diff --git a/assets/queries/googleDeploymentManager/bigquery_database_is_public/query.rego b/assets/queries/googleDeploymentManager/bigquery_database_is_public/query.rego index f1653942876..2dfd3830557 100644 --- a/assets/queries/googleDeploymentManager/bigquery_database_is_public/query.rego +++ b/assets/queries/googleDeploymentManager/bigquery_database_is_public/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.access[%d].specialGroup", [resource.name, j]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'access[%d].specialGroup' to be not equal to 'allAuthenticatedUsers'", [j]), diff --git a/assets/queries/googleDeploymentManager/bucket_without_versioning/query.rego b/assets/queries/googleDeploymentManager/bucket_without_versioning/query.rego index 512279d788c..57b1f868948 100644 --- a/assets/queries/googleDeploymentManager/bucket_without_versioning/query.rego +++ b/assets/queries/googleDeploymentManager/bucket_without_versioning/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'versioning' to be defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.versioning", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'versioning.enabled' to be defined and not null", @@ -42,6 +46,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.versioning.enabled", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'versioning.enabled' to be true", diff --git a/assets/queries/googleDeploymentManager/client_certificate_disabled/query.rego b/assets/queries/googleDeploymentManager/client_certificate_disabled/query.rego index b577157410f..5278b472b01 100644 --- a/assets/queries/googleDeploymentManager/client_certificate_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/client_certificate_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'masterAuth' to be defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.masterAuth", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'masterAuth.clientCertificateConfig' to be defined and not null", @@ -42,6 +46,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.masterAuth.clientCertificateConfig.issueClientCertificate", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'masterAuth.clientCertificateConfig.issueClientCertificate' to be true", diff --git a/assets/queries/googleDeploymentManager/cloud_dns_without_dnnsec/query.rego b/assets/queries/googleDeploymentManager/cloud_dns_without_dnnsec/query.rego index 42df3946232..8c2b7f16a8e 100644 --- a/assets/queries/googleDeploymentManager/cloud_dns_without_dnnsec/query.rego +++ b/assets/queries/googleDeploymentManager/cloud_dns_without_dnnsec/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'dnssecConfig' is defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.dnssecConfig", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'state' is defined and not null", @@ -42,6 +46,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.dnssecConfig.state", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'state' is set to 'on'", diff --git a/assets/queries/googleDeploymentManager/cloud_storage_anonymous_or_publicly_accessible/query.rego b/assets/queries/googleDeploymentManager/cloud_storage_anonymous_or_publicly_accessible/query.rego index 41fa029f6b1..f8aef93f55d 100644 --- a/assets/queries/googleDeploymentManager/cloud_storage_anonymous_or_publicly_accessible/query.rego +++ b/assets/queries/googleDeploymentManager/cloud_storage_anonymous_or_publicly_accessible/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'acl' to be defined", @@ -27,6 +29,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.acl[%d].entity", [resource.name, j]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("properties.acl[%d].entity to be not equal to 'allUsers' or 'AllAuthenticatedUsers'", [j]), @@ -43,6 +47,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'defaultObjectAcl' to be defined", @@ -60,6 +66,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.defaultObjectAcl[%d].entity", [resource.name, j]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("properties.defaultObjectAcl[%d].entity to be not equal to 'allUsers' or 'AllAuthenticatedUsers'", [j]), diff --git a/assets/queries/googleDeploymentManager/cloud_storage_bucket_is_publicly_accessible/query.rego b/assets/queries/googleDeploymentManager/cloud_storage_bucket_is_publicly_accessible/query.rego index b71900a5793..d47a61c630a 100644 --- a/assets/queries/googleDeploymentManager/cloud_storage_bucket_is_publicly_accessible/query.rego +++ b/assets/queries/googleDeploymentManager/cloud_storage_bucket_is_publicly_accessible/query.rego @@ -11,6 +11,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.entity", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'entity' is not equal to 'allUsers' or 'allAuthenticatedUsers'", diff --git a/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/query.rego b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/query.rego index bb90505f1e0..264e25c7e84 100644 --- a/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/cloud_storage_bucket_versioning_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'versioning' is defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.versioning.enabled", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'enabled' is set to true", diff --git a/assets/queries/googleDeploymentManager/cluster_labels_disabled/query.rego b/assets/queries/googleDeploymentManager/cluster_labels_disabled/query.rego index c2b40af5659..fdd64256286 100644 --- a/assets/queries/googleDeploymentManager/cluster_labels_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/cluster_labels_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'resourceLabels' to be defined and not null", diff --git a/assets/queries/googleDeploymentManager/cluster_master_authentication_disabled/query.rego b/assets/queries/googleDeploymentManager/cluster_master_authentication_disabled/query.rego index 912e1e325e8..8c5e854c275 100644 --- a/assets/queries/googleDeploymentManager/cluster_master_authentication_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/cluster_master_authentication_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'masterAuth' to be defined and not null", @@ -27,6 +29,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.masterAuth", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "Attribute 'masterAuth.username' to be defined and Attribute 'masterAuth.password' to be defined", @@ -44,6 +48,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.masterAuth", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "Attribute 'masterAuth.username' to be not empty and attribute 'masterAuth.password' to be not empty", diff --git a/assets/queries/googleDeploymentManager/compute_instance_is_publicly_accessible/query.rego b/assets/queries/googleDeploymentManager/compute_instance_is_publicly_accessible/query.rego index 7082af799d8..e96f9db98e5 100644 --- a/assets/queries/googleDeploymentManager/compute_instance_is_publicly_accessible/query.rego +++ b/assets/queries/googleDeploymentManager/compute_instance_is_publicly_accessible/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.networkInterfaces", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'accessConfigs' is undefined", diff --git a/assets/queries/googleDeploymentManager/cos_node_image_not_used/query.rego b/assets/queries/googleDeploymentManager/cos_node_image_not_used/query.rego index 6b3976a24e7..99266fd1944 100644 --- a/assets/queries/googleDeploymentManager/cos_node_image_not_used/query.rego +++ b/assets/queries/googleDeploymentManager/cos_node_image_not_used/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.config.imageType", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'config.imageType' should start with 'cos'", diff --git a/assets/queries/googleDeploymentManager/disk_encryption_disabled/query.rego b/assets/queries/googleDeploymentManager/disk_encryption_disabled/query.rego index 5ddcbe16b58..159a5427f76 100644 --- a/assets/queries/googleDeploymentManager/disk_encryption_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/disk_encryption_disabled/query.rego @@ -11,6 +11,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.disks", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'diskEncryptionKey' is defined and not null", @@ -29,6 +31,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.disks.diskEncryptionKey", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'disk_encryption_key.rawKey' or 'disk_encryption_key.kmsKeyName' is defined and not null", @@ -48,6 +52,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.disks.diskEncryptionKey.%s", [resource.name, fields[f]]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'diskEncryptionKey.%s' is not empty", [fields[f]]), diff --git a/assets/queries/googleDeploymentManager/dnssec_using_rsasha1/query.rego b/assets/queries/googleDeploymentManager/dnssec_using_rsasha1/query.rego index 83de7b8ba1d..2087e388111 100644 --- a/assets/queries/googleDeploymentManager/dnssec_using_rsasha1/query.rego +++ b/assets/queries/googleDeploymentManager/dnssec_using_rsasha1/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.dnssecConfig.defaultKeySpecs", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'algorithm' is not equal to 'rsasha1'", diff --git a/assets/queries/googleDeploymentManager/gke_legacy_authorization_enabled/query.rego b/assets/queries/googleDeploymentManager/gke_legacy_authorization_enabled/query.rego index 7cc6a409fdc..a5901e3daec 100644 --- a/assets/queries/googleDeploymentManager/gke_legacy_authorization_enabled/query.rego +++ b/assets/queries/googleDeploymentManager/gke_legacy_authorization_enabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.legacyAbac.enabled", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'legacyAbac.enabled' to be false", diff --git a/assets/queries/googleDeploymentManager/gke_master_authorized_networks_disabled/query.rego b/assets/queries/googleDeploymentManager/gke_master_authorized_networks_disabled/query.rego index 118aa5626b6..d45391253c3 100644 --- a/assets/queries/googleDeploymentManager/gke_master_authorized_networks_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/gke_master_authorized_networks_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'masterAuthorizedNetworksConfig' to be defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.masterAuthorizedNetworksConfig", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'masterAuthorizedNetworksConfig.enabled' to be defined and not null", @@ -42,6 +46,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.masterAuthorizedNetworksConfig.enabled", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'masterAuthorizedNetworksConfig.enabled' to be true", diff --git a/assets/queries/googleDeploymentManager/google_storage_bucket_level_access_disabled/query.rego b/assets/queries/googleDeploymentManager/google_storage_bucket_level_access_disabled/query.rego index bcf326dd851..13a9c78f89f 100644 --- a/assets/queries/googleDeploymentManager/google_storage_bucket_level_access_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/google_storage_bucket_level_access_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.iamConfiguration.uniformBucketLevelAccess.enabled", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'enabled' is set to true", diff --git a/assets/queries/googleDeploymentManager/ip_aliasing_disabled/query.rego b/assets/queries/googleDeploymentManager/ip_aliasing_disabled/query.rego index 7547bd5d2a3..ae3fe57b65c 100644 --- a/assets/queries/googleDeploymentManager/ip_aliasing_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/ip_aliasing_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'ipAllocationPolicy' to be defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.ipAllocationPolicy", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'ipAllocationPolicy.useIpAliases' to be defined and not null", @@ -42,6 +46,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.ipAllocationPolicy.useIpAliases", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'ipAllocationPolicy.useIpAliases' to be true", diff --git a/assets/queries/googleDeploymentManager/ip_forwarding_enabled/query.rego b/assets/queries/googleDeploymentManager/ip_forwarding_enabled/query.rego index 62cf1d33df0..a9e6655cbd6 100644 --- a/assets/queries/googleDeploymentManager/ip_forwarding_enabled/query.rego +++ b/assets/queries/googleDeploymentManager/ip_forwarding_enabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.canIpForward", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'canIpForward' is not set to true", diff --git a/assets/queries/googleDeploymentManager/mysql_instance_with_local_infile_on/query.rego b/assets/queries/googleDeploymentManager/mysql_instance_with_local_infile_on/query.rego index a96aa52db20..bf82854125a 100644 --- a/assets/queries/googleDeploymentManager/mysql_instance_with_local_infile_on/query.rego +++ b/assets/queries/googleDeploymentManager/mysql_instance_with_local_infile_on/query.rego @@ -12,6 +12,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.settings.databaseFlags[%d]", [resource.name, f]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'settings.databaseFlags[%d]' to be 'off'", [f]), diff --git a/assets/queries/googleDeploymentManager/network_policy_disabled/query.rego b/assets/queries/googleDeploymentManager/network_policy_disabled/query.rego index e81ff793b76..258cd81d207 100644 --- a/assets/queries/googleDeploymentManager/network_policy_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/network_policy_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'networkPolicy' to be defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.networkPolicy", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'networkPolicy.enabled' to be defined and not null", @@ -42,6 +46,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.networkPolicy.enabled", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'networkPolicy.enabled' to be true", @@ -58,6 +64,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'addonsConfig' to be defined and not null", @@ -74,6 +82,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.addonsConfig", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'addonsConfig.networkPolicyConfig' to be defined and not null", @@ -90,6 +100,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.addonsConfig.networkPolicyConfig", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'addonsConfig.networkPolicyConfig.disabled' to be defined and not null", @@ -106,6 +118,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.addonsConfig.networkPolicyConfig.disabled", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'addonsConfig.networkPolicyConfig.disabled' to be false", diff --git a/assets/queries/googleDeploymentManager/node_auto_upgrade_disabled/query.rego b/assets/queries/googleDeploymentManager/node_auto_upgrade_disabled/query.rego index c2629ded454..429e5d6dfda 100644 --- a/assets/queries/googleDeploymentManager/node_auto_upgrade_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/node_auto_upgrade_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'nodePools' to be defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.nodePools", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'nodePools.management' to be defined and not null", @@ -42,6 +46,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.nodePools.management", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'nodePools.management.autoUpgrade' to be defined and not null", @@ -58,6 +64,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.nodePools.management.autoUpgrade", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'nodePools.management.autoUpgrade' to be true", diff --git a/assets/queries/googleDeploymentManager/not_proper_email_account_in_use/query.rego b/assets/queries/googleDeploymentManager/not_proper_email_account_in_use/query.rego index 13fda846545..cbd5effbe60 100644 --- a/assets/queries/googleDeploymentManager/not_proper_email_account_in_use/query.rego +++ b/assets/queries/googleDeploymentManager/not_proper_email_account_in_use/query.rego @@ -9,6 +9,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": input.document[i].resources[resource].type, + "resourceName": input.document[i].resources[resource].name, "searchKey": sprintf("accessControl.gcpIamPolicy.bindings[%s].members.%s", [binding, member]), "issueType": "IncorrectValue", "keyExpectedValue": "'members' cannot contain Gmail account addresses", diff --git a/assets/queries/googleDeploymentManager/os_login_is_disabled_for_vm_instance/query.rego b/assets/queries/googleDeploymentManager/os_login_is_disabled_for_vm_instance/query.rego index 0c68466cedb..cfe5d0748d2 100644 --- a/assets/queries/googleDeploymentManager/os_login_is_disabled_for_vm_instance/query.rego +++ b/assets/queries/googleDeploymentManager/os_login_is_disabled_for_vm_instance/query.rego @@ -11,6 +11,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.metadata.items[%d]", [resource.name, j]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'metadata.items[%d]'.value should be true", [j]), diff --git a/assets/queries/googleDeploymentManager/private_cluster_disabled/query.rego b/assets/queries/googleDeploymentManager/private_cluster_disabled/query.rego index 6810fe77200..09c324c7b92 100644 --- a/assets/queries/googleDeploymentManager/private_cluster_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/private_cluster_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'privateClusterConfig' is defined and not null", @@ -28,6 +30,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.privateClusterConfig", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("'%s' is defined and not null", [fields[f]]), @@ -44,6 +48,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.privateClusterConfig.%s", [resource.name, fields[f]]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'%s' is set to true", [fields[f]]), diff --git a/assets/queries/googleDeploymentManager/project_wide_ssh_keys_are_enabled_in_vm_instances/query.rego b/assets/queries/googleDeploymentManager/project_wide_ssh_keys_are_enabled_in_vm_instances/query.rego index 8ae4cc011ce..b5a7d70dfaf 100644 --- a/assets/queries/googleDeploymentManager/project_wide_ssh_keys_are_enabled_in_vm_instances/query.rego +++ b/assets/queries/googleDeploymentManager/project_wide_ssh_keys_are_enabled_in_vm_instances/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'metadata' to be defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.metadata.items", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'metadata.items' should have 'block-project-ssh-keys'", @@ -43,6 +47,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.metadata.items[%d].key", [resource.name, j]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'metadata.items[%d].value' should be true", [j]), diff --git a/assets/queries/googleDeploymentManager/rdp_access_is_not_restricted/query.rego b/assets/queries/googleDeploymentManager/rdp_access_is_not_restricted/query.rego index 1d4951465a4..c896bf5e643 100644 --- a/assets/queries/googleDeploymentManager/rdp_access_is_not_restricted/query.rego +++ b/assets/queries/googleDeploymentManager/rdp_access_is_not_restricted/query.rego @@ -13,6 +13,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.allowed", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'allowed.ports' to not include RDP port 3389", diff --git a/assets/queries/googleDeploymentManager/shielded_vm_disabled/query.rego b/assets/queries/googleDeploymentManager/shielded_vm_disabled/query.rego index 23ac42e28de..533004749c4 100644 --- a/assets/queries/googleDeploymentManager/shielded_vm_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/shielded_vm_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'shieldedInstanceConfig' is defined and not null", @@ -29,6 +31,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.shieldedInstanceConfig", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": sprintf("'%s' is defined and not null", [field]), @@ -46,6 +50,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.shieldedInstanceConfig.