Cloud Storage Bucket Logging Not Enabled

• Query id: 507df964-ad97-4035-ab14-94a82eabdfdd
• Query name: Cloud Storage Bucket Logging Not Enabled
• Platform: Ansible
• Severity: Medium
• Category: Observability
• CWE: 778
• URL: Github

Description

Cloud storage bucket should have logging enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

---
- name: create a bucket
  google.cloud.gcp_storage_bucket:
    name: ansible-storage-module
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: create a bucket
  google.cloud.gcp_storage_bucket:
    name: ansible-storage-module
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present
    logging:
      log_bucket: a_bucket_for_logs
      log_object_prefix: log