accurics.gcp.OPS.114 should also check for cos_containerd image

[lucas-giaco]

• terrascan version: v.0.1.10
• Operating System: MacOS 10.15.7

Description

Following Google hardening best practices suggest the usage of cos_containerd image for the nodes.
While implementing this suggestion, terrascan scan fails because I'm not using the cos image.
It's also worth noticing that if I set image_type = "COS" the rule is also fired

What I Did

cat <<EOF > nodes.tf
resource "google_container_node_pool" "nodes" {
  node_config {
    image_type = "cos_containerd"
  }
}
EOF
terrascan scan -t gcp -f nodes.tf
results:
  violations:
  - rule_name: cosNodeImageUsed
    description: Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image.
    rule_id: accurics.gcp.OPS.114
    severity: HIGH
    category: Operational Efficiency
    resource_name: nodes
    resource_type: google_container_node_pool
    file: nodes.tf
    line: 1
  count:
    low: 0
    medium: 0
    high: 1
    total: 1

cat <<EOF > nodes.tf
resource "google_container_node_pool" "nodes" {
  node_config {
    image_type = "COS"
  }
}
EOF
terrascan scan -t gcp -f nodes.tf
results:
  violations:
  - rule_name: cosNodeImageUsed
    description: Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image.
    rule_id: accurics.gcp.OPS.114
    severity: HIGH
    category: Operational Efficiency
    resource_name: nodes
    resource_type: google_container_node_pool
    file: nodes.tf
    line: 1
  count:
    low: 0
    medium: 0
    high: 1
    total: 1