Jean-Mercier
commented
4 years ago Ok i found the variable manage_rules_enabled and with false it's let us manage this files it's OK for me
Closed Jean-Mercier closed 4 years ago
Jean-Mercier
commented
4 years ago Ok i found the variable manage_rules_enabled and with false it's let us manage this files it's OK for me
gkowalski-google
commented
4 years ago Hi @Jean-Mercier, not all of the rules have templating in them because there are many different rules and values that would bloat the Terraform configuration. As you mentioned, if you want to start customizing the rules for your environment, then you should set manage_rules_enabled = false so that the deployment will not overwrite your rules. You will just need to upload your modified rules to GCS.
If you are getting started with Forseti, then I recommend you look into using Config Validator as the scanning rules are more flexible and cover additional resources than what is available in the "legacy" Forseti scanners. Hope this helps: https://forsetisecurity.org/docs/latest/concepts/config-validator.html.
Let me know if you need anything else or if we can close this issue.
Hello
If i want to modify some rules, i can't because file are not with enough templating
for exemple if i want to update ke_rules for add a new version i can't
i think rules must be outside the module and pass to it as input to allow a full customisation