fix(terraform): Added ssl_mode attribute support to CKV_GCP_6 #6703
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.
Fixes # Adds support for ssl_mode attribute that replaces the deprecated require_ssl attribute used previously (policy still supports require_ssl is present but ssl_mode supercedes). Checks to make sure the "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" option is used as require_ssl = true enforced certificate verification
https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/instances#SslMode
Terraform dropped support for require_ssl in v6.0.1 -> https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade#settingsip_configurationrequire_ssl-is-now-removed-in-601
Closes issues
#6102
New/Edited policies (Delete if not relevant)
CKV_GCP_6
Description
require_ssl has been deprecated and has been removed from the google Terraform provider v6.0.1
Fix
Replace require_ssl = true with ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
Checklist: