π§ Google GCE Subnetwork Flow Logs are not enabled - prod.logic.yaml π’
- Contextual name: π§ prod.logic.yaml π’
- ID:
/ce/ca/google/vpc/subnetwork-flow-logs/prod.logic.yaml - Located in: π Google GCE Subnetwork Flow Logs are not enabled π’
Flagsβ
- π’ Logic test success
- π’ Logic with extracts
- π’ Logic with test data
Input Typeβ
| Type | API Name | Extracts | Extract Files | Logic Files | |
|---|---|---|---|---|---|
| π | π Google GCE Subnetwork | CA10__CaGoogleGceSubnetwork__c | 8 | 1 | 1 |
Usesβ
Test Results π’β
Generated at: 2025-04-24T23:47:41.788108805Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| π’ | a4i0e1 | βοΈ 199 | βοΈ extract('CA10__flowLogs__c') == 'Enabled' && extract('CA10__logConfigState__c') == 'Enabled' && extract('CA10__logConfigAggregationInterval__c') == 'INTERVAL_5_SEC' && extract('CA10__logConfigFlowSampling__c') == number(1.0) && extract('CA10__logConfigMetadata__c') == 'INCLUDE_ALL_METADATA' && (extract('CA10__logConfigFilterExpr__c') == 'False' || extract('CA10__logConfigFilterExpr__c').isEmpty()) | βοΈ null |
| π’ | a4i0e8_logConfigFilterExpr2 | βοΈ 199 | βοΈ extract('CA10__flowLogs__c') == 'Enabled' && extract('CA10__logConfigState__c') == 'Enabled' && extract('CA10__logConfigAggregationInterval__c') == 'INTERVAL_5_SEC' && extract('CA10__logConfigFlowSampling__c') == number(1.0) && extract('CA10__logConfigMetadata__c') == 'INCLUDE_ALL_METADATA' && (extract('CA10__logConfigFilterExpr__c') == 'False' || extract('CA10__logConfigFilterExpr__c').isEmpty()) | βοΈ null |
| π’ | a4i0e2_flowLogs | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | a4i0e3_logConfigState | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | a4i0e4_logConfigAggregationInterval | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | a4i0e5_logConfigFlowSampling | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | a4i0e6_logConfigMetadata | βοΈ 200 | βοΈ otherwise | βοΈ null |
| π’ | a4i0e7_logConfigFilterExpr1 | βοΈ 200 | βοΈ otherwise | βοΈ null |
Generationβ
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/google/vpc/subnetwork-flow-logs/policy.yaml | 174A021F8A903F363F0750B288106A48 |
| Open | /ce/ca/google/vpc/subnetwork-flow-logs/prod.logic.yaml | C87617E6CC2A3914F65C4A054BBB5319 |
| Open | /types/CA10__CaGoogleGceSubnetwork__c/object.extracts.yaml | 32AFC7212BC1465E8669136233FF0873 |
| Open | /ce/ca/google/vpc/subnetwork-flow-logs/test-data.json | 63A39A99B1DE6CB9793155A0F824BA69 |
Generate FULL scriptβ
java -jar repo-manager.jar policies generate FULL /ce/ca/google/vpc/subnetwork-flow-logs/prod.logic.yaml
Generate DEBUG scriptβ
java -jar repo-manager.jar policies generate DEBUG /ce/ca/google/vpc/subnetwork-flow-logs/prod.logic.yaml
Generate CAPTURE_TEST_DATA scriptβ
java -jar repo-manager.jar policies generate CAPTURE_TEST_DATA /ce/ca/google/vpc/subnetwork-flow-logs/prod.logic.yaml
Generate TESTS scriptβ
java -jar repo-manager.jar policies generate TESTS /ce/ca/google/vpc/subnetwork-flow-logs/prod.logic.yaml
Execute testsβ
java -jar repo-manager.jar policies test /ce/ca/google/vpc/subnetwork-flow-logs/prod.logic.yaml
Contentβ
---
inputType: "CA10__CaGoogleGceSubnetwork__c"
testData:
- file: test-data.json
importExtracts:
- file: /types/CA10__CaGoogleGceSubnetwork__c/object.extracts.yaml
conditions:
- status: "COMPLIANT"
currentStateMessage: "Flow Logs are enabled and configured correctly."
check:
AND:
args:
- IS_EQUAL:
left:
EXTRACT: "CA10__flowLogs__c"
right:
TEXT: "Enabled"
- IS_EQUAL:
left:
EXTRACT: "CA10__logConfigState__c"
right:
TEXT: "Enabled"
- IS_EQUAL:
left:
EXTRACT: "CA10__logConfigAggregationInterval__c"
right:
TEXT: "INTERVAL_5_SEC"
- IS_EQUAL:
left:
EXTRACT: "CA10__logConfigFlowSampling__c"
right:
NUMBER: 1.0
- IS_EQUAL:
left:
EXTRACT: "CA10__logConfigMetadata__c"
right:
TEXT: "INCLUDE_ALL_METADATA"
- OR:
args:
- IS_EQUAL:
left:
EXTRACT: "CA10__logConfigFilterExpr__c"
right:
TEXT: "False"
- IS_EMPTY:
arg:
EXTRACT: "CA10__logConfigFilterExpr__c"
otherwise:
status: "INCOMPLIANT"
currentStateMessage: "Flow Logs aren't enabled or configured correctly."
remediationMessage: "Enable flow logs."