Google Compute Subnetwork with Private Google Access Disabled
- Query id: 6a4080ae-79bd-42f6-a924-8f534c1c018b
- Query name: Google Compute Subnetwork with Private Google Access Disabled
- Platform: Ansible
- Severity: Low
- Category: Networking and Firewall
- URL: Github
Description¶
Google Compute Subnetwork should have Private Google Access enabled, which means 'private_ip_google_access' should be set to yes
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: create a subnetwork
google.cloud.gcp_compute_subnetwork:
name: ansiblenet
region: us-west1
network: "{{ network }}"
ip_cidr_range: 172.16.0.0/16
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Positive test num. 2 - yaml file
- name: create a subnetwork2
google.cloud.gcp_compute_subnetwork:
name: ansiblenet
region: us-west1
network: "{{ network }}"
ip_cidr_range: 172.16.0.0/16
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
private_ip_google_access: no
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a subnetwork3
google.cloud.gcp_compute_subnetwork:
name: ansiblenet
region: us-west1
network: "{{ network }}"
ip_cidr_range: 172.16.0.0/16
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
private_ip_google_access: yes
state: present