Stackdriver Logging Disabled

• Query id: 95601b9a-7fe8-4aee-9b58-d36fd9382dfc
• Query name: Stackdriver Logging Disabled
• Platform: GoogleDeploymentManager
• Severity: Medium
• Category: Observability
• CWE: 778
• URL: Github

Description

Kubernetes Engine Clusters must have Stackdriver Logging enabled, which means the attribute 'loggingService' must be defined and different from 'none'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      name: my-cluster

Positive test num. 2 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      name: my-cluster
      loggingService: none

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

resources:
  - name: cluster
    type: container.v1.cluster
    properties:
      name: my-cluster
      loggingService: "logging.googleapis.com"