Enable CV scanner by default

[gkowalski-google]

Blocked By

• Rego templates
  • BQ sample policy
  • CloudSQL World Readable policy
  • Firewall sample policy
  • GKE Version policy
  • KMS sample policy
  • Service Account Key policy
• Policy bundle
• Forseti policy tests with mock data

Story

The Forseti v2.26.0 release and Terraform v6.0.0 release will enable Config Validator by default. In addition, there will be default policies provided. These default policies will replace the default scanning rules for the following scanners:

• BigQuery
• CloudSQL
• IAM
• Firewall
• KMS
• Kubernetes Version
• Service Account Key

Proposed Solution

Enable the CV scanner and disable the above scanners by default.

Acceptance Criteria

• The install_simple example will be used to perform the testing of these default values and ensure policies are in place.
• We need to ensure Forseti tests are still working; create ticket for this.

[gkowalski-google]

No longer going to enable CV by default.