github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/kms/rotate_kms_keys.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/google/kms/rotate_kms_keys.tf.go (about)

     1  package kms
     2  
     3  var terraformRotateKmsKeysGoodExamples = []string{
     4  	`
     5   resource "google_kms_key_ring" "keyring" {
     6     name     = "keyring-example"
     7     location = "global"
     8   }
     9   
    10   resource "google_kms_crypto_key" "example-key" {
    11     name            = "crypto-key-example"
    12     key_ring        = google_kms_key_ring.keyring.id
    13     rotation_period = "7776000s"
    14   
    15     lifecycle {
    16       prevent_destroy = true
    17     }
    18   }
    19   `,
    20  }
    21  
    22  var terraformRotateKmsKeysBadExamples = []string{
    23  	`
    24   resource "google_kms_key_ring" "keyring" {
    25     name     = "keyring-example"
    26     location = "global"
    27   }
    28   
    29   resource "google_kms_crypto_key" "example-key" {
    30     name            = "crypto-key-example"
    31     key_ring        = google_kms_key_ring.keyring.id
    32     rotation_period = "15552000s"
    33   
    34     lifecycle {
    35       prevent_destroy = true
    36     }
    37   }
    38   `,
    39  }
    40  
    41  var terraformRotateKmsKeysLinks = []string{
    42  	`https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_crypto_key#rotation_period`,
    43  }
    44  
    45  var terraformRotateKmsKeysRemediationMarkdown = ``