Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect Violation Reporting for Cloud Storage Bucket Policies #1710

Open
zope opened this issue Oct 11, 2024 · 0 comments
Open

Incorrect Violation Reporting for Cloud Storage Bucket Policies #1710

zope opened this issue Oct 11, 2024 · 0 comments

Comments

@zope
Copy link

zope commented Oct 11, 2024

  • terrascan version: v1.19.9
  • Operating System: macOS 14.5

Description

When running a Terrascan scan for Terraform code, I’m encountering a violation that I believe is incorrect. The error suggests that Cloud Storage buckets do not have uniform bucket-level access enabled, despite the fact that the Terraform module explicitly defines the necessary settings.

This issue occurs specifically when using the terraform-google-cloud-storage module, which is led and maintained by Google. The module is widely adopted and follows best practices for configuring Cloud Storage resources, so the error appears to be a false positive.

What I Did

Command executed:

$ terrascan scan --iac-type terraform
2024-10-11T14:57:34.637+0900    warn    commons/terraform-provider.go:161       failed to parse provider version: can't specify multiple versions; a single exact version is required
...
(repeated multiple times)



Violation Details -
    
        Description    :        Ensure that Cloud Storage buckets have uniform bucket-level access enabled.
        File           :        git::https://github.com/terraform-google-modules/terraform-google-cloud-storage.git?ref=c86102c9b34e4a2e3cd37e40b687770990446679/main.tf
        Module Name    :        storage-test
        Plan Root      :        ./
        Line           :        40
        Severity       :        MEDIUM
        -----------------------------------------------------------------------
        

Scan Summary -

        File/Folder         :  ..../environments/development
        IaC Type            :   terraform
        Scanned At          :   2024-10-11 05:57:35.312122 +0000 UTC
        Policies Validated  :   8
        Violated Policies   :   1
        Low                 :   0
        Medium              :   1
        High                :   0

Relevant Terraform Block:

module "storage-test" {
  source     = "git::https://github.com/terraform-google-modules/terraform-google-cloud-storage.git?ref=c86102c9b34e4a2e3cd37e40b687770990446679"
  project_id = var.project_id
  names = ["test"]
  prefix     = var.project_id
  location                 = "us-central1"
  storage_class            = "STANDARD"
  public_access_prevention = "enforced"
  bucket_policy_only = { "test" : true }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zope