GoogleCloudPlatform/policy-library

Issues

• GCPGKEPrivateClusterConstraintV1 does not validate private endpoint + public nodes

  #392 opened 4 years ago by jdyke
  3

• Validation for VPC flow logs in a subnetwork does not consider exceptions listed in the documentation

  #435 opened a year ago by daniel-cit
  0

• Authoring Rego rules for constraint template

  #431 opened 2 years ago by cova-fe
  0

• google_compute_subnetwork enable_flow_logs deprecated in google terraform 3.0.0 and GCPNetworkEnableFlowLogsConstraintV1 broken

  #414 opened 2 years ago by jsmilani
  3

• Include gke_enable_binauthz_v1 template and constraint in master branch

  #419 opened 3 years ago by jacks-reid
  2

• GCP Compute zone policy not working, not showing any violations

  #421 opened 3 years ago by HarshalRane23
  1

• Make superglobbing more clear or automatic

  #416 opened 3 years ago by Jberlinsky
  0

• Service Account Key Age policy has a bug

  #413 opened 3 years ago by hussainak
  0

• rego_parse_error: no match found error for gcp_compute_block_ssh_keys_v1 and gcp_compute_enable_oslogin_project_v1

  #407 opened 3 years ago by xingao267
  3

• gcp_enforce_naming DOES NOT work when a random string added to resource name

  #404 opened 3 years ago by zack-amirakulov
  0

• KPT breaks to install the bundle ?

  #403 opened 3 years ago by rajlearner17
  1

• Question: managing centralised constraint exclusion

  #400 opened 3 years ago by jralmaraz
  4

• Terraform and terraform-validator versions are out-of-date

  #393 opened 4 years ago by renato-rudnicki
  0

• The policy "storage bucket policy only" is using deprecated argument bucketPolicyOnly

  #388 opened 4 years ago by daniel-cit
  3

• Severity field not taken into account in Security Command Center

  #389 opened 4 years ago by krab-skunk
  1

• Config validator is too verbose

  #387 opened 4 years ago by vvdaal
  2

• Samples seem wrong and documentation seems lacking on target combined with Forseti v2.25.2

  #385 opened 4 years ago by vvdaal
  3

• Rename "master" branch to "main" branch

  #386 opened 4 years ago by MartinPetkov
  0

• gcp-gke-dashboard-v1 is out of sync with current google_container_cluster resource

  #383 opened 4 years ago by linde
  0

• compute_allowed_networks not working as expected

  #379 opened 4 years ago by mittalsharad
  2

• make generate_docs generates `EACCES: permission denied` error

  #375 opened 4 years ago by xingao267
  5

• How to add a new policy bundle

  #376 opened 4 years ago by xingao267
  4

• Logic problem when trying to identify a violation

  #373 opened 4 years ago by akamalov
  5

• Add sample to Forseti bundle for default IAM rules

  #349 opened 4 years ago by gkowalski-google
  1

• Add documentation on how to set constraint target

  #372 opened 4 years ago by gkowalski-google
  0

• storage location policy: violations is not reported when exemptions list is not specified

  #369 opened 4 years ago by xingao267
  3

• IAM Audit log policy validation seems producing false positives

  #367 opened 4 years ago by xingao267
  6

• Change to more inclusive language

  #362 opened 4 years ago by morgante
  1

• Prevent unsynced policies

  #359 opened 4 years ago by morgante
  0

• GCPBigQueryDatasetWorldReadableConstraintV1 false positive

  #357 opened 4 years ago by rosmo
  4

• Add ability to specify some parameters to policy bundle

  #336 opened 4 years ago by gkowalski-google
  0

• How to allow only a small number of projects to grant an IAM role?

  #354 opened 4 years ago by lvaylet
  11

• Add constraint descriptions for the Forseti bundle

  #350 opened 4 years ago by gkowalski-google
  0

• Add kpt function Dockerfile

  #327 opened 5 years ago by morgante
  0

• Add kpt function to pull policy bundle

  #335 opened 5 years ago by gkowalski-google
  0

• Request to allow whitelist buckets for GCPStorageBucketWorldReadableConstraintV1

  #329 opened 5 years ago by aimjwizards
  0

• Request to add assetName as a field in GCPIAMAllowedBindingsConstraintV1

  #330 opened 5 years ago by aimjwizards
  0

• Add Firewall sample for Forseti bundle

  #316 opened 5 years ago by gkowalski-google
  0

• Restricted Firewall Template throws error for constraints using all ports

  #323 opened 5 years ago by gkowalski-google
  0

• Ancestry path does not work at resource (bucket, bigquery, vm, etc) level

  #304 opened 5 years ago by xingao267
  2

• Add OPA test and format commands to makefile using Docker image

  #318 opened 5 years ago by gkowalski-google
  0

• Add KMS sample for Forseti bundle

  #317 opened 5 years ago by gkowalski-google
  4

• Add samples to check for BigQuery datasets exposed to gmail & googlegroups

  #314 opened 5 years ago by gkowalski-google
  0

• Add Forseti annotation to several samples

  #312 opened 5 years ago by gkowalski-google
  0

• Run rego tests with multiple versions of opa

  #285 opened 5 years ago by briantkennedy
  0

• Unable to set up GCP Constraint Framework client

  #306 opened 5 years ago by hshin-g
  3

• What does `bundles.validator.forsetisecurity...` in `annotations` do?

  #308 opened 5 years ago by xingao267
  1

• Update LB Forwarding Rules Whitelist Template for CAI field name updates

  #292 opened 5 years ago by gkowalski-google
  0

• Update Compute Network Interface Template for CAI field name updates

  #290 opened 5 years ago by gkowalski-google
  0

• [FORSETI] Service Account Key scanner functionality

  #273 opened 5 years ago by hshin-g
  2