ServiceNow CMDB CI relationship sync: faster, more complete →
Turbot Guardrails Hub 
Hub
Policy Packs
GCP CIS v2.0.0 - Section 1 - Identity and Access Management
Overview
19
Policy Settings
0
Variables
DevelopersGithub

Policy Setting: GCP > Dataproc > Cluster > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "gcp_dataproc_cluster_approved_custom" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/gcp-dataproc#/policy/types/clusterApprovedCustom"
  note           = "GCP CIS v2.0.0 - Control: 1.17"
  template_input = <<-EOT
    {
      item: cluster {
        encryptionConfig: get(path: "config.encryptionConfig")
      }
    }
  EOT
  template       = <<-EOT
    {% set encryptionConfig = $.item.encryptionConfig %}


    {# Check gcePdKmsKeyName property because it doesn't exist incase of GCP managed key #}
    {%- if encryptionConfig and encryptionConfig.gcePdKmsKeyName -%}


      {%- set data = {
          "title": "Encryption With Customer Managed Key",
          "result": "Approved",
          "message": "Cluster is encrypted with customer managed key"
      } -%}


    {%- elif encryptionConfig and not encryptionConfig.gcePdKmsKeyName -%}


      {%- set data = {
          "title": "Encryption With Customer Managed Key",
          "result": "Not Approved",
          "message": "Cluster is not encrypted with customer managed key"
      } -%}


    {%- else -%}


      {%- set data = {
          "title": "Encryption With Customer Managed Key",
          "result": "Skip",
          "message": "No data for encryption yet"
      } -%}


    {%- endif -%}


    {{ data | json }}
  EOT
}