-
Notifications
You must be signed in to change notification settings - Fork 0
/
storage_bucket_report_encryption.sp
100 lines (84 loc) · 2.08 KB
/
storage_bucket_report_encryption.sp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
dashboard "storage_bucket_encryption_report" {
title = "GCP Storage Bucket Encryption Report"
documentation = file("./dashboards/storage/docs/storage_bucket_report_encryption.md")
tags = merge(local.storage_common_tags, {
type = "Report"
category = "Encryption"
})
container {
card {
query = query.storage_bucket_count
width = 3
}
card {
query = query.storage_bucket_google_managed_encryption
width = 3
}
card {
query = query.storage_bucket_customer_managed_encryption
width = 3
}
}
table {
column "Self-Link" {
display = "none"
}
column "ID" {
display = "none"
}
column "KMS Self-Link" {
display = "none"
}
column "Name" {
href = "${dashboard.storage_bucket_detail.url_path}?input.bucket_id={{.ID | @uri}}"
}
column "KMS Key" {
href = "${dashboard.kms_key_detail.url_path}?input.key_self_link={{.'KMS Self-Link' | @uri}}"
}
query = query.storage_bucket_encryption_table
}
}
query "storage_bucket_google_managed_encryption" {
sql = <<-EOQ
select
count(*) as value,
'Google Managed Encryption' as label
from
gcp_storage_bucket
where
default_kms_key_name is null;
EOQ
}
query "storage_bucket_customer_managed_encryption" {
sql = <<-EOQ
select
count(*) as value,
'Customer Managed Encryption' as label
from
gcp_storage_bucket
where
default_kms_key_name is not null;
EOQ
}
query "storage_bucket_encryption_table" {
sql = <<-EOQ
select
b.name as "Name",
b.id as "ID",
case
when default_kms_key_name is null then 'Google Managed'
else 'Customer Managed'
end as "Encryption Type",
b.default_kms_key_name as "KMS Key",
b.project as "Project",
b.location as "Location",
b.self_link as "Self-Link",
k.self_link as "KMS Self-Link"
from
gcp_storage_bucket as b
left join gcp_kms_key as k
on k.self_link like '%' || b.default_kms_key_name
order by
b.name;
EOQ
}