🧠 Google GCE Network allows unrestricted SMTP traffic - prod.logic.yaml🟢
- Contextual name: 🧠 prod.logic.yaml🟢
- ID:
/ce/ca/google/vpc/network-smtp-access/prod.logic.yaml - Tags:
Uses
Test Results 🟢
Generated at: 2025-10-25T12:03:00.832853169Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| 🟢 | a4b0e1 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | a4b0e12 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | a4b0e13 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | a4b0e14 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | a4b0e16 | ✔️ 199 | ✔️ CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | a4b0e17 | ✔️ 199 | ✔️ CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT) | ✔️ null |
Generation Bundle
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/google/vpc/network-smtp-access/policy.yaml | C92CD80B3AAC52CC6D8D018222586017 |
| Open | /ce/ca/google/vpc/network-smtp-access/prod.logic.yaml | FBF3E9ED99A9C032DEEEB3CC56F1124F |
| Open | /ce/ca/google/vpc/network-smtp-access/test-data.json | 081A2E3547DD087EFBD1F8DD56C866EA |
| Open | /types/CA10__CaGoogleGceFirewallRule__c/object.extracts.yaml | AE08F20196B487A130FB166DA77692D3 |
Available Commands
repo-manager policies generate FULL /ce/ca/google/vpc/network-smtp-access/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/google/vpc/network-smtp-access/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/google/vpc/network-smtp-access/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/google/vpc/network-smtp-access/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/google/vpc/network-smtp-access/prod.logic.yaml
Content
---
inputType: "CA10__CaGoogleGceNetwork__c"
testData:
- file: test-data.json
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "The Network has GCE Firewall Rules which allow unrestricted SMTP access."
remediationMessage: "Modify the firewall rule to remove unrestricted access."
check:
RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10__Google_GCE_Firewall_Rules__r"
otherwise:
status: "COMPLIANT"
currentStateMessage: "SMTP access is restricted from the internet."
relatedLists:
- relationshipName: "CA10__Google_GCE_Firewall_Rules__r"
importExtracts:
- file: /types/CA10__CaGoogleGceFirewallRule__c/object.extracts.yaml
conditions:
- status: "INAPPLICABLE"
currentStateMessage: "This is not an ingress security firewall rule."
check:
NOT_EQUAL:
left:
EXTRACT: "CA10__direction__c"
right:
TEXT: "INGRESS"
- status: "INAPPLICABLE"
currentStateMessage: "This security firewall rule does not allow unrestricted access."
check:
AND:
args:
- NOT_EQUAL:
left:
EXTRACT: "CA10__sourceRanges__c"
right:
TEXT: "0.0.0.0/0"
- NOT_EQUAL:
left:
EXTRACT: "CA10__sourceRanges__c"
right:
TEXT: "::/0"
- status: "INCOMPLIANT"
currentStateMessage: "This firewall rule is unrestricted."
remediationMessage: "Modify the firewall rule."
check:
GREATER_THAN:
left:
JSON_QUERY_NUMBER:
arg:
EXTRACT: "caJsonFrom__allowedProtocolsPortsJson__c"
expression: "length(ports[?(protocol=='tcp' && (startPort=='25' || endPort=='25' || (startPort<'25' && endPort>'25')))])"
undeterminedIf:
evaluationError: "The JSON query failed."
resultTypeMismatch: "The JSON query did not return number type."
right:
NUMBER: 0.0
otherwise:
status: "COMPLIANT"
currentStateMessage: "This firewall rule does not allow unrestricted traffic to SMTP ports."