf411574be0a1f56d6dee2c4fdf6b005342be9fac807f/coverage-7.13.2-cp313-cp313t-win_amd64.whl", hash = "sha256:9074896edd705a05769e3de0eac0a8388484b503b68863dd06d5e473f874fd47", size = 223450, upload-time = "2026-01-25T12:59:06.677Z" }, + { url = "https://files.pythonhosted.org/packages/88/96/df576fbacc522e9fb8d1c4b7a7fc62eb734be56e2cba1d88d2eabe08ea3f/coverage-7.13.2-cp313-cp313t-win_arm64.whl", hash = "sha256:69e526e14f3f854eda573d3cf40cffd29a1a91c684743d904c33dbdcd0e0f3e7", size = 221707, upload-time = "2026-01-25T12:59:08.363Z" }, + { url = "https://files.pythonhosted.org/packages/55/53/1da9e51a0775634b04fcc11eb25c002fc58ee4f92ce2e8512f94ac5fc5bf/coverage-7.13.2-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:387a825f43d680e7310e6f325b2167dd093bc8ffd933b83e9aa0983cf6e0a2ef", size = 219213, upload-time = "2026-01-25T12:59:11.909Z" }, + { url = "https://files.pythonhosted.org/packages/46/35/b3caac3ebbd10230fea5a33012b27d19e999a17c9285c4228b4b2e35b7da/coverage-7.13.2-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:f0d7fea9d8e5d778cd5a9e8fc38308ad688f02040e883cdc13311ef2748cb40f", size = 219549, upload-time = "2026-01-25T12:59:13.638Z" }, + { url = "https://files.pythonhosted.org/packages/76/9c/e1cf7def1bdc72c1907e60703983a588f9558434a2ff94615747bd73c192/coverage-7.13.2-cp314-cp314-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:e080afb413be106c95c4ee96b4fffdc9e2fa56a8bbf90b5c0918e5c4449412f5", size = 250586, upload-time = "2026-01-25T12:59:15.808Z" }, + { url = "https://files.pythonhosted.org/packages/ba/49/f54ec02ed12be66c8d8897270505759e057b0c68564a65c429ccdd1f139e/coverage-7.13.2-cp314-cp314-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:a7fc042ba3c7ce25b8a9f097eb0f32a5ce1ccdb639d9eec114e26def98e1f8a4", size = 253093, upload-time = "2026-01-25T12:59:17.491Z" }, + { url = "https://files.pythonhosted.org/packages/fb/5e/aaf86be3e181d907e23c0f61fccaeb38de8e6f6b47aed92bf57d8fc9c034/coverage-7.13.2-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:d0ba505e021557f7f8173ee8cd6b926373d8653e5ff7581ae2efce1b11ef4c27", size = 254446, upload-time = "2026-01-25T12:59:19.752Z" }, + { url = "https://files.pythonhosted.org/packages/28/c8/a5fa01460e2d75b0c853b392080d6829d3ca8b5ab31e158fa0501bc7c708/coverage-7.13.2-cp314-cp314-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:7de326f80e3451bd5cc7239ab46c73ddb658fe0b7649476bc7413572d36cd548", size = 250615, upload-time = "2026-01-25T12:59:21.928Z" }, + { url = "https://files.pythonhosted.org/packages/86/0b/6d56315a55f7062bb66410732c24879ccb2ec527ab6630246de5fe45a1df/coverage-7.13.2-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:abaea04f1e7e34841d4a7b343904a3f59481f62f9df39e2cd399d69a187a9660", size = 252452, upload-time = "2026-01-25T12:59:23.592Z" }, + { url = "https://files.pythonhosted.org/packages/30/19/9bc550363ebc6b0ea121977ee44d05ecd1e8bf79018b8444f1028701c563/coverage-7.13.2-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:9f93959ee0c604bccd8e0697be21de0887b1f73efcc3aa73a3ec0fd13feace92", size = 250418, upload-time = "2026-01-25T12:59:25.392Z" }, + { url = "https://files.pythonhosted.org/packages/1f/53/580530a31ca2f0cc6f07a8f2ab5460785b02bb11bdf815d4c4d37a4c5169/coverage-7.13.2-cp314-cp314-musllinux_1_2_riscv64.whl", hash = "sha256:13fe81ead04e34e105bf1b3c9f9cdf32ce31736ee5d90a8d2de02b9d3e1bcb82", size = 250231, upload-time = "2026-01-25T12:59:27.888Z" }, + { url = "https://files.pythonhosted.org/packages/e2/42/dd9093f919dc3088cb472893651884bd675e3df3d38a43f9053656dca9a2/coverage-7.13.2-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:d6d16b0f71120e365741bca2cb473ca6fe38930bc5431c5e850ba949f708f892", size = 251888, upload-time = "2026-01-25T12:59:29.636Z" }, + { url = "https://files.pythonhosted.org/packages/fa/a6/0af4053e6e819774626e133c3d6f70fae4d44884bfc4b126cb647baee8d3/coverage-7.13.2-cp314-cp314-win32.whl", hash = "sha256:9b2f4714bb7d99ba3790ee095b3b4ac94767e1347fe424278a0b10acb3ff04fe", size = 221968, upload-time = "2026-01-25T12:59:31.424Z" }, + { url = "https://files.pythonhosted.org/packages/c4/cc/5aff1e1f80d55862442855517bb8ad8ad3a68639441ff6287dde6a58558b/coverage-7.13.2-cp314-cp314-win_amd64.whl", hash = "sha256:e4121a90823a063d717a96e0a0529c727fb31ea889369a0ee3ec00ed99bf6859", size = 222783, upload-time = "2026-01-25T12:59:33.118Z" }, + { url = "https://files.pythonhosted.org/packages/de/20/09abafb24f84b3292cc658728803416c15b79f9ee5e68d25238a895b07d9/coverage-7.13.2-cp314-cp314-win_arm64.whl", hash = "sha256:6873f0271b4a15a33e7590f338d823f6f66f91ed147a03938d7ce26efd04eee6", size = 221348, upload-time = "2026-01-25T12:59:34.939Z" }, + { url = "https://files.pythonhosted.org/packages/b6/60/a3820c7232db63be060e4019017cd3426751c2699dab3c62819cdbcea387/coverage-7.13.2-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:f61d349f5b7cd95c34017f1927ee379bfbe9884300d74e07cf630ccf7a610c1b", size = 219950, upload-time = "2026-01-25T12:59:36.624Z" }, + { url = "https://files.pythonhosted.org/packages/fd/37/e4ef5975fdeb86b1e56db9a82f41b032e3d93a840ebaf4064f39e770d5c5/coverage-7.13.2-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:a43d34ce714f4ca674c0d90beb760eb05aad906f2c47580ccee9da8fe8bfb417", size = 220209, upload-time = "2026-01-25T12:59:38.339Z" }, + { url = "https://files.pythonhosted.org/packages/54/df/d40e091d00c51adca1e251d3b60a8b464112efa3004949e96a74d7c19a64/coverage-7.13.2-cp314-cp314t-manylinux1_i686.manylinux_2_28_i686.manylinux_2_5_i686.whl", hash = "sha256:bff1b04cb9d4900ce5c56c4942f047dc7efe57e2608cb7c3c8936e9970ccdbee", size = 261576, upload-time = "2026-01-25T12:59:40.446Z" }, + { url = "https://files.pythonhosted.org/packages/c5/44/5259c4bed54e3392e5c176121af9f71919d96dde853386e7730e705f3520/coverage-7.13.2-cp314-cp314t-manylinux1_x86_64.manylinux_2_28_x86_64.manylinux_2_5_x86_64.whl", hash = "sha256:6ae99e4560963ad8e163e819e5d77d413d331fd00566c1e0856aa252303552c1", size = 263704, upload-time = "2026-01-25T12:59:42.346Z" }, + { url = "https://files.pythonhosted.org/packages/16/bd/ae9f005827abcbe2c70157459ae86053971c9fa14617b63903abbdce26d9/coverage-7.13.2-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:e79a8c7d461820257d9aa43716c4efc55366d7b292e46b5b37165be1d377405d", size = 266109, upload-time = "2026-01-25T12:59:44.073Z" }, + { url = "https://files.pythonhosted.org/packages/a2/c0/8e279c1c0f5b1eaa3ad9b0fb7a5637fc0379ea7d85a781c0fe0bb3cfc2ab/coverage-7.13.2-cp314-cp314t-manylinux_2_31_riscv64.manylinux_2_39_riscv64.whl", hash = "sha256:060ee84f6a769d40c492711911a76811b4befb6fba50abb450371abb720f5bd6", size = 260686, upload-time = "2026-01-25T12:59:45.804Z" }, + { url = "https://files.pythonhosted.org/packages/b2/47/3a8112627e9d863e7cddd72894171c929e94491a597811725befdcd76bce/coverage-7.13.2-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:3bca209d001fd03ea2d978f8a4985093240a355c93078aee3f799852c23f561a", size = 263568, upload-time = "2026-01-25T12:59:47.929Z" }, + { url = "https://files.pythonhosted.org/packages/92/bc/7ea367d84afa3120afc3ce6de294fd2dcd33b51e2e7fbe4bbfd200f2cb8c/coverage-7.13.2-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:6b8092aa38d72f091db61ef83cb66076f18f02da3e1a75039a4f218629600e04", size = 261174, upload-time = "2026-01-25T12:59:49.717Z" }, + { url = "https://files.pythonhosted.org/packages/33/b7/f1092dcecb6637e31cc2db099581ee5c61a17647849bae6b8261a2b78430/coverage-7.13.2-cp314-cp314t-musllinux_1_2_riscv64.whl", hash = "sha256:4a3158dc2dcce5200d91ec28cd315c999eebff355437d2765840555d765a6e5f", size = 260017, upload-time = "2026-01-25T12:59:51.463Z" }, + { url = "https://files.pythonhosted.org/packages/2b/cd/f3d07d4b95fbe1a2ef0958c15da614f7e4f557720132de34d2dc3aa7e911/coverage-7.13.2-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:3973f353b2d70bd9796cc12f532a05945232ccae966456c8ed7034cb96bbfd6f", size = 262337, upload-time = "2026-01-25T12:59:53.407Z" }, + { url = "https://files.pythonhosted.org/packages/e0/db/b0d5b2873a07cb1e06a55d998697c0a5a540dcefbf353774c99eb3874513/coverage-7.13.2-cp314-cp314t-win32.whl", hash = "sha256:79f6506a678a59d4ded048dc72f1859ebede8ec2b9a2d509ebe161f01c2879d3", size = 222749, upload-time = "2026-01-25T12:59:56.316Z" }, + { url = "https://files.pythonhosted.org/packages/e5/2f/838a5394c082ac57d85f57f6aba53093b30d9089781df72412126505716f/coverage-7.13.2-cp314-cp314t-win_amd64.whl", hash = "sha256:196bfeabdccc5a020a57d5a368c681e3a6ceb0447d153aeccc1ab4d70a5032ba", size = 223857, upload-time = "2026-01-25T12:59:58.201Z" }, + { url = "https://files.pythonhosted.org/packages/44/d4/b608243e76ead3a4298824b50922b89ef793e50069ce30316a65c1b4d7ef/coverage-7.13.2-cp314-cp314t-win_arm64.whl", hash = "sha256:69269ab58783e090bfbf5b916ab3d188126e22d6070bbfc93098fdd474ef937c", size = 221881, upload-time = "2026-01-25T13:00:00.449Z" }, + { url = "https://files.pythonhosted.org/packages/d2/db/d291e30fdf7ea617a335531e72294e0c723356d7fdde8fba00610a76bda9/coverage-7.13.2-py3-none-any.whl", hash = "sha256:40ce1ea1e25125556d8e76bd0b61500839a07944cc287ac21d5626f3e620cad5", size = 210943, upload-time = "2026-01-25T13:00:02.388Z" }, +] + +[package.optional-dependencies] +toml = [ + { name = "tomli", marker = "python_full_version <= '3.11'" }, +] + +[[package]] +name = "iniconfig" +version = "2.3.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/72/34/14ca021ce8e5dfedc35312d08ba8bf51fdd999c576889fc2c24cb97f4f10/iniconfig-2.3.0.tar.gz", hash = "sha256:c76315c77db068650d49c5b56314774a7804df16fee4402c1f19d6d15d8c4730", size = 20503, upload-time = "2025-10-18T21:55:43.219Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/cb/b1/3846dd7f199d53cb17f49cba7e651e9ce294d8497c8c150530ed11865bb8/iniconfig-2.3.0-py3-none-any.whl", hash = "sha256:f631c04d2c48c52b84d0d0549c99ff3859c98df65b3101406327ecc7d53fbf12", size = 7484, upload-time = "2025-10-18T21:55:41.639Z" }, +] + +[[package]] +name = "jsonschema" +version = "4.26.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "attrs" }, + { name = "jsonschema-specifications" }, + { name = "referencing" }, + { name = "rpds-py" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/b3/fc/e067678238fa451312d4c62bf6e6cf5ec56375422aee02f9cb5f909b3047/jsonschema-4.26.0.tar.gz", hash = "sha256:0c26707e2efad8aa1bfc5b7ce170f3fccc2e4918ff85989ba9ffa9facb2be326", size = 366583, upload-time = "2026-01-07T13:41:07.246Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/69/90/f63fb5873511e014207a475e2bb4e8b2e570d655b00ac19a9a0ca0a385ee/jsonschema-4.26.0-py3-none-any.whl", hash = "sha256:d489f15263b8d200f8387e64b4c3a75f06629559fb73deb8fdfb525f2dab50ce", size = 90630, upload-time = "2026-01-07T13:41:05.306Z" }, +] + +[[package]] +name = "jsonschema-specifications" +version = "2025.9.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "referencing" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/19/74/a633ee74eb36c44aa6d1095e7cc5569bebf04342ee146178e2d36600708b/jsonschema_specifications-2025.9.1.tar.gz", hash = "sha256:b540987f239e745613c7a9176f3edb72b832a4ac465cf02712288397832b5e8d", size = 32855, upload-time = "2025-09-08T01:34:59.186Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/41/45/1a4ed80516f02155c51f51e8cedb3c1902296743db0bbc66608a0db2814f/jsonschema_specifications-2025.9.1-py3-none-any.whl", hash = "sha256:98802fee3a11ee76ecaca44429fda8a41bff98b00a0f2838151b113f210cc6fe", size = 18437, upload-time = "2025-09-08T01:34:57.871Z" }, +] + +[[package]] +name = "packaging" +version = "26.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/65/ee/299d360cdc32edc7d2cf530f3accf79c4fca01e96ffc950d8a52213bd8e4/packaging-26.0.tar.gz", hash = "sha256:00243ae351a257117b6a241061796684b084ed1c516a08c48a3f7e147a9d80b4", size = 143416, upload-time = "2026-01-21T20:50:39.064Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b7/b9/c538f279a4e237a006a2c98387d081e9eb060d203d8ed34467cc0f0b9b53/packaging-26.0-py3-none-any.whl", hash = "sha256:b36f1fef9334a5588b4166f8bcd26a14e521f2b55e6b9de3aaa80d3ff7a37529", size = 74366, upload-time = "2026-01-21T20:50:37.788Z" }, +] + +[[package]] +name = "pluggy" +version = "1.6.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f9/e2/3e91f31a7d2b083fe6ef3fa267035b518369d9511ffab804f839851d2779/pluggy-1.6.0.tar.gz", hash = "sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3", size = 69412, upload-time = "2025-05-15T12:30:07.975Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/54/20/4d324d65cc6d9205fabedc306948156824eb9f0ee1633355a8f7ec5c66bf/pluggy-1.6.0-py3-none-any.whl", hash = "sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746", size = 20538, upload-time = "2025-05-15T12:30:06.134Z" }, +] + +[[package]] +name = "policy-deployment-engine" +version = "0.1.0" +source = { editable = "." } +dependencies = [ + { name = "pydantic" }, +] + +[package.optional-dependencies] +dev = [ + { name = "jsonschema" }, + { name = "pytest" }, + { name = "pytest-cov" }, +] +docgen = [ + { name = "pydantic" }, + { name = "pyyaml" }, +] + +[package.dev-dependencies] +dev = [ + { name = "jsonschema" }, +] + +[package.metadata] +requires-dist = [ + { name = "jsonschema", marker = "extra == 'dev'", specifier = ">=4.0.0" }, + { name = "pydantic", specifier = ">=2.12.4" }, + { name = "pydantic", marker = "extra == 'docgen'", specifier = ">=2.0.0" }, + { name = "pytest", marker = "extra == 'dev'", specifier = ">=8.0.0" }, + { name = "pytest-cov", marker = "extra == 'dev'", specifier = ">=4.1.0" }, + { name = "pyyaml", marker = "extra == 'docgen'", specifier = ">=6.0.0" }, +] +provides-extras = ["dev", "docgen"] + +[package.metadata.requires-dev] +dev = [{ name = "jsonschema", specifier = ">=4.25.1" }] + +[[package]] +name = "pydantic" +version = "2.12.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "annotated-types" }, + { name = "pydantic-core" }, + { name = "typing-extensions" }, + { name = "typing-inspection" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/69/44/36f1a6e523abc58ae5f928898e4aca2e0ea509b5aa6f6f392a5d882be928/pydantic-2.12.5.tar.gz", hash = "sha256:4d351024c75c0f085a9febbb665ce8c0c6ec5d30e903bdb6394b7ede26aebb49", size = 821591, upload-time = "2025-11-26T15:11:46.471Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/5a/87/b70ad306ebb6f9b585f114d0ac2137d792b48be34d732d60e597c2f8465a/pydantic-2.12.5-py3-none-any.whl", hash = "sha256:e561593fccf61e8a20fc46dfc2dfe075b8be7d0188df33f221ad1f0139180f9d", size = 463580, upload-time = "2025-11-26T15:11:44.605Z" }, +] + +[[package]] +name = "pydantic-core" +version = "2.41.