# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: constraints.gatekeeper.sh/v1alpha1 kind: GCPIAMAuditLogConstraintV1 metadata: name: iam_enable_audit_logs spec: severity: high match: target: {{- range get . "targets"}} - "{{.}}" {{- end}} # TODO(xingao): reenable once the following issues are addressed. # https://github.com/forseti-security/policy-library/issues/367 # https://github.com/forseti-security/config-validator/issues/145 parameters: # log_types: # - DATA_READ # - DATA_WRITE # - ADMIN_READ # services: # - allServices