#@ load("/constraints.lib.star", "build_constraint") #@ constraint = build_constraint("cloudsqlEnforcePasswordComplexity") #@ def condition(min_length): #@ return 'resource.settings.passwordValidationPolicy.complexity != "COMPLEXITY_DEFAULT" || resource.settings.passwordValidationPolicy.minLength < ' + str(min_length) #@ end #@ if constraint.to_generate(): name: #@ constraint.constraint_name() resourceTypes: - sqladmin.googleapis.com/Instance methodTypes: - CREATE - UPDATE condition: #@ condition(constraint.params().min_length) actionType: DENY display_name: Require Cloud SQL instances to configure password complexity to COMPLEXITY_DEFAULT description: Ensure that Cloud SQL instance is configured with a password complexity to be combination of lowercase, uppercase, numeric, and non-alphanumeric characters #@ end