path	# lines of code
modules/org-policies/gcp.tf	25
modules/org-policies/main.tf	18
modules/org-policies/versions.tf	40
modules/org-policies/compute.tf	63
modules/org-policies/variables.tf	29
modules/org-policies/iam.tf	33
modules/centralized-logging/main.tf	94
modules/centralized-logging/versions.tf	40
modules/centralized-logging/variables.tf	120
modules/centralized-logging/outputs.tf	29
modules/dataflow-flex-job/main.tf	52
modules/dataflow-flex-job/versions.tf	46
modules/dataflow-flex-job/variables.tf	95
modules/dataflow-flex-job/outputs.tf	23
modules/dwh-vpc-sc/main.tf	194
modules/dwh-vpc-sc/versions.tf	40
modules/dwh-vpc-sc/variables.tf	107
modules/dwh-vpc-sc/outputs.tf	29
modules/confidential-data/main.tf	43
modules/confidential-data/versions.tf	40
modules/confidential-data/service_accounts.tf	67
modules/confidential-data/variables.tf	62
modules/confidential-data/outputs.tf	23
modules/data-ingestion/main.tf	71
modules/data-ingestion/versions.tf	40
modules/data-ingestion/service_accounts.tf	104
modules/data-ingestion/variables.tf	114
modules/data-ingestion/outputs.tf	47
modules/de-identification-template/main.tf	79
modules/de-identification-template/versions.tf	46
modules/de-identification-template/variables.tf	59
modules/de-identification-template/outputs.tf	29
modules/data-governance/main.tf	105
modules/data-governance/versions.tf	40
modules/data-governance/variables.tf	59
modules/data-governance/outputs.tf	55
modules/dwh-networking/versions.tf	40
modules/dwh-networking/network.tf	52
modules/dwh-networking/variables.tf	31
modules/dwh-networking/firewall.tf	59
modules/dwh-networking/dataflow_firewall.tf	45
modules/dwh-networking/outputs.tf	39
modules/dwh-networking/dns.tf	123
main.tf	92
versions.tf	46
service_control.tf	379
build/lint.cloudbuild.yaml	13
build/int.cloudbuild.yaml	145
policy-library/lib/constraints.rego	31
policy-library/lib/util.rego	40
policy-library/policies/templates/gcp_gke_private_cluster_v1.yaml	30
policy-library/policies/templates/gcp_gke_enable_alias_ip_ranges.yaml	40
policy-library/policies/templates/gcp_storage_location_v1.yaml	65
policy-library/policies/templates/gcp_spanner_location_v1.yaml	46
policy-library/policies/templates/gcp_iam_allowed_bindings.yaml	92
policy-library/policies/templates/gcp_bigquery_table_retention_v1.yaml	95
policy-library/policies/templates/gcp_iam_allowed_policy_member_domains.yaml	57
policy-library/policies/templates/gcp_iam_custom_role_permissions_v1.yaml	79
policy-library/policies/templates/gcp_allowed_resource_types.yaml	58
policy-library/policies/templates/gcp_gke_disable_legacy_endpoints_v1.yaml	37
policy-library/policies/templates/gcp_dataproc_location_v1.yaml	45
policy-library/policies/templates/gcp_sql_maintenance_window_v1.yaml	60
policy-library/policies/templates/gcp_gke_container_optimized_os.yaml	48
policy-library/policies/templates/gcp_compute_ip_forward.yaml	76
policy-library/policies/templates/gcp_vpc_sc_project_perimeter.yaml	60
policy-library/policies/templates/gcp_always_violates_v1.yaml	24
policy-library/policies/templates/gcp_sql_ssl_v1.yaml	30
policy-library/policies/templates/gcp_iam_restrict_service_account_key_age_v1.yaml	45
policy-library/policies/templates/gcp_enforce_labels_v1.yaml	122
policy-library/policies/templates/gcp_storage_bucket_retention_v1.yaml	152
policy-library/policies/templates/gcp_sql_backup_v1.yaml	35
policy-library/policies/templates/gcp_appengine_location_v1.yaml	45
policy-library/policies/templates/gcp_sql_public_ip_v1.yaml	29
policy-library/policies/templates/gcp_compute_zone_v1.yaml	63
policy-library/policies/templates/gcp_iam_allow_ban_roles_v1.yaml	58
policy-library/policies/templates/gcp_iam_restrict_service_account_key_type_v1.yaml	30
policy-library/policies/templates/gcp_gke_restrict_pod_traffic_v1.yaml	50
policy-library/policies/templates/gcp_bq_dataset_location_v1.yaml	67
policy-library/policies/templates/gcp_gke_enable_stackdriver_kubernetes_engine_monitoring_v1.yaml	38
policy-library/policies/templates/gcp_lb_forwarding_rules.yaml	102
policy-library/policies/templates/gcp_gke_enable_private_endpoint.yaml	35
policy-library/policies/templates/gcp_sql_world_readable_v1.yaml	31
policy-library/policies/templates/gcp_glb_external_ip_access_constraint_v1.yaml	49
policy-library/policies/templates/gcp_compute_disk_resource_policies_v1.yaml	63
policy-library/policies/templates/gcp_cmek_settings_v1.yaml	69
policy-library/policies/templates/gcp_gke_enable_workload_identity_v1.yaml	39
policy-library/policies/templates/gcp_storage_logging_v1.yaml	37
policy-library/policies/templates/gcp_gke_cluster_location.yaml	67
policy-library/policies/templates/gcp_gke_dashboard_v1.yaml	35
policy-library/policies/templates/gcp_network_enable_private_google_access_v1.yaml	29
policy-library/policies/templates/gcp_gke_enable_shielded_nodes_v1.yaml	49
policy-library/policies/templates/gcp_compute_external_ip_address.yaml	72
policy-library/policies/templates/gcp_vpc_sc_ensure_access_levels_v1.yaml	39
policy-library/policies/templates/gcp_sql_instance_type_v1.yaml	58
policy-library/policies/templates/gcp_gke_enable_stackdriver_logging_v1.yaml	35
policy-library/policies/templates/gcp_sql_allowed_authorized_networks_v1.yaml	71
policy-library/policies/templates/gcp_storage_bucket_policy_only_v1.yaml	40
policy-library/policies/templates/gcp_network_enable_firewall_logs_v1.yaml	30
policy-library/policies/templates/gcp_serviceusage_allowed_services_v1.yaml	56
policy-library/policies/templates/gcp_network_routing_v1.yaml	33
policy-library/policies/templates/gcp_dnssec_v1.yaml	28
policy-library/policies/templates/gcp_compute_allowed_networks.yaml	45
policy-library/policies/templates/gcp_iam_audit_log.yaml	76
policy-library/policies/templates/gcp_storage_bucket_world_readable_v1.yaml	49
policy-library/policies/templates/gcp_iam_restrict_service_account_creation_v1.yaml	30
policy-library/policies/templates/gcp_restricted_firewall_rules_v1.yaml	434
policy-library/policies/templates/gcp_enforce_naming_v1.yaml	64
policy-library/policies/templates/gcp_bigquery_dataset_world_readable_v1.yaml	31
policy-library/policies/templates/gcp_iam_required_bindings_v1.yaml	94
policy-library/policies/templates/gcp_storage_cmek_encryption_v1.yaml	37
policy-library/policies/templates/gcp_gke_disable_default_service_account_v1.yaml	36
policy-library/policies/templates/gcp_gke_enable_stackdriver_monitoring_v1.yaml	33
policy-library/policies/templates/gcp_app_service_versions.yaml	38
policy-library/policies/templates/gcp_cmek_rotation_v1.yaml	36
policy-library/policies/templates/gcp_bigquery_cmek_encryption_v1.yaml	29
policy-library/policies/templates/gcp_sql_location_v1.yaml	65
policy-library/policies/templates/gcp_gke_node_auto_repair_v1.yaml	36
policy-library/policies/templates/gcp_gke_master_authorized_networks_enabled_v1.yaml	58
policy-library/policies/templates/gcp_network_enable_flow_logs_v1.yaml	30
policy-library/policies/templates/gcp_vpc_sc_ip_range_v1.yaml	40
policy-library/policies/templates/gcp_vpc_sc_allowed_regions.yaml	38
policy-library/policies/templates/gcp_gke_cluster_version_v1.yaml	89
policy-library/policies/templates/gcp_gke_node_auto_upgrade_v1.yaml	36
policy-library/policies/templates/gcp_resource_value_pattern_v1.yaml	147
policy-library/policies/templates/gcp_vpc_sc_ensure_project_v1.yaml	38
policy-library/policies/templates/gcp_gke_legacy_abac_v1.yaml	34
policy-library/policies/templates/gcp_vpc_sc_ensure_services_v1.yaml	39
policy-library/policies/templates/gcp_network_restrict_default_v1.yaml	28
policy-library/policies/templates/gcp_gke_restrict_client_auth_methods_v1.yaml	51
policy-library/policies/templates/gcp_gke_allowed_node_sa_v1.yaml	55
policy-library/policies/templates/gcp_dnssec_prevent_rsasha1_v1.yaml	43
policy-library/policies/constraints/iam_restrict_service_account_key_type.yaml	13
policy-library/policies/constraints/network_enable_flow_logs.yaml	16
policy-library/policies/constraints/network_restrict_default.yaml	13
policy-library/policies/constraints/restrict_fw_rules_world_open.yaml	20
policy-library/policies/constraints/iam_deny_public.yaml	20
policy-library/policies/constraints/compute_allowed_networks_confidential.yaml	17
policy-library/policies/constraints/compute_forbid_ip_forward.yaml	14
policy-library/policies/constraints/iam_deny_kms_admin_data_governance.yaml	17
policy-library/policies/constraints/compute_allowed_networks_data_ingestion.yaml	17
policy-library/policies/constraints/iam_allow_only_service_accounts_access_storage.yaml	20
policy-library/policies/constraints/deny_service_account_creation_data_ingestion_data_governance.yaml	9
policy-library/policies/constraints/gcp_iam_restrict_service_account_key_type.yaml	10
policy-library/policies/constraints/allowed_resources_types_confidential.yaml	20
policy-library/policies/constraints/serviceusage_allow_basic_apis.yaml	50
policy-library/policies/constraints/network_enable_private_google_access.yaml	15
policy-library/policies/constraints/vpc_sc_ensure_services.yaml	27
policy-library/policies/constraints/storage_cmek_encryption_data.yaml	12
policy-library/policies/constraints/iam_allow_only_service_accounts_access_pubsub.yaml	20
policy-library/policies/constraints/iam_block_service_account_creator_role.yaml	19
policy-library/policies/constraints/vpc_sc_ensure_project.yaml	23
policy-library/policies/constraints/iam_deny_project_owner_data_governance.yaml	17
policy-library/policies/constraints/storage_denylist_public.yaml	17
policy-library/policies/constraints/allowed_resources_types_non_confidential.yaml	18
policy-library/policies/constraints/iam_block_kms_admin.yaml	21
policy-library/policies/constraints/dnssec_prevent_rsasha1_ksk.yaml	12
policy-library/policies/constraints/storage_bucket_policy_only.yaml	15
policy-library/policies/constraints/bigquery_table_retention_confidential_project.yaml	14
policy-library/policies/constraints/restrict_fw_rules_ssh_world_open.yaml	22
policy-library/policies/constraints/iam