Validation for VPC flow logs in a subnetwork does not consider exceptions listed in the documentation

[daniel-cit]

In the documentation related to the creation of subnetworks

• https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks/insert

• https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork.html#purpose

  there are two exceptions in which it is not possible to enable vpc flow logs in a sub network. These are subnetworks with the following purposes:

• REGIONAL_MANAGED_PROXY

• INTERNAL_HTTPS_LOAD_BALANCER

the validation that checks if VPC flow logs is enable:

• https://github.com/GoogleCloudPlatform/policy-library/blob/c3382cbe86e5bae529dac0ac21e86679b606475c/validator/network_enable_flow_logs.rego
• https://github.com/GoogleCloudPlatform/policy-library/blob/c3382cbe86e5bae529dac0ac21e86679b606475c/policies/templates/gcp_network_enable_flow_logs_v1.yaml

is not considering these two case.

This will mark as invalid the creation of a subnetwork for a Secure Web Proxy or an Internal HTTP(S) load balancer among other cases.