turbot/steampipe-mod-gcp-compliance

Control: Ensure OS login is enabled at Project level

Description

Enabling OS login binds SSH certificates to IAM users and facilitates effective SSH certificate management.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.project_oslogin_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.project_oslogin_enabled --share

SQL

This control uses a named query:

select
id as resource,
case
when exists (
select 1
from jsonb_array_elements(common_instance_metadata -> 'items') as items
where lower(items ->> 'key') = 'enable-oslogin'
and lower(items ->> 'value') in ('true','y','yes','1')
) then 'ok'
else 'alarm'
end as status,
case
when exists (
select 1
from jsonb_array_elements(common_instance_metadata -> 'items') as items
where lower(items ->> 'key') = 'enable-oslogin'
and lower(items ->> 'value') in ('true','y','yes','1')
) then title || ' OS login enabled.'
else title || ' OS login disabled.'
end as reason
, location as location, project as project
from
gcp_compute_project_metadata;

Tags