Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Incorrect Violation Reporting for Cloud Storage Bucket Policies #1710

Open
zope opened this issue Oct 11, 2024 · 0 comments
Open

Incorrect Violation Reporting for Cloud Storage Bucket Policies #1710

zope opened this issue Oct 11, 2024 · 0 comments

Comments

@zope
Copy link

zope commented Oct 11, 2024

  • terrascan version: v1.19.9
  • Operating System: macOS 14.5

Description

When running a Terrascan scan for Terraform code, I’m encountering a violation that I believe is incorrect. The error suggests that Cloud Storage buckets do not have uniform bucket-level access enabled, despite the fact that the Terraform module explicitly defines the necessary settings.

This issue occurs specifically when using the terraform-google-cloud-storage module, which is led and maintained by Google. The module is widely adopted and follows best practices for configuring Cloud Storage resources, so the error appears to be a false positive.

What I Did

Command executed:

$ terrascan scan --iac-type terraform
2024-10-11T14:57:34.637+0900    warn    commons/terraform-provider.go:161       failed to parse provider version: can't specify multiple versions; a single exact version is required
...
(repeated multiple times)



Violation Details -
    
        Description    :        Ensure that Cloud Storage buckets have uniform bucket-level access enabled.
        File           :        git::https://github.com/terraform-google-modules/terraform-google-cloud-storage.git?ref=c86102c9b34e4a2e3cd37e40b687770990446679/main.tf
        Module Name    :        storage-test
        Plan Root      :        ./
        Line           :        40
        Severity       :        MEDIUM
        -----------------------------------------------------------------------
        

Scan Summary -

        File/Folder         :  ..../environments/development
        IaC Type            :   terraform
        Scanned At          :   2024-10-11 05:57:35.312122 +0000 UTC
        Policies Validated  :   8
        Violated Policies   :   1
        Low                 :   0
        Medium              :   1
        High                :   0

Relevant Terraform Block:

module "storage-test" {
  source     = "git::https://github.com/terraform-google-modules/terraform-google-cloud-storage.git?ref=c86102c9b34e4a2e3cd37e40b687770990446679"
  project_id = var.project_id
  names = ["test"]
  prefix     = var.project_id
  location                 = "us-central1"
  storage_class            = "STANDARD"
  public_access_prevention = "enforced"
  bucket_policy_only = { "test" : true }
}
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zope