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/71/70/23b021c950c2addd24ec408e9ab05d59b035b39d97cdc1130e1bce647bb6/pydantic_core-2.41.5.tar.gz", hash = "sha256:08daa51ea16ad373ffd5e7606252cc32f07bc72b28284b6bc9c6df804816476e", size = 460952, upload-time = "2025-11-04T13:43:49.098Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e8/72/74a989dd9f2084b3d9530b0915fdda64ac48831c30dbf7c72a41a5232db8/pydantic_core-2.41.5-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:a3a52f6156e73e7ccb0f8cced536adccb7042be67cb45f9562e12b319c119da6", size = 2105873, upload-time = "2025-11-04T13:39:31.373Z" }, + { url = "https://files.pythonhosted.org/packages/12/44/37e403fd9455708b3b942949e1d7febc02167662bf1a7da5b78ee1ea2842/pydantic_core-2.41.5-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7f3bf998340c6d4b0c9a2f02d6a400e51f123b59565d74dc60d252ce888c260b", size = 1899826, upload-time = "2025-11-04T13:39:32.897Z" }, + { url = "https://files.pythonhosted.org/packages/33/7f/1d5cab3ccf44c1935a359d51a8a2a9e1a654b744b5e7f80d41b88d501eec/pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:378bec5c66998815d224c9ca994f1e14c0c21cb95d2f52b6021cc0b2a58f2a5a", size = 1917869, upload-time = "2025-11-04T13:39:34.469Z" }, + { url = "https://files.pythonhosted.org/packages/6e/6a/30d94a9674a7fe4f4744052ed6c5e083424510be1e93da5bc47569d11810/pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e7b576130c69225432866fe2f4a469a85a54ade141d96fd396dffcf607b558f8", size = 2063890, upload-time = "2025-11-04T13:39:36.053Z" }, + { url = "https://files.pythonhosted.org/packages/50/be/76e5d46203fcb2750e542f32e6c371ffa9b8ad17364cf94bb0818dbfb50c/pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:6cb58b9c66f7e4179a2d5e0f849c48eff5c1fca560994d6eb6543abf955a149e", size = 2229740, upload-time = "2025-11-04T13:39:37.753Z" }, + { url = "https://files.pythonhosted.org/packages/d3/ee/fed784df0144793489f87db310a6bbf8118d7b630ed07aa180d6067e653a/pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:88942d3a3dff3afc8288c21e565e476fc278902ae4d6d134f1eeda118cc830b1", size = 2350021, upload-time = "2025-11-04T13:39:40.94Z" }, + { url = "https://files.pythonhosted.org/packages/c8/be/8fed28dd0a180dca19e72c233cbf58efa36df055e5b9d90d64fd1740b828/pydantic_core-2.41.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f31d95a179f8d64d90f6831d71fa93290893a33148d890ba15de25642c5d075b", size = 2066378, upload-time = "2025-11-04T13:39:42.523Z" }, + { url = "https://files.pythonhosted.org/packages/b0/3b/698cf8ae1d536a010e05121b4958b1257f0b5522085e335360e53a6b1c8b/pydantic_core-2.41.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:c1df3d34aced70add6f867a8cf413e299177e0c22660cc767218373d0779487b", size = 2175761, upload-time = "2025-11-04T13:39:44.553Z" }, + { url = "https://files.pythonhosted.org/packages/b8/ba/15d537423939553116dea94ce02f9c31be0fa9d0b806d427e0308ec17145/pydantic_core-2.41.5-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:4009935984bd36bd2c774e13f9a09563ce8de4abaa7226f5108262fa3e637284", size = 2146303, upload-time = "2025-11-04T13:39:46.238Z" }, + { url = "https://files.pythonhosted.org/packages/58/7f/0de669bf37d206723795f9c90c82966726a2ab06c336deba4735b55af431/pydantic_core-2.41.5-cp311-cp311-musllinux_1_1_armv7l.whl", hash = "sha256:34a64bc3441dc1213096a20fe27e8e128bd3ff89921706e83c0b1ac971276594", size = 2340355, upload-time = "2025-11-04T13:39:48.002Z" }, + { url = "https://files.pythonhosted.org/packages/e5/de/e7482c435b83d7e3c3ee5ee4451f6e8973cff0eb6007d2872ce6383f6398/pydantic_core-2.41.5-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:c9e19dd6e28fdcaa5a1de679aec4141f691023916427ef9bae8584f9c2fb3b0e", size = 2319875, upload-time = "2025-11-04T13:39:49.705Z" }, + { url = "https://files.pythonhosted.org/packages/fe/e6/8c9e81bb6dd7560e33b9053351c29f30c8194b72f2d6932888581f503482/pydantic_core-2.41.5-cp311-cp311-win32.whl", hash = "sha256:2c010c6ded393148374c0f6f0bf89d206bf3217f201faa0635dcd56bd1520f6b", size = 1987549, upload-time = "2025-11-04T13:39:51.842Z" }, + { url = "https://files.pythonhosted.org/packages/11/66/f14d1d978ea94d1bc21fc98fcf570f9542fe55bfcc40269d4e1a21c19bf7/pydantic_core-2.41.5-cp311-cp311-win_amd64.whl", hash = "sha256:76ee27c6e9c7f16f47db7a94157112a2f3a00e958bc626e2f4ee8bec5c328fbe", size = 2011305, upload-time = "2025-11-04T13:39:53.485Z" }, + { url = "https://files.pythonhosted.org/packages/56/d8/0e271434e8efd03186c5386671328154ee349ff0354d83c74f5caaf096ed/pydantic_core-2.41.5-cp311-cp311-win_arm64.whl", hash = "sha256:4bc36bbc0b7584de96561184ad7f012478987882ebf9f9c389b23f432ea3d90f", size = 1972902, upload-time = "2025-11-04T13:39:56.488Z" }, + { url = "https://files.pythonhosted.org/packages/5f/5d/5f6c63eebb5afee93bcaae4ce9a898f3373ca23df3ccaef086d0233a35a7/pydantic_core-2.41.5-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:f41a7489d32336dbf2199c8c0a215390a751c5b014c2c1c5366e817202e9cdf7", size = 2110990, upload-time = "2025-11-04T13:39:58.079Z" }, + { url = "https://files.pythonhosted.org/packages/aa/32/9c2e8ccb57c01111e0fd091f236c7b371c1bccea0fa85247ac55b1e2b6b6/pydantic_core-2.41.5-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:070259a8818988b9a84a449a2a7337c7f430a22acc0859c6b110aa7212a6d9c0", size = 1896003, upload-time = "2025-11-04T13:39:59.956Z" }, + { url = "https://files.pythonhosted.org/packages/68/b8/a01b53cb0e59139fbc9e4fda3e9724ede8de279097179be4ff31f1abb65a/pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e96cea19e34778f8d59fe40775a7a574d95816eb150850a85a7a4c8f4b94ac69", size = 1919200, upload-time = "2025-11-04T13:40:02.241Z" }, + { url = "https://files.pythonhosted.org/packages/38/de/8c36b5198a29bdaade07b5985e80a233a5ac27137846f3bc2d3b40a47360/pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ed2e99c456e3fadd05c991f8f437ef902e00eedf34320ba2b0842bd1c3ca3a75", size = 2052578, upload-time = "2025-11-04T13:40:04.401Z" }, + { url = "https://files.pythonhosted.org/packages/00/b5/0e8e4b5b081eac6cb3dbb7e60a65907549a1ce035a724368c330112adfdd/pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:65840751b72fbfd82c3c640cff9284545342a4f1eb1586ad0636955b261b0b05", size = 2208504, upload-time = "2025-11-04T13:40:06.072Z" }, + { url = "https://files.pythonhosted.org/packages/77/56/87a61aad59c7c5b9dc8caad5a41a5545cba3810c3e828708b3d7404f6cef/pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e536c98a7626a98feb2d3eaf75944ef6f3dbee447e1f841eae16f2f0a72d8ddc", size = 2335816, upload-time = "2025-11-04T13:40:07.835Z" }, + { url = "https://files.pythonhosted.org/packages/0d/76/941cc9f73529988688a665a5c0ecff1112b3d95ab48f81db5f7606f522d3/pydantic_core-2.41.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:eceb81a8d74f9267ef4081e246ffd6d129da5d87e37a77c9bde550cb04870c1c", size = 2075366, upload-time = "2025-11-04T13:40:09.804Z" }, + { url = "https://files.pythonhosted.org/packages/d3/43/ebef01f69baa07a482844faaa0a591bad1ef129253ffd0cdaa9d8a7f72d3/pydantic_core-2.41.5-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d38548150c39b74aeeb0ce8ee1d8e82696f4a4e16ddc6de7b1d8823f7de4b9b5", size = 2171698, upload-time = "2025-11-04T13:40:12.004Z" }, + { url = "https://files.pythonhosted.org/packages/b1/87/41f3202e4193e3bacfc2c065fab7706ebe81af46a83d3e27605029c1f5a6/pydantic_core-2.41.5-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:c23e27686783f60290e36827f9c626e63154b82b116d7fe9adba1fda36da706c", size = 2132603, upload-time = "2025-11-04T13:40:13.868Z" }, + { url = "https://files.pythonhosted.org/packages/49/7d/4c00df99cb12070b6bccdef4a195255e6020a550d572768d92cc54dba91a/pydantic_core-2.41.5-cp312-cp312-musllinux_1_1_armv7l.whl", hash = "sha256:482c982f814460eabe1d3bb0adfdc583387bd4691ef00b90575ca0d2b6fe2294", size = 2329591, upload-time = "2025-11-04T13:40:15.672Z" }, + { url = "https://files.pythonhosted.org/packages/cc/6a/ebf4b1d65d458f3cda6a7335d141305dfa19bdc61140a884d165a8a1bbc7/pydantic_core-2.41.5-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:bfea2a5f0b4d8d43adf9d7b8bf019fb46fdd10a2e5cde477fbcb9d1fa08c68e1", size = 2319068, upload-time = "2025-11-04T13:40:17.532Z" }, + { url = "https://files.pythonhosted.org/packages/49/3b/774f2b5cd4192d5ab75870ce4381fd89cf218af999515baf07e7206753f0/pydantic_core-2.41.5-cp312-cp312-win32.whl", hash = "sha256:b74557b16e390ec12dca509bce9264c3bbd128f8a2c376eaa68003d7f327276d", size = 1985908, upload-time = "2025-11-04T13:40:19.309Z" }, + { url = "https://files.pythonhosted.org/packages/86/45/00173a033c801cacf67c190fef088789394feaf88a98a7035b0e40d53dc9/pydantic_core-2.41.5-cp312-cp312-win_amd64.whl", hash = "sha256:1962293292865bca8e54702b08a4f26da73adc83dd1fcf26fbc875b35d81c815", size = 2020145, upload-time = "2025-11-04T13:40:21.548Z" }, + { url = "https://files.pythonhosted.org/packages/f9/22/91fbc821fa6d261b376a3f73809f907cec5ca6025642c463d3488aad22fb/pydantic_core-2.41.5-cp312-cp312-win_arm64.whl", hash = "sha256:1746d4a3d9a794cacae06a5eaaccb4b8643a131d45fbc9af23e353dc0a5ba5c3", size = 1976179, upload-time = "2025-11-04T13:40:23.393Z" }, + { url = "https://files.pythonhosted.org/packages/87/06/8806241ff1f70d9939f9af039c6c35f2360cf16e93c2ca76f184e76b1564/pydantic_core-2.41.5-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:941103c9be18ac8daf7b7adca8228f8ed6bb7a1849020f643b3a14d15b1924d9", size = 2120403, upload-time = "2025-11-04T13:40:25.248Z" }, + { url = "https://files.pythonhosted.org/packages/94/02/abfa0e0bda67faa65fef1c84971c7e45928e108fe24333c81f3bfe35d5f5/pydantic_core-2.41.5-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:112e305c3314f40c93998e567879e887a3160bb8689ef3d2c04b6cc62c33ac34", size = 1896206, upload-time = "2025-11-04T13:40:27.099Z" }, + { url = "https://files.pythonhosted.org/packages/15/df/a4c740c0943e93e6500f9eb23f4ca7ec9bf71b19e608ae5b579678c8d02f/pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0cbaad15cb0c90aa221d43c00e77bb33c93e8d36e0bf74760cd00e732d10a6a0", size = 1919307, upload-time = "2025-11-04T13:40:29.806Z" }, + { url = "https://files.pythonhosted.org/packages/9a/e3/6324802931ae1d123528988e0e86587c2072ac2e5394b4bc2bc34b61ff6e/pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:03ca43e12fab6023fc79d28ca6b39b05f794ad08ec2feccc59a339b02f2b3d33", size = 2063258, upload-time = "2025-11-04T13:40:33.544Z" }, + { url = "https://files.pythonhosted.org/packages/c9/d4/2230d7151d4957dd79c3044ea26346c148c98fbf0ee6ebd41056f2d62ab5/pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:dc799088c08fa04e43144b164feb0c13f9a0bc40503f8df3e9fde58a3c0c101e", size = 2214917, upload-time = "2025-11-04T13:40:35.479Z" }, + { url = "https://files.pythonhosted.org/packages/e6/9f/eaac5df17a3672fef0081b6c1bb0b82b33ee89aa5cec0d7b05f52fd4a1fa/pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:97aeba56665b4c3235a0e52b2c2f5ae9cd071b8a8310ad27bddb3f7fb30e9aa2", size = 2332186, upload-time = "2025-11-04T13:40:37.436Z" }, + { url = "https://files.pythonhosted.org/packages/cf/4e/35a80cae583a37cf15604b44240e45c05e04e86f9cfd766623149297e971/pydantic_core-2.41.5-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:406bf18d345822d6c21366031003612b9c77b3e29ffdb0f612367352aab7d586", size = 2073164, upload-time = "2025-11-04T13:40:40.289Z" }, + { url = "https://files.pythonhosted.org/packages/bf/e3/f6e262673c6140dd3305d144d032f7bd5f7497d3871c1428521f19f9efa2/pydantic_core-2.41.5-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:b93590ae81f7010dbe380cdeab6f515902ebcbefe0b9327cc4804d74e93ae69d", size = 2179146, upload-time = "2025-11-04T13:40:42.809Z" }, + { url = "https://files.pythonhosted.org/packages/75/c7/20bd7fc05f0c6ea2056a4565c6f36f8968c0924f19b7d97bbfea55780e73/pydantic_core-2.41.5-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:01a3d0ab748ee531f4ea6c3e48ad9dac84ddba4b0d82291f87248f2f9de8d740", size = 2137788, upload-time = "2025-11-04T13:40:44.752Z" }, + { url = "https://files.pythonhosted.org/packages/3a/8d/34318ef985c45196e004bc46c6eab2eda437e744c124ef0dbe1ff2c9d06b/pydantic_core-2.41.5-cp313-cp313-musllinux_1_1_armv7l.whl", hash = "sha256:6561e94ba9dacc9c61bce40e2d6bdc3bfaa0259d3ff36ace3b1e6901936d2e3e", size = 2340133, upload-time = "2025-11-04T13:40:46.66Z" }, + { url = "https://files.pythonhosted.org/packages/9c/59/013626bf8c78a5a5d9350d12e7697d3d4de951a75565496abd40ccd46bee/pydantic_core-2.41.5-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:915c3d10f81bec3a74fbd4faebe8391013ba61e5a1a8d48c4455b923bdda7858", size = 2324852, upload-time = "2025-11-04T13:40:48.575Z" }, + { url = "https://files.pythonhosted.org/packages/1a/d9/c248c103856f807ef70c18a4f986693a46a8ffe1602e5d361485da502d20/pydantic_core-2.41.5-cp313-cp313-win32.whl", hash = "sha256:650ae77860b45cfa6e2cdafc42618ceafab3a2d9a3811fcfbd3bbf8ac3c40d36", size = 1994679, upload-time = "2025-11-04T13:40:50.619Z" }, + { url = "https://files.pythonhosted.org/packages/9e/8b/341991b158ddab181cff136acd2552c9f35bd30380422a639c0671e99a91/pydantic_core-2.41.5-cp313-cp313-win_amd64.whl", hash = "sha256:79ec52ec461e99e13791ec6508c722742ad745571f234ea6255bed38c6480f11", size = 2019766, upload-time = "2025-11-04T13:40:52.631Z" }, + { url = "https://files.pythonhosted.org/packages/73/7d/f2f9db34af103bea3e09735bb40b021788a5e834c81eedb541991badf8f5/pydantic_core-2.41.5-cp313-cp313-win_arm64.whl", hash = "sha256:3f84d5c1b4ab906093bdc1ff10484838aca54ef08de4afa9de0f5f14d69639cd", size = 1981005, upload-time = "2025-11-04T13:40:54.734Z" }, + { url = "https://files.pythonhosted.org/packages/ea/28/46b7c5c9635ae96ea0fbb779e271a38129df2550f763937659ee6c5dbc65/pydantic_core-2.41.5-cp314-cp314-macosx_10_12_x86_64.whl", hash = "sha256:3f37a19d7ebcdd20b96485056ba9e8b304e27d9904d233d7b1015db320e51f0a", size = 2119622, upload-time = "2025-11-04T13:40:56.68Z" }, + { url = "https://files.pythonhosted.org/packages/74/1a/145646e5687e8d9a1e8d09acb278c8535ebe9e972e1f162ed338a622f193/pydantic_core-2.41.5-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:1d1d9764366c73f996edd17abb6d9d7649a7eb690006ab6adbda117717099b14", size = 1891725, upload-time = "2025-11-04T13:40:58.807Z" }, + { url = "https://files.pythonhosted.org/packages/23/04/e89c29e267b8060b40dca97bfc64a19b2a3cf99018167ea1677d96368273/pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:25e1c2af0fce638d5f1988b686f3b3ea8cd7de5f244ca147c777769e798a9cd1", size = 1915040, upload-time = "2025-11-04T13:41:00.853Z" }, + { url = "https://files.pythonhosted.org/packages/84/a3/15a82ac7bd97992a82257f777b3583d3e84bdb06ba6858f745daa2ec8a85/pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:506d766a8727beef16b7adaeb8ee6217c64fc813646b424d0804d67c16eddb66", size = 2063691, upload-time = "2025-11-04T13:41:03.504Z" }, + { url = "https://files.pythonhosted.org/packages/74/9b/0046701313c6ef08c0c1cf0e028c67c770a4e1275ca73131563c5f2a310a/pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:4819fa52133c9aa3c387b3328f25c1facc356491e6135b459f1de698ff64d869", size = 2213897, upload-time = "2025-11-04T13:41:05.804Z" }, + { url = "https://files.pythonhosted.org/packages/8a/cd/6bac76ecd1b27e75a95ca3a9a559c643b3afcd2dd62086d4b7a32a18b169/pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2b761d210c9ea91feda40d25b4efe82a1707da2ef62901466a42492c028553a2", size = 2333302, upload-time = "2025-11-04T13:41:07.809Z" }, + { url = "https://files.pythonhosted.org/packages/4c/d2/ef2074dc020dd6e109611a8be4449b98cd25e1b9b8a303c2f0fca2f2bcf7/pydantic_core-2.41.5-cp314-cp314-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:22f0fb8c1c583a3b6f24df2470833b40207e907b90c928cc8d3594b76f874375", size = 2064877, upload-time = "2025-11-04T13:41:09.827Z" }, + { url = "https://files.pythonhosted.org/packages/18/66/e9db17a9a763d72f03de903883c057b2592c09509ccfe468187f2a2eef29/pydantic_core-2.41.5-cp314-cp314-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:2782c870e99878c634505236d81e5443092fba820f0373997ff75f90f68cd553", size = 2180680, upload-time = "2025-11-04T13:41:12.379Z" }, + { url = "https://files.pythonhosted.org/packages/d3/9e/3ce66cebb929f3ced22be85d4c2399b8e85b622db77dad36b73c5387f8f8/pydantic_core-2.41.5-cp314-cp314-musllinux_1_1_aarch64.whl", hash = "sha256:0177272f88ab8312479336e1d777f6b124537d47f2123f89cb37e0accea97f90", size = 2138960, upload-time = "2025-11-04T13:41:14.627Z" }, + { url = "https://files.pythonhosted.org/packages/a6/62/205a998f4327d2079326b01abee48e502ea739d174f0a89295c481a2272e/pydantic_core-2.41.5-cp314-cp314-musllinux_1_1_armv7l.whl", hash = "sha256:63510af5e38f8955b8ee5687740d6ebf7c2a0886d15a6d65c32814613681bc07", size = 2339102, upload-time = "2025-11-04T13:41:16.868Z" }, + { url = "https://files.pythonhosted.org/packages/3c/0d/f05e79471e889d74d3d88f5bd20d0ed189ad94c2423d81ff8d0000aab4ff/pydantic_core-2.41.5-cp314-cp314-musllinux_1_1_x86_64.whl", hash = "sha256:e56ba91f47764cc14f1daacd723e3e82d1a89d783f0f5afe9c364b8bb491ccdb", size = 2326039, upload-time = "2025-11-04T13:41:18.934Z" }, + { url = "https://files.pythonhosted.org/packages/ec/e1/e08a6208bb100da7e0c4b288eed624a703f4d129bde2da475721a80cab32/pydantic_core-2.41.5-cp314-cp314-win32.whl", hash = "sha256:aec5cf2fd867b4ff45b9959f8b20ea3993fc93e63c7363fe6851424c8a7e7c23", size = 1995126, upload-time = "2025-11-04T13:41:21.418Z" }, + { url = "https://files.pythonhosted.org/packages/48/5d/56ba7b24e9557f99c9237e29f5c09913c81eeb2f3217e40e922353668092/pydantic_core-2.41.5-cp314-cp314-win_amd64.whl", hash = "sha256:8e7c86f27c585ef37c35e56a96363ab8de4e549a95512445b85c96d3e2f7c1bf", size = 2015489, upload-time = "2025-11-04T13:41:24.076Z" }, + { url = "https://files.pythonhosted.org/packages/4e/bb/f7a190991ec9e3e0ba22e4993d8755bbc4a32925c0b5b42775c03e8148f9/pydantic_core-2.41.5-cp314-cp314-win_arm64.whl", hash = "sha256:e672ba74fbc2dc8eea59fb6d4aed6845e6905fc2a8afe93175d94a83ba2a01a0", size = 1977288, upload-time = "2025-11-04T13:41:26.33Z" }, + { url = "https://files.pythonhosted.org/packages/92/ed/77542d0c51538e32e15afe7899d79efce4b81eee631d99850edc2f5e9349/pydantic_core-2.41.5-cp314-cp314t-macosx_10_12_x86_64.whl", hash = "sha256:8566def80554c3faa0e65ac30ab0932b9e3a5cd7f8323764303d468e5c37595a", size = 2120255, upload-time = "2025-11-04T13:41:28.569Z" }, + { url = "https://files.pythonhosted.org/packages/bb/3d/6913dde84d5be21e284439676168b28d8bbba5600d838b9dca99de0fad71/pydantic_core-2.41.5-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:b80aa5095cd3109962a298ce14110ae16b8c1aece8b72f9dafe81cf597ad80b3", size = 1863760, upload-time = "2025-11-04T13:41:31.055Z" }, + { url = "https://files.pythonhosted.org/packages/5a/f0/e5e6b99d4191da102f2b0eb9687aaa7f5bea5d9964071a84effc3e40f997/pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3006c3dd9ba34b0c094c544c6006cc79e87d8612999f1a5d43b769b89181f23c", size = 1878092, upload-time = "2025-11-04T13:41:33.21Z" }, + { url = "https://files.pythonhosted.org/packages/71/48/36fb760642d568925953bcc8116455513d6e34c4beaa37544118c36aba6d/pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:72f6c8b11857a856bcfa48c86f5368439f74453563f951e473514579d44aa612", size = 2053385, upload-time = "2025-11-04T13:41:35.508Z" }, + { url = "https://files.pythonhosted.org/packages/20/25/92dc684dd8eb75a234bc1c764b4210cf2646479d54b47bf46061657292a8/pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5cb1b2f9742240e4bb26b652a5aeb840aa4b417c7748b6f8387927bc6e45e40d", size = 2218832, upload-time = "2025-11-04T13:41:37.732Z" }, + { url = "https://files.pythonhosted.org/packages/e2/09/f53e0b05023d3e30357d82eb35835d0f6340ca344720a4599cd663dca599/pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:bd3d54f38609ff308209bd43acea66061494157703364ae40c951f83ba99a1a9", size = 2327585, upload-time = "2025-11-04T13:41:40Z" }, + { url = "https://files.pythonhosted.org/packages/aa/4e/2ae1aa85d6af35a39b236b1b1641de73f5a6ac4d5a7509f77b814885760c/pydantic_core-2.41.5-cp314-cp314t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2ff4321e56e879ee8d2a879501c8e469414d948f4aba74a2d4593184eb326660", size = 2041078, upload-time = "2025-11-04T13:41:42.323Z" }, + { url = "https://files.pythonhosted.org/packages/cd/13/2e215f17f0ef326fc72afe94776edb77525142c693767fc347ed6288728d/pydantic_core-2.41.5-cp314-cp314t-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d0d2568a8c11bf8225044aa94409e21da0cb09dcdafe9ecd10250b2baad531a9", size = 2173914, upload-time = "2025-11-04T13:41:45.221Z" }, + { url = "https://files.pythonhosted.org/packages/02/7a/f999a6dcbcd0e5660bc348a3991c8915ce6599f4f2c6ac22f01d7a10816c/pydantic_core-2.41.5-cp314-cp314t-musllinux_1_1_aarch64.whl", hash = "sha256:a39455728aabd58ceabb03c90e12f71fd30fa69615760a075b9fec596456ccc3", size = 2129560, upload-time = "2025-11-04T13:41:47.474Z" }, + { url = "https://files.pythonhosted.org/packages/3a/b1/6c990ac65e3b4c079a4fb9f5b05f5b013afa0f4ed6780a3dd236d2cbdc64/pydantic_core-2.41.5-cp314-cp314t-musllinux_1_1_armv7l.whl", hash = "sha256:239edca560d05757817c13dc17c50766136d21f7cd0fac50295499ae24f90fdf", size = 2329244, upload-time = "2025-11-04T13:41:49.992Z" }, + { url = "https://files.pythonhosted.org/packages/d9/02/3c562f3a51afd4d88fff8dffb1771b30cfdfd79befd9883ee094f5b6c0d8/pydantic_core-2.41.5-cp314-cp314t-musllinux_1_1_x86_64.whl", hash = "sha256:2a5e06546e19f24c6a96a129142a75cee553cc018ffee48a460059b1185f4470", size = 2331955, upload-time = "2025-11-04T13:41:54.079Z" }, + { url = "https://files.pythonhosted.org/packages/5c/96/5fb7d8c3c17bc8c62fdb031c47d77a1af698f1d7a406b0f79aaa1338f9ad/pydantic_core-2.41.5-cp314-cp314t-win32.whl", hash = "sha256:b4ececa40ac28afa90871c2cc2b9ffd2ff0bf749380fbdf57d165fd23da353aa", size = 1988906, upload-time = "2025-11-04T13:41:56.606Z" }, + { url = "https://files.pythonhosted.org/packages/22/ed/182129d83032702912c2e2d8bbe33c036f342cc735737064668585dac28f/pydantic_core-2.41.5-cp314-cp314t-win_amd64.whl", hash = "sha256:80aa89cad80b32a912a65332f64a4450ed00966111b6615ca6816153d3585a8c", size = 1981607, upload-time = "2025-11-04T13:41:58.889Z" }, + { url = "https://files.pythonhosted.org/packages/9f/ed/068e41660b832bb0b1aa5b58011dea2a3fe0ba7861ff38c4d4904c1c1a99/pydantic_core-2.41.5-cp314-cp314t-win_arm64.whl", hash = "sha256:35b44f37a3199f771c3eaa53051bc8a70cd7b54f333531c59e29fd4db5d15008", size = 1974769, upload-time = "2025-11-04T13:42:01.186Z" }, + { url = "https://files.pythonhosted.org/packages/11/72/90fda5ee3b97e51c494938a4a44c3a35a9c96c19bba12372fb9c634d6f57/pydantic_core-2.41.5-graalpy311-graalpy242_311_native-macosx_10_12_x86_64.whl", hash = "sha256:b96d5f26b05d03cc60f11a7761a5ded1741da411e7fe0909e27a5e6a0cb7b034", size = 2115441, upload-time = "2025-11-04T13:42:39.557Z" }, + { url = "https://files.pythonhosted.org/packages/1f/53/8942f884fa33f50794f119012dc6a1a02ac43a56407adaac20463df8e98f/pydantic_core-2.41.5-graalpy311-graalpy242_311_native-macosx_11_0_arm64.whl", hash = "sha256:634e8609e89ceecea15e2d61bc9ac3718caaaa71963717bf3c8f38bfde64242c", size = 1930291, upload-time = "2025-11-04T13:42:42.169Z" }, + { url = "https://files.pythonhosted.org/packages/79/c8/ecb9ed9cd942bce09fc888ee960b52654fbdbede4ba6c2d6e0d3b1d8b49c/pydantic_core-2.41.5-graalpy311-graalpy242_311_native-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:93e8740d7503eb008aa2df04d3b9735f845d43ae845e6dcd2be0b55a2da43cd2", size = 1948632, upload-time = "2025-11-04T13:42:44.564Z" }, + { url = "https://files.pythonhosted.org/packages/2e/1b/687711069de7efa6af934e74f601e2a4307365e8fdc404703afc453eab26/pydantic_core-2.41.5-graalpy311-graalpy242_311_native-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f15489ba13d61f670dcc96772e733aad1a6f9c429cc27574c6cdaed82d0146ad", size = 2138905, upload-time = "2025-11-04T13:42:47.156Z" }, + { url = "https://files.pythonhosted.org/packages/09/32/59b0c7e63e277fa7911c2fc70ccfb45ce4b98991e7ef37110663437005af/pydantic_core-2.41.5-graalpy312-graalpy250_312_native-macosx_10_12_x86_64.whl", hash = "sha256:7da7087d756b19037bc2c06edc6c170eeef3c3bafcb8f532ff17d64dc427adfd", size = 2110495, upload-time = "2025-11-04T13:42:49.689Z" }, + { url = "https://files.pythonhosted.org/packages/aa/81/05e400037eaf55ad400bcd318c05bb345b57e708887f07ddb2d20e3f0e98/pydantic_core-2.41.5-graalpy312-graalpy250_312_native-macosx_11_0_arm64.whl", hash = "sha256:aabf5777b5c8ca26f7824cb4a120a740c9588ed58df9b2d196ce92fba42ff8dc", size = 1915388, upload-time = "2025-11-04T13:42:52.215Z" }, + { url = "https://files.pythonhosted.org/packages/6e/0d/e3549b2399f71d56476b77dbf3cf8937cec5cd70536bdc0e374a421d0599/pydantic_core-2.41.5-graalpy312-graalpy250_312_native-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c007fe8a43d43b3969e8469004e9845944f1a80e6acd47c150856bb87f230c56", size = 1942879, upload-time = "2025-11-04T13:42:56.483Z" }, + { url = "https://files.pythonhosted.org/packages/f7/07/34573da085946b6a313d7c42f82f16e8920bfd730665de2d11c0c37a74b5/pydantic_core-2.41.5-graalpy312-graalpy250_312_native-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:76d0819de158cd855d1cbb8fcafdf6f5cf1eb8e470abe056d5d161106e38062b", size = 2139017, upload-time = "2025-11-04T13:42:59.471Z" }, + { url = "https://files.pythonhosted.org/packages/5f/9b/1b3f0e9f9305839d7e84912f9e8bfbd191ed1b1ef48083609f0dabde978c/pydantic_core-2.41.5-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:b2379fa7ed44ddecb5bfe4e48577d752db9fc10be00a6b7446e9663ba143de26", size = 2101980, upload-time = "2025-11-04T13:43:25.97Z" }, + { url = "https://files.pythonhosted.org/packages/a4/ed/d71fefcb4263df0da6a85b5d8a7508360f2f2e9b3bf5814be9c8bccdccc1/pydantic_core-2.41.5-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:266fb4cbf5e3cbd0b53669a6d1b039c45e3ce651fd5442eff4d07c2cc8d66808", size = 1923865, upload-time = "2025-11-04T13:43:28.763Z" }, + { url = "https://files.pythonhosted.org/packages/ce/3a/626b38db460d675f873e4444b4bb030453bbe7b4ba55df821d026a0493c4/pydantic_core-2.41.5-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:58133647260ea01e4d0500089a8c4f07bd7aa6ce109682b1426394988d8aaacc", size = 2134256, upload-time = "2025-11-04T13:43:31.71Z" }, + { url = "https://files.pythonhosted.org/packages/83/d9/8412d7f06f616bbc053d30cb4e5f76786af3221462ad5eee1f202021eb4e/pydantic_core-2.41.5-pp311-pypy311_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:287dad91cfb551c363dc62899a80e9e14da1f0e2b6ebde82c806612ca2a13ef1", size = 2174762, upload-time = "2025-11-04T13:43:34.744Z" }, + { url = "https://files.pythonhosted.org/packages/55/4c/162d906b8e3ba3a99354e20faa1b49a85206c47de97a639510a0e673f5da/pydantic_core-2.41.5-pp311-pypy311_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:03b77d184b9eb40240ae9fd676ca364ce1085f203e1b1256f8ab9984dca80a84", size = 2143141, upload-time = "2025-11-04T13:43:37.701Z" }, + { url = "https://files.pythonhosted.org/packages/1f/f2/f11dd73284122713f5f89fc940f370d035fa8e1e078d446b3313955157fe/pydantic_core-2.41.5-pp311-pypy311_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:a668ce24de96165bb239160b3d854943128f4334822900534f2fe947930e5770", size = 2330317, upload-time = "2025-11-04T13:43:40.406Z" }, + { url = "https://files.pythonhosted.org/packages/88/9d/b06ca6acfe4abb296110fb1273a4d848a0bfb2ff65f3ee92127b3244e16b/pydantic_core-2.41.5-pp311-pypy311_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:f14f8f046c14563f8eb3f45f499cc658ab8d10072961e07225e507adb700e93f", size = 2316992, upload-time = "2025-11-04T13:43:43.602Z" }, + { url = "https://files.pythonhosted.org/packages/36/c7/cfc8e811f061c841d7990b0201912c3556bfeb99cdcb7ed24adc8d6f8704/pydantic_core-2.41.5-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:56121965f7a4dc965bff783d70b907ddf3d57f6eba29b6d2e5dabfaf07799c51", size = 2145302, upload-time = "2025-11-04T13:43:46.64Z" }, +] + +[[package]] +name = "pygments" +version = "2.19.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b0/77/a5b8c569bf593b0140bde72ea885a803b82086995367bf2037de0159d924/pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887", size = 4968631, upload-time = "2025-06-21T13:39:12.283Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b", size = 1225217, upload-time = "2025-06-21T13:39:07.939Z" }, +] + +[[package]] +name = "pytest" +version = "9.0.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "colorama", marker = "sys_platform == 'win32'" }, + { name = "iniconfig" }, + { name = "packaging" }, + { name = "pluggy" }, + { name = "pygments" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/d1/db/7ef3487e0fb0049ddb5ce41d3a49c235bf9ad299b6a25d5780a89f19230f/pytest-9.0.2.tar.gz", hash = "sha256:75186651a92bd89611d1d9fc20f0b4345fd827c41ccd5c299a868a05d70edf11", size = 1568901, upload-time = "2025-12-06T21:30:51.014Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/3b/ab/b3226f0bd7cdcf710fbede2b3548584366da3b19b5021e74f5bde2a8fa3f/pytest-9.0.2-py3-none-any.whl", hash = "sha256:711ffd45bf766d5264d487b917733b453d917afd2b0ad65223959f59089f875b", size = 374801, upload-time = "2025-12-06T21:30:49.154Z" }, +] + +[[package]] +name = "pytest-cov" +version = "7.0.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "coverage", extra = ["toml"] }, + { name = "pluggy" }, + { name = "pytest" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/5e/f7/c933acc76f5208b3b00089573cf6a2bc26dc80a8aece8f52bb7d6b1855ca/pytest_cov-7.0.0.tar.gz", hash = "sha256:33c97eda2e049a0c5298e91f519302a1334c26ac65c1a483d6206fd458361af1", size = 54328, upload-time = "2025-09-09T10:57:02.113Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/ee/49/1377b49de7d0c1ce41292161ea0f721913fa8722c19fb9c1e3aa0367eecb/pytest_cov-7.0.0-py3-none-any.whl", hash = "sha256:3b8e9558b16cc1479da72058bdecf8073661c7f57f7d3c5f22a1c23507f2d861", size = 22424, upload-time = "2025-09-09T10:57:00.695Z" }, +] + +[[package]] +name = "pyyaml" +version = "6.0.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/05/8e/961c0007c59b8dd7729d542c61a4d537767a59645b82a0b521206e1e25c2/pyyaml-6.0.3.tar.gz", hash = "sha256:d76623373421df22fb4cf8817020cbb7ef15c725b9d5e45f17e189bfc384190f", size = 130960, upload-time = "2025-09-25T21:33:16.546Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/6d/16/a95b6757765b7b031c9374925bb718d55e0a9ba8a1b6a12d25962ea44347/pyyaml-6.0.3-cp311-cp311-macosx_10_13_x86_64.whl", hash = "sha256:44edc647873928551a01e7a563d7452ccdebee747728c1080d881d68af7b997e", size = 185826, upload-time = "2025-09-25T21:31:58.655Z" }, + { url = "https://files.pythonhosted.org/packages/16/19/13de8e4377ed53079ee996e1ab0a9c33ec2faf808a4647b7b4c0d46dd239/pyyaml-6.0.