New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
using data google_iam_policy results in no checks perfomed #2957
Comments
hi @jezzirolk this correct. We differentiate between |
But, in this example is assumed that the folder from which you extract the policy (used in data object) is different to the used on th resource object?. Because if it's different makes sense that is a bug, if not, it's just a getIam action (no modification) |
so the thing to note here is that while this is a data object it is not reading any data, to apply a policy as a whole you define a data object and then apply said object with the google_folder_iam_policy resource. I understand that you don't check data normal data objects because they aren't being managed, but in this case I'm not reading the data from anywhere I'm defining it to be applied elsewhere. This issue follows to anything I define in a policy like this and fails in both when I check the terraform and when I check the plan file(which at that point it is in a resource definition and should definitely fail) documentation about how these resources are used below https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_policy but this also applies to google_organization_iam_policy , google_project_iam_policy , and probably others(these are so far the 3 that I'm using) |
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io |
Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: https://slack.bridgecrew.io Thanks! |
Describe the issue
On GCP if you apply a role via a policy that is applied none of the checks are performed. The example below should pass CKV_GCP_48 and fail CKV_GCP_44 (with my variables) but when checkov is run, no checks are run, pass or fail.
Examples\
Version (please complete the following information):
Checkov Version 2.0.1136
The text was updated successfully, but these errors were encountered: