π§ Google GCE Instance Block Project-Wide SSH Keys is not enabled - prod.logic.yaml π’
- Contextual name: π§ prod.logic.yaml π’
- ID:
/ce/ca/google/compute-engine/instance-project-wide-ssh-key/prod.logic.yaml - Located in: π Google GCE Instance Block Project-Wide SSH Keys is not enabled π’
Flagsβ
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Input Typeβ
| Type | API Name | Extracts | Extract Files | Logic Files | |
|---|---|---|---|---|---|
| π | π Google GCE Instance | CA10__CaGoogleGceInstance__c | 13 | 2 | 10 |
Usesβ
Test Results π’β
Generated at: 2025-04-24T23:46:52.130788637Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | a4ZVU000001mQPR2A2 | βοΈ 99 | βοΈ isDisappeared(CA10__disappearanceTime__c) | βοΈ null |
| π’ | a4ZVU000001p5iB2AQ | βοΈ 102 | βοΈ extract('CA10__metadataJson__c').asJson().isInvalid() | βοΈ Expected ',' or ']' after array element in JSON at position 43 (line 1 column 44) |
| π’ | a4Z0e000000Su7DEAS | βοΈ 199 | βοΈ extract('caJsonFrom__metadataJson__block_project_ssh_keys_value').contains('true') | βοΈ null |
| π’ | a4Z0e000000qAcaEAE | βοΈ 200 | βοΈ otherwise | βοΈ null |
Generationβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/google/compute-engine/instance-project-wide-ssh-key/policy.yaml | 0C2BB089C54EF7D5A4A13B6896881B08 |
| Open | /ce/ca/google/compute-engine/instance-project-wide-ssh-key/prod.logic.yaml | 0AE6C61371E28672F8471D1B7A4900BC |
| Open | /types/CA10__CaGoogleGceInstance__c/object.extracts.yaml | 95F28CC49887E4035F2848BC20DC25D1 |
| Open | /ce/ca/google/compute-engine/instance-project-wide-ssh-key/test-data.json | 425D62AD5DC49D343B89C17043BB1BFF |
Generate FULL scriptβ
java -jar repo-manager.jar policies generate FULL /ce/ca/google/compute-engine/instance-project-wide-ssh-key/prod.logic.yaml
Generate DEBUG scriptβ
java -jar repo-manager.jar policies generate DEBUG /ce/ca/google/compute-engine/instance-project-wide-ssh-key/prod.logic.yaml
Generate CAPTURE_TEST_DATA scriptβ
java -jar repo-manager.jar policies generate CAPTURE_TEST_DATA /ce/ca/google/compute-engine/instance-project-wide-ssh-key/prod.logic.yaml
Generate TESTS scriptβ
java -jar repo-manager.jar policies generate TESTS /ce/ca/google/compute-engine/instance-project-wide-ssh-key/prod.logic.yaml
Execute testsβ
java -jar repo-manager.jar policies test /ce/ca/google/compute-engine/instance-project-wide-ssh-key/prod.logic.yaml
Contentβ
---
inputType: "CA10__CaGoogleGceInstance__c"
testData:
- file: test-data.json
importExtracts:
- file: /types/CA10__CaGoogleGceInstance__c/object.extracts.yaml
conditions:
- status: "COMPLIANT"
currentStateMessage: "Block Project-wide SSH keys is enabled for the VM instance."
check:
CONTAINS:
arg:
EXTRACT: "caJsonFrom__metadataJson__block_project_ssh_keys_value"
substring:
TEXT: "true"
otherwise:
status: "INCOMPLIANT"
currentStateMessage: "Block Project-wide SSH keys is disabled for the VM instance."
remediationMessage: "It is recommended to use Instance specific SSH key(s) instead of using common/shared project-wide SSH key(s) to access Instances."