Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-compliance
Overview
14Dashboards
621Benchmarks
202Queries
2Variables
GitHub

Control: Ensure OS login is enabled at Project level

Description

Enabling OS login binds SSH certificates to IAM users and facilitates effective SSH certificate management.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.project_oslogin_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.project_oslogin_enabled --share

SQL

This control uses a named query:

select
  id as resource,
  case
    when exists (
      select 1
      from jsonb_array_elements(common_instance_metadata -> 'items') as items
      where lower(items ->> 'key') = 'enable-oslogin'
        and lower(items ->> 'value') in ('true','y','yes','1')
    ) then 'ok'
    else 'alarm'
  end as status,
  case
    when exists (
      select 1
      from jsonb_array_elements(common_instance_metadata -> 'items') as items
      where lower(items ->> 'key') = 'enable-oslogin'
        and lower(items ->> 'value') in ('true','y','yes','1')
    ) then title || ' OS login enabled.'
    else title || ' OS login disabled.'
  end as reason
  , location as location, project as project
from
  gcp_compute_project_metadata;

Tags

category = Compliance
plugin = gcp
service = GCP/Project