github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/iam/no_project_level_service_account_impersonation.tf.go (about)

     1  package iam
     2  
     3  var terraformNoProjectLevelServiceAccountImpersonationGoodExamples = []string{
     4  	`
     5   resource "google_project_iam_binding" "project-123" {
     6   	project = "project-123"
     7   	role    = "roles/nothingInParticular"
     8   }
     9   			`,
    10  }
    11  
    12  var terraformNoProjectLevelServiceAccountImpersonationBadExamples = []string{
    13  	`
    14   resource "google_project_iam_binding" "project-123" {
    15   	project = "project-123"
    16   	role    = "roles/iam.serviceAccountUser"
    17   }
    18   `, `
    19   resource "google_project_iam_binding" "project-123" {
    20   	project = "project-123"
    21   	role    = "roles/iam.serviceAccountTokenCreator"
    22   }
    23   `,
    24  }
    25  
    26  var terraformNoProjectLevelServiceAccountImpersonationLinks = []string{
    27  	`https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam`,
    28  }
    29  
    30  var terraformNoProjectLevelServiceAccountImpersonationRemediationMarkdown = ``