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:652cb6edd41e718550aad172851962662ff2681490a8a711af6a4d288dd96824", size = 175577, upload-time = "2025-09-25T21:32:00.088Z" }, + { url = "https://files.pythonhosted.org/packages/0c/62/d2eb46264d4b157dae1275b573017abec435397aa59cbcdab6fc978a8af4/pyyaml-6.0.3-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:10892704fc220243f5305762e276552a0395f7beb4dbf9b14ec8fd43b57f126c", size = 775556, upload-time = "2025-09-25T21:32:01.31Z" }, + { url = "https://files.pythonhosted.org/packages/10/cb/16c3f2cf3266edd25aaa00d6c4350381c8b012ed6f5276675b9eba8d9ff4/pyyaml-6.0.3-cp311-cp311-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:850774a7879607d3a6f50d36d04f00ee69e7fc816450e5f7e58d7f17f1ae5c00", size = 882114, upload-time = "2025-09-25T21:32:03.376Z" }, + { url = "https://files.pythonhosted.org/packages/71/60/917329f640924b18ff085ab889a11c763e0b573da888e8404ff486657602/pyyaml-6.0.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:b8bb0864c5a28024fac8a632c443c87c5aa6f215c0b126c449ae1a150412f31d", size = 806638, upload-time = "2025-09-25T21:32:04.553Z" }, + { url = "https://files.pythonhosted.org/packages/dd/6f/529b0f316a9fd167281a6c3826b5583e6192dba792dd55e3203d3f8e655a/pyyaml-6.0.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1d37d57ad971609cf3c53ba6a7e365e40660e3be0e5175fa9f2365a379d6095a", size = 767463, upload-time = "2025-09-25T21:32:06.152Z" }, + { url = "https://files.pythonhosted.org/packages/f2/6a/b627b4e0c1dd03718543519ffb2f1deea4a1e6d42fbab8021936a4d22589/pyyaml-6.0.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:37503bfbfc9d2c40b344d06b2199cf0e96e97957ab1c1b546fd4f87e53e5d3e4", size = 794986, upload-time = "2025-09-25T21:32:07.367Z" }, + { url = "https://files.pythonhosted.org/packages/45/91/47a6e1c42d9ee337c4839208f30d9f09caa9f720ec7582917b264defc875/pyyaml-6.0.3-cp311-cp311-win32.whl", hash = "sha256:8098f252adfa6c80ab48096053f512f2321f0b998f98150cea9bd23d83e1467b", size = 142543, upload-time = "2025-09-25T21:32:08.95Z" }, + { url = "https://files.pythonhosted.org/packages/da/e3/ea007450a105ae919a72393cb06f122f288ef60bba2dc64b26e2646fa315/pyyaml-6.0.3-cp311-cp311-win_amd64.whl", hash = "sha256:9f3bfb4965eb874431221a3ff3fdcddc7e74e3b07799e0e84ca4a0f867d449bf", size = 158763, upload-time = "2025-09-25T21:32:09.96Z" }, + { url = "https://files.pythonhosted.org/packages/d1/33/422b98d2195232ca1826284a76852ad5a86fe23e31b009c9886b2d0fb8b2/pyyaml-6.0.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:7f047e29dcae44602496db43be01ad42fc6f1cc0d8cd6c83d342306c32270196", size = 182063, upload-time = "2025-09-25T21:32:11.445Z" }, + { url = "https://files.pythonhosted.org/packages/89/a0/6cf41a19a1f2f3feab0e9c0b74134aa2ce6849093d5517a0c550fe37a648/pyyaml-6.0.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:fc09d0aa354569bc501d4e787133afc08552722d3ab34836a80547331bb5d4a0", size = 173973, upload-time = "2025-09-25T21:32:12.492Z" }, + { url = "https://files.pythonhosted.org/packages/ed/23/7a778b6bd0b9a8039df8b1b1d80e2e2ad78aa04171592c8a5c43a56a6af4/pyyaml-6.0.3-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:9149cad251584d5fb4981be1ecde53a1ca46c891a79788c0df828d2f166bda28", size = 775116, upload-time = "2025-09-25T21:32:13.652Z" }, + { url = "https://files.pythonhosted.org/packages/65/30/d7353c338e12baef4ecc1b09e877c1970bd3382789c159b4f89d6a70dc09/pyyaml-6.0.3-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:5fdec68f91a0c6739b380c83b951e2c72ac0197ace422360e6d5a959d8d97b2c", size = 844011, upload-time = "2025-09-25T21:32:15.21Z" }, + { url = "https://files.pythonhosted.org/packages/8b/9d/b3589d3877982d4f2329302ef98a8026e7f4443c765c46cfecc8858c6b4b/pyyaml-6.0.3-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:ba1cc08a7ccde2d2ec775841541641e4548226580ab850948cbfda66a1befcdc", size = 807870, upload-time = "2025-09-25T21:32:16.431Z" }, + { url = "https://files.pythonhosted.org/packages/05/c0/b3be26a015601b822b97d9149ff8cb5ead58c66f981e04fedf4e762f4bd4/pyyaml-6.0.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:8dc52c23056b9ddd46818a57b78404882310fb473d63f17b07d5c40421e47f8e", size = 761089, upload-time = "2025-09-25T21:32:17.56Z" }, + { url = "https://files.pythonhosted.org/packages/be/8e/98435a21d1d4b46590d5459a22d88128103f8da4c2d4cb8f14f2a96504e1/pyyaml-6.0.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:41715c910c881bc081f1e8872880d3c650acf13dfa8214bad49ed4cede7c34ea", size = 790181, upload-time = "2025-09-25T21:32:18.834Z" }, + { url = "https://files.pythonhosted.org/packages/74/93/7baea19427dcfbe1e5a372d81473250b379f04b1bd3c4c5ff825e2327202/pyyaml-6.0.3-cp312-cp312-win32.whl", hash = "sha256:96b533f0e99f6579b3d4d4995707cf36df9100d67e0c8303a0c55b27b5f99bc5", size = 137658, upload-time = "2025-09-25T21:32:20.209Z" }, + { url = "https://files.pythonhosted.org/packages/86/bf/899e81e4cce32febab4fb42bb97dcdf66bc135272882d1987881a4b519e9/pyyaml-6.0.3-cp312-cp312-win_amd64.whl", hash = "sha256:5fcd34e47f6e0b794d17de1b4ff496c00986e1c83f7ab2fb8fcfe9616ff7477b", size = 154003, upload-time = "2025-09-25T21:32:21.167Z" }, + { url = "https://files.pythonhosted.org/packages/1a/08/67bd04656199bbb51dbed1439b7f27601dfb576fb864099c7ef0c3e55531/pyyaml-6.0.3-cp312-cp312-win_arm64.whl", hash = "sha256:64386e5e707d03a7e172c0701abfb7e10f0fb753ee1d773128192742712a98fd", size = 140344, upload-time = "2025-09-25T21:32:22.617Z" }, + { url = "https://files.pythonhosted.org/packages/d1/11/0fd08f8192109f7169db964b5707a2f1e8b745d4e239b784a5a1dd80d1db/pyyaml-6.0.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:8da9669d359f02c0b91ccc01cac4a67f16afec0dac22c2ad09f46bee0697eba8", size = 181669, upload-time = "2025-09-25T21:32:23.673Z" }, + { url = "https://files.pythonhosted.org/packages/b1/16/95309993f1d3748cd644e02e38b75d50cbc0d9561d21f390a76242ce073f/pyyaml-6.0.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:2283a07e2c21a2aa78d9c4442724ec1eb15f5e42a723b99cb3d822d48f5f7ad1", size = 173252, upload-time = "2025-09-25T21:32:25.149Z" }, + { url = "https://files.pythonhosted.org/packages/50/31/b20f376d3f810b9b2371e72ef5adb33879b25edb7a6d072cb7ca0c486398/pyyaml-6.0.3-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee2922902c45ae8ccada2c5b501ab86c36525b883eff4255313a253a3160861c", size = 767081, upload-time = "2025-09-25T21:32:26.575Z" }, + { url = "https://files.pythonhosted.org/packages/49/1e/a55ca81e949270d5d4432fbbd19dfea5321eda7c41a849d443dc92fd1ff7/pyyaml-6.0.3-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:a33284e20b78bd4a18c8c2282d549d10bc8408a2a7ff57653c0cf0b9be0afce5", size = 841159, upload-time = "2025-09-25T21:32:27.727Z" }, + { url = "https://files.pythonhosted.org/packages/74/27/e5b8f34d02d9995b80abcef563ea1f8b56d20134d8f4e5e81733b1feceb2/pyyaml-6.0.3-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0f29edc409a6392443abf94b9cf89ce99889a1dd5376d94316ae5145dfedd5d6", size = 801626, upload-time = "2025-09-25T21:32:28.878Z" }, + { url = "https://files.pythonhosted.org/packages/f9/11/ba845c23988798f40e52ba45f34849aa8a1f2d4af4b798588010792ebad6/pyyaml-6.0.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:f7057c9a337546edc7973c0d3ba84ddcdf0daa14533c2065749c9075001090e6", size = 753613, upload-time = "2025-09-25T21:32:30.178Z" }, + { url = "https://files.pythonhosted.org/packages/3d/e0/7966e1a7bfc0a45bf0a7fb6b98ea03fc9b8d84fa7f2229e9659680b69ee3/pyyaml-6.0.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:eda16858a3cab07b80edaf74336ece1f986ba330fdb8ee0d6c0d68fe82bc96be", size = 794115, upload-time = "2025-09-25T21:32:31.353Z" }, + { url = "https://files.pythonhosted.org/packages/de/94/980b50a6531b3019e45ddeada0626d45fa85cbe22300844a7983285bed3b/pyyaml-6.0.3-cp313-cp313-win32.whl", hash = "sha256:d0eae10f8159e8fdad514efdc92d74fd8d682c933a6dd088030f3834bc8e6b26", size = 137427, upload-time = "2025-09-25T21:32:32.58Z" }, + { url = "https://files.pythonhosted.org/packages/97/c9/39d5b874e8b28845e4ec2202b5da735d0199dbe5b8fb85f91398814a9a46/pyyaml-6.0.3-cp313-cp313-win_amd64.whl", hash = "sha256:79005a0d97d5ddabfeeea4cf676af11e647e41d81c9a7722a193022accdb6b7c", size = 154090, upload-time = "2025-09-25T21:32:33.659Z" }, + { url = "https://files.pythonhosted.org/packages/73/e8/2bdf3ca2090f68bb3d75b44da7bbc71843b19c9f2b9cb9b0f4ab7a5a4329/pyyaml-6.0.3-cp313-cp313-win_arm64.whl", hash = "sha256:5498cd1645aa724a7c71c8f378eb29ebe23da2fc0d7a08071d89469bf1d2defb", size = 140246, upload-time = "2025-09-25T21:32:34.663Z" }, + { url = "https://files.pythonhosted.org/packages/9d/8c/f4bd7f6465179953d3ac9bc44ac1a8a3e6122cf8ada906b4f96c60172d43/pyyaml-6.0.3-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:8d1fab6bb153a416f9aeb4b8763bc0f22a5586065f86f7664fc23339fc1c1fac", size = 181814, upload-time = "2025-09-25T21:32:35.712Z" }, + { url = "https://files.pythonhosted.org/packages/bd/9c/4d95bb87eb2063d20db7b60faa3840c1b18025517ae857371c4dd55a6b3a/pyyaml-6.0.3-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:34d5fcd24b8445fadc33f9cf348c1047101756fd760b4dacb5c3e99755703310", size = 173809, upload-time = "2025-09-25T21:32:36.789Z" }, + { url = "https://files.pythonhosted.org/packages/92/b5/47e807c2623074914e29dabd16cbbdd4bf5e9b2db9f8090fa64411fc5382/pyyaml-6.0.3-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:501a031947e3a9025ed4405a168e6ef5ae3126c59f90ce0cd6f2bfc477be31b7", size = 766454, upload-time = "2025-09-25T21:32:37.966Z" }, + { url = "https://files.pythonhosted.org/packages/02/9e/e5e9b168be58564121efb3de6859c452fccde0ab093d8438905899a3a483/pyyaml-6.0.3-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:b3bc83488de33889877a0f2543ade9f70c67d66d9ebb4ac959502e12de895788", size = 836355, upload-time = "2025-09-25T21:32:39.178Z" }, + { url = "https://files.pythonhosted.org/packages/88/f9/16491d7ed2a919954993e48aa941b200f38040928474c9e85ea9e64222c3/pyyaml-6.0.3-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c458b6d084f9b935061bc36216e8a69a7e293a2f1e68bf956dcd9e6cbcd143f5", size = 794175, upload-time = "2025-09-25T21:32:40.865Z" }, + { url = "https://files.pythonhosted.org/packages/dd/3f/5989debef34dc6397317802b527dbbafb2b4760878a53d4166579111411e/pyyaml-6.0.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7c6610def4f163542a622a73fb39f534f8c101d690126992300bf3207eab9764", size = 755228, upload-time = "2025-09-25T21:32:42.084Z" }, + { url = "https://files.pythonhosted.org/packages/d7/ce/af88a49043cd2e265be63d083fc75b27b6ed062f5f9fd6cdc223ad62f03e/pyyaml-6.0.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:5190d403f121660ce8d1d2c1bb2ef1bd05b5f68533fc5c2ea899bd15f4399b35", size = 789194, upload-time = "2025-09-25T21:32:43.362Z" }, + { url = "https://files.pythonhosted.org/packages/23/20/bb6982b26a40bb43951265ba29d4c246ef0ff59c9fdcdf0ed04e0687de4d/pyyaml-6.0.3-cp314-cp314-win_amd64.whl", hash = "sha256:4a2e8cebe2ff6ab7d1050ecd59c25d4c8bd7e6f400f5f82b96557ac0abafd0ac", size = 156429, upload-time = "2025-09-25T21:32:57.844Z" }, + { url = "https://files.pythonhosted.org/packages/f4/f4/a4541072bb9422c8a883ab55255f918fa378ecf083f5b85e87fc2b4eda1b/pyyaml-6.0.3-cp314-cp314-win_arm64.whl", hash = "sha256:93dda82c9c22deb0a405ea4dc5f2d0cda384168e466364dec6255b293923b2f3", size = 143912, upload-time = "2025-09-25T21:32:59.247Z" }, + { url = "https://files.pythonhosted.org/packages/7c/f9/07dd09ae774e4616edf6cda684ee78f97777bdd15847253637a6f052a62f/pyyaml-6.0.3-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:02893d100e99e03eda1c8fd5c441d8c60103fd175728e23e431db1b589cf5ab3", size = 189108, upload-time = "2025-09-25T21:32:44.377Z" }, + { url = "https://files.pythonhosted.org/packages/4e/78/8d08c9fb7ce09ad8c38ad533c1191cf27f7ae1effe5bb9400a46d9437fcf/pyyaml-6.0.3-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:c1ff362665ae507275af2853520967820d9124984e0f7466736aea23d8611fba", size = 183641, upload-time = "2025-09-25T21:32:45.407Z" }, + { url = "https://files.pythonhosted.org/packages/7b/5b/3babb19104a46945cf816d047db2788bcaf8c94527a805610b0289a01c6b/pyyaml-6.0.3-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6adc77889b628398debc7b65c073bcb99c4a0237b248cacaf3fe8a557563ef6c", size = 831901, upload-time = "2025-09-25T21:32:48.83Z" }, + { url = "https://files.pythonhosted.org/packages/8b/cc/dff0684d8dc44da4d22a13f35f073d558c268780ce3c6ba1b87055bb0b87/pyyaml-6.0.3-cp314-cp314t-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:a80cb027f6b349846a3bf6d73b5e95e782175e52f22108cfa17876aaeff93702", size = 861132, upload-time = "2025-09-25T21:32:50.149Z" }, + { url = "https://files.pythonhosted.org/packages/b1/5e/f77dc6b9036943e285ba76b49e118d9ea929885becb0a29ba8a7c75e29fe/pyyaml-6.0.3-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:00c4bdeba853cc34e7dd471f16b4114f4162dc03e6b7afcc2128711f0eca823c", size = 839261, upload-time = "2025-09-25T21:32:51.808Z" }, + { url = "https://files.pythonhosted.org/packages/ce/88/a9db1376aa2a228197c58b37302f284b5617f56a5d959fd1763fb1675ce6/pyyaml-6.0.3-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:66e1674c3ef6f541c35191caae2d429b967b99e02040f5ba928632d9a7f0f065", size = 805272, upload-time = "2025-09-25T21:32:52.941Z" }, + { url = "https://files.pythonhosted.org/packages/da/92/1446574745d74df0c92e6aa4a7b0b3130706a4142b2d1a5869f2eaa423c6/pyyaml-6.0.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:16249ee61e95f858e83976573de0f5b2893b3677ba71c9dd36b9cf8be9ac6d65", size = 829923, upload-time = "2025-09-25T21:32:54.537Z" }, + { url = "https://files.pythonhosted.org/packages/f0/7a/1c7270340330e575b92f397352af856a8c06f230aa3e76f86b39d01b416a/pyyaml-6.0.3-cp314-cp314t-win_amd64.whl", hash = "sha256:4ad1906908f2f5ae4e5a8ddfce73c320c2a1429ec52eafd27138b7f1cbe341c9", size = 174062, upload-time = "2025-09-25T21:32:55.767Z" }, + { url = "https://files.pythonhosted.org/packages/f1/12/de94a39c2ef588c7e6455cfbe7343d3b2dc9d6b6b2f40c4c6565744c873d/pyyaml-6.0.3-cp314-cp314t-win_arm64.whl", hash = "sha256:ebc55a14a21cb14062aa4162f906cd962b28e2e9ea38f9b4391244cd8de4ae0b", size = 149341, upload-time = "2025-09-25T21:32:56.828Z" }, +] + +[[package]] +name = "referencing" +version = "0.37.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "attrs" }, + { name = "rpds-py" }, + { name = "typing-extensions", marker = "python_full_version < '3.13'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/22/f5/df4e9027acead3ecc63e50fe1e36aca1523e1719559c499951bb4b53188f/referencing-0.37.0.tar.gz", hash = "sha256:44aefc3142c5b842538163acb373e24cce6632bd54bdb01b21ad5863489f50d8", size = 78036, upload-time = "2025-10-13T15:30:48.871Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/2c/58/ca301544e1fa93ed4f80d724bf5b194f6e4b945841c5bfd555878eea9fcb/referencing-0.37.0-py3-none-any.whl", hash = "sha256:381329a9f99628c9069361716891d34ad94af76e461dcb0335825aecc7692231", size = 26766, upload-time = "2025-10-13T15:30:47.625Z" }, +] + +[[package]] +name = "rpds-py" +version = "0.30.