[new-command-request] gcpdiag lint --project #360
Assignees
Labels
new-command-request
An issue to track commands that the community wants.
Comments
stewartshea
added
the
new-command-request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What do you need the command to do?
https://gcpdiag.dev/docs/running/
The gcpdiag command can be used as a general project configuration linter. This could be useful to surface up potential issues, and generally provides output in a format of OK or FAIL. We could surface up all fails in the output.
Note, issues should be considered a minor warning I suspect, as there can be some output that is considered a FAIL by the utility but is intentional by the user. Maybe we consider some type of whitelist based on the output
What should the output look like?
The output looks a little like this:
vpc/BP/2022_001: Explicit routes for Google APIs if the default route is modified.
🔎 vpc/BP/2023_001: DNS logging is enabled for public zones.
If not enabled, customers wouldn't have visbility to what queries are being
made to the zone.
https://gcpdiag.dev/rules/vpc/BP/2023_001
🔎 vpc/SEC/2023_001: DNSSEC is enabled for public zones.
It is recommended to enable DNSSEC for public zones.
https://gcpdiag.dev/rules/vpc/SEC/2023_001
🔎 vpc/WARN/2022_001: Per-project quotas are not near the limit.
🔎 vpc/WARN/2023_002: Private zone is attached to a VPC.
Rules summary: 135 skipped, 75 ok, 21 failed
Any other helpful context?
No response
Contact
None
The text was updated successfully, but these errors were encountered: