ServiceNow CMDB CI relationship sync: faster, more complete →
Policy Packs
GCP CIS v2.0.0 - Section 1 - Identity and Access Management

Policy Setting: GCP > Dataproc > Cluster > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "gcp_dataproc_cluster_approved_custom" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/gcp-dataproc#/policy/types/clusterApprovedCustom"
note = "GCP CIS v2.0.0 - Control: 1.17"
template_input = <<-EOT
{
item: cluster {
encryptionConfig: get(path: "config.encryptionConfig")
}
}
EOT
template = <<-EOT
{% set encryptionConfig = $.item.encryptionConfig %}
{# Check gcePdKmsKeyName property because it doesn't exist incase of GCP managed key #}
{%- if encryptionConfig and encryptionConfig.gcePdKmsKeyName -%}
{%- set data = {
"title": "Encryption With Customer Managed Key",
"result": "Approved",
"message": "Cluster is encrypted with customer managed key"
} -%}
{%- elif encryptionConfig and not encryptionConfig.gcePdKmsKeyName -%}
{%- set data = {
"title": "Encryption With Customer Managed Key",
"result": "Not Approved",
"message": "Cluster is not encrypted with customer managed key"
} -%}
{%- else -%}
{%- set data = {
"title": "Encryption With Customer Managed Key",
"result": "Skip",
"message": "No data for encryption yet"
} -%}
{%- endif -%}
{{ data | json }}
EOT
}