github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/bigquery/no_public_access.tf.go (about) 1 package bigquery 2 3 var terraformNoPublicAccessGoodExamples = []string{ 4 ` 5 resource "google_bigquery_dataset" "good_example" { 6 dataset_id = "example_dataset" 7 friendly_name = "test" 8 description = "This is a test description" 9 location = "EU" 10 default_table_expiration_ms = 3600000 11 12 labels = { 13 env = "default" 14 } 15 16 access { 17 role = "OWNER" 18 user_by_email = google_service_account.bqowner.email 19 } 20 21 access { 22 role = "READER" 23 domain = "hashicorp.com" 24 } 25 } 26 27 resource "google_service_account" "bqowner" { 28 account_id = "bqowner" 29 } 30 `, 31 } 32 33 var terraformNoPublicAccessBadExamples = []string{ 34 ` 35 resource "google_bigquery_dataset" "bad_example" { 36 dataset_id = "example_dataset" 37 friendly_name = "test" 38 description = "This is a test description" 39 location = "EU" 40 default_table_expiration_ms = 3600000 41 42 labels = { 43 env = "default" 44 } 45 46 access { 47 role = "OWNER" 48 special_group = "allAuthenticatedUsers" 49 } 50 51 access { 52 role = "READER" 53 domain = "hashicorp.com" 54 } 55 } 56 57 `, 58 } 59 60 var terraformNoPublicAccessLinks = []string{ 61 `https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/bigquery_dataset#special_group`, 62 } 63 64 var terraformNoPublicAccessRemediationMarkdown = ``