search

turbot / steampipe-mod-gcp-compliance

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS across all of your GCP projects using Powerpipe and Steampipe.
https://hub.powerpipe.io/mods/turbot/gcp_compliance
Apache License 2.0
35 stars 10 forks source link

Queries between Control 2.4 and 2.11 of CIS v2.0.0 don't support multiple GCP projects? closes #149 #154

Closed khushboo9024 closed 7 months ago

khushboo9024 commented 7 months ago

Checklist

k-kawa commented 7 months ago

Hi @khushboo9024 How fast your work! I appreciate your great work.

I tested this branch and I think it seems OK. In order to test this, I prepared for some GCP projects one of which has proper configuration and ran benchmarks. Then I got different results for each project.

But I can see the difference only on 2.4, 2.5 and 2.11. The other controls between them still show errors even after configuration. I think it was caused by https://github.com/turbot/steampipe-mod-gcp-compliance/issues/150

Btw, I made a script to make a test environment in these cases.
https://github.com/k-kawa/misc/tree/main/steampipe-gcp-compliance-env

Could you check the YAML file in it? The has all the configuration of logging_metrics and alert_policies. and I think all the Controls should pass with the GCP project. maybe...

khushboo9024 commented 7 months ago

Hi k-kawa, thank you for testing this out. We have updated our query filters to match the patterns specified in the documentation. Could you please give it another try and let us know if it works for you? Thanks!!

k-kawa commented 7 months ago

Hi @khushboo9024 , I've re-tested this branch and confirmed that all the controls return results for each project properly. looks OK to me. This PR will resolve both the two issues of #150 and #149