%s", [resource.name, field]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'%s' is set to true", [field]), diff --git a/assets/queries/googleDeploymentManager/sql_db_instance_backup_disable/query.rego b/assets/queries/googleDeploymentManager/sql_db_instance_backup_disable/query.rego index ac41b2f2c0a..72c6baecffd 100644 --- a/assets/queries/googleDeploymentManager/sql_db_instance_backup_disable/query.rego +++ b/assets/queries/googleDeploymentManager/sql_db_instance_backup_disable/query.rego @@ -11,6 +11,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.settings", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'settings.backupConfiguration' is defined and not null", @@ -28,6 +30,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.settings.backupConfiguration", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'settings.backupConfiguration.enabled' is defined and not null", @@ -45,10 +49,12 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.settings.backupConfiguration.enabled", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'settings.backupConfiguration.enabled' to be true", "keyActualValue": "'settings.backupConfiguration.enabled' is false", "searchLine": common_lib.build_search_line(["resources", idx, "properties", "settings", "backupConfiguration", "enabled"], []), } -} \ No newline at end of file +} diff --git a/assets/queries/googleDeploymentManager/sql_db_instance_with_ssl_disabled/query.rego b/assets/queries/googleDeploymentManager/sql_db_instance_with_ssl_disabled/query.rego index d0af511a4e2..f8258d5e3a0 100644 --- a/assets/queries/googleDeploymentManager/sql_db_instance_with_ssl_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/sql_db_instance_with_ssl_disabled/query.rego @@ -11,6 +11,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.settings", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'settings.ipConfiguration' is defined and not null", @@ -28,6 +30,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.settings.ipConfiguration", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'settings.ipConfiguration.requireSsl' is defined and not null", @@ -45,6 +49,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.settings.ipConfiguration.requireSsl", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'settings.ipConfiguration.requireSsl' to be true", diff --git a/assets/queries/googleDeploymentManager/ssh_access_is_not_restricted/query.rego b/assets/queries/googleDeploymentManager/ssh_access_is_not_restricted/query.rego index 01519a3dca6..2f3f6890ca3 100644 --- a/assets/queries/googleDeploymentManager/ssh_access_is_not_restricted/query.rego +++ b/assets/queries/googleDeploymentManager/ssh_access_is_not_restricted/query.rego @@ -13,6 +13,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.allowed[%d].ports=%s", [resource.name, ports]), "issueType": "IncorrectValue", "keyExpectedValue": sprintf("'allowed[%d].ports' to not include SSH port 22", [a]), diff --git a/assets/queries/googleDeploymentManager/stackdriver_logging_disabled/query.rego b/assets/queries/googleDeploymentManager/stackdriver_logging_disabled/query.rego index cda3fa97dc1..7e147835e6d 100644 --- a/assets/queries/googleDeploymentManager/stackdriver_logging_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/stackdriver_logging_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'loggingService' to be defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.loggingService", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'loggingService' to not be none", diff --git a/assets/queries/googleDeploymentManager/stackdriver_monitoring_disabled/query.rego b/assets/queries/googleDeploymentManager/stackdriver_monitoring_disabled/query.rego index 9b72c116edd..276810f5309 100644 --- a/assets/queries/googleDeploymentManager/stackdriver_monitoring_disabled/query.rego +++ b/assets/queries/googleDeploymentManager/stackdriver_monitoring_disabled/query.rego @@ -10,6 +10,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties", [resource.name]), "issueType": "MissingAttribute", "keyExpectedValue": "'monitoringService' to be defined and not null", @@ -26,6 +28,8 @@ CxPolicy[result] { result := { "documentId": input.document[i].id, + "resourceType": resource.type, + "resourceName": resource.name, "searchKey": sprintf("resources.name={{%s}}.properties.monitoringService", [resource.name]), "issueType": "IncorrectValue", "keyExpectedValue": "'monitoringService' to not be 'none'", diff --git a/test/queries_content_test.go b/test/queries_content_test.go index 7e6b6127799..8c3a7d6d373 100644 --- a/test/queries_content_test.go +++ b/test/queries_content_test.go @@ -201,7 +201,7 @@ func testQueryHasGoodReturnParams(t *testing.T, entry queryEntry) { //nolint m, ok := v.(map[string]interface{}) require.True(t, ok) - platformsWithResourceInfo := []string{"azureResourceManager", "k8s"} + platformsWithResourceInfo := []string{"azureResourceManager", "k8s", "googleDeploymentManager"} requiredProperties := requiredQueryResultProperties for i := range platformsWithResourceInfo {