From 35760ee2e5379bb49457a6ec2258e886021bdba9 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 11 Feb 2025 21:56:55 +0530 Subject: [PATCH] fixed lint errors --- cloud/gcp/compute/gcloud-disk-image-public-access.yaml | 3 +-- .../compute/gcloud-instance-group-autohealing-disabled.yaml | 3 +-- cloud/gcp/compute/gcloud-mig-no-load-balancer.yaml | 3 +-- cloud/gcp/compute/gcloud-mig-single-zone.yaml | 3 +-- cloud/gcp/compute/gcloud-oslogin-disabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-automatic-restart-disabled.yaml | 3 +-- .../gcp/compute/gcloud-vm-confidential-computing-disabled.yaml | 3 +-- .../compute/gcloud-vm-default-service-account-full-access.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-default-service-account.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-deletion-protection-disabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-disk-autodelete-enabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-disk-cmk-not-enabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-disk-csek-disabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-disk-csek-not-enabled.yaml | 2 +- cloud/gcp/compute/gcloud-vm-ip-forwarding-enabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-maintenance-terminate.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-oslogin-2fa-disabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-preemptible-enabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-project-ssh-keys-enabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-public-ip-enabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-serial-console-enabled.yaml | 3 +-- cloud/gcp/compute/gcloud-vm-shielded-disabled.yaml | 3 +-- cloud/gcp/dataproc/gcloud-dataproc-no-cmk.yaml | 3 +-- cloud/gcp/dataproc/gcloud-dataproc-public-access.yaml | 3 +-- .../gcloud-filestore-deletion-protection-disabled.yaml | 3 +-- cloud/gcp/filestore/gcloud-filestore-no-backups.yaml | 3 +-- cloud/gcp/filestore/gcloud-filestore-no-cmek.yaml | 3 +-- cloud/gcp/filestore/gcloud-filestore-unrestricted-access.yaml | 3 +-- cloud/gcp/gke/gcloud-gke-auto-repair-disabled.yaml | 2 +- cloud/gcp/gke/gcloud-gke-auto-upgrade-disabled.yaml | 2 +- cloud/gcp/gke/gcloud-gke-backups-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-binary-authorization-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-client-certificate-enabled.yaml | 2 +- cloud/gcp/gke/gcloud-gke-confidential-nodes-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-cos-containerd-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-cost-allocation-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-default-service-account.yaml | 1 - cloud/gcp/gke/gcloud-gke-integrity-monitoring-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-intranode-visibility-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-labels-missing.yaml | 1 - cloud/gcp/gke/gcloud-gke-logging-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-metadata-server-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-monitoring-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-notifications-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-private-nodes-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-public-endpoint-enabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-release-channel-disabled.yaml | 2 +- cloud/gcp/gke/gcloud-gke-sandbox-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-secrets-encryption-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-secure-boot-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-security-posture-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-shielded-nodes-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-transparent-encryption-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-vpc-native-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-vulnerability-scanning-disabled.yaml | 1 - cloud/gcp/gke/gcloud-gke-workload-identity-disabled.yaml | 1 - cloud/gcp/iam/gcloud-iam-admin-roles.yaml | 2 +- cloud/gcp/iam/gcloud-iam-unrestricted-decryption.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-allowed-apis.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-auto-iam-grants.yaml | 3 +-- cloud/gcp/resourcemanager/gcloud-org-default-network.yaml | 2 +- .../gcp/resourcemanager/gcloud-org-detailed-audit-logging.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-guest-attributes.yaml | 3 +-- cloud/gcp/resourcemanager/gcloud-org-ip-forwarding.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-load-balancer-types.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-os-login.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-resource-locations.yaml | 2 +- .../resourcemanager/gcloud-org-service-account-creation.yaml | 2 +- .../gcloud-org-service-account-key-creation.yaml | 2 +- .../resourcemanager/gcloud-org-service-account-key-upload.yaml | 3 +-- cloud/gcp/resourcemanager/gcloud-org-shared-vpc-subnets.yaml | 2 +- .../resourcemanager/gcloud-org-sql-authorized-networks.yaml | 2 +- .../gcp/resourcemanager/gcloud-org-sql-default-encryption.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-sql-public-ip.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-trusted-images.yaml | 2 +- .../gcp/resourcemanager/gcloud-org-uniform-bucket-access.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-vpc-peering.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-vpn-peer-ips.yaml | 2 +- cloud/gcp/resourcemanager/gcloud-org-workload-identity.yaml | 2 +- cloud/gcp/vertexai/gcloud-vertexai-auto-upgrades.yaml | 2 +- cloud/gcp/vertexai/gcloud-vertexai-default-vpc.yaml | 2 +- cloud/gcp/vertexai/gcloud-vertexai-external-ip.yaml | 2 +- cloud/gcp/vertexai/gcloud-vertexai-idle-shutdown.yaml | 2 +- cloud/gcp/vertexai/gcloud-vertexai-integrity.yaml | 2 +- cloud/gcp/vertexai/gcloud-vertexai-monitoring.yaml | 2 +- cloud/gcp/vertexai/gcloud-vertexai-root-access.yaml | 2 +- cloud/gcp/vertexai/gcloud-vertexai-secure-boot.yaml | 2 +- cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml | 2 +- cloud/gcp/vpc/gcloud-vpc-private-service-connect.yaml | 2 +- 89 files changed, 65 insertions(+), 119 deletions(-) diff --git a/cloud/gcp/compute/gcloud-disk-image-public-access.yaml b/cloud/gcp/compute/gcloud-disk-image-public-access.yaml index fb88481af98..89e37f85bdc 100644 --- a/cloud/gcp/compute/gcloud-disk-image-public-access.yaml +++ b/cloud/gcp/compute/gcloud-disk-image-public-access.yaml @@ -70,5 +70,4 @@ code: extractors: - type: dsl dsl: - - '"Disk image " + imageName + " in project " + projectId + " is publicly shared with all Google Cloud users"' -# digest: 490a00463044022062203c7efa2a71b2995777a4d4dc8082ec16bf50eed5308dd5c128cd9ad9fc5a02201cdaae6dcd643d2e832ffdd35c81bc2174c26c270e72fce928cf7861d635b070:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Disk image " + imageName + " in project " + projectId + " is publicly shared with all Google Cloud users"' diff --git a/cloud/gcp/compute/gcloud-instance-group-autohealing-disabled.yaml b/cloud/gcp/compute/gcloud-instance-group-autohealing-disabled.yaml index 7dcfec055e7..230273e826a 100644 --- a/cloud/gcp/compute/gcloud-instance-group-autohealing-disabled.yaml +++ b/cloud/gcp/compute/gcloud-instance-group-autohealing-disabled.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"Managed Instance Group " + instanceGroupName + " in zone " + zone + " of project " + projectId + " does not have autohealing enabled"' -# digest: 4a0a00473045022019e6c0db3a78c29aa85801e46d9663593e5693ecce3700ec92a55448b242370f0221009fa647c64e2d7bc3c5b021c92b9a07fd4af42b40b6227619a7ad8fa0fb297350:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Managed Instance Group " + instanceGroupName + " in zone " + zone + " of project " + projectId + " does not have autohealing enabled"' diff --git a/cloud/gcp/compute/gcloud-mig-no-load-balancer.yaml b/cloud/gcp/compute/gcloud-mig-no-load-balancer.yaml index 2fdebf30a48..3fced9b4fc1 100644 --- a/cloud/gcp/compute/gcloud-mig-no-load-balancer.yaml +++ b/cloud/gcp/compute/gcloud-mig-no-load-balancer.yaml @@ -70,5 +70,4 @@ code: extractors: - type: dsl dsl: - - '"Managed Instance Group " + instanceGroupName + " in project " + projectId + " is not associated with any load balancer backend service"' -# digest: 490a0046304402206a83098d94cd4b50086d378be11f5bbbf2c759a57511cd922be4797123b429fb0220153f55b1b427a770f3f870fd011866c7bee3e9ef1dda04d7388bddbb98345b13:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Managed Instance Group " + instanceGroupName + " in project " + projectId + " is not associated with any load balancer backend service"' diff --git a/cloud/gcp/compute/gcloud-mig-single-zone.yaml b/cloud/gcp/compute/gcloud-mig-single-zone.yaml index 93a3615f137..1b8aad2a7d7 100644 --- a/cloud/gcp/compute/gcloud-mig-single-zone.yaml +++ b/cloud/gcp/compute/gcloud-mig-single-zone.yaml @@ -69,5 +69,4 @@ code: extractors: - type: dsl dsl: - - '"Managed Instance Group " + instanceGroupName + " in project " + projectId + " is not configured to run instances across multiple zones"' -# digest: 4a0a00473045022100e1de26d4a2e7b665e1efaab6f0f4d3b9ef6629a00871961521d7cc1f7dd0ab9d02206815f1ff3ad342befad9bd34835e42ab7c5c9ca473c039f4ff2a3ba8e26bdc4b:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Managed Instance Group " + instanceGroupName + " in project " + projectId + " is not configured to run instances across multiple zones"' diff --git a/cloud/gcp/compute/gcloud-oslogin-disabled.yaml b/cloud/gcp/compute/gcloud-oslogin-disabled.yaml index c86d51f9b7d..a6ecef41882 100644 --- a/cloud/gcp/compute/gcloud-oslogin-disabled.yaml +++ b/cloud/gcp/compute/gcloud-oslogin-disabled.yaml @@ -92,5 +92,4 @@ code: extractors: - type: dsl dsl: - - '"OS Login is not enabled for instance " + instanceName + " in zone " + zone + " of project " + projectId' -# digest: 490a0046304402202ce0504ca969da50b11725650d03da00d3c6750f4b662c036493d4ade07e13a20220586299c86cd82610f70156f505baf53fc901929b03bca472875c8ea7ee316ada:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"OS Login is not enabled for instance " + instanceName + " in zone " + zone + " of project " + projectId' diff --git a/cloud/gcp/compute/gcloud-vm-automatic-restart-disabled.yaml b/cloud/gcp/compute/gcloud-vm-automatic-restart-disabled.yaml index b4aadbd2912..95bda202968 100644 --- a/cloud/gcp/compute/gcloud-vm-automatic-restart-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-automatic-restart-disabled.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " does not have automatic restart enabled"' -# digest: 4a0a00473045022100b65c2875f3d2b7d8c59a176b91612dab5a33d19de1e55092cd45b8037e1079bd02205b7447b94af8f65e345a6996db086f7b92a7e5dd7a977bda00b6c1782534c455:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " does not have automatic restart enabled"' diff --git a/cloud/gcp/compute/gcloud-vm-confidential-computing-disabled.yaml b/cloud/gcp/compute/gcloud-vm-confidential-computing-disabled.yaml index 6b79e226fcf..46b16d036f1 100644 --- a/cloud/gcp/compute/gcloud-vm-confidential-computing-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-confidential-computing-disabled.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " does not have Confidential Computing enabled"' -# digest: 4b0a00483046022100915677ee753b02e80b63bef69da7c0a33c8b86fb4065652d3096f8d1614f78ec022100f720d0e5499f0081e2177fd28f4ce78c5ebc4b04b1383879e64486bb80f0d7e7:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " does not have Confidential Computing enabled"' diff --git a/cloud/gcp/compute/gcloud-vm-default-service-account-full-access.yaml b/cloud/gcp/compute/gcloud-vm-default-service-account-full-access.yaml index d0bf1cfdaed..68a5ad3c8c3 100644 --- a/cloud/gcp/compute/gcloud-vm-default-service-account-full-access.yaml +++ b/cloud/gcp/compute/gcloud-vm-default-service-account-full-access.yaml @@ -73,5 +73,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is using the default Compute Engine service account with full API access"' -# digest: 4a0a00473045022100c8c31965cedfe87b79eed22bad29dcf4a16a09807a4c8f7ca6ea3cb190318caf022059deadbebb587d09a8a7e60265664fcaa99f09194d8c9ffdce5b41afd3d834db:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is using the default Compute Engine service account with full API access"' diff --git a/cloud/gcp/compute/gcloud-vm-default-service-account.yaml b/cloud/gcp/compute/gcloud-vm-default-service-account.yaml index d3eb2771424..6736de22f10 100644 --- a/cloud/gcp/compute/gcloud-vm-default-service-account.yaml +++ b/cloud/gcp/compute/gcloud-vm-default-service-account.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is using the default Compute Engine service account"' -# digest: 4b0a0048304602210082c6dc7cf7eba9e4af6a0bcc46773f031ceea53fc4ae2325cc755c8515b400fb022100f6be8de14b60819841f52bfbf90a8f801bec026b3b2f074d8f9b32b975ddda3b:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is using the default Compute Engine service account"' diff --git a/cloud/gcp/compute/gcloud-vm-deletion-protection-disabled.yaml b/cloud/gcp/compute/gcloud-vm-deletion-protection-disabled.yaml index 875441d42b7..071fe982974 100644 --- a/cloud/gcp/compute/gcloud-vm-deletion-protection-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-deletion-protection-disabled.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " does not have deletion protection enabled"' -# digest: 4b0a00483046022100cbd74fddac91e6f6718e1b16166eac3f38f05a144bda08d372a8fe6532ec3596022100900faebd8a8c01be30facfa4dece312dd011dd1e4bc65a1e86855c4a6c2dd43e:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " does not have deletion protection enabled"' diff --git a/cloud/gcp/compute/gcloud-vm-disk-autodelete-enabled.yaml b/cloud/gcp/compute/gcloud-vm-disk-autodelete-enabled.yaml index fa8068a3c19..e3630d5f79d 100644 --- a/cloud/gcp/compute/gcloud-vm-disk-autodelete-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-disk-autodelete-enabled.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " has one or more disks with auto-delete enabled"' -# digest: 490a0046304402201dcc54da2489552a74d3253d980b17c0b740e5730f4cf0160164bc2a3e68eb0002200e19f5cae87b938ea2788829ebabaf634e08a5184982bf6319be687307289bbb:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " has one or more disks with auto-delete enabled"' diff --git a/cloud/gcp/compute/gcloud-vm-disk-cmk-not-enabled.yaml b/cloud/gcp/compute/gcloud-vm-disk-cmk-not-enabled.yaml index 7eaa237c05f..fcc621686e5 100644 --- a/cloud/gcp/compute/gcloud-vm-disk-cmk-not-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-disk-cmk-not-enabled.yaml @@ -87,5 +87,4 @@ code: extractors: - type: dsl dsl: - - '"Disk " + diskName + " attached to instance " + instanceName + " in zone " + zone + " of project " + projectId + " is not encrypted with a Customer-Managed Key (CMK)"' -# digest: 4b0a00483046022100f1197f6203d6bacfac6e08930987ea581928f4449c10082e2253b4abadf57732022100a9acbc161f0bee51adc1f22ae7191724c3e8ee33fe93fbaa2bbc41714cd06afc:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Disk " + diskName + " attached to instance " + instanceName + " in zone " + zone + " of project " + projectId + " is not encrypted with a Customer-Managed Key (CMK)"' diff --git a/cloud/gcp/compute/gcloud-vm-disk-csek-disabled.yaml b/cloud/gcp/compute/gcloud-vm-disk-csek-disabled.yaml index a358543709f..56eb409d1fe 100644 --- a/cloud/gcp/compute/gcloud-vm-disk-csek-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-disk-csek-disabled.yaml @@ -87,5 +87,4 @@ code: extractors: - type: dsl dsl: - - '"Disk " + diskName + " attached to instance " + instanceName + " in zone " + zone + " of project " + projectId + " has Customer-Supplied Encryption Keys (CSEKs) disabled"' -# digest: 4b0a00483046022100d91652a863ba25feaf2a47e3dfc856457d48c715a4c15e6b560b400862a10d46022100b034e7aa652b906c29b3685f79e3fd7f71a917c852aedee713c8fb49f8c78a61:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Disk " + diskName + " attached to instance " + instanceName + " in zone " + zone + " of project " + projectId + " has Customer-Supplied Encryption Keys (CSEKs) disabled"' diff --git a/cloud/gcp/compute/gcloud-vm-disk-csek-not-enabled.yaml b/cloud/gcp/compute/gcloud-vm-disk-csek-not-enabled.yaml index 30737423446..38285c7741c 100644 --- a/cloud/gcp/compute/gcloud-vm-disk-csek-not-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-disk-csek-not-enabled.yaml @@ -88,4 +88,4 @@ code: extractors: - type: dsl dsl: - - '"Disk " + diskName + " attached to instance " + instanceName + " in zone " + zone + " of project " + projectId + " is not encrypted with a Customer-Supplied Encryption Key (CSEK)"' \ No newline at end of file + - '"Disk " + diskName + " attached to instance " + instanceName + " in zone " + zone + " of project " + projectId + " is not encrypted with a Customer-Supplied Encryption Key (CSEK)"' \ No newline at end of file diff --git a/cloud/gcp/compute/gcloud-vm-ip-forwarding-enabled.yaml b/cloud/gcp/compute/gcloud-vm-ip-forwarding-enabled.yaml index b6bfe627ca6..1c7b3572209 100644 --- a/cloud/gcp/compute/gcloud-vm-ip-forwarding-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-ip-forwarding-enabled.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " has IP forwarding enabled"' -# digest: 4a0a0047304502206eae014d43559358aec26725c4e8c6b8cab099ce7e2b961f6ee018e1892e1a39022100803492de385bf013b76729d684ea168903bbfc2ddefcbf12fc8de7359f9770fb:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " has IP forwarding enabled"' diff --git a/cloud/gcp/compute/gcloud-vm-maintenance-terminate.yaml b/cloud/gcp/compute/gcloud-vm-maintenance-terminate.yaml index ab58aabd426..f68da114770 100644 --- a/cloud/gcp/compute/gcloud-vm-maintenance-terminate.yaml +++ b/cloud/gcp/compute/gcloud-vm-maintenance-terminate.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is configured to terminate instead of migrate during maintenance events"' -# digest: 4b0a00483046022100c9bea81bf7b49ceb41718896c0dbec9178102d34d43b95ab930a14709b7de369022100d853180bdb971f5dbc098afff9c1def03a36b583370105fe8cf42c7daa4d56c3:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is configured to terminate instead of migrate during maintenance events"' diff --git a/cloud/gcp/compute/gcloud-vm-oslogin-2fa-disabled.yaml b/cloud/gcp/compute/gcloud-vm-oslogin-2fa-disabled.yaml index 7aeeedb84bb..e464f7174a0 100644 --- a/cloud/gcp/compute/gcloud-vm-oslogin-2fa-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-oslogin-2fa-disabled.yaml @@ -72,5 +72,4 @@ code: extractors: - type: dsl dsl: - - '"OS Login with 2FA authentication is not enabled for VM instance " + instanceName + " in zone " + zone + " of project " + projectId' -# digest: 4a0a004730450220364f666eb4864a851ab60cf5baaff34e6be2e0d850b4e84d858b8c4f94b85a07022100dd6ceb745138c139a0cbd7c7bceaefe7c64b9cdbf36769aaccb68d50f79bef91:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"OS Login with 2FA authentication is not enabled for VM instance " + instanceName + " in zone " + zone + " of project " + projectId' diff --git a/cloud/gcp/compute/gcloud-vm-preemptible-enabled.yaml b/cloud/gcp/compute/gcloud-vm-preemptible-enabled.yaml index bbc217a9a66..880f863e984 100644 --- a/cloud/gcp/compute/gcloud-vm-preemptible-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-preemptible-enabled.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is configured as preemptible and may not be suitable for production workloads"' -# digest: 4a0a0047304502201bd8f4e817d360012280fe3e21a7365992f94dac2e5ef8975eff87c0cf88707a0221009b35501b86c181029be866f33b9b3bc6342f9478eab7c37e55b0b9dbc5a18364:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is configured as preemptible and may not be suitable for production workloads"' diff --git a/cloud/gcp/compute/gcloud-vm-project-ssh-keys-enabled.yaml b/cloud/gcp/compute/gcloud-vm-project-ssh-keys-enabled.yaml index ffe76a63cae..54ccdfebcb4 100644 --- a/cloud/gcp/compute/gcloud-vm-project-ssh-keys-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-project-ssh-keys-enabled.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is not configured to block project-wide SSH keys"' -# digest: 490a0046304402204c4908dadbb8708a82cdf33e438d1a4f32c726be712012a19a55372c1ebcab4c022025609d2041ac3ca02361240aa879c18622377744fdcce751762235ace39f02ee:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " is not configured to block project-wide SSH keys"' diff --git a/cloud/gcp/compute/gcloud-vm-public-ip-enabled.yaml b/cloud/gcp/compute/gcloud-vm-public-ip-enabled.yaml index 14ddeab569f..82b409b5f87 100644 --- a/cloud/gcp/compute/gcloud-vm-public-ip-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-public-ip-enabled.yaml @@ -77,5 +77,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " has a public IP address configured"' -# digest: 4a0a0047304502202b7ed6b33c2626fd72a003030763f6f6789401ef276f7295848b87b764b1df0a022100d46cd0976efcb73588b032690e620130439145d37aa208a172cbf0139ef16ed0:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " has a public IP address configured"' diff --git a/cloud/gcp/compute/gcloud-vm-serial-console-enabled.yaml b/cloud/gcp/compute/gcloud-vm-serial-console-enabled.yaml index 6a8d53865a4..993b213c34b 100644 --- a/cloud/gcp/compute/gcloud-vm-serial-console-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-serial-console-enabled.yaml @@ -73,5 +73,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " has interactive serial console support enabled"' -# digest: 4b0a00483046022100fb1936be7ea91a27b2a6a93218896be1b0b80e928afac18a7db92ea06d908ce7022100e5345b8dd77d9c4f1c75beef07718c79f9eb2f8c972af700e781375f7e0eab10:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " has interactive serial console support enabled"' diff --git a/cloud/gcp/compute/gcloud-vm-shielded-disabled.yaml b/cloud/gcp/compute/gcloud-vm-shielded-disabled.yaml index 4b95c07255f..103c163cafc 100644 --- a/cloud/gcp/compute/gcloud-vm-shielded-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-shielded-disabled.yaml @@ -76,5 +76,4 @@ code: extractors: - type: dsl dsl: - - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " does not have Shielded VM features (vTPM and Integrity Monitoring) fully enabled"' -# digest: 490a0046304402201e63ea9ca90d5d4f4af37e855e771bb958e8cfff3972e2d53cd26be9f74480720220065a2dbb817838c4710427fd8393099e96034556758d6fb833bdb59751884439:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"VM instance " + instanceName + " in zone " + zone + " of project " + projectId + " does not have Shielded VM features (vTPM and Integrity Monitoring) fully enabled"' diff --git a/cloud/gcp/dataproc/gcloud-dataproc-no-cmk.yaml b/cloud/gcp/dataproc/gcloud-dataproc-no-cmk.yaml index 62dc234e7f2..caa73d364ef 100644 --- a/cloud/gcp/dataproc/gcloud-dataproc-no-cmk.yaml +++ b/cloud/gcp/dataproc/gcloud-dataproc-no-cmk.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"Dataproc cluster " + clusterName + " in region " + region + " of project " + projectId + " is not encrypted with Customer-Managed Keys"' -# digest: 4a0a00473045022100a0df190ceb4af0cae3c5622018eb9eaa13e7d7c770992ba771d02eef3bca4a6402202aad7fea87f5a4c45f8c41ad4a7d6205162f07ffe9abb57fef092d6bbf896156:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Dataproc cluster " + clusterName + " in region " + region + " of project " + projectId + " is not encrypted with Customer-Managed Keys"' diff --git a/cloud/gcp/dataproc/gcloud-dataproc-public-access.yaml b/cloud/gcp/dataproc/gcloud-dataproc-public-access.yaml index ac60bed8585..b753ffdbe3f 100644 --- a/cloud/gcp/dataproc/gcloud-dataproc-public-access.yaml +++ b/cloud/gcp/dataproc/gcloud-dataproc-public-access.