🧠 Google GCE Network allows unrestricted traffic to Cassandra - prod.logic.yaml🟢

Contextual name: 🧠 prod.logic.yaml🟢
ID: /ce/ca/google/vpc/network-cassandra-access/prod.logic.yaml
Tags:
- 🟢 Logic test success
- 🟢 Logic with extracts
- 🟢 Logic with test data

Uses

📗 Google GCE Network
🔌 Google GCE Firewall Rule - object.extracts.yaml
🧪 test-data.json

Test Results 🟢

Generated at: 2025-10-25T12:02:57.264333099Z Open

Result	Id	Condition Index	Condition Text	Runtime Error
🟢	a4b0e1	✔️ `200`	✔️ `otherwise`	✔️ `null`
🟢	a4b0e12	✔️ `200`	✔️ `otherwise`	✔️ `null`
🟢	a4b0e13	✔️ `200`	✔️ `otherwise`	✔️ `null`
🟢	a4b0e14	✔️ `200`	✔️ `otherwise`	✔️ `null`
🟢	a4b0e16	✔️ `199`	✔️ `CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT)`	✔️ `null`
🟢	a4b0e17	✔️ `199`	✔️ `CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT)`	✔️ `null`
🟢	a4b0e18	✔️ `199`	✔️ `CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT)`	✔️ `null`
🟢	a4b0e19	✔️ `199`	✔️ `CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT)`	✔️ `null`

Generation Bundle

	File	MD5
Open	`/ce/ca/google/vpc/network-cassandra-access/policy.yaml`	`804041D422AAF5D7404F651A67952FEE`
Open	`/ce/ca/google/vpc/network-cassandra-access/prod.logic.yaml`	`E62D05C68257880237429AAED9E436D8`
Open	`/ce/ca/google/vpc/network-cassandra-access/test-data.json`	`9FAD901F8FB7ABA13783714DE7B5841A`
Open	`/types/CA10__CaGoogleGceFirewallRule__c/object.extracts.yaml`	`AE08F20196B487A130FB166DA77692D3`

Available Commands

repo-manager policies generate FULL /ce/ca/google/vpc/network-cassandra-access/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/google/vpc/network-cassandra-access/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/google/vpc/network-cassandra-access/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/google/vpc/network-cassandra-access/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/google/vpc/network-cassandra-access/prod.logic.yaml

Content

Open File

---

inputType: "CA10__CaGoogleGceNetwork__c"
testData:
  - file: test-data.json
conditions:
  - status: "INCOMPLIANT"
    currentStateMessage: "The Network has GCE Firewall Rules which allow unrestricted Cassandra access."
    remediationMessage: "Modify the firewall rule to remove unrestricted access."
    check:
      RELATED_LIST_HAS:
        status: "INCOMPLIANT"
        relationshipName: "CA10__Google_GCE_Firewall_Rules__r"
otherwise:
  status: "COMPLIANT"
  currentStateMessage: "Cassandra access is restricted from the internet."
relatedLists:
  - relationshipName: "CA10__Google_GCE_Firewall_Rules__r"
    importExtracts:
      - file: /types/CA10__CaGoogleGceFirewallRule__c/object.extracts.yaml
    conditions:
      - status: "INAPPLICABLE"
        currentStateMessage: "This is not an ingress security firewall rule."
        check:
          NOT_EQUAL:
            left:
              EXTRACT: "CA10__direction__c"
            right:
              TEXT: "INGRESS"
      - status: "INAPPLICABLE"
        currentStateMessage: "This security firewall rule does not allow unrestricted access."
        check:
          AND:
            args:
              - NOT_EQUAL:
                  left:
                    EXTRACT: "CA10__sourceRanges__c"
                  right:
                    TEXT: "0.0.0.0/0"
              - NOT_EQUAL:
                  left:
                    EXTRACT: "CA10__sourceRanges__c"
                  right:
                    TEXT: "::/0"
      # tcp protocol and ports including: 7000, 7001, 7199, 8888, 9042, 9160, 61620, 61621
      - status: "INCOMPLIANT"
        currentStateMessage: "This firewall rule is unrestricted."
        remediationMessage: "Modify the firewall rule."
        check:
          GREATER_THAN:
            left:
              JSON_QUERY_NUMBER:
                arg:
                  EXTRACT: "caJsonFrom__allowedProtocolsPortsJson__c"
                expression: "length(ports[?(protocol=='tcp' && ((startPort=='7000' || endPort=='7000' || (startPort<'7000' && endPort>'7000')) || (startPort=='7001' || endPort=='7001' || (startPort<'7001' && endPort>'7001')) || (startPort=='7199' || endPort=='7199' || (startPort<'7199' && endPort>'7199')) || (startPort=='8888' || endPort=='8888' || (startPort<'8888' && endPort>'8888')) || (startPort=='9042' || endPort=='9042' || (startPort<'9042' && endPort>'9042')) || (startPort=='9160' || endPort=='9160' || (startPort<'9160' && endPort>'9160')) || (startPort=='61620' || endPort=='61620' || (startPort<'61620' && endPort>'61620')) || (startPort=='61621' || endPort=='61621' || (startPort<'61621' && endPort>'61621'))))])"
                undeterminedIf:
                  evaluationError: "The JSON query failed."
                  resultTypeMismatch: "The JSON query did not return number type."
            right:
              NUMBER: 0.0
    otherwise:
      status: "COMPLIANT"
      currentStateMessage: "This firewall rule does not allow unrestricted traffic to Cassandra ports."

Uses​

Test Results 🟢​

Generation Bundle​

Available Commands​

Content​

Uses

Test Results 🟢

Generation Bundle

Available Commands

Content