Turbot Guardrails Hub 
Hub
Policy Packs
GCP CIS v2.0.0 - Section 6 - Cloud SQL Database Services
Overview
12
Policy Settings
0
Variables
DevelopersGithub

Policy Setting: GCP > SQL > Instance > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "gcp_sql_instance_approved_custom" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/gcp-sql#/policy/types/instanceApprovedCustom"
  note           = "GCP CIS v2.0.0 - Control: 6.2.9"
  template_input = <<-EOT
    {
      item: instance {
        ipAddresses: get(path: "ipAddresses")
      }
    }
  EOT
  template       = <<-EOT
    {%- set ipAddresses = $.item.ipAddresses -%}


    {%- set privateIpExists = false -%}


    {%- for obj in ipAddressesArr -%}


      {%- if not privateIpExists and obj.type == "PRIVATE" -%}


        {%- set privateIpExists = true -%}


      {%- endif -%}


    {%- endfor -%}


    {%- if ipAddresses | length == 0 or not privateIpExists -%}


      {%- set data = {
          "title": "Private IP Assignment",
          "result": "Not approved",
          "message": "IP assignment type is not private"
      } -%}


    {%- elif privateIpExists -%}


      {%- set data = {
          "title": "Private IP Assignment",
          "result": "Approved",
          "message": "IP assignment type is private"
      } -%}


    {%- else -%}


      {%- set data = {
          "title": "Private IP Assignment",
          "result": "Skip",
          "message": "No data for IP assignment yet"
      } -%}


    {%- endif -%}


    {{ data | json }}
  EOT
}