problem with config validator(terraform-validator)

52 views
Skip to first unread message

Sharad Mittal

unread,
Sep 23, 2020, 1:13:04 AM9/23/20
to Forseti Security Discussion
Hi team,

i am fairly new to using the terraform validator tool to scan my terraform plan.

As written in the github page, i edited the sample yaml file for compute_allowed_networks to prevent assignment of un-dewsired networks to my compute instances.

i wrote the terraform script for that and created the plan.

Now, while scanning the plan, it is not throwing any voilation error even thpugh i deliberatly wrote wrong network name.

the  constraint YAML is:

apiVersion: constraints.gatekeeper.sh/v1alpha1
kind: GCPComputeAllowedNetworksConstraintV2
metadata:
name: allowed-networks
annotations:
description: Checks all VM network interfaces are attached to certain VPC networks.
spec:
severity: high
match:
gcp:
target ["organizations/*"]
parameters:
allowed: - https://www.googleapis.com/compute/v1/projects/vpc-sc-pub-sub-billing-alerts/global/networks/default1

here, i modified the allowed parameter to the  URI of my desired network.

While in the terraform file, i mentioned some different nwteork name.
Still it is not showing any voilations.

Any reason for this behaviour.
P.S. for some other samples also, i am facing same kind of problem i.e. it is not throwing any voilations.

Any help on this would be appreciated.

Thanks & Regards,
Sharad Mittal

Morgante Pell

unread,
Sep 23, 2020, 1:16:43 AM9/23/20
to Sharad Mittal, Forseti Security Discussion
Hi Sharad,

Thank you for your interest in Terraform Validator.

Do you mind filing an issue on the validator GitHub? In particular please include a copy of your Terraform config and the constraint you used.

--
You received this message because you are subscribed to the Google Groups "Forseti Security Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@forsetisecurity.org.
To view this discussion on the web visit https://groups.google.com/a/forsetisecurity.org/d/msgid/discuss/616e0aa6-6c53-429a-a49f-59b78e8d4074n%40forsetisecurity.org.

Sharad Mittal

unread,
Sep 23, 2020, 1:18:01 AM9/23/20
to Morgante Pell, Forseti Security Discussion
Hi Morgante,

Thanks for your reply. I will raise an issue there also.

Thanks and Regards

Sharad Mittal
Reply all
Reply to author
Forward
0 new messages