github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/compute/no_public_ingress.tf.go (about) 1 package compute 2 3 var terraformNoPublicIngressGoodExamples = []string{ 4 ` 5 resource "google_compute_firewall" "good_example" { 6 source_ranges = ["1.2.3.4/32"] 7 allow { 8 protocol = "icmp" 9 } 10 }`, 11 ` 12 resource "google_compute_firewall" "allow-vms-to-some-machine" { 13 name = "allow-vms-to-some-machine" 14 network = local.network 15 priority = 1300 16 direction = "INGRESS" 17 allow { 18 protocol = "tcp" 19 ports = ["8081"] 20 } 21 source_tags = ["vms"] 22 target_tags = ["some-machine"] 23 }`, 24 ` 25 resource "google_compute_firewall" "test" { 26 name = "gmp-validating-webhook-fw" 27 network = google_compute_network.my_vpc_name.self_link 28 29 allow { 30 protocol = "tcp" 31 ports = ["8443"] 32 } 33 34 target_tags = [ "k8s-node-pool" ] 35 source_ranges = [google_container_cluster.my_cluster_name.private_cluster_config[0].master_ipv4_cidr_block] 36 } 37 `, 38 } 39 40 var terraformNoPublicIngressBadExamples = []string{ 41 ` 42 resource "google_compute_firewall" "bad_example" { 43 source_ranges = ["0.0.0.0/0"] 44 allow { 45 protocol = "icmp" 46 } 47 }`, 48 } 49 50 var terraformNoPublicIngressLinks = []string{ 51 `https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall#source_ranges`, 52 `https://www.terraform.io/docs/providers/google/r/compute_firewall.html`, 53 } 54 55 var terraformNoPublicIngressRemediationMarkdown = ``