Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CKV_GCP_76 errors when stack_type not present. #6425

Open
daveS2 opened this issue Jun 10, 2024 · 0 comments
Open

CKV_GCP_76 errors when stack_type not present. #6425

daveS2 opened this issue Jun 10, 2024 · 0 comments
Labels
checks Check additions or changes

Comments

@daveS2
Copy link

daveS2 commented Jun 10, 2024

Describe the issue
Check CKV_GCP_76 will error if stack_type is not present. For example the default stack_type is IPV4_ONLY however checkov will error with a CKV_GCP_76. But when I specifically set the default stack_type in my IAC I no longer get the issue. I would expect by default if no stack_type is specified then CKV_GCP_76 should not be checked.

Examples

resource "google_compute_subnetwork" "subnetwork" {
  name                     = "name"
  ip_cidr_range            = "10.0.0.0/28"
  network                  = google_compute_network.vpc.self_link
  region                   = var.region
  private_ip_google_access = true
}

Results in

	FAILED for resource: google_compute_subnetwork.subnetwork
	File: /vpc.tf:27-40
	Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-networking-policies/ensure-gcp-private-google-access-is-enabled-for-ipv6

		27 | resource "google_compute_subnetwork" "subnetwork" {
		28 |   name                     = "name"
		29 |   ip_cidr_range            = "10.0.0.0/28"
		30 |   network                  = google_compute_network.vpc.self_link
		31 |   region                   = var.region
		32 |   private_ip_google_access = true
		33 | 
		34 |   log_config {
		35 |     aggregation_interval = "INTERVAL_15_MIN"
		36 |     flow_sampling        = 0.5 
		37 |     metadata             = "INCLUDE_ALL_METADATA"
		38 |   }
		39 | 
		40 | }

And

resource "google_compute_subnetwork" "subnetwork" {
  name                     = "name"
  ip_cidr_range            = "10.0.0.0/28"
  network                  = google_compute_network.vpc.self_link
  region                   = var.region
  stack_type               = "IPV4_ONLY"
  private_ip_google_access = true

  log_config {
    aggregation_interval = "INTERVAL_15_MIN"
    flow_sampling        = 0.5 
    metadata             = "INCLUDE_ALL_METADATA"
  }

}

Results in no check being undertaken

Version (please complete the following information):
3.2.130

Additional context
@daveS2 daveS2 added the checks Check additions or changes label Jun 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
checks Check additions or changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@daveS2