turbot/terraform_gcp_compliance

Query: kubernetes_cluster_control_plane_restrict_public_access

Usage

powerpipe query terraform_gcp_compliance.query.kubernetes_cluster_control_plane_restrict_public_access

Steampipe Tables

SQL

with public_control_plane as (
select
distinct address
from
terraform_resource,
jsonb_array_elements(
case
jsonb_typeof(attributes_std -> 'master_authorized_networks_config' -> 'cidr_blocks')
when 'array' then (attributes_std -> 'master_authorized_networks_config' -> 'cidr_blocks')
when 'object' then jsonb_build_array(attributes_std -> 'master_authorized_networks_config' -> 'cidr_blocks')
else null
end
) as s
where
type = 'google_container_cluster'
and s ->> 'cidr_block' = '0.0.0.0/0'
)
select
r.address as resource,
case
when p.address is null then 'ok'
else 'alarm'
end as status,
split_part(r.address, '.', 2) || case
when p.address is null then ' control plane not publicly accessible'
else ' control plane publicly accessible'
end || '.' reason
, path || ':' || start_line
from
terraform_resource as r
left join public_control_plane as p on p.address = r.address
where
type = 'google_container_cluster';

Controls

The query is being used by the following controls: