github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/iam/no_privileged_service_accounts.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/iam/no_privileged_service_accounts.tf.go (about)

     1  package iam
     2  
     3  var terraformNoPrivilegedServiceAccountsGoodExamples = []string{
     4  	`
     5   resource "google_service_account" "test" {
     6   	account_id   = "account123"
     7   	display_name = "account123"
     8      email        = "jim@terrasec.dev"
     9   }
    10   
    11   resource "google_project_iam_member" "project" {
    12   	project = "your-project-id"
    13   	role    = "roles/logging.logWriter"
    14   	member  = "serviceAccount:${google_service_account.test.email}"
    15   }
    16   			`,
    17  }
    18  
    19  var terraformNoPrivilegedServiceAccountsBadExamples = []string{
    20  	`
    21   resource "google_service_account" "test" {
    22     account_id   = "account123"
    23     display_name = "account123"
    24     email        = "jim@terrasec.dev"
    25   }
    26   
    27   resource "google_project_iam_member" "project" {
    28   	project = "your-project-id"
    29   	role    = "roles/owner"
    30   	member  = "serviceAccount:${google_service_account.test.email}"
    31   }
    32   			`,
    33  }
    34  
    35  var terraformNoPrivilegedServiceAccountsLinks = []string{
    36  	`https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam`,
    37  }
    38  
    39  var terraformNoPrivilegedServiceAccountsRemediationMarkdown = ``