forked from aquasecurity/tfsec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
no_privileged_service_accounts.tf.go
39 lines (33 loc) · 1.02 KB
/
no_privileged_service_accounts.tf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package iam
var terraformNoPrivilegedServiceAccountsGoodExamples = []string{
`
resource "google_service_account" "test" {
account_id = "account123"
display_name = "account123"
email = "jim@tfsec.dev"
}
resource "google_project_iam_member" "project" {
project = "your-project-id"
role = "roles/logging.logWriter"
member = "serviceAccount:${google_service_account.test.email}"
}
`,
}
var terraformNoPrivilegedServiceAccountsBadExamples = []string{
`
resource "google_service_account" "test" {
account_id = "account123"
display_name = "account123"
email = "jim@tfsec.dev"
}
resource "google_project_iam_member" "project" {
project = "your-project-id"
role = "roles/owner"
member = "serviceAccount:${google_service_account.test.email}"
}
`,
}
var terraformNoPrivilegedServiceAccountsLinks = []string{
`https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam`,
}
var terraformNoPrivilegedServiceAccountsRemediationMarkdown = ``