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"Dataproc cluster " + clusterName + " in region " + region + " of project " + projectId + " is configured with external IP addresses and is publicly accessible"' -# digest: 4a0a00473045022100f5f8b6b5dc69b287b221c251a23a01a1d8fcff56ef7100979613b3d765b41c8702207811dc210e5a134370cfdd8d5bf0f5142fad59d62060dab7cffad6811e515ae8:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Dataproc cluster " + clusterName + " in region " + region + " of project " + projectId + " is configured with external IP addresses and is publicly accessible"' diff --git a/cloud/gcp/filestore/gcloud-filestore-deletion-protection-disabled.yaml b/cloud/gcp/filestore/gcloud-filestore-deletion-protection-disabled.yaml index 8c35b51afd3..9c8e492b760 100644 --- a/cloud/gcp/filestore/gcloud-filestore-deletion-protection-disabled.yaml +++ b/cloud/gcp/filestore/gcloud-filestore-deletion-protection-disabled.yaml @@ -69,5 +69,4 @@ code: extractors: - type: dsl dsl: - - '"Filestore instance " + instanceName + " in project " + projectId + " does not have deletion protection enabled"' -# digest: 490a00463044022008930ba92d35fca3b1d4cc8f7894c08aef1ec6484448a4e6a5d35b538b2c70030220166e2426efcfc9b63bc91a8ddbfbbb6a74a8cc69287e44f7e6c43ad29592e4a5:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Filestore instance " + instanceName + " in project " + projectId + " does not have deletion protection enabled"' diff --git a/cloud/gcp/filestore/gcloud-filestore-no-backups.yaml b/cloud/gcp/filestore/gcloud-filestore-no-backups.yaml index c4693754ea8..68c626a0e09 100644 --- a/cloud/gcp/filestore/gcloud-filestore-no-backups.yaml +++ b/cloud/gcp/filestore/gcloud-filestore-no-backups.yaml @@ -71,5 +71,4 @@ code: extractors: - type: dsl dsl: - - '"Filestore instance " + instanceName + " in project " + projectId + " has no backups configured for data protection and disaster recovery"' -# digest: 4a0a00473045022050c6789698c907efa0ae129df0e04df4f989f1b989fd06bce8b17a839f45b65e022100ff4aa7abdf9eb85e9dcd26b0304639f2255cdb6f3d8c2d89a0086bb5b580cc90:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Filestore instance " + instanceName + " in project " + projectId + " has no backups configured for data protection and disaster recovery"' diff --git a/cloud/gcp/filestore/gcloud-filestore-no-cmek.yaml b/cloud/gcp/filestore/gcloud-filestore-no-cmek.yaml index 97e980cbbf9..46ab815438e 100644 --- a/cloud/gcp/filestore/gcloud-filestore-no-cmek.yaml +++ b/cloud/gcp/filestore/gcloud-filestore-no-cmek.yaml @@ -70,5 +70,4 @@ code: extractors: - type: dsl dsl: - - '"Filestore instance " + instanceName + " in project " + projectId + " is not encrypted with Customer-Managed Keys"' -# digest: 4b0a00483046022100906103c6715e34fd7e8f8f1b222a6a58636ca54f3b733ded2427fa2211d9e43a0221008fda63f37629bdec19bbe066d75e668b1e3811e4387377db14255312a0bd413e:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Filestore instance " + instanceName + " in project " + projectId + " is not encrypted with Customer-Managed Keys"' diff --git a/cloud/gcp/filestore/gcloud-filestore-unrestricted-access.yaml b/cloud/gcp/filestore/gcloud-filestore-unrestricted-access.yaml index 2e7fa91cec8..a613d6dd1b5 100644 --- a/cloud/gcp/filestore/gcloud-filestore-unrestricted-access.yaml +++ b/cloud/gcp/filestore/gcloud-filestore-unrestricted-access.yaml @@ -70,5 +70,4 @@ code: extractors: - type: dsl dsl: - - '"Filestore instance " + instanceName + " in project " + projectId + " has unrestricted client access and is not limited to specific IP addresses"' -# digest: 4a0a00473045022100e132d1a4ddbfbd184c1c625c555088141dbd3f4214d4a716fcf9355d5246bde7022021afd440d6eb2b7aa62ec9e0517237832f9584ca9d33114a94d29b4e75695ac8:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Filestore instance " + instanceName + " in project " + projectId + " has unrestricted client access and is not limited to specific IP addresses"' diff --git a/cloud/gcp/gke/gcloud-gke-auto-repair-disabled.yaml b/cloud/gcp/gke/gcloud-gke-auto-repair-disabled.yaml index 759f9f94aa8..95c98bcbce7 100644 --- a/cloud/gcp/gke/gcloud-gke-auto-repair-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-auto-repair-disabled.yaml @@ -92,4 +92,4 @@ code: extractors: - type: dsl dsl: - - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " does not have auto-repair enabled"' \ No newline at end of file + - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " does not have auto-repair enabled"' \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-auto-upgrade-disabled.yaml b/cloud/gcp/gke/gcloud-gke-auto-upgrade-disabled.yaml index eef0b9cb83b..33438afcf47 100644 --- a/cloud/gcp/gke/gcloud-gke-auto-upgrade-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-auto-upgrade-disabled.yaml @@ -92,4 +92,4 @@ code: extractors: - type: dsl dsl: - - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " does not have auto-upgrade enabled"' \ No newline at end of file + - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " does not have auto-upgrade enabled"' \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-backups-disabled.yaml b/cloud/gcp/gke/gcloud-gke-backups-disabled.yaml index 5f327c4c273..d5fe5744096 100644 --- a/cloud/gcp/gke/gcloud-gke-backups-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-backups-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have backups enabled"' -# digest: 4a0a00473045022058add8d328507300f6ec8ff6822b5a7febfeadcd67d9336b70f634c11c803f2e022100b3496629a1115f5161d65b1d42b93bbc1613fed5e3d3be889d6f2f0711bde9cd:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-binary-authorization-disabled.yaml b/cloud/gcp/gke/gcloud-gke-binary-authorization-disabled.yaml index dbadcdcec99..742e1112441 100644 --- a/cloud/gcp/gke/gcloud-gke-binary-authorization-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-binary-authorization-disabled.yaml @@ -75,4 +75,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have Binary Authorization enabled"' -# digest: 490a0046304402202bef6bb1fd32f76308bba5f6009738ed207ed59e47015d66982d0fb57b431055022017d025c5d98ee2fa40921eab61ddee9a820891bae1a4b0a0c952d87cc70f8507:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-client-certificate-enabled.yaml b/cloud/gcp/gke/gcloud-gke-client-certificate-enabled.yaml index 27d8d37b5ff..8a7f72769b4 100644 --- a/cloud/gcp/gke/gcloud-gke-client-certificate-enabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-client-certificate-enabled.yaml @@ -72,4 +72,4 @@ code: extractors: - type: dsl dsl: - - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " has client certificate authentication enabled"' \ No newline at end of file + - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " has client certificate authentication enabled"' \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-confidential-nodes-disabled.yaml b/cloud/gcp/gke/gcloud-gke-confidential-nodes-disabled.yaml index 8b42be78dff..d4546c2ff26 100644 --- a/cloud/gcp/gke/gcloud-gke-confidential-nodes-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-confidential-nodes-disabled.yaml @@ -91,4 +91,3 @@ code: - type: dsl dsl: - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " does not have confidential nodes enabled"' -# digest: 490a004630440220254f654088e06ba0b9d78d7ef74ccc084b4a596def3fc0d0172b41c83883847102203f25d97baf59d86df1d927bf2acbeb8b2f830239a46de3aef6b57cd1199c30fc:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-cos-containerd-disabled.yaml b/cloud/gcp/gke/gcloud-gke-cos-containerd-disabled.yaml index e9715610934..55062e8c1cd 100644 --- a/cloud/gcp/gke/gcloud-gke-cos-containerd-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-cos-containerd-disabled.yaml @@ -97,4 +97,3 @@ code: - type: dsl dsl: - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " is not using Container-Optimized OS with containerd"' -# digest: 4b0a00483046022100d7e2d0dc7dd3577efcc030ede8222fd5684fc5e7520491b98511ad9a3043f5d5022100f4a7e6c25b47c1ff3ee607d8a52ab3145941be29f03e29bc1242b1e40e4cf4dd:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-cost-allocation-disabled.yaml