A library of constraint templates and sample constraints for Constraint Framework tools
223
stars
128
forks
source link
Validation for VPC flow logs in a subnetwork does not consider exceptions listed in the documentation #435
Closed
daniel-cit closed 1 year ago
In the documentation related to the creation of subnetworks
https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks/insert
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork.html#purpose
there are two exceptions in which it is not possible to enable vpc flow logs in a sub network. These are subnetworks with the following purposes:
REGIONAL_MANAGED_PROXY
INTERNAL_HTTPS_LOAD_BALANCER
the validation that checks if VPC flow logs is enable:
is not considering these two case.
This will mark as invalid the creation of a subnetwork for a Secure Web Proxy or an Internal HTTP(S) load balancer among other cases.