github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/iam/no_folder_level_service_account_impersonation.tf.go (about)

     1  package iam
     2  
     3  var terraformNoFolderLevelServiceAccountImpersonationGoodExamples = []string{
     4  	`
     5   resource "google_folder_iam_binding" "folder-123" {
     6   	folder = "folder-123"
     7   	role    = "roles/nothingInParticular"
     8   }
     9   			`,
    10  }
    11  
    12  var terraformNoFolderLevelServiceAccountImpersonationBadExamples = []string{
    13  	`
    14   resource "google_folder_iam_binding" "folder-123" {
    15   	folder = "folder-123"
    16   	role    = "roles/iam.serviceAccountUser"
    17   }
    18   `, `
    19   resource "google_folder_iam_binding" "folder-123" {
    20   	folder = "folder-123"
    21   	role    = "roles/iam.serviceAccountTokenCreator"
    22   }
    23   `,
    24  }
    25  
    26  var terraformNoFolderLevelServiceAccountImpersonationLinks = []string{
    27  	`https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_folder_iam`,
    28  }
    29  
    30  var terraformNoFolderLevelServiceAccountImpersonationRemediationMarkdown = ``