Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(gcp): Fix the query condition of the KMS Separation duties rule #11961

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 6, 2023
Merged

fix(gcp): Fix the query condition of the KMS Separation duties rule #11961

merged 3 commits into from
Jul 6, 2023

Conversation

@aruneko
Copy link
Contributor

@aruneko aruneko commented Jul 5, 2023

Summary

The current query condition in the kms_separation_of_duties.sql is only checks that an user has the cloudkms.admin role. But the actually condition defined in the CIS Benchmarks document is an user should not have Cloud KMS Admin and any of the Cloud KMS CryptoKey Encrypter/Decrypter, Cloud KMS CryptoKey Encrypter or Cloud KMS CryptoKey Decrypter roles at the same time.

I fixed current condition to adjust for actual condition.

@aruneko aruneko requested review from disq and yevgenypats as code owners July 5, 2023 03:13
@cq-bot cq-bot added the gcp label Jul 5, 2023
@hermanschaaf hermanschaaf requested a review from jsonpr July 5, 2023 10:00
hermanschaaf
hermanschaaf approved these changes Jul 6, 2023
View reviewed changes
Copy link
Member

@hermanschaaf hermanschaaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix @aruneko !

@hermanschaaf hermanschaaf added the automerge Automatically merge once required checks pass label Jul 6, 2023
@kodiakhq kodiakhq bot merged commit 8c4c511 into cloudquery:main Jul 6, 2023
@cq-bot cq-bot mentioned this pull request Jul 6, 2023
Merged
@aruneko aruneko deleted the develop/fix_gcp_cis_kms_separation branch July 7, 2023 04:13
kodiakhq bot pushed a commit that referenced this pull request Jul 14, 2023
@cq-bot
chore(main): Release plugins-source-gcp v9.3.1 (#12025)
7d704c5 
🤖 I have created a release *beep* *boop*
---


## [9.3.1](plugins-source-gcp-v9.3.0...plugins-source-gcp-v9.3.1) (2023-07-14)


### Bug Fixes

* **deps:** Update github.com/cloudquery/arrow/go/v13 digest to 0a52533 ([#12091](#12091)) ([927cefa](927cefa))
* **deps:** Update github.com/cloudquery/arrow/go/v13 digest to a2a76eb ([#12104](#12104)) ([311f474](311f474))
* **deps:** Update module github.com/cloudquery/plugin-pb-go to v1.7.0 ([#12166](#12166)) ([94390dd](94390dd))
* **deps:** Update module github.com/cloudquery/plugin-sdk/v4 to v4.1.0 ([#12174](#12174)) ([80f0289](80f0289))
* **deps:** Update module github.com/cloudquery/plugin-sdk/v4 to v4.1.1 ([#12185](#12185)) ([cfaff16](cfaff16))
* **deps:** Upgrade source plugins to SDK v4.0.0 release ([#12135](#12135)) ([c20a111](c20a111))
* **gcp:** Fix the query condition of the KMS Separation duties rule ([#11961](#11961)) ([8c4c511](8c4c511))

---
This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hermanschaaf hermanschaaf hermanschaaf approved these changes

@yevgenypats yevgenypats Awaiting requested review from yevgenypats

@disq disq Awaiting requested review from disq

@jsonpr jsonpr Awaiting requested review from jsonpr

Assignees

No one assigned

Labels

automerge Automatically merge once required checks pass

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aruneko @hermanschaaf @cq-bot