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/20/af/3f2f423103f1113b36230496629986e0ef7e199d2aa8392452b484b38ced/rpds_py-0.30.0.tar.gz", hash = "sha256:dd8ff7cf90014af0c0f787eea34794ebf6415242ee1d6fa91eaba725cc441e84", size = 69469, upload-time = "2025-11-30T20:24:38.837Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/4d/6e/f964e88b3d2abee2a82c1ac8366da848fce1c6d834dc2132c3fda3970290/rpds_py-0.30.0-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:a2bffea6a4ca9f01b3f8e548302470306689684e61602aa3d141e34da06cf425", size = 370157, upload-time = "2025-11-30T20:21:53.789Z" }, + { url = "https://files.pythonhosted.org/packages/94/ba/24e5ebb7c1c82e74c4e4f33b2112a5573ddc703915b13a073737b59b86e0/rpds_py-0.30.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:dc4f992dfe1e2bc3ebc7444f6c7051b4bc13cd8e33e43511e8ffd13bf407010d", size = 359676, upload-time = "2025-11-30T20:21:55.475Z" }, + { url = "https://files.pythonhosted.org/packages/84/86/04dbba1b087227747d64d80c3b74df946b986c57af0a9f0c98726d4d7a3b/rpds_py-0.30.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:422c3cb9856d80b09d30d2eb255d0754b23e090034e1deb4083f8004bd0761e4", size = 389938, upload-time = "2025-11-30T20:21:57.079Z" }, + { url = "https://files.pythonhosted.org/packages/42/bb/1463f0b1722b7f45431bdd468301991d1328b16cffe0b1c2918eba2c4eee/rpds_py-0.30.0-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:07ae8a593e1c3c6b82ca3292efbe73c30b61332fd612e05abee07c79359f292f", size = 402932, upload-time = "2025-11-30T20:21:58.47Z" }, + { url = "https://files.pythonhosted.org/packages/99/ee/2520700a5c1f2d76631f948b0736cdf9b0acb25abd0ca8e889b5c62ac2e3/rpds_py-0.30.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:12f90dd7557b6bd57f40abe7747e81e0c0b119bef015ea7726e69fe550e394a4", size = 525830, upload-time = "2025-11-30T20:21:59.699Z" }, + { url = "https://files.pythonhosted.org/packages/e0/ad/bd0331f740f5705cc555a5e17fdf334671262160270962e69a2bdef3bf76/rpds_py-0.30.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:99b47d6ad9a6da00bec6aabe5a6279ecd3c06a329d4aa4771034a21e335c3a97", size = 412033, upload-time = "2025-11-30T20:22:00.991Z" }, + { url = "https://files.pythonhosted.org/packages/f8/1e/372195d326549bb51f0ba0f2ecb9874579906b97e08880e7a65c3bef1a99/rpds_py-0.30.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:33f559f3104504506a44bb666b93a33f5d33133765b0c216a5bf2f1e1503af89", size = 390828, upload-time = "2025-11-30T20:22:02.723Z" }, + { url = "https://files.pythonhosted.org/packages/ab/2b/d88bb33294e3e0c76bc8f351a3721212713629ffca1700fa94979cb3eae8/rpds_py-0.30.0-cp311-cp311-manylinux_2_31_riscv64.whl", hash = "sha256:946fe926af6e44f3697abbc305ea168c2c31d3e3ef1058cf68f379bf0335a78d", size = 404683, upload-time = "2025-11-30T20:22:04.367Z" }, + { url = "https://files.pythonhosted.org/packages/50/32/c759a8d42bcb5289c1fac697cd92f6fe01a018dd937e62ae77e0e7f15702/rpds_py-0.30.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:495aeca4b93d465efde585977365187149e75383ad2684f81519f504f5c13038", size = 421583, upload-time = "2025-11-30T20:22:05.814Z" }, + { url = "https://files.pythonhosted.org/packages/2b/81/e729761dbd55ddf5d84ec4ff1f47857f4374b0f19bdabfcf929164da3e24/rpds_py-0.30.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:d9a0ca5da0386dee0655b4ccdf46119df60e0f10da268d04fe7cc87886872ba7", size = 572496, upload-time = "2025-11-30T20:22:07.713Z" }, + { url = "https://files.pythonhosted.org/packages/14/f6/69066a924c3557c9c30baa6ec3a0aa07526305684c6f86c696b08860726c/rpds_py-0.30.0-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:8d6d1cc13664ec13c1b84241204ff3b12f9bb82464b8ad6e7a5d3486975c2eed", size = 598669, upload-time = "2025-11-30T20:22:09.312Z" }, + { url = "https://files.pythonhosted.org/packages/5f/48/905896b1eb8a05630d20333d1d8ffd162394127b74ce0b0784ae04498d32/rpds_py-0.30.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:3896fa1be39912cf0757753826bc8bdc8ca331a28a7c4ae46b7a21280b06bb85", size = 561011, upload-time = "2025-11-30T20:22:11.309Z" }, + { url = "https://files.pythonhosted.org/packages/22/16/cd3027c7e279d22e5eb431dd3c0fbc677bed58797fe7581e148f3f68818b/rpds_py-0.30.0-cp311-cp311-win32.whl", hash = "sha256:55f66022632205940f1827effeff17c4fa7ae1953d2b74a8581baaefb7d16f8c", size = 221406, upload-time = "2025-11-30T20:22:13.101Z" }, + { url = "https://files.pythonhosted.org/packages/fa/5b/e7b7aa136f28462b344e652ee010d4de26ee9fd16f1bfd5811f5153ccf89/rpds_py-0.30.0-cp311-cp311-win_amd64.whl", hash = "sha256:a51033ff701fca756439d641c0ad09a41d9242fa69121c7d8769604a0a629825", size = 236024, upload-time = "2025-11-30T20:22:14.853Z" }, + { url = "https://files.pythonhosted.org/packages/14/a6/364bba985e4c13658edb156640608f2c9e1d3ea3c81b27aa9d889fff0e31/rpds_py-0.30.0-cp311-cp311-win_arm64.whl", hash = "sha256:47b0ef6231c58f506ef0b74d44e330405caa8428e770fec25329ed2cb971a229", size = 229069, upload-time = "2025-11-30T20:22:16.577Z" }, + { url = "https://files.pythonhosted.org/packages/03/e7/98a2f4ac921d82f33e03f3835f5bf3a4a40aa1bfdc57975e74a97b2b4bdd/rpds_py-0.30.0-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:a161f20d9a43006833cd7068375a94d035714d73a172b681d8881820600abfad", size = 375086, upload-time = "2025-11-30T20:22:17.93Z" }, + { url = "https://files.pythonhosted.org/packages/4d/a1/bca7fd3d452b272e13335db8d6b0b3ecde0f90ad6f16f3328c6fb150c889/rpds_py-0.30.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:6abc8880d9d036ecaafe709079969f56e876fcf107f7a8e9920ba6d5a3878d05", size = 359053, upload-time = "2025-11-30T20:22:19.297Z" }, + { url = "https://files.pythonhosted.org/packages/65/1c/ae157e83a6357eceff62ba7e52113e3ec4834a84cfe07fa4b0757a7d105f/rpds_py-0.30.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ca28829ae5f5d569bb62a79512c842a03a12576375d5ece7d2cadf8abe96ec28", size = 390763, upload-time = "2025-11-30T20:22:21.661Z" }, + { url = "https://files.pythonhosted.org/packages/d4/36/eb2eb8515e2ad24c0bd43c3ee9cd74c33f7ca6430755ccdb240fd3144c44/rpds_py-0.30.0-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a1010ed9524c73b94d15919ca4d41d8780980e1765babf85f9a2f90d247153dd", size = 408951, upload-time = "2025-11-30T20:22:23.408Z" }, + { url = "https://files.pythonhosted.org/packages/d6/65/ad8dc1784a331fabbd740ef6f71ce2198c7ed0890dab595adb9ea2d775a1/rpds_py-0.30.0-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f8d1736cfb49381ba528cd5baa46f82fdc65c06e843dab24dd70b63d09121b3f", size = 514622, upload-time = "2025-11-30T20:22:25.16Z" }, + { url = "https://files.pythonhosted.org/packages/63/8e/0cfa7ae158e15e143fe03993b5bcd743a59f541f5952e1546b1ac1b5fd45/rpds_py-0.30.0-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d948b135c4693daff7bc2dcfc4ec57237a29bd37e60c2fabf5aff2bbacf3e2f1", size = 414492, upload-time = "2025-11-30T20:22:26.505Z" }, + { url = "https://files.pythonhosted.org/packages/60/1b/6f8f29f3f995c7ffdde46a626ddccd7c63aefc0efae881dc13b6e5d5bb16/rpds_py-0.30.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:47f236970bccb2233267d89173d3ad2703cd36a0e2a6e92d0560d333871a3d23", size = 394080, upload-time = "2025-11-30T20:22:27.934Z" }, + { url = "https://files.pythonhosted.org/packages/6d/d5/a266341051a7a3ca2f4b750a3aa4abc986378431fc2da508c5034d081b70/rpds_py-0.30.0-cp312-cp312-manylinux_2_31_riscv64.whl", hash = "sha256:2e6ecb5a5bcacf59c3f912155044479af1d0b6681280048b338b28e364aca1f6", size = 408680, upload-time = "2025-11-30T20:22:29.341Z" }, + { url = "https://files.pythonhosted.org/packages/10/3b/71b725851df9ab7a7a4e33cf36d241933da66040d195a84781f49c50490c/rpds_py-0.30.0-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a8fa71a2e078c527c3e9dc9fc5a98c9db40bcc8a92b4e8858e36d329f8684b51", size = 423589, upload-time = "2025-11-30T20:22:31.469Z" }, + { url = "https://files.pythonhosted.org/packages/00/2b/e59e58c544dc9bd8bd8384ecdb8ea91f6727f0e37a7131baeff8d6f51661/rpds_py-0.30.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:73c67f2db7bc334e518d097c6d1e6fed021bbc9b7d678d6cc433478365d1d5f5", size = 573289, upload-time = "2025-11-30T20:22:32.997Z" }, + { url = "https://files.pythonhosted.org/packages/da/3e/a18e6f5b460893172a7d6a680e86d3b6bc87a54c1f0b03446a3c8c7b588f/rpds_py-0.30.0-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:5ba103fb455be00f3b1c2076c9d4264bfcb037c976167a6047ed82f23153f02e", size = 599737, upload-time = "2025-11-30T20:22:34.419Z" }, + { url = "https://files.pythonhosted.org/packages/5c/e2/714694e4b87b85a18e2c243614974413c60aa107fd815b8cbc42b873d1d7/rpds_py-0.30.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:7cee9c752c0364588353e627da8a7e808a66873672bcb5f52890c33fd965b394", size = 563120, upload-time = "2025-11-30T20:22:35.903Z" }, + { url = "https://files.pythonhosted.org/packages/6f/ab/d5d5e3bcedb0a77f4f613706b750e50a5a3ba1c15ccd3665ecc636c968fd/rpds_py-0.30.0-cp312-cp312-win32.whl", hash = "sha256:1ab5b83dbcf55acc8b08fc62b796ef672c457b17dbd7820a11d6c52c06839bdf", size = 223782, upload-time = "2025-11-30T20:22:37.271Z" }, + { url = "https://files.pythonhosted.org/packages/39/3b/f786af9957306fdc38a74cef405b7b93180f481fb48453a114bb6465744a/rpds_py-0.30.0-cp312-cp312-win_amd64.whl", hash = "sha256:a090322ca841abd453d43456ac34db46e8b05fd9b3b4ac0c78bcde8b089f959b", size = 240463, upload-time = "2025-11-30T20:22:39.021Z" }, + { url = "https://files.pythonhosted.org/packages/f3/d2/b91dc748126c1559042cfe41990deb92c4ee3e2b415f6b5234969ffaf0cc/rpds_py-0.30.0-cp312-cp312-win_arm64.whl", hash = "sha256:669b1805bd639dd2989b281be2cfd951c6121b65e729d9b843e9639ef1fd555e", size = 230868, upload-time = "2025-11-30T20:22:40.493Z" }, + { url = "https://files.pythonhosted.org/packages/ed/dc/d61221eb88ff410de3c49143407f6f3147acf2538c86f2ab7ce65ae7d5f9/rpds_py-0.30.0-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:f83424d738204d9770830d35290ff3273fbb02b41f919870479fab14b9d303b2", size = 374887, upload-time = "2025-11-30T20:22:41.812Z" }, + { url = "https://files.pythonhosted.org/packages/fd/32/55fb50ae104061dbc564ef15cc43c013dc4a9f4527a1f4d99baddf56fe5f/rpds_py-0.30.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:e7536cd91353c5273434b4e003cbda89034d67e7710eab8761fd918ec6c69cf8", size = 358904, upload-time = "2025-11-30T20:22:43.479Z" }, + { url = "https://files.pythonhosted.org/packages/58/70/faed8186300e3b9bdd138d0273109784eea2396c68458ed580f885dfe7ad/rpds_py-0.30.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2771c6c15973347f50fece41fc447c054b7ac2ae0502388ce3b6738cd366e3d4", size = 389945, upload-time = "2025-11-30T20:22:44.819Z" }, + { url = "https://files.pythonhosted.org/packages/bd/a8/073cac3ed2c6387df38f71296d002ab43496a96b92c823e76f46b8af0543/rpds_py-0.30.0-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:0a59119fc6e3f460315fe9d08149f8102aa322299deaa5cab5b40092345c2136", size = 407783, upload-time = "2025-11-30T20:22:46.103Z" }, + { url = "https://files.pythonhosted.org/packages/77/57/5999eb8c58671f1c11eba084115e77a8899d6e694d2a18f69f0ba471ec8b/rpds_py-0.30.0-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:76fec018282b4ead0364022e3c54b60bf368b9d926877957a8624b58419169b7", size = 515021, upload-time = "2025-11-30T20:22:47.458Z" }, + { url = "https://files.pythonhosted.org/packages/e0/af/5ab4833eadc36c0a8ed2bc5c0de0493c04f6c06de223170bd0798ff98ced/rpds_py-0.30.0-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:692bef75a5525db97318e8cd061542b5a79812d711ea03dbc1f6f8dbb0c5f0d2", size = 414589, upload-time = "2025-11-30T20:22:48.872Z" }, + { url = "https://files.pythonhosted.org/packages/b7/de/f7192e12b21b9e9a68a6d0f249b4af3fdcdff8418be0767a627564afa1f1/rpds_py-0.30.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9027da1ce107104c50c81383cae773ef5c24d296dd11c99e2629dbd7967a20c6", size = 394025, upload-time = "2025-11-30T20:22:50.196Z" }, + { url = "https://files.pythonhosted.org/packages/91/c4/fc70cd0249496493500e7cc2de87504f5aa6509de1e88623431fec76d4b6/rpds_py-0.30.0-cp313-cp313-manylinux_2_31_riscv64.whl", hash = "sha256:9cf69cdda1f5968a30a359aba2f7f9aa648a9ce4b580d6826437f2b291cfc86e", size = 408895, upload-time = "2025-11-30T20:22:51.87Z" }, + { url = "https://files.pythonhosted.org/packages/58/95/d9275b05ab96556fefff73a385813eb66032e4c99f411d0795372d9abcea/rpds_py-0.30.0-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a4796a717bf12b9da9d3ad002519a86063dcac8988b030e405704ef7d74d2d9d", size = 422799, upload-time = "2025-11-30T20:22:53.341Z" }, + { url = "https://files.pythonhosted.org/packages/06/c1/3088fc04b6624eb12a57eb814f0d4997a44b0d208d6cace713033ff1a6ba/rpds_py-0.30.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:5d4c2aa7c50ad4728a094ebd5eb46c452e9cb7edbfdb18f9e1221f597a73e1e7", size = 572731, upload-time = "2025-11-30T20:22:54.778Z" }, + { url = "https://files.pythonhosted.org/packages/d8/42/c612a833183b39774e8ac8fecae81263a68b9583ee343db33ab571a7ce55/rpds_py-0.30.0-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:ba81a9203d07805435eb06f536d95a266c21e5b2dfbf6517748ca40c98d19e31", size = 599027, upload-time = "2025-11-30T20:22:56.212Z" }, + { url = "https://files.pythonhosted.org/packages/5f/60/525a50f45b01d70005403ae0e25f43c0384369ad24ffe46e8d9068b50086/rpds_py-0.30.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:945dccface01af02675628334f7cf49c2af4c1c904748efc5cf7bbdf0b579f95", size = 563020, upload-time = "2025-11-30T20:22:58.2Z" }, + { url = "https://files.pythonhosted.org/packages/0b/5d/47c4655e9bcd5ca907148535c10e7d489044243cc9941c16ed7cd53be91d/rpds_py-0.30.0-cp313-cp313-win32.whl", hash = "sha256:b40fb160a2db369a194cb27943582b38f79fc4887291417685f3ad693c5a1d5d", size = 223139, upload-time = "2025-11-30T20:23:00.209Z" }, + { url = "https://files.pythonhosted.org/packages/f2/e1/485132437d20aa4d3e1d8b3fb5a5e65aa8139f1e097080c2a8443201742c/rpds_py-0.30.0-cp313-cp313-win_amd64.whl", hash = "sha256:806f36b1b605e2d6a72716f321f20036b9489d29c51c91f4dd29a3e3afb73b15", size = 240224, upload-time = "2025-11-30T20:23:02.008Z" }, + { url = "https://files.pythonhosted.org/packages/24/95/ffd128ed1146a153d928617b0ef673960130be0009c77d8fbf0abe306713/rpds_py-0.30.0-cp313-cp313-win_arm64.whl", hash = "sha256:d96c2086587c7c30d44f31f42eae4eac89b60dabbac18c7669be3700f13c3ce1", size = 230645, upload-time = "2025-11-30T20:23:03.43Z" }, + { url = "https://files.pythonhosted.org/packages/ff/1b/b10de890a0def2a319a2626334a7f0ae388215eb60914dbac8a3bae54435/rpds_py-0.30.0-cp313-cp313t-macosx_10_12_x86_64.whl", hash = "sha256:eb0b93f2e5c2189ee831ee43f156ed34e2a89a78a66b98cadad955972548be5a", size = 364443, upload-time = "2025-11-30T20:23:04.878Z" }, + { url = "https://files.pythonhosted.org/packages/0d/bf/27e39f5971dc4f305a4fb9c672ca06f290f7c4e261c568f3dea16a410d47/rpds_py-0.30.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:922e10f31f303c7c920da8981051ff6d8c1a56207dbdf330d9047f6d30b70e5e", size = 353375, upload-time = "2025-11-30T20:23:06.342Z" }, + { url = "https://files.pythonhosted.org/packages/40/58/442ada3bba6e8e6615fc00483135c14a7538d2ffac30e2d933ccf6852232/rpds_py-0.30.0-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cdc62c8286ba9bf7f47befdcea13ea0e26bf294bda99758fd90535cbaf408000", size = 383850, upload-time = "2025-11-30T20:23:07.825Z" }, + { url = "https://files.pythonhosted.org/packages/14/14/f59b0127409a33c6ef6f5c1ebd5ad8e32d7861c9c7adfa9a624fc3889f6c/rpds_py-0.30.0-cp313-cp313t-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:47f9a91efc418b54fb8190a6b4aa7813a23fb79c51f4bb84e418f5476c38b8db", size = 392812, upload-time = "2025-11-30T20:23:09.228Z" }, + { url = "https://files.pythonhosted.org/packages/b3/66/e0be3e162ac299b3a22527e8913767d869e6cc75c46bd844aa43fb81ab62/rpds_py-0.30.0-cp313-cp313t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1f3587eb9b17f3789ad50824084fa6f81921bbf9a795826570bda82cb3ed91f2", size = 517841, upload-time = "2025-11-30T20:23:11.186Z" }, + { url = "https://files.pythonhosted.org/packages/3d/55/fa3b9cf31d0c963ecf1ba777f7cf4b2a2c976795ac430d24a1f43d25a6ba/rpds_py-0.30.0-cp313-cp313t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:39c02563fc592411c2c61d26b6c5fe1e51eaa44a75aa2c8735ca88b0d9599daa", size = 408149, upload-time = "2025-11-30T20:23:12.864Z" }, + { url = "https://files.pythonhosted.org/packages/60/ca/780cf3b1a32b18c0f05c441958d3758f02544f1d613abf9488cd78876378/rpds_py-0.30.0-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:51a1234d8febafdfd33a42d97da7a43f5dcb120c1060e352a3fbc0c6d36e2083", size = 383843, upload-time = "2025-11-30T20:23:14.638Z" }, + { url = "https://files.pythonhosted.org/packages/82/86/d5f2e04f2aa6247c613da0c1dd87fcd08fa17107e858193566048a1e2f0a/rpds_py-0.30.0-cp313-cp313t-manylinux_2_31_riscv64.whl", hash = "sha256:eb2c4071ab598733724c08221091e8d80e89064cd472819285a9ab0f24bcedb9", size = 396507, upload-time = "2025-11-30T20:23:16.105Z" }, + { url = "https://files.pythonhosted.org/packages/4b/9a/453255d2f769fe44e07ea9785c8347edaf867f7026872e76c1ad9f7bed92/rpds_py-0.30.0-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6bdfdb946967d816e6adf9a3d8201bfad269c67efe6cefd7093ef959683c8de0", size = 414949, upload-time = "2025-11-30T20:23:17.539Z" }, + { url = "https://files.pythonhosted.org/packages/a3/31/622a86cdc0c45d6df0e9ccb6becdba5074735e7033c20e401a6d9d0e2ca0/rpds_py-0.30.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:c77afbd5f5250bf27bf516c7c4a016813eb2d3e116139aed0096940c5982da94", size = 565790, upload-time = "2025-11-30T20:23:19.029Z" }, + { url = "https://files.pythonhosted.org/packages/1c/5d/15bbf0fb4a3f58a3b1c67855ec1efcc4ceaef4e86644665fff03e1b66d8d/rpds_py-0.30.0-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:61046904275472a76c8c90c9ccee9013d70a6d0f73eecefd38c1ae7c39045a08", size = 590217, upload-time = "2025-11-30T20:23:20.885Z" }, + { url = "https://files.pythonhosted.org/packages/6d/61/21b8c41f68e60c8cc3b2e25644f0e3681926020f11d06ab0b78e3c6bbff1/rpds_py-0.30.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:4c5f36a861bc4b7da6516dbdf302c55313afa09b81931e8280361a4f6c9a2d27", size = 555806, upload-time = "2025-11-30T20:23:22.488Z" }, + { url = "https://files.pythonhosted.org/packages/f9/39/7e067bb06c31de48de3eb200f9fc7c58982a4d3db44b07e73963e10d3be9/rpds_py-0.30.0-cp313-cp313t-win32.whl", hash = "sha256:3d4a69de7a3e50ffc214ae16d79d8fbb0922972da0356dcf4d0fdca2878559c6", size = 211341, upload-time = "2025-11-30T20:23:24.449Z" }, + { url = "https://files.pythonhosted.org/packages/0a/4d/222ef0b46443cf4cf46764d9c630f3fe4abaa7245be9417e56e9f52b8f65/rpds_py-0.30.0-cp313-cp313t-win_amd64.whl", hash = "sha256:f14fc5df50a716f7ece6a80b6c78bb35ea2ca47c499e422aa4463455dd96d56d", size = 225768, upload-time = "2025-11-30T20:23:25.908Z" }, + { url = "https://files.pythonhosted.org/packages/86/81/dad16382ebbd3d0e0328776d8fd7ca94220e4fa0798d1dc5e7da48cb3201/rpds_py-0.30.0-cp314-cp314-macosx_10_12_x86_64.whl", hash = "sha256:68f19c879420aa08f61203801423f6cd5ac5f0ac4ac82a2368a9fcd6a9a075e0", size = 362099, upload-time = "2025-11-30T20:23:27.316Z" }, + { url = "https://files.pythonhosted.org/packages/2b/60/19f7884db5d5603edf3c6bce35408f45ad3e97e10007df0e17dd57af18f8/rpds_py-0.30.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:ec7c4490c672c1a0389d319b3a9cfcd098dcdc4783991553c332a15acf7249be", size = 353192, upload-time = "2025-11-30T20:23:29.151Z" }, + { url = "https://files.pythonhosted.org/packages/bf/c4/76eb0e1e72d1a9c4703c69607cec123c29028bff28ce41588792417098ac/rpds_py-0.30.0-cp314-cp314-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f251c812357a3fed308d684a5079ddfb9d933860fc6de89f2b7ab00da481e65f", size = 384080, upload-time = "2025-11-30T20:23:30.785Z" }, + { url = "https://files.pythonhosted.org/packages/72/87/87ea665e92f3298d1b26d78814721dc39ed8d2c74b86e83348d6b48a6f31/rpds_py-0.30.0-cp314-cp314-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ac98b175585ecf4c0348fd7b29c3864bda53b805c773cbf7bfdaffc8070c976f", size = 394841, upload-time = "2025-11-30T20:23:32.209Z" }, + { url = "https://files.pythonhosted.org/packages/77/ad/7783a89ca0587c15dcbf139b4a8364a872a25f861bdb88ed99f9b0dec985/rpds_py-0.30.0-cp314-cp314-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3e62880792319dbeb7eb866547f2e35973289e7d5696c6e295476448f5b63c87", size = 516670, upload-time = "2025-11-30T20:23:33.742Z" }, + { url = "https://files.pythonhosted.org/packages/5b/3c/2882bdac942bd2172f3da574eab16f309ae10a3925644e969536553cb4ee/rpds_py-0.30.0-cp314-cp314-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4e7fc54e0900ab35d041b0601431b0a0eb495f0851a0639b6ef90f7741b39a18", size = 408005, upload-time = "2025-11-30T20:23:35.253Z" }, + { url = "https://files.pythonhosted.org/packages/ce/81/9a91c0111ce1758c92516a3e44776920b579d9a7c09b2b06b642d4de3f0f/rpds_py-0.30.0-cp314-cp314-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:47e77dc9822d3ad616c3d5759ea5631a75e5809d5a28707744ef79d7a1bcfcad", size = 382112, upload-time = "2025-11-30T20:23:36.842Z" }, + { url = "https://files.pythonhosted.org/packages/cf/8e/1da49d4a107027e5fbc64daeab96a0706361a2918da10cb41769244b805d/rpds_py-0.30.0-cp314-cp314-manylinux_2_31_riscv64.whl", hash = "sha256:b4dc1a6ff022ff85ecafef7979a2c6eb423430e05f1165d6688234e62ba99a07", size = 399049, upload-time = "2025-11-30T20:23:38.343Z" }, + { url = "https://files.pythonhosted.org/packages/df/5a/7ee239b1aa48a127570ec03becbb29c9d5a9eb092febbd1699d567cae859/rpds_py-0.30.0-cp314-cp314-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:4559c972db3a360808309e06a74628b95eaccbf961c335c8fe0d590cf587456f", size = 415661, upload-time = "2025-11-30T20:23:40.263Z" }, + { url = "https://files.pythonhosted.org/packages/70/ea/caa143cf6b772f823bc7929a45da1fa83569ee49b11d18d0ada7f5ee6fd6/rpds_py-0.30.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:0ed177ed9bded28f8deb6ab40c183cd1192aa0de40c12f38be4d59cd33cb5c65", size = 565606, upload-time = "2025-11-30T20:23:42.186Z" }, + { url = "https://files.pythonhosted.org/packages/64/91/ac20ba2d69303f961ad8cf55bf7dbdb4763f627291ba3d0d7d67333cced9/rpds_py-0.30.0-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:ad1fa8db769b76ea911cb4e10f049d80bf518c104f15b3edb2371cc65375c46f", size = 591126, upload-time = "2025-11-30T20:23:44.086Z" }, + { url = "https://files.pythonhosted.org/packages/21/20/7ff5f3c8b00c8a95f75985128c26ba44503fb35b8e0259d812766ea966c7/rpds_py-0.30.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:46e83c697b1f1c72b50e5ee5adb4353eef7406fb3f2043d64c33f20ad1c2fc53", size = 553371, upload-time = "2025-11-30T20:23:46.004Z" }, + { url = "https://files.pythonhosted.org/packages/72/c7/81dadd7b27c8ee391c132a6b192111ca58d866577ce2d9b0ca157552cce0/rpds_py-0.30.0-cp314-cp314-win32.whl", hash = "sha256:ee454b2a007d57363c2dfd5b6ca4a5d7e2c518938f8ed3b706e37e5d470801ed", size = 215298, upload-time = "2025-11-30T20:23:47.696Z" }, + { url = "https://files.pythonhosted.org/packages/3e/d2/1aaac33287e8cfb07aab2e6b8ac1deca62f6f65411344f1433c55e6f3eb8/rpds_py-0.30.0-cp314-cp314-win_amd64.whl", hash = "sha256:95f0802447ac2d10bcc69f6dc28fe95fdf17940367b21d34e34c737870758950", size = 228604, upload-time = "2025-11-30T20:23:49.501Z" }, + { url = "https://files.pythonhosted.org/packages/e8/95/ab005315818cc519ad074cb7784dae60d939163108bd2b394e60dc7b5461/rpds_py-0.30.0-cp314-cp314-win_arm64.whl", hash = "sha256:613aa4771c99f03346e54c3f038e4cc574ac09a3ddfb0e8878487335e96dead6", size = 222391, upload-time = "2025-11-30T20:23:50.96Z" }, + { url = "https://files.pythonhosted.org/packages/9e/68/154fe0194d83b973cdedcdcc88947a2752411165930182ae41d983dcefa6/rpds_py-0.30.0-cp314-cp314t-macosx_10_12_x86_64.whl", hash = "sha256:7e6ecfcb62edfd632e56983964e6884851786443739dbfe3582947e87274f7cb", size = 364868, upload-time = "2025-11-30T20:23:52.494Z" }, + { url = "https://files.pythonhosted.org/packages/83/69/8bbc8b07ec854d92a8b75668c24d2abcb1719ebf890f5604c61c9369a16f/rpds_py-0.30.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:a1d0bc22a7cdc173fedebb73ef81e07faef93692b8c1ad3733b67e31e1b6e1b8", size = 353747, upload-time = "2025-11-30T20:23:54.036Z" }, + { url = "https://files.pythonhosted.org/packages/ab/00/ba2e50183dbd9abcce9497fa5149c62b4ff3e22d338a30d690f9af970561/rpds_py-0.30.0-cp314-cp314t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0d08f00679177226c4cb8c5265012eea897c8ca3b93f429e546600c971bcbae7", size = 383795, upload-time = "2025-11-30T20:23:55.556Z" }, + { url = "https://files.pythonhosted.org/packages/05/6f/86f0272b84926bcb0e4c972262f54223e8ecc556b3224d281e6598fc9268/rpds_py-0.30.0-cp314-cp314t-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5965af57d5848192c13534f90f9dd16464f3c37aaf166cc1da1cae1fd5a34898", size = 393330, upload-time = "2025-11-30T20:23:57.033Z" }, + { url = "https://files.pythonhosted.org/packages/cb/e9/0e02bb2e6dc63d212641da45df2b0bf29699d01715913e0d0f017ee29438/rpds_py-0.30.0-cp314-cp314t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:9a4e86e34e9ab6b667c27f3211ca48f73dba7cd3d90f8d5b11be56e5dbc3fb4e", size = 518194, upload-time = "2025-11-30T20:23:58.637Z" }, + { url = "https://files.pythonhosted.org/packages/ee/ca/be7bca14cf21513bdf9c0606aba17d1f389ea2b6987035eb4f62bd923f25/rpds_py-0.30.0-cp314-cp314t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e5d3e6b26f2c785d65cc25ef1e5267ccbe1b069c5c21b8cc724efee290554419", size = 408340, upload-time = "2025-11-30T20:24:00.2Z" }, + { url = "https://files.pythonhosted.org/packages/c2/c7/736e00ebf39ed81d75544c0da6ef7b0998f8201b369acf842f9a90dc8fce/rpds_py-0.30.0-cp314-cp314t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:626a7433c34566535b6e56a1b39a7b17ba961e97ce3b80ec62e6f1312c025551", size = 383765, upload-time = "2025-11-30T20:24:01.759Z" }, + { url = "https://files.pythonhosted.org/packages/4a/3f/da50dfde9956aaf365c4adc9533b100008ed31aea635f2b8d7b627e25b49/rpds_py-0.30.0-cp314-cp314t-manylinux_2_31_riscv64.whl", hash = "sha256:acd7eb3f4471577b9b5a41baf02a978e8bdeb08b4b355273994f8b87032000a8", size = 396834, upload-time = "2025-11-30T20:24:03.687Z" }, + { url = "https://files.pythonhosted.org/packages/4e/00/34bcc2565b6020eab2623349efbdec810676ad571995911f1abdae62a3a0/rpds_py-0.30.0-cp314-cp314t-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:fe5fa731a1fa8a0a56b0977413f8cacac1768dad38d16b3a296712709476fbd5", size = 415470, upload-time = "2025-11-30T20:24:05.232Z" }, + { url = "https://files.pythonhosted.org/packages/8c/28/882e72b5b3e6f718d5453bd4d0d9cf8df36fddeb4ddbbab17869d5868616/rpds_py-0.30.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:74a3243a411126362712ee1524dfc90c650a503502f135d54d1b352bd01f2404", size = 565630, upload-time = "2025-11-30T20:24:06.878Z" }, + { url = "https://files.pythonhosted.org/packages/3b/97/04a65539c17692de5b85c6e293520fd01317fd878ea1995f0367d4532fb1/rpds_py-0.30.0-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:3e8eeb0544f2eb0d2581774be4c3410356eba189529a6b3e36bbbf9696175856", size = 591148, upload-time = "2025-11-30T20:24:08.445Z" }, + { url = "https://files.pythonhosted.org/packages/85/70/92482ccffb96f5441aab93e26c4d66489eb599efdcf96fad90c14bbfb976/rpds_py-0.30.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:dbd936cde57abfee19ab3213cf9c26be06d60750e60a8e4dd85d1ab12c8b1f40", size = 556030, upload-time = "2025-11-30T20:24:10.956Z" }, + { url = "https://files.pythonhosted.org/packages/20/53/7c7e784abfa500a2b6b583b147ee4bb5a2b3747a9166bab52fec4b5b5e7d/rpds_py-0.30.0-cp314-cp314t-win32.whl", hash = "sha256:dc824125c72246d924f7f796b4f63c1e9dc810c7d9e2355864b3c3a73d59ade0", size = 211570, upload-time = "2025-11-30T20:24:12.735Z" }, + { url = "https://files.pythonhosted.org/packages/d0/02/fa464cdfbe6b26e0600b62c528b72d8608f5cc49f96b8d6e38c95d60c676/rpds_py-0.30.0-cp314-cp314t-win_amd64.whl", hash = "sha256:27f4b0e92de5bfbc6f86e43959e6edd1425c33b5e69aab0984a72047f2bcf1e3", size = 226532, upload-time = "2025-11-30T20:24:14.634Z" }, + { url = "https://files.pythonhosted.org/packages/69/71/3f34339ee70521864411f8b6992e7ab13ac30d8e4e3309e07c7361767d91/rpds_py-0.30.0-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:c2262bdba0ad4fc6fb5545660673925c2d2a5d9e2e0fb603aad545427be0fc58", size = 372292, upload-time = "2025-11-30T20:24:16.537Z" }, + { url = "https://files.pythonhosted.org/packages/57/09/f183df9b8f2d66720d2ef71075c59f7e1b336bec7ee4c48f0a2b06857653/rpds_py-0.30.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:ee6af14263f25eedc3bb918a3c04245106a42dfd4f5c2285ea6f997b1fc3f89a", size = 362128, upload-time = "2025-11-30T20:24:18.086Z" }, + { url = "https://files.pythonhosted.org/packages/7a/68/5c2594e937253457342e078f0cc1ded3dd7b2ad59afdbf2d354869110a02/rpds_py-0.30.0-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3adbb8179ce342d235c31ab8ec511e66c73faa27a47e076ccc92421add53e2bb", size = 391542, upload-time = "2025-11-30T20:24:20.092Z" }, + { url = "https://files.pythonhosted.org/packages/49/5c/31ef1afd70b4b4fbdb2800249f34c57c64beb687495b10aec0365f53dfc4/rpds_py-0.30.0-pp311-pypy311_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:250fa00e9543ac9b97ac258bd37367ff5256666122c2d0f2bc97577c60a1818c", size = 404004, upload-time = "2025-11-30T20:24:22.231Z" }, + { url = "https://files.pythonhosted.org/packages/e3/63/0cfbea38d05756f3440ce6534d51a491d26176ac045e2707adc99bb6e60a/rpds_py-0.30.0-pp311-pypy311_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:9854cf4f488b3d57b9aaeb105f06d78e5529d3145b1e4a41750167e8c213c6d3", size = 527063, upload-time = "2025-11-30T20:24:24.302Z" }, + { url = "https://files.pythonhosted.org/packages/42/e6/01e1f72a2456678b0f618fc9a1a13f882061690893c192fcad9f2926553a/rpds_py-0.30.0-pp311-pypy311_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:993914b8e560023bc0a8bf742c5f303551992dcb85e247b1e5c7f4a7d145bda5", size = 413099, upload-time = "2025-11-30T20:24:25.916Z" }, + { url = "https://files.pythonhosted.org/packages/b8/25/8df56677f209003dcbb180765520c544525e3ef21ea72279c98b9aa7c7fb/rpds_py-0.30.0-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:58edca431fb9b29950807e301826586e5bbf24163677732429770a697ffe6738", size = 392177, upload-time = "2025-11-30T20:24:27.834Z" }, + { url = "https://files.pythonhosted.org/packages/4a/b4/0a771378c5f16f8115f796d1f437950158679bcd2a7c68cf251cfb00ed5b/rpds_py-0.30.0-pp311-pypy311_pp73-manylinux_2_31_riscv64.whl", hash = "sha256:dea5b552272a944763b34394d04577cf0f9bd013207bc32323b5a89a53cf9c2f", size = 406015, upload-time = "2025-11-30T20:24:29.457Z" }, + { url = "https://files.pythonhosted.org/packages/36/d8/456dbba0af75049dc6f63ff295a2f92766b9d521fa00de67a2bd6427d57a/rpds_py-0.30.0-pp311-pypy311_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ba3af48635eb83d03f6c9735dfb21785303e73d22ad03d489e88adae6eab8877", size = 423736, upload-time = "2025-11-30T20:24:31.22Z" }, + { url = "https://files.pythonhosted.org/packages/13/64/b4d76f227d5c45a7e0b796c674fd81b0a6c4fbd48dc29271857d8219571c/rpds_py-0.30.0-pp311-pypy311_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:dff13836529b921e22f15cb099751209a60009731a68519630a24d61f0b1b30a", size = 573981, upload-time = "2025-11-30T20:24:32.934Z" }, + { url = "https://files.pythonhosted.org/packages/20/91/092bacadeda3edf92bf743cc96a7be133e13a39cdbfd7b5082e7ab638406/rpds_py-0.30.0-pp311-pypy311_pp73-musllinux_1_2_i686.whl", hash = "sha256:1b151685b23929ab7beec71080a8889d4d6d9fa9a983d213f07121205d48e2c4", size = 599782, upload-time = "2025-11-30T20:24:35.169Z" }, + { url = "https://files.pythonhosted.org/packages/d1/b7/b95708304cd49b7b6f82fdd039f1748b66ec2b21d6a45180910802f1abf1/rpds_py-0.30.0-pp311-pypy311_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:ac37f9f516c51e5753f27dfdef11a88330f04de2d564be3991384b2f3535d02e", size = 562191, upload-time = "2025-11-30T20:24:36.853Z" }, +] + +[[package]] +name = "tomli" +version = "2.4.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/82/30/31573e9457673ab10aa432461bee537ce6cef177667deca369efb79df071/tomli-2.4.0.tar.gz", hash = "sha256:aa89c3f6c277dd275d8e243ad24f3b5e701491a860d5121f2cdd399fbb31fc9c", size = 17477, upload-time = "2026-01-11T11:22:38.165Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/3c/d9/3dc2289e1f3b32eb19b9785b6a006b28ee99acb37d1d47f78d4c10e28bf8/tomli-2.4.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:b5ef256a3fd497d4973c11bf142e9ed78b150d36f5773f1ca6088c230ffc5867", size = 153663, upload-time = "2026-01-11T11:21:45.27Z" }, + { url = "https://files.pythonhosted.org/packages/51/32/ef9f6845e6b9ca392cd3f64f9ec185cc6f09f0a2df3db08cbe8809d1d435/tomli-2.4.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:5572e41282d5268eb09a697c89a7bee84fae66511f87533a6f88bd2f7b652da9", size = 148469, upload-time = "2026-01-11T11:21:46.873Z" }, + { url = "https://files.pythonhosted.org/packages/d6/c2/506e44cce89a8b1b1e047d64bd495c22c9f71f21e05f380f1a950dd9c217/tomli-2.4.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:551e321c6ba03b55676970b47cb1b73f14a0a4dce6a3e1a9458fd6d921d72e95", size = 236039, upload-time = "2026-01-11T11:21:48.503Z" }, + { url = "https://files.pythonhosted.org/packages/b3/40/e1b65986dbc861b7e986e8ec394598187fa8aee85b1650b01dd925ca0be8/tomli-2.4.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:5e3f639a7a8f10069d0e15408c0b96a2a828cfdec6fca05296ebcdcc28ca7c76", size = 243007, upload-time = "2026-01-11T11:21:49.456Z" }, + { url = "https://files.pythonhosted.org/packages/9c/6f/6e39ce66b58a5b7ae572a0f4352ff40c71e8573633deda43f6a379d56b3e/tomli-2.4.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1b168f2731796b045128c45982d3a4874057626da0e2ef1fdd722848b741361d", size = 240875, upload-time = "2026-01-11T11:21:50.755Z" }, + { url = "https://files.pythonhosted.org/packages/aa/ad/cb089cb190487caa80204d503c7fd0f4d443f90b95cf4ef5cf5aa0f439b0/tomli-2.4.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:133e93646ec4300d651839d382d63edff11d8978be23da4cc106f5a18b7d0576", size = 246271, upload-time = "2026-01-11T11:21:51.81Z" }, + { url = "https://files.pythonhosted.org/packages/0b/63/69125220e47fd7a3a27fd0de0c6398c89432fec41bc739823bcc66506af6/tomli-2.4.0-cp311-cp311-win32.whl", hash = "sha256:b6c78bdf37764092d369722d9946cb65b8767bfa4110f902a1b2542d8d173c8a", size = 96770, upload-time = "2026-01-11T11:21:52.647Z" }, + { url = "https://files.pythonhosted.org/packages/1e/0d/a22bb6c83f83386b0008425a6cd1fa1c14b5f3dd4bad05e98cf3dbbf4a64/tomli-2.4.0-cp311-cp311-win_amd64.whl", hash = "sha256:d3d1654e11d724760cdb37a3d7691f0be9db5fbdaef59c9f532aabf87006dbaa", size = 107626, upload-time = "2026-01-11T11:21:53.459Z" }, + { url = "https://files.pythonhosted.org/packages/2f/6d/77be674a3485e75cacbf2ddba2b146911477bd887dda9d8c9dfb2f15e871/tomli-2.4.0-cp311-cp311-win_arm64.whl", hash = "sha256:cae9c19ed12d4e8f3ebf46d1a75090e4c0dc16271c5bce1c833ac168f08fb614", size = 94842, upload-time = "2026-01-11T11:21:54.831Z" }, + { url = "https://files.pythonhosted.org/packages/3c/43/7389a1869f2f26dba52404e1ef13b4784b6b37dac93bac53457e3ff24ca3/tomli-2.4.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:920b1de295e72887bafa3ad9f7a792f811847d57ea6b1215154030cf131f16b1", size = 154894, upload-time = "2026-01-11T11:21:56.07Z" }, + { url = "https://files.pythonhosted.org/packages/e9/05/2f9bf110b5294132b2edf13fe6ca6ae456204f3d749f623307cbb7a946f2/tomli-2.4.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:7d6d9a4aee98fac3eab4952ad1d73aee87359452d1c086b5ceb43ed02ddb16b8", size = 149053, upload-time = "2026-01-11T11:21:57.467Z" }, + { url = "https://files.pythonhosted.org/packages/e8/41/1eda3ca1abc6f6154a8db4d714a4d35c4ad90adc0bcf700657291593fbf3/tomli-2.4.0-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:36b9d05b51e65b254ea6c2585b59d2c4cb91c8a3d91d0ed0f17591a29aaea54a", size = 243481, upload-time = "2026-01-11T11:21:58.661Z" }, + { url = "https://files.pythonhosted.org/packages/d2/6d/02ff5ab6c8868b41e7d4b987ce2b5f6a51d3335a70aa144edd999e055a01/tomli-2.4.0-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1c8a885b370751837c029ef9bc014f27d80840e48bac415f3412e6593bbc18c1", size = 251720, upload-time = "2026-01-11T11:22:00.178Z" }, + { url = "https://files.pythonhosted.org/packages/7b/57/0405c59a909c45d5b6f146107c6d997825aa87568b042042f7a9c0afed34/tomli-2.4.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:8768715ffc41f0008abe25d808c20c3d990f42b6e2e58305d5da280ae7d1fa3b", size = 247014, upload-time = "2026-01-11T11:22:01.238Z" }, + { url = "https://files.pythonhosted.org/packages/2c/0e/2e37568edd944b4165735687cbaf2fe3648129e440c26d02223672ee0630/tomli-2.4.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:7b438885858efd5be02a9a133caf5812b8776ee0c969fea02c45e8e3f296ba51", size = 251820, upload-time = "2026-01-11T11:22:02.727Z" }, + { url = "https://files.pythonhosted.org/packages/5a/1c/ee3b707fdac82aeeb92d1a113f803cf6d0f37bdca0849cb489553e1f417a/tomli-2.4.0-cp312-cp312-win32.whl", hash = "sha256:0408e3de5ec77cc7f81960c362543cbbd91ef883e3138e81b729fc3eea5b9729", size = 97712, upload-time = "2026-01-11T11:22:03.777Z" }, + { url = "https://files.pythonhosted.org/packages/69/13/c07a9177d0b3bab7913299b9278845fc6eaaca14a02667c6be0b0a2270c8/tomli-2.4.0-cp312-cp312-win_amd64.whl", hash = "sha256:685306e2cc7da35be4ee914fd34ab801a6acacb061b6a7abca922aaf9ad368da", size = 108296, upload-time = "2026-01-11T11:22:04.86Z" }, + { url = "https://files.pythonhosted.org/packages/18/27/e267a60bbeeee343bcc279bb9e8fbed0cbe224bc7b2a3dc2975f22809a09/tomli-2.4.0-cp312-cp312-win_arm64.whl", hash = "sha256:5aa48d7c2356055feef06a43611fc401a07337d5b006be13a30f6c58f869e3c3", size = 94553, upload-time = "2026-01-11T11:22:05.854Z" }, + { url = "https://files.pythonhosted.org/packages/34/91/7f65f9809f2936e1f4ce6268ae1903074563603b2a2bd969ebbda802744f/tomli-2.4.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:84d081fbc252d1b6a982e1870660e7330fb8f90f676f6e78b052ad4e64714bf0", size = 154915, upload-time = "2026-01-11T11:22:06.703Z" }, + { url = "https://files.pythonhosted.org/packages/20/aa/64dd73a5a849c2e8f216b755599c511badde80e91e9bc2271baa7b2cdbb1/tomli-2.4.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:9a08144fa4cba33db5255f9b74f0b89888622109bd2776148f2597447f92a94e", size = 149038, upload-time = "2026-01-11T11:22:07.56Z" }, + { url = "https://files.pythonhosted.org/packages/9e/8a/6d38870bd3d52c8d1505ce054469a73f73a0fe62c0eaf5dddf61447e32fa/tomli-2.4.0-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:c73add4bb52a206fd0c0723432db123c0c75c280cbd67174dd9d2db228ebb1b4", size = 242245, upload-time = "2026-01-11T11:22:08.344Z" }, + { url = "https://files.pythonhosted.org/packages/59/bb/8002fadefb64ab2669e5b977df3f5e444febea60e717e755b38bb7c41029/tomli-2.4.0-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1fb2945cbe303b1419e2706e711b7113da57b7db31ee378d08712d678a34e51e", size = 250335, upload-time = "2026-01-11T11:22:09.951Z" }, + { url = "https://files.pythonhosted.org/packages/a5/3d/4cdb6f791682b2ea916af2de96121b3cb1284d7c203d97d92d6003e91c8d/tomli-2.4.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:bbb1b10aa643d973366dc2cb1ad94f99c1726a02343d43cbc011edbfac579e7c", size = 245962, upload-time = "2026-01-11T11:22:11.27Z" }, + { url = "https://files.pythonhosted.org/packages/f2/4a/5f25789f9a460bd858ba9756ff52d0830d825b458e13f754952dd15fb7bb/tomli-2.4.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:4cbcb367d44a1f0c2be408758b43e1ffb5308abe0ea222897d6bfc8e8281ef2f", size = 250396, upload-time = "2026-01-11T11:22:12.325Z" }, + { url = "https://files.pythonhosted.org/packages/aa/2f/b73a36fea58dfa08e8b3a268750e6853a6aac2a349241a905ebd86f3047a/tomli-2.4.0-cp313-cp313-win32.whl", hash = "sha256:7d49c66a7d5e56ac959cb6fc583aff0651094ec071ba9ad43df785abc2320d86", size = 97530, upload-time = "2026-01-11T11:22:13.865Z" }, + { url = "https://files.pythonhosted.org/packages/3b/af/ca18c134b5d75de7e8dc551c5234eaba2e8e951f6b30139599b53de9c187/tomli-2.4.0-cp313-cp313-win_amd64.whl", hash = "sha256:3cf226acb51d8f1c394c1b310e0e0e61fecdd7adcb78d01e294ac297dd2e7f87", size = 108227, upload-time = "2026-01-11T11:22:15.224Z" }, + { url = "https://files.pythonhosted.org/packages/22/c3/b386b832f209fee8073c8138ec50f27b4460db2fdae9ffe022df89a57f9b/tomli-2.4.0-cp313-cp313-win_arm64.whl", hash = "sha256:d20b797a5c1ad80c516e41bc1fb0443ddb5006e9aaa7bda2d71978346aeb9132", size = 94748, upload-time = "2026-01-11T11:22:16.009Z" }, + { url = "https://files.pythonhosted.org/packages/f3/c4/84047a97eb1004418bc10bdbcfebda209fca6338002eba2dc27cc6d13563/tomli-2.4.0-cp314-cp314-macosx_10_15_x86_64.whl", hash = "sha256:26ab906a1eb794cd4e103691daa23d95c6919cc2fa9160000ac02370cc9dd3f6", size = 154725, upload-time = "2026-01-11T11:22:17.269Z" }, + { url = "https://files.pythonhosted.org/packages/a8/5d/d39038e646060b9d76274078cddf146ced86dc2b9e8bbf737ad5983609a0/tomli-2.4.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:20cedb4ee43278bc4f2fee6cb50daec836959aadaf948db5172e776dd3d993fc", size = 148901, upload-time = "2026-01-11T11:22:18.287Z" }, + { url = "https://files.pythonhosted.org/packages/73/e5/383be1724cb30f4ce44983d249645684a48c435e1cd4f8b5cded8a816d3c/tomli-2.4.0-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:39b0b5d1b6dd03684b3fb276407ebed7090bbec989fa55838c98560c01113b66", size = 243375, upload-time = "2026-01-11T11:22:19.154Z" }, + { url = "https://files.pythonhosted.org/packages/31/f0/bea80c17971c8d16d3cc109dc3585b0f2ce1036b5f4a8a183789023574f2/tomli-2.4.0-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:a26d7ff68dfdb9f87a016ecfd1e1c2bacbe3108f4e0f8bcd2228ef9a766c787d", size = 250639, upload-time = "2026-01-11T11:22:20.168Z" }, + { url = "https://files.pythonhosted.org/packages/2c/8f/2853c36abbb7608e3f945d8a74e32ed3a74ee3a1f468f1ffc7d1cb3abba6/tomli-2.4.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:20ffd184fb1df76a66e34bd1b36b4a4641bd2b82954befa32fe8163e79f1a702", size = 246897, upload-time = "2026-01-11T11:22:21.544Z" }, + { url = "https://files.pythonhosted.org/packages/49/f0/6c05e3196ed5337b9fe7ea003e95fd3819a840b7a0f2bf5a408ef1dad8ed/tomli-2.4.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:75c2f8bbddf170e8effc98f5e9084a8751f8174ea6ccf4fca5398436e0320bc8", size = 254697, upload-time = "2026-01-11T11:22:23.058Z" }, + { url = "https://files.pythonhosted.org/packages/f3/f5/2922ef29c9f2951883525def7429967fc4d8208494e5ab524234f06b688b/tomli-2.4.0-cp314-cp314-win32.whl", hash = "sha256:31d556d079d72db7c584c0627ff3a24c5d3fb4f730221d3444f3efb1b2514776", size = 98567, upload-time = "2026-01-11T11:22:24.033Z" }, + { url = "https://files.pythonhosted.org/packages/7b/31/22b52e2e06dd2a5fdbc3ee73226d763b184ff21fc24e20316a44ccc4d96b/tomli-2.4.0-cp314-cp314-win_amd64.whl", hash = "sha256:43e685b9b2341681907759cf3a04e14d7104b3580f808cfde1dfdb60ada85475", size = 108556, upload-time = "2026-01-11T11:22:25.378Z" }, + { url = "https://files.pythonhosted.org/packages/48/3d/5058dff3255a3d01b705413f64f4306a141a8fd7a251e5a495e3f192a998/tomli-2.4.0-cp314-cp314-win_arm64.whl", hash = "sha256:3d895d56bd3f82ddd6faaff993c275efc2ff38e52322ea264122d72729dca2b2", size = 96014, upload-time = "2026-01-11T11:22:26.138Z" }, + { url = "https://files.pythonhosted.org/packages/b8/4e/75dab8586e268424202d3a1997ef6014919c941b50642a1682df43204c22/tomli-2.4.0-cp314-cp314t-macosx_10_15_x86_64.whl", hash = "sha256:5b5807f3999fb66776dbce568cc9a828544244a8eb84b84b9bafc080c99597b9", size = 163339, upload-time = "2026-01-11T11:22:27.143Z" }, + { url = "https://files.pythonhosted.org/packages/06/e3/b904d9ab1016829a776d97f163f183a48be6a4deb87304d1e0116a349519/tomli-2.4.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:c084ad935abe686bd9c898e62a02a19abfc9760b5a79bc29644463eaf2840cb0", size = 159490, upload-time = "2026-01-11T11:22:28.399Z" }, + { url = "https://files.pythonhosted.org/packages/e3/5a/fc3622c8b1ad823e8ea98a35e3c632ee316d48f66f80f9708ceb4f2a0322/tomli-2.4.0-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0f2e3955efea4d1cfbcb87bc321e00dc08d2bcb737fd1d5e398af111d86db5df", size = 269398, upload-time = "2026-01-11T11:22:29.345Z" }, + { url = "https://files.pythonhosted.org/packages/fd/33/62bd6152c8bdd4c305ad9faca48f51d3acb2df1f8791b1477d46ff86e7f8/tomli-2.4.0-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0e0fe8a0b8312acf3a88077a0802565cb09ee34107813bba1c7cd591fa6cfc8d", size = 276515, upload-time = "2026-01-11T11:22:30.327Z" }, + { url = "https://files.pythonhosted.org/packages/4b/ff/ae53619499f5235ee4211e62a8d7982ba9e439a0fb4f2f351a93d67c1dd2/tomli-2.4.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:413540dce94673591859c4c6f794dfeaa845e98bf35d72ed59636f869ef9f86f", size = 273806, upload-time = "2026-01-11T11:22:32.56Z" }, + { url = "https://files.pythonhosted.org/packages/47/71/cbca7787fa68d4d0a9f7072821980b39fbb1b6faeb5f5cf02f4a5559fa28/tomli-2.4.