SQL DB Instance Backup Disabled
- Query id: 0c82eae2-aca0-401f-93e4-fb37a0f9e5e8
- Query name: SQL DB Instance Backup Disabled
- Platform: Ansible
- Severity: Medium
- Category: Backup
- CWE: Ongoing
- URL: Github
Description¶
Checks if backup configuration is enabled for all Cloud SQL Database instances
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: create a instance
google.cloud.gcp_sql_instance:
name: "{{ resource_name }}-2"
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create a second instance
google.cloud.gcp_sql_instance:
name: "{{ resource_name }}-2"
settings:
tier: db-n1-standard-1
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create a third instance
google.cloud.gcp_sql_instance:
name: "{{ resource_name }}-2"
settings:
backup_configuration:
binary_log_enabled: yes
tier: db-n1-standard-1
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create a forth instance
google.cloud.gcp_sql_instance:
name: "{{ resource_name }}-2"
settings:
backup_configuration:
binary_log_enabled: yes
enabled: no
tier: db-n1-standard-1
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a instance
google.cloud.gcp_sql_instance:
name: '{{ resource_name }}-2'
settings:
backup_configuration:
binary_log_enabled: yes
enabled: yes
tier: db-n1-standard-1
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: /tmp/auth.pem
state: present