🧠 Google GCE Network has no egress deny Firewall Rule - prod.logic.yaml🟢

• Contextual name: 🧠 prod.logic.yaml🟢
• ID: /ce/ca/google/vpc/network-egress-deny-rule/prod.logic.yaml
• Tags:
  • 🟢 Logic test success
  • 🟢 Logic with extracts
  • 🟢 Logic with test data

Uses

• 📗 Google GCE Network
• 🔌 Google GCE Firewall Rule - object.extracts.yaml
• 🧪 test-data.json

Test Results 🟢

Generated at: 2025-10-25T12:02:57.959715266Z Open

Result	Id	Condition Index	Condition Text	Runtime Error
🟢	001	✔️ 199	✔️ CA10__Google_GCE_Firewall_Rules__r.has(COMPLIANT)	✔️ null
🟢	002	✔️ 200	✔️ otherwise	✔️ null
🟢	003	✔️ 200	✔️ otherwise	✔️ null
🟢	004	✔️ 200	✔️ otherwise	✔️ null
🟢	005	✔️ 200	✔️ otherwise	✔️ null

Generation Bundle

	File	MD5
Open	/ce/ca/google/vpc/network-egress-deny-rule/policy.yaml	52AD599C9EFB62FE62603B3B23D0F7B6
Open	/ce/ca/google/vpc/network-egress-deny-rule/prod.logic.yaml	1F49AAD133AC39E856CAE4554682CA4A
Open	/ce/ca/google/vpc/network-egress-deny-rule/test-data.json	A36D53AC9533AAFDEC9296B38EC1070F
Open	/types/CA10__CaGoogleGceFirewallRule__c/object.extracts.yaml	AE08F20196B487A130FB166DA77692D3

Available Commands

repo-manager policies generate FULL /ce/ca/google/vpc/network-egress-deny-rule/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/google/vpc/network-egress-deny-rule/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/google/vpc/network-egress-deny-rule/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/google/vpc/network-egress-deny-rule/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/google/vpc/network-egress-deny-rule/prod.logic.yaml

Content

Open File

---

inputType: "CA10__CaGoogleGceNetwork__c"
testData:
  - file: "test-data.json"
conditions:
  - status: "COMPLIANT"
    currentStateMessage: "The Network has an Egress deny rule."
    check:
      RELATED_LIST_HAS:
        status: "COMPLIANT"
        relationshipName: "CA10__Google_GCE_Firewall_Rules__r"
otherwise:
  status: "INCOMPLIANT"
  currentStateMessage: "The Network has no egress GCE Firewall Rule which denies unwanted outbound traffic."
  remediationMessage: "Set an Egress deny rule."
relatedLists:
  - relationshipName: "CA10__Google_GCE_Firewall_Rules__r"
    importExtracts:
      - file: "/types/CA10__CaGoogleGceFirewallRule__c/object.extracts.yaml"
    conditions:
      - status: "COMPLIANT"
        currentStateMessage: "Egress deny rule is set."
        check:
          AND:
            args:
              - IS_EQUAL:
                  left:
                    EXTRACT: "CA10__direction__c"
                  right:
                    TEXT: "EGRESS"
              - IS_EQUAL:
                  left:
                    EXTRACT: "CA10__destinationRanges__c"
                  right:
                    TEXT: "0.0.0.0/0"
              - GREATER_THAN:
                  left:
                    JSON_QUERY_NUMBER:
                      arg:
                        EXTRACT: "caJsonFrom__deniedProtocolsPortsJson__c"
                      expression: "length(ports[?((protocol=='all') || (startPort=='null' && endPort=='null'))])"
                      undeterminedIf:
                        evaluationError: "The JSON query failed."
                        resultTypeMismatch: "The JSON query did not return number type."
                  right:
                    NUMBER: 0.0
    otherwise:
      status: "INCOMPLIANT"
      currentStateMessage: "Egress deny rule not set."
      remediationMessage: "Set Egress deny rule."