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:0dc56fef0e2c1c470aeac5b6ca8cc7b640bb93e92d9803ddaf9ea03e198f5b0b", size = 281340, upload-time = "2026-01-11T11:22:33.505Z" }, + { url = "https://files.pythonhosted.org/packages/f5/00/d595c120963ad42474cf6ee7771ad0d0e8a49d0f01e29576ee9195d9ecdf/tomli-2.4.0-cp314-cp314t-win32.whl", hash = "sha256:d878f2a6707cc9d53a1be1414bbb419e629c3d6e67f69230217bb663e76b5087", size = 108106, upload-time = "2026-01-11T11:22:34.451Z" }, + { url = "https://files.pythonhosted.org/packages/de/69/9aa0c6a505c2f80e519b43764f8b4ba93b5a0bbd2d9a9de6e2b24271b9a5/tomli-2.4.0-cp314-cp314t-win_amd64.whl", hash = "sha256:2add28aacc7425117ff6364fe9e06a183bb0251b03f986df0e78e974047571fd", size = 120504, upload-time = "2026-01-11T11:22:35.764Z" }, + { url = "https://files.pythonhosted.org/packages/b3/9f/f1668c281c58cfae01482f7114a4b88d345e4c140386241a1a24dcc9e7bc/tomli-2.4.0-cp314-cp314t-win_arm64.whl", hash = "sha256:2b1e3b80e1d5e52e40e9b924ec43d81570f0e7d09d11081b797bc4692765a3d4", size = 99561, upload-time = "2026-01-11T11:22:36.624Z" }, + { url = "https://files.pythonhosted.org/packages/23/d1/136eb2cb77520a31e1f64cbae9d33ec6df0d78bdf4160398e86eec8a8754/tomli-2.4.0-py3-none-any.whl", hash = "sha256:1f776e7d669ebceb01dee46484485f43a4048746235e683bcdffacdf1fb4785a", size = 14477, upload-time = "2026-01-11T11:22:37.446Z" }, +] + +[[package]] +name = "typing-extensions" +version = "4.15.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/72/94/1a15dd82efb362ac84269196e94cf00f187f7ed21c242792a923cdb1c61f/typing_extensions-4.15.0.tar.gz", hash = "sha256:0cea48d173cc12fa28ecabc3b837ea3cf6f38c6d1136f85cbaaf598984861466", size = 109391, upload-time = "2025-08-25T13:49:26.313Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/18/67/36e9267722cc04a6b9f15c7f3441c2363321a3ea07da7ae0c0707beb2a9c/typing_extensions-4.15.0-py3-none-any.whl", hash = "sha256:f0fa19c6845758ab08074a0cfa8b7aecb71c999ca73d62883bc25cc018c4e548", size = 44614, upload-time = "2025-08-25T13:49:24.86Z" }, +] + +[[package]] +name = "typing-inspection" +version = "0.4.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/55/e3/70399cb7dd41c10ac53367ae42139cf4b1ca5f36bb3dc6c9d33acdb43655/typing_inspection-0.4.2.tar.gz", hash = "sha256:ba561c48a67c5958007083d386c3295464928b01faa735ab8547c5692e87f464", size = 75949, upload-time = "2025-10-01T02:14:41.687Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/dc/9b/47798a6c91d8bdb567fe2698fe81e0c6b7cb7ef4d13da4114b41d239f65d/typing_inspection-0.4.2-py3-none-any.whl", hash = "sha256:4ed1cacbdc298c220f1bd249ed5287caa16f34d44ef4e9c3d0cbad5b521545e7", size = 14611, upload-time = "2025-10-01T02:14:40.154Z" }, +] From 1d7867dcacc0c17b54651630fd8f88414f913f99 Mon Sep 17 00:00:00 2001 From: trongnhanphan Date: Sun, 1 Feb 2026 22:59:16 +0700 Subject: [PATCH 20/21] add hardcoded value and new policy table_type and storage_location_prefix for google_biglake_table --- .../enforce_type_hive/c.tf | 2 +- .../enforce_type_hive/nc.tf | 2 +- .../location_uri_allowlist/c.tf | 2 +- .../location_uri_allowlist/nc.tf | 2 +- .../storage_location_allowlist/c.tf | 2 +- .../storage_location_allowlist/nc.tf | 2 +- .../.terraform.lock.hcl | 21 +++++++++++++++ .../storage_location_prefix/c.tf | 15 +++++++++++ .../storage_location_prefix/config.tf | 11 ++++++++ .../storage_location_prefix/nc.tf | 14 ++++++++++ .../table_type/.terraform.lock.hcl | 21 +++++++++++++++ .../google_biglake_table/table_type/c.tf | 14 ++++++++++ .../google_biglake_table/table_type/config.tf | 11 ++++++++ .../google_biglake_table/table_type/nc.tf | 14 ++++++++++ .../storage_location_prefix/policy.rego | 27 +++++++++++++++++++ .../table_type/policy.rego | 27 +++++++++++++++++++ 16 files changed, 181 insertions(+), 6 deletions(-) create mode 100644 inputs/gcp/biglake/google_biglake_table/storage_location_prefix/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_table/storage_location_prefix/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/storage_location_prefix/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/storage_location_prefix/nc.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/table_type/.terraform.lock.hcl create mode 100644 inputs/gcp/biglake/google_biglake_table/table_type/c.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/table_type/config.tf create mode 100644 inputs/gcp/biglake/google_biglake_table/table_type/nc.tf create mode 100644 policies/gcp/biglake/google_biglake_table/storage_location_prefix/policy.rego create mode 100644 policies/gcp/biglake/google_biglake_table/table_type/policy.rego diff --git a/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/c.tf b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/c.tf index 5c8b8175a..27b96f3db 100644 --- a/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/c.tf +++ b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/c.tf @@ -3,7 +3,7 @@ resource "google_biglake_database" "c" { name = "enforce_type_hive_compliant" - catalog = google_biglake_catalog.catalog.id + catalog = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog" type = "HIVE" hive_options { diff --git a/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/nc.tf b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/nc.tf index 657360f5b..7c81c8f75 100644 --- a/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/nc.tf +++ b/inputs/gcp/biglake/google_biglake_database/enforce_type_hive/nc.tf @@ -3,7 +3,7 @@ resource "google_biglake_database" "nc" { name = "enforce_type_hive_non_compliant" - catalog = google_biglake_catalog.catalog.id + catalog = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog" type = "ICEBERG" # not allowed hive_options { diff --git a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/c.tf b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/c.tf index a49bb4cb2..f909e0f61 100644 --- a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/c.tf +++ b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/c.tf @@ -3,7 +3,7 @@ resource "google_biglake_database" "c" { name = "location_uri_allowlist_compliant" - catalog = google_biglake_catalog.catalog.id + catalog = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog" type = "HIVE" hive_options { diff --git a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf index f3577c502..59af55dd7 100644 --- a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf +++ b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf @@ -3,7 +3,7 @@ resource "google_biglake_database" "database" { name = "location_uri_allowlist_non_compliant" - catalog = google_biglake_catalog.catalog.id + catalog = catalog = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog" type = "HIVE" hive_options { diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/c.tf b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/c.tf index ef14c7cd8..2b4f12964 100644 --- a/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/c.tf +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/c.tf @@ -3,7 +3,7 @@ resource "google_biglake_table" "c" { name = "storage_location_allowlist_compliant" - database = google_biglake_database.database.id + database = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog/databases/pde_dummy_database" type = "HIVE" hive_options { diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/nc.tf b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/nc.tf index bf60d0953..3feb7f684 100644 --- a/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/nc.tf +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_allowlist/nc.tf @@ -3,7 +3,7 @@ resource "google_biglake_table" "nc" { name = "storage_location_allowlist_non_compliant" - database = google_biglake_database.database.id + database = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog/databases/pde_dummy_database" type = "HIVE" hive_options { diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/c.tf b/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/c.tf new file mode 100644 index 000000000..cf2a8fb69 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/c.tf @@ -0,0 +1,15 @@ +# Describe your resource type here +# Keep "c" as the name to indicate that this resource and its attributes are compliant + +resource "google_biglake_table" "c" { + name = "storage_location_prefix_compliant" + database = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog/databases/pde_dummy_database" + type = "HIVE" + + hive_options { + storage_descriptor { + location_uri = "gs://secure-data-bucket/table-path" + } + } +} + diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/config.tf b/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/config.tf new file mode 100644 index 000000000..9f4356520 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} \ No newline at end of file diff --git a/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/nc.tf b/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/nc.tf new file mode 100644 index 000000000..0ff5d9966 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/storage_location_prefix/nc.tf @@ -0,0 +1,14 @@ +# Describe your resource type here +# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant + +resource "google_biglake_table" "nc" { + name = "storage_location_prefix_non_compliant" + database = "projects/pde-dummy-project/locations/us/catalogs/pde_dummy_catalog/databases/pde_dummy_database" + type = "CUSTOM" + + hive_options { + storage_descriptor { + location_uri = "gs://secure-private-bucket/table-path" + } + } +} diff --git a/inputs/gcp/biglake/google_biglake_table/table_type/.terraform.lock.hcl b/inputs/gcp/biglake/google_biglake_table/table_type/.terraform.lock.hcl new file mode 100644 index 000000000..316309c9a --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/table_type/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/google" { + version = "7.17.0" + hashes = [ + "h1:VPHRMsm3eQrxzk1b7eHuSG9sG7315ZaGPshFjqzZ5No=", + "zh:103778d776fb994a6b24d70fa095c23a1672361f2a05d882b227b02507b402fc", + "zh:34bcd6cce3081a21983ccfad5cbf2cbf69ff298c65c6570edb4ec7d38a8183f5", + "zh:5f8fd0e8e40068b597b28c0bc08372c9228aad77746068101c72acf4bb902937", + "zh:6b25cee7dec78470feb987438aedb1f4354c696f6548edee7775621e8df24fa9", + "zh:6b5bd97884b51b86fa6a9f1905c0ebf695539e905122052896e8b05122416ff4", + "zh:86e634c5825d8bd32592ae6b74f15e1db5d9b61c85d1a2e529d1696effb76d54", + "zh:c3190609f6f638f4efd7359a5638eeff81d41a38a00861f7df870b5c8f4c11cb", + "zh:d42d854642b4d3b010f232d848197945f90af60e7f9883ac96d7caae9c9d2474", + "zh:da9929be5d3873ad317e488e7ada08d5b95b5461b34d91cef76314317bdc0d49", + "zh:ed2763c21b2f3c1eb7b4b92f6502069a24078345e19c88f91d9e3a46a17147f8", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbca63b82bbdef6fd329d2c8356b3f39f8c785ad93fd0596cfff676dbaef23ac", + ] +} diff --git a/inputs/gcp/biglake/google_biglake_table/table_type/c.tf b/inputs/gcp/biglake/google_biglake_table/table_type/c.tf new file mode 100644 index 000000000..eab0246cb --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/table_type/c.tf @@ -0,0 +1,14 @@ +# Describe your resource type here +# Keep "c" as the name to indicate that this resource and its attributes are compliant + +resource "google_biglake_table" "c" { + name = "table_type_compliant" + database = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog/databases/pde_dummy_database" + type = "HIVE" + + hive_options { + storage_descriptor { + location_uri = "gs://secure-private-bucket/table-path" + } + } +} diff --git a/inputs/gcp/biglake/google_biglake_table/table_type/config.tf b/inputs/gcp/biglake/google_biglake_table/table_type/config.tf new file mode 100644 index 000000000..9f4356520 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/table_type/config.tf @@ -0,0 +1,11 @@ +##### DO NOT EDIT ###### + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + } +} + +provider "google" {} \ No newline at end of file diff --git a/inputs/gcp/biglake/google_biglake_table/table_type/nc.tf b/inputs/gcp/biglake/google_biglake_table/table_type/nc.tf new file mode 100644 index 000000000..f9ba7c392 --- /dev/null +++ b/inputs/gcp/biglake/google_biglake_table/table_type/nc.tf @@ -0,0 +1,14 @@ +# Describe your resource type here +# Keep "nc" as the name to indicate that this resource and its attributes are non-compliant + +resource "google_biglake_table" "nc" { + name = "table_type_non_compliant" + database = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog/databases/pde_dummy_database" + type = "CUSTOM" + + hive_options { + storage_descriptor { + location_uri = "gs://secure-private-bucket/table-path" + } + } +} diff --git a/policies/gcp/biglake/google_biglake_table/storage_location_prefix/policy.rego b/policies/gcp/biglake/google_biglake_table/storage_location_prefix/policy.rego new file mode 100644 index 000000000..fec4b7945 --- /dev/null +++ b/policies/gcp/biglake/google_biglake_table/storage_location_prefix/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_table.storage_location_prefix + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_table.vars + +conditions := [ + [ + { + "situation_description": "BigLake table is configured to use a non-approved Cloud Storage bucket.", + "remedies": [ + "Configure the table to use an approved private Cloud Storage bucket." + ] + }, + { + "condition": "Check that the table storage location uses an approved bucket prefix.", + "attribute_path": ["hive_options", "storage_descriptor", "location_uri"], + "values": [ + "gs://secure-", + "gs://private-" + ], + "policy_type": "prefix" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details diff --git a/policies/gcp/biglake/google_biglake_table/table_type/policy.rego b/policies/gcp/biglake/google_biglake_table/table_type/policy.rego new file mode 100644 index 000000000..fc1be2c88 --- /dev/null +++ b/policies/gcp/biglake/google_biglake_table/table_type/policy.rego @@ -0,0 +1,27 @@ +package terraform.gcp.security.biglake.google_biglake_table.table_type + +import data.terraform.helpers +import data.terraform.gcp.security.biglake.google_biglake_table.vars + +conditions := [ + [ + { + "situation_description": "BigLake table is created with a non-approved table type.", + "remedies": [ + "Use an approved BigLake table type only." + ] + }, + { + "condition": "Check that the table type is within the approved allowlist.", + "attribute_path": ["type"], + "values": [ + "HIVE", + "ICEBERG" + ], + "policy_type": "whitelist" + } + ] +] + +message := helpers.get_multi_summary(conditions, vars.variables).message +details := helpers.get_multi_summary(conditions, vars.variables).details From 601e08268dbf6964fa40b4e311d69a55cd46d370 Mon Sep 17 00:00:00 2001 From: trongnhanphan Date: Mon, 2 Feb 2026 10:54:34 +0700 Subject: [PATCH 21/21] delete duplicate "catalog =" --- .../google_biglake_database/location_uri_allowlist/nc.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf index 59af55dd7..e8b5fd057 100644 --- a/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf +++ b/inputs/gcp/biglake/google_biglake_database/location_uri_allowlist/nc.tf @@ -3,7 +3,7 @@ resource "google_biglake_database" "database" { name = "location_uri_allowlist_non_compliant" - catalog = catalog = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog" + catalog = "projects/pde-dummy-project/locations/au/catalogs/pde_dummy_catalog" type = "HIVE" hive_options {