uniformBucketEnabled.rego referencing deprecated config

[jdyke]

• terrascan version: v1.2.0
• Operating System: Mac OS X 10.15.7

Description

Terrascan is referencing the deprecated config for google_storage_bucket called bucket_policy_only. Terraform updated their logic to now use uniform_bucket_level_access instead, so the rego file here needs to be updated to say:

package accurics

uniformBucketEnabled[api.id]
{
     api := input.google_storage_bucket[_]
     not api.config.uniform_bucket_level_access == true
}

What I Did

Terraform Resource:

resource "google_storage_bucket" "my_bucket" {
  project = "my_project"
  name    = "my_name"

  uniform_bucket_level_access = true
}

Command ran + response:

terrascan scan
results:
    violations:
        - rule_name: uniformBucketEnabled
          description: Ensure that Cloud Storage buckets have uniform bucket-level access enabled.
          rule_id: accurics.gcp.IAM.122
          severity: MEDIUM
          category: Identity & Access Management
          resource_name: $sample_name
          resource_type: google_storage_bucket
          file: main.tf
          line: 100

I'm happy to update this and make a PR with your approval.

[kanchwala-yusuf]

Hey @jdyke,
Thank you for bringing this to our notice. We would be very happy if you raise a PR for this!

Please let us know if you face any issues while raising a PR here, we would be happy to help!