Control: Ensure OS login is enabled at Project level
Description
Enabling OS login binds SSH certificates to IAM users and facilitates effective SSH certificate management.
Usage
Run the control in your terminal:
powerpipe control run gcp_compliance.control.project_oslogin_enabled
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run gcp_compliance.control.project_oslogin_enabled --share
SQL
This control uses a named query:
select id as resource, case when exists ( select 1 from jsonb_array_elements(common_instance_metadata -> 'items') as items where lower(items ->> 'key') = 'enable-oslogin' and lower(items ->> 'value') in ('true','y','yes','1') ) then 'ok' else 'alarm' end as status, case when exists ( select 1 from jsonb_array_elements(common_instance_metadata -> 'items') as items where lower(items ->> 'key') = 'enable-oslogin' and lower(items ->> 'value') in ('true','y','yes','1') ) then title || ' OS login enabled.' else title || ' OS login disabled.' end as reason , location as location, project as projectfrom gcp_compute_project_metadata;