b/cloud/gcp/gke/gcloud-gke-cost-allocation-disabled.yaml index 6e0df953556..a782d304151 100644 --- a/cloud/gcp/gke/gcloud-gke-cost-allocation-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-cost-allocation-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have cost allocation enabled"' -# digest: 490a0046304402206d9097e23e45084c63d327ce371d8da9ee683b0c6f5af9d3576154c661ede58e0220678fdbf947d88c3cce762327a3d90ddbd5bb424de9b2817c4f8851e295b82a13:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-default-service-account.yaml b/cloud/gcp/gke/gcloud-gke-default-service-account.yaml index 4632e095cc0..38d622a6de2 100644 --- a/cloud/gcp/gke/gcloud-gke-default-service-account.yaml +++ b/cloud/gcp/gke/gcloud-gke-default-service-account.yaml @@ -90,4 +90,3 @@ code: - type: dsl dsl: - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " is using the default service account"' -# digest: 490a0046304402205651ed2433058bb17df2737f2f5de361d371d3741b206fc4db397a09cdd9fa460220546300428bda3b8ac7c0919be1dc5dd9c0555c64df7cf6bb4b6cb84a72134465:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-integrity-monitoring-disabled.yaml b/cloud/gcp/gke/gcloud-gke-integrity-monitoring-disabled.yaml index 9ac0808f4af..5e9851e40a8 100644 --- a/cloud/gcp/gke/gcloud-gke-integrity-monitoring-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-integrity-monitoring-disabled.yaml @@ -92,4 +92,3 @@ code: - type: dsl dsl: - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " does not have Integrity Monitoring enabled"' -# digest: 4a0a00473045022000d2072dd4f4e242d35a5ca233f440e8a87ec729e235cd2dbd2bd79f70f14327022100b05d23ad50230225aa49c64697849c87ddc842285613397df4f696c49b81aea5:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-intranode-visibility-disabled.yaml b/cloud/gcp/gke/gcloud-gke-intranode-visibility-disabled.yaml index da4dabc73ac..5b2e2048f70 100644 --- a/cloud/gcp/gke/gcloud-gke-intranode-visibility-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-intranode-visibility-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have intranode visibility enabled"' -# digest: 4b0a00483046022100c933a69cfb05a1ed77da939c7ff4afbf05f3603d0178bc7b9c63450078631d20022100c7aeff41e420012de801a58904c8462b201a124f725cee2dc5ddd3a1ce698285:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-labels-missing.yaml b/cloud/gcp/gke/gcloud-gke-labels-missing.yaml index ce4694bfd3e..88760d4c94c 100644 --- a/cloud/gcp/gke/gcloud-gke-labels-missing.yaml +++ b/cloud/gcp/gke/gcloud-gke-labels-missing.yaml @@ -72,4 +72,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have any resource labels configured"' -# digest: 490a0046304402200a5d358b73d29c89cbd938dafabb3fe42aa583dfbf82e2346673d50204bfde7602206a0f1668505671d9812b8e2b217bb9a7fd8994edddbbb92d2e019ce8390ea08c:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-logging-disabled.yaml b/cloud/gcp/gke/gcloud-gke-logging-disabled.yaml index 0ae7868d8e1..fc6f18b9272 100644 --- a/cloud/gcp/gke/gcloud-gke-logging-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-logging-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have Cloud Logging enabled"' -# digest: 4b0a00483046022100a741d452fe597b28524b6929cccabd72794c587c7155bbcf432cbe9781a43b96022100d16d94ac33dab5f4f9de9ab360ccf7cab068b805d1b90254cc6ea0fe13d2c560:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-metadata-server-disabled.yaml b/cloud/gcp/gke/gcloud-gke-metadata-server-disabled.yaml index 07acc17c3ed..762d4354295 100644 --- a/cloud/gcp/gke/gcloud-gke-metadata-server-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-metadata-server-disabled.yaml @@ -91,4 +91,3 @@ code: - type: dsl dsl: - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " does not have GKE Metadata Server enabled"' -# digest: 4a0a0047304502206073a294f80fc0ee20686351ce80585834d1da4f19166441c8fe4fddae18c554022100b7df564d4713e8cd0b25dfdb1a1f08b1aa4599852fe37273a30592f21e46482f:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-monitoring-disabled.yaml b/cloud/gcp/gke/gcloud-gke-monitoring-disabled.yaml index a0ebf2f75b5..08902e0999e 100644 --- a/cloud/gcp/gke/gcloud-gke-monitoring-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-monitoring-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have Cloud Monitoring enabled"' -# digest: 4a0a00473045022100e89b7aaa627e911d1d039ccf0879dedef6e2c73825caeefcd34f5d01478c5b2902200d29ec115c34f0f71e6bf2f0489afc8aaf3fe575db2df3b4b9b4b975089d53db:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-notifications-disabled.yaml b/cloud/gcp/gke/gcloud-gke-notifications-disabled.yaml index bb118df5d98..8f86f9cfd37 100644 --- a/cloud/gcp/gke/gcloud-gke-notifications-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-notifications-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have critical notifications enabled"' -# digest: 4a0a00473045022100db8cd89d626a821ffd0bcec6300bf461b9f13c8a667ef90cf3eaed835ab1bba902200e117fac765a38deb848d33f6623054129ced06987a5c34628bc5318d271f66d:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-private-nodes-disabled.yaml b/cloud/gcp/gke/gcloud-gke-private-nodes-disabled.yaml index 65b6b7e8fe1..1362e8f6c97 100644 --- a/cloud/gcp/gke/gcloud-gke-private-nodes-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-private-nodes-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have private nodes enabled"' -# digest: 4b0a00483046022100fdc48434762abe68eecb0a27344da6e26154c2a55654fc528a6063d14370651a022100af3c79a149a84d5317eab5725469fab2fbf4060fac049a3e4de89c324d80edea:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-public-endpoint-enabled.yaml b/cloud/gcp/gke/gcloud-gke-public-endpoint-enabled.yaml index 2f815da32ea..1cc13604c19 100644 --- a/cloud/gcp/gke/gcloud-gke-public-endpoint-enabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-public-endpoint-enabled.yaml @@ -76,4 +76,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " has public endpoint access enabled"' -# digest: 4a0a0047304502207f6aabb3909208f9a0fb2e084a6fd6ae5cac59498d72cd494a4eddff7d441f0b022100c66e38c0f1f86efa065a24f0fb41e8bf31feb8fa47766ab4d257ff7b7b5950d8:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-release-channel-disabled.yaml b/cloud/gcp/gke/gcloud-gke-release-channel-disabled.yaml index 0ac4ef3f9f3..52bb4cebf57 100644 --- a/cloud/gcp/gke/gcloud-gke-release-channel-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-release-channel-disabled.yaml @@ -74,4 +74,4 @@ code: extractors: - type: dsl dsl: - - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " is not configured with Regular or Stable release channel"' \ No newline at end of file + - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " is not configured with Regular or Stable release channel"' \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-sandbox-disabled.yaml b/cloud/gcp/gke/gcloud-gke-sandbox-disabled.yaml index 309605ba055..cce81608368 100644 --- a/cloud/gcp/gke/gcloud-gke-sandbox-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-sandbox-disabled.yaml @@ -72,4 +72,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have Sandbox with gVisor enabled"' -# digest: 490a0046304402206fd0469db1c8dd30b8272057aa1645a2cc687376471c1dea652839d753bccdbb02203e8030d12fa10b157cf4f57db9e8b6eb221b9be1bfea82902c274794dd565249:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-secrets-encryption-disabled.yaml b/cloud/gcp/gke/gcloud-gke-secrets-encryption-disabled.yaml index d4c94b2208a..33c05b03ce2 100644 --- a/cloud/gcp/gke/gcloud-gke-secrets-encryption-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-secrets-encryption-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have application-layer secrets encryption enabled"' -# digest: 4a0a00473045022071e087e8d5817e898830adc2d32af0b2cc5fc0d8f79c552e639ff6ff5a9663c8022100b993aaab0a87474ba25a3a185d4b4a0a4ae9be56fe1ab249788a526037e656dd:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-secure-boot-disabled.yaml b/cloud/gcp/gke/gcloud-gke-secure-boot-disabled.yaml index 98e0dc80c0d..36f1d1cb905 100644 --- a/cloud/gcp/gke/gcloud-gke-secure-boot-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-secure-boot-disabled.yaml @@ -92,4 +92,3 @@ code: - type: dsl dsl: - '"Node pool " + nodePoolName + " in GKE cluster " + clusterName + " (" + location + ") of project " + projectId + " does not have Secure Boot enabled"' -# digest: 4a0a00473045022100c5f9c5a1d95fbebe16e6f3ed7ab6cf319774ed5f7f7056cbc3762f2a19fe5a9902205620176619d585b4b71544bfc3df81f7f1e088b2ecfa185b924e9784621162b1:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-security-posture-disabled.yaml b/cloud/gcp/gke/gcloud-gke-security-posture-disabled.yaml index 8a93a19d1dd..56d2a488a43 100644 --- a/cloud/gcp/gke/gcloud-gke-security-posture-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-security-posture-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have Security Posture dashboard enabled"' -# digest: 490a004630440220646ee7e19ffce6960e754c4fa579a3ab396fc3adcc6c58beae05be4f5b025e1d022004ecffc43205fd7425e58ec07290392aa8d017616dde8fc674724f8d335d5cee:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-shielded-nodes-disabled.yaml b/cloud/gcp/gke/gcloud-gke-shielded-nodes-disabled.yaml index 3c22f325f38..c67db39c9c3 100644 --- a/cloud/gcp/gke/gcloud-gke-shielded-nodes-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-shielded-nodes-disabled.yaml @@ -78,4 +78,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have Shielded Nodes enabled"' -# digest: 4a0a00473045022100e6d2cdf49a5e7c839a4c01df9e54e1362b1a1b80e6352bc34086410c879c72630220018d70edda3300b29fde34d28a85585685c6f2c1128eeb10e3ec9aa30f9fa11f:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-transparent-encryption-disabled.yaml b/cloud/gcp/gke/gcloud-gke-transparent-encryption-disabled.yaml index e5a66e03d14..69b1bbdd437 100644 --- a/cloud/gcp/gke/gcloud-gke-transparent-encryption-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-transparent-encryption-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have inter-node transparent encryption enabled"' -# digest: 4b0a00483046022100bae41584c57a955bdaca588758dfed54ec6bc6076d85e693f946d03676a1af67022100e18b244d475b50463fa3a1808a3090b93b5189408855461cd7e0f0623344cea1:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-vpc-native-disabled.yaml b/cloud/gcp/gke/gcloud-gke-vpc-native-disabled.yaml index 28696721c70..f707ff93b77 100644 --- a/cloud/gcp/gke/gcloud-gke-vpc-native-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-vpc-native-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have VPC-native traffic routing enabled"' -# digest: 4a0a00473045022100d3a6d9f28d3c4bf008cd05ebd4a0a602072cc3d22dae31a815ab0fb47e0f63df02207835345562fdf23362e00bc440b76e6b42176ab7005ebd117b9365c4e0bab4bb:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-vulnerability-scanning-disabled.yaml b/cloud/gcp/gke/gcloud-gke-vulnerability-scanning-disabled.yaml index 79c9d6fa222..46c0de9426a 100644 --- a/cloud/gcp/gke/gcloud-gke-vulnerability-scanning-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-vulnerability-scanning-disabled.yaml @@ -75,4 +75,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have workload vulnerability scanning enabled"' -# digest: 490a0046304402203ba259363397f72f6c588e77e50474ecf1a8156051c5f02392b58b51aee162a602205eb8d8d9ecc28c4517c21aa2e0ea5f95f0f0e91acb90f4695671360a4c7694d1:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/gke/gcloud-gke-workload-identity-disabled.yaml b/cloud/gcp/gke/gcloud-gke-workload-identity-disabled.yaml index 581517954f3..41a446b3917 100644 --- a/cloud/gcp/gke/gcloud-gke-workload-identity-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-workload-identity-disabled.yaml @@ -73,4 +73,3 @@ code: - type: dsl dsl: - '"GKE cluster " + clusterName + " in " + location + " of project " + projectId + " does not have Workload Identity Federation enabled"' -# digest: 4b0a00483046022100c9e45edcb6a40f520b70ac4e476992c6f09ffaa2ca285d6c4c17c41b40f6ec44022100984b6f8c2035b3860d3f44eb0325ce72883120c2250290c9e06030b0aa1294b8:46366314a226e6e09736af12eeb345c0 \ No newline at end of file diff --git a/cloud/gcp/iam/gcloud-iam-admin-roles.yaml b/cloud/gcp/iam/gcloud-iam-admin-roles.yaml index ded115bedfd..88dcaa1a60e 100644 --- a/cloud/gcp/iam/gcloud-iam-admin-roles.yaml +++ b/cloud/gcp/iam/gcloud-iam-admin-roles.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has IAM users with administrative roles that grant excessive permissions"' \ No newline at end of file + - '"Project " + projectId + " has IAM users with administrative roles that grant excessive permissions"' \ No newline at end of file diff --git a/cloud/gcp/iam/gcloud-iam-unrestricted-decryption.yaml b/cloud/gcp/iam/gcloud-iam-unrestricted-decryption.yaml index 5e4a29d7346..c57075db7df 100644 --- a/cloud/gcp/iam/gcloud-iam-unrestricted-decryption.yaml +++ b/cloud/gcp/iam/gcloud-iam-unrestricted-decryption.yaml @@ -53,4 +53,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has IAM users with unrestricted decryption permissions that can access all KMS keys"' \ No newline at end of file + - '"Project " + projectId + " has IAM users with unrestricted decryption permissions that can access all KMS keys"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-allowed-apis.yaml b/cloud/gcp/resourcemanager/gcloud-org-allowed-apis.yaml index 255ae503df2..dc066fd3a49 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-allowed-apis.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-allowed-apis.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted Google Cloud APIs and services, allowing all services to be enabled"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted Google Cloud APIs and services, allowing all services to be enabled"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-auto-iam-grants.yaml b/cloud/gcp/resourcemanager/gcloud-org-auto-iam-grants.yaml index fa2f41b77fc..27cd4cdd652 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-auto-iam-grants.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-auto-iam-grants.yaml @@ -52,5 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not disabled automatic IAM role grants for default service accounts"' -# digest: 490a0046304402207f8bbb5e1e04bf20ebccd250e3651f3287b8f213efb09bb4f1ff07fb73d887540220760072d96e67df4cc2dc6d912fbc26a6f0b5de2443e66f57d060a8342f9649ec:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Organization " + orgId + " has not disabled automatic IAM role grants for default service accounts"' diff --git a/cloud/gcp/resourcemanager/gcloud-org-default-network.yaml b/cloud/gcp/resourcemanager/gcloud-org-default-network.yaml index 5f37480b52d..aab476662d9 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-default-network.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-default-network.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not disabled default network creation, allowing automatic creation of over-permissive VPC networks"' \ No newline at end of file + - '"Organization " + orgId + " has not disabled automatic default network creation, allowing potential insecure network configurations"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-detailed-audit-logging.yaml b/cloud/gcp/resourcemanager/gcloud-org-detailed-audit-logging.yaml index 64d40dfa414..d22724e15d5 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-detailed-audit-logging.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-detailed-audit-logging.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not enabled detailed audit logging mode for Cloud Storage resources"' \ No newline at end of file + - '"Organization " + orgId + " has not enabled detailed audit logging mode for Cloud Storage resources"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-guest-attributes.yaml b/cloud/gcp/resourcemanager/gcloud-org-guest-attributes.yaml index e3605d67598..ceccabfd1bf 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-guest-attributes.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-guest-attributes.yaml @@ -52,5 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not disabled guest attributes for Compute Engine metadata"' -# digest: 4a0a00473045022100b86999d758d6b080f6c768b3afe9458714c0713702c63a8d58629637fe5fd9b00220355e00d211b75b6d7632f1c5e997d3cb19f495de4792b525a7dcab13822ddf61:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Organization " + orgId + " has not disabled guest attributes for Compute Engine metadata"' diff --git a/cloud/gcp/resourcemanager/gcloud-org-ip-forwarding.yaml b/cloud/gcp/resourcemanager/gcloud-org-ip-forwarding.yaml index 1570f09458c..6f35ae5dbe1 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-ip-forwarding.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-ip-forwarding.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted VM IP forwarding, allowing any instance to act as a router"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted VM IP forwarding, allowing any instance to act as a router"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-load-balancer-types.yaml b/cloud/gcp/resourcemanager/gcloud-org-load-balancer-types.yaml index b6aee172134..b4c13174d5c 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-load-balancer-types.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-load-balancer-types.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted load balancer creation by type, allowing all load balancer types to be created"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted load balancer creation by type, allowing all load balancer types to be created"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-os-login.yaml b/cloud/gcp/resourcemanager/gcloud-org-os-login.yaml index a1c4adb6615..1c4524aaded 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-os-login.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-os-login.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not enforced OS Login requirement for centralized SSH key management"' \ No newline at end of file + - '"Organization " + orgId + " has not enforced OS Login requirement for centralized SSH key management"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-resource-locations.yaml b/cloud/gcp/resourcemanager/gcloud-org-resource-locations.yaml index a490db7b827..14127e72ae8 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-resource-locations.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-resource-locations.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted resource locations, allowing resources to be created in any region"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted resource locations, allowing resources to be created in any region"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-service-account-creation.yaml b/cloud/gcp/resourcemanager/gcloud-org-service-account-creation.yaml index 4b712a5babd..5d49901615a 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-service-account-creation.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-service-account-creation.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not disabled service account creation, allowing users to create new service accounts"' \ No newline at end of file + - '"Organization " + orgId + " has not disabled service account creation, allowing users to create new service accounts"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-service-account-key-creation.yaml b/cloud/gcp/resourcemanager/gcloud-org-service-account-key-creation.yaml index 71918718a1f..b41916bf362 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-service-account-key-creation.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-service-account-key-creation.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not disabled service account key creation, allowing users to create unmanaged keys"' \ No newline at end of file + - '"Organization " + orgId + " has not disabled service account key creation, allowing users to create unmanaged keys"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-service-account-key-upload.yaml b/cloud/gcp/resourcemanager/gcloud-org-service-account-key-upload.yaml index 591a7f8c4d7..1f24ef8e567 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-service-account-key-upload.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-service-account-key-upload.yaml @@ -52,5 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not disabled service account key upload, allowing users to upload unmanaged keys"' -# digest: 4a0a00473045022100c2ebad6d1bb7d41213885bd61eb4b5d61840e28f02544a11fcb773f7924708fc022034fdc279e99d56cfc6e18a2af13cfbddd3f59c4276f3ba15aa107e5797cfded2:46366314a226e6e09736af12eeb345c0 \ No newline at end of file + - '"Organization " + orgId + " has not disabled service account key upload, allowing users to upload unmanaged keys"' diff --git a/cloud/gcp/resourcemanager/gcloud-org-shared-vpc-subnets.yaml b/cloud/gcp/resourcemanager/gcloud-org-shared-vpc-subnets.yaml index fdded2a0f0a..077a6a2b83c 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-shared-vpc-subnets.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-shared-vpc-subnets.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted shared VPC subnetworks, allowing resources to use any shared subnet"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted shared VPC subnetworks, allowing resources to use any shared subnet"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-sql-authorized-networks.yaml b/cloud/gcp/resourcemanager/gcloud-org-sql-authorized-networks.yaml index 3e050d130d6..e7e5d1e504c 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-sql-authorized-networks.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-sql-authorized-networks.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted authorized networks for Cloud SQL instances, allowing potential public access"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted authorized networks for Cloud SQL instances, allowing potential public access"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-sql-default-encryption.yaml b/cloud/gcp/resourcemanager/gcloud-org-sql-default-encryption.yaml index e55ad24c109..66221451f2a 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-sql-default-encryption.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-sql-default-encryption.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not disabled default Google-managed encryption for Cloud SQL instances"' \ No newline at end of file + - '"Organization " + orgId + " has not disabled default Google-managed encryption for Cloud SQL instances"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-sql-public-ip.yaml b/cloud/gcp/resourcemanager/gcloud-org-sql-public-ip.yaml index fdb35c91244..37e4316d910 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-sql-public-ip.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-sql-public-ip.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted public IP access for Cloud SQL instances, allowing databases to be exposed to the internet"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted public IP access for Cloud SQL instances, allowing databases to be exposed to the internet"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-trusted-images.yaml b/cloud/gcp/resourcemanager/gcloud-org-trusted-images.yaml index a711e6556c4..f48b732d8db 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-trusted-images.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-trusted-images.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted disk image usage to trusted projects, allowing use of any accessible image"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted disk image usage to trusted projects, allowing use of any accessible image"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-uniform-bucket-access.yaml b/cloud/gcp/resourcemanager/gcloud-org-uniform-bucket-access.yaml index d5c2544b4f6..8e9a987aa6b 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-uniform-bucket-access.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-uniform-bucket-access.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not enforced uniform bucket-level access for Cloud Storage buckets"' \ No newline at end of file + - '"Organization " + orgId + " has not enforced uniform bucket-level access for Cloud Storage buckets"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-vpc-peering.yaml b/cloud/gcp/resourcemanager/gcloud-org-vpc-peering.yaml index a5f0d0a8bf4..fcc67c1c24e 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-vpc-peering.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-vpc-peering.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted VPC peering usage, allowing networks to be peered with any other network"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted VPC peering usage, allowing networks to be peered with any other network"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-vpn-peer-ips.yaml b/cloud/gcp/resourcemanager/gcloud-org-vpn-peer-ips.yaml index b591bb136af..9e1fde498cf 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-vpn-peer-ips.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-vpn-peer-ips.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not restricted VPN peer IP addresses, allowing any IP to be configured as a VPN peer"' \ No newline at end of file + - '"Organization " + orgId + " has not restricted VPN peer IP addresses, allowing any IP to be configured as a VPN peer"' \ No newline at end of file diff --git a/cloud/gcp/resourcemanager/gcloud-org-workload-identity.yaml b/cloud/gcp/resourcemanager/gcloud-org-workload-identity.yaml index 242a7fc1303..69a02a88d57 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-workload-identity.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-workload-identity.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Organization " + orgId + " has not disabled Workload Identity for GKE cluster creation, potentially allowing uncontrolled service account access"' \ No newline at end of file + - '"Organization " + orgId + " has not disabled Workload Identity for GKE cluster creation, potentially allowing uncontrolled service account access"' \ No newline at end of file diff --git a/cloud/gcp/vertexai/gcloud-vertexai-auto-upgrades.yaml b/cloud/gcp/vertexai/gcloud-vertexai-auto-upgrades.yaml index 96e1b886447..226ac5442c7 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-auto-upgrades.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-auto-upgrades.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has Vertex AI notebook instances without automatic upgrades enabled"' \ No newline at end of file + - '"Project " + projectId + " has Vertex AI notebook instances without automatic upgrades enabled"' \ No newline at end of file diff --git a/cloud/gcp/vertexai/gcloud-vertexai-default-vpc.yaml b/cloud/gcp/vertexai/gcloud-vertexai-default-vpc.yaml index 8354192b71a..ed6b85c5031 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-default-vpc.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-default-vpc.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has Vertex AI notebook instances using the default VPC network"' \ No newline at end of file + - '"Project " + projectId + " has Vertex AI notebook instances using the default VPC network"' \ No newline at end of file diff --git a/cloud/gcp/vertexai/gcloud-vertexai-external-ip.yaml b/cloud/gcp/vertexai/gcloud-vertexai-external-ip.yaml index 0f3147401b2..ca999068754 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-external-ip.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-external-ip.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has Vertex AI notebook instances with external IP addresses enabled"' \ No newline at end of file + - '"Project " + projectId + " has Vertex AI notebook instances with external IP addresses enabled"' \ No newline at end of file diff --git a/cloud/gcp/vertexai/gcloud-vertexai-idle-shutdown.yaml b/cloud/gcp/vertexai/gcloud-vertexai-idle-shutdown.yaml index 713ce1268dc..6ba596f4ca9 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-idle-shutdown.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-idle-shutdown.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has Vertex AI notebook instances without idle shutdown enabled"' \ No newline at end of file + - '"Project " + projectId + " has Vertex AI notebook instances without idle shutdown enabled"' \ No newline at end of file diff --git a/cloud/gcp/vertexai/gcloud-vertexai-integrity.yaml b/cloud/gcp/vertexai/gcloud-vertexai-integrity.yaml index 229ab8c62b5..8bcc2032dc2 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-integrity.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-integrity.yaml @@ -54,4 +54,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has Vertex AI notebook instances without integrity monitoring enabled"' \ No newline at end of file + - '"Project " + projectId + " has Vertex AI notebook instances without integrity monitoring enabled"' \ No newline at end of file diff --git a/cloud/gcp/vertexai/gcloud-vertexai-monitoring.yaml b/cloud/gcp/vertexai/gcloud-vertexai-monitoring.yaml index 2dde9c095a7..476cfe9f3a8 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-monitoring.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-monitoring.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has Vertex AI notebook instances without Cloud Monitoring enabled"' \ No newline at end of file + - '"Project " + projectId + " has Vertex AI notebook instances without Cloud Monitoring enabled"' \ No newline at end of file diff --git a/cloud/gcp/vertexai/gcloud-vertexai-root-access.yaml b/cloud/gcp/vertexai/gcloud-vertexai-root-access.yaml index 77b7bbc7d63..4ea9085a719 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-root-access.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-root-access.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has Vertex AI notebook instances with root access enabled"' \ No newline at end of file + - '"Project " + projectId + " has Vertex AI notebook instances with root access enabled"' \ No newline at end of file diff --git a/cloud/gcp/vertexai/gcloud-vertexai-secure-boot.yaml b/cloud/gcp/vertexai/gcloud-vertexai-secure-boot.yaml index 06b67a66a58..61c28630b8c 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-secure-boot.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-secure-boot.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has Vertex AI notebook instances without Secure Boot enabled"' \ No newline at end of file + - '"Project " + projectId + " has Vertex AI notebook instances without Secure Boot enabled"' \ No newline at end of file diff --git a/cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml b/cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml index a7e1e56aaf6..6ea36db6c1e 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has Vertex AI notebook instances without Virtual Trusted Platform Module (vTPM) enabled"' \ No newline at end of file + - '"Project " + projectId + " has Vertex AI notebook instances without Virtual Trusted Platform Module (vTPM) enabled"' \ No newline at end of file diff --git a/cloud/gcp/vpc/gcloud-vpc-private-service-connect.yaml b/cloud/gcp/vpc/gcloud-vpc-private-service-connect.yaml index e8e23954e06..929ae96716c 100644 --- a/cloud/gcp/vpc/gcloud-vpc-private-service-connect.yaml +++ b/cloud/gcp/vpc/gcloud-vpc-private-service-connect.yaml @@ -52,4 +52,4 @@ code: extractors: - type: dsl dsl: - - '"Project " + projectId + " has no Private Service Connect endpoints configured"' \ No newline at end of file + - '"Project " + projectId + " has no Private Service Connect endpoints configured"' \ No newline at end of file