Terraform Validator is not an officially supported Google product; it is a library for conversion of Terraform plan data to CAI Assets. If you have been using terraform-validator directly in the past, we recommend migrating to `gcloud beta terraform vet`.
This policy is raising the violation if we use log_level = "NORMAL" as expected.
If we omit the log_level parameter in the Terraform script, no violation will be raised by this policy. It is bypassing our validation rule.
I have tried with not keyword, but it is not working.
check_verbose_logging(resource, logging_type_set) = msg {
not resource.change.after.advanced_options_config[_].log_level
msg := sprintf("Violation: Log level is not mentioned. VERBOSE log level is required: %s", [resource.change.after.name])
}
With null also not working
resource.change.after.advanced_options_config[_].log_level == null
Any solution to check missing terraform parameter?
Statement: Rego policy to enable Verbose Logging in Cloud Armor Parameter: log_level
Rego Policy:
This policy is raising the violation if we use log_level = "NORMAL" as expected. If we omit the log_level parameter in the Terraform script, no violation will be raised by this policy. It is bypassing our validation rule. I have tried with not keyword, but it is not working.
With null also not working
resource.change.after.advanced_options_config[_].log_level == null
Any solution to check missing terraform parameter?