Turbot Guardrails Hub 
Hub
Policy Packs
Enforce Encryption for Secrets Is Enabled for GCP GKE Clusters
Overview
4
Policy Settings
0
Variables
DevelopersGithub

Policy Setting: GCP > Kubernetes Engine > Zone Cluster > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "gcp_kubernetesengine_zone_cluster_approved_custom" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/gcp-kubernetesengine#/policy/types/zoneClusterApprovedCustom"
  template_input = <<-EOT
    {
      zoneCluster {
        databaseEncryptionState: get(path: "databaseEncryption.state")
      }
    }
    EOT
  template       = <<-EOT
    {%- if $.zoneCluster.databaseEncryptionState == "ENCRYPTED" -%}


      {%- set data = {
          title: "Encryption for Secrets"
          result: Approved
          message: "Encryption for secrets is enabled"
      } -%}


    {%- elif $.zoneCluster.databaseEncryptionState != "ENCRYPTED" -%}


      {%- set data = {
          title: "Encryption for Secrets"
          result: "Not approved"
          message: "Encryption for secrets is not enabled"
      } -%}


    {%- else -%}


      {%- set data = {
          title: "Encryption for Secrets"
          result: "Skip"
          message: "No data for encryption yet"
      } -%}


    {%- endif -%}
    EOT
}