Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(terraform): Added ssl_mode attribute support to CKV_GCP_6 #6703

Merged
merged 3 commits into from
Sep 15, 2024
Merged

fix(terraform): Added ssl_mode attribute support to CKV_GCP_6 #6703

merged 3 commits into from
Sep 15, 2024

Conversation

jbrule
Copy link
Contributor

@jbrule jbrule commented Sep 3, 2024
edited
Loading

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # Adds support for ssl_mode attribute that replaces the deprecated require_ssl attribute used previously (policy still supports require_ssl is present but ssl_mode supercedes). Checks to make sure the "TRUSTED_CLIENT_CERTIFICATE_REQUIRED" option is used as require_ssl = true enforced certificate verification
https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1/instances#SslMode

Terraform dropped support for require_ssl in v6.0.1 -> https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade#settingsip_configurationrequire_ssl-is-now-removed-in-601

Closes issues
#6102

New/Edited policies (Delete if not relevant)

CKV_GCP_6

Description

require_ssl has been deprecated and has been removed from the google Terraform provider v6.0.1

Fix

Replace require_ssl = true with ssl_mode = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation -> Docs PR.
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

@jbrule jbrule mentioned this pull request Sep 3, 2024
Merged
@jbrule jbrule changed the title fix(terraform) Added ssl_mode attribute support to CKV_GCP_6 fix(terraform): Added ssl_mode attribute support to CKV_GCP_6 Sep 9, 2024
Modified policy to handle incorrect setting of ip_configuration block…
7f55bde 
… as required by test "/terraform/checks/resource/gcp/example_CloudSQLServerNoPublicIP/main.tf:google_sql_database_instance.fail_not_list"
@jbrule
Copy link
Contributor Author

jbrule commented Sep 11, 2024

Run workflow

@matansha matansha merged commit 4ac8f30 into bridgecrewio:main Sep 15, 2024
40 of 41 checks passed
Saarett pushed a commit that referenced this pull request Sep 15, 2024
@jbrule @actions-user
fix(terraform): Added ssl_mode attribute support to CKV_GCP_6 (#6703)
c378538 
* Added ssl_mode attribute support to CKV_GCP_6

* Modified policy to handle incorrect setting of ip_configuration block as required by test "/terraform/checks/resource/gcp/example_CloudSQLServerNoPublicIP/main.tf:google_sql_database_instance.fail_not_list"

---------

Co-authored-by: Joshua Brule <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matansha matansha matansha approved these changes

@tsmithv11 tsmithv11 tsmithv11 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jbrule @matansha @tsmithv11