You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The gcpdiag command can be used as a general project configuration linter. This could be useful to surface up potential issues, and generally provides output in a format of OK or FAIL. We could surface up all fails in the output.
Note, issues should be considered a minor warning I suspect, as there can be some output that is considered a FAIL by the utility but is intentional by the user. Maybe we consider some type of whitelist based on the output
What should the output look like?
The output looks a little like this:
vpc/BP/2022_001: Explicit routes for Google APIs if the default route is modified.
runwhen-nonprod-sandbox [ OK ]
🔎 vpc/BP/2023_001: DNS logging is enabled for public zones.
runwhen-nonprod-sandbox/sandbox-zone [FAIL] logging is disabled for this public zone
If not enabled, customers wouldn't have visbility to what queries are being
made to the zone.
What do you need the command to do?
https://gcpdiag.dev/docs/running/
The gcpdiag command can be used as a general project configuration linter. This could be useful to surface up potential issues, and generally provides output in a format of OK or FAIL. We could surface up all fails in the output.
Note, issues should be considered a minor warning I suspect, as there can be some output that is considered a FAIL by the utility but is intentional by the user. Maybe we consider some type of whitelist based on the output
What should the output look like?
The output looks a little like this:
vpc/BP/2022_001: Explicit routes for Google APIs if the default route is modified.
🔎 vpc/BP/2023_001: DNS logging is enabled for public zones.
If not enabled, customers wouldn't have visbility to what queries are being
made to the zone.
https://gcpdiag.dev/rules/vpc/BP/2023_001
🔎 vpc/SEC/2023_001: DNSSEC is enabled for public zones.
It is recommended to enable DNSSEC for public zones.
https://gcpdiag.dev/rules/vpc/SEC/2023_001
🔎 vpc/WARN/2022_001: Per-project quotas are not near the limit.
🔎 vpc/WARN/2023_002: Private zone is attached to a VPC.
Rules summary: 135 skipped, 75 ok, 21 failed
Any other helpful context?
No response
Contact
None
The text was updated successfully, but these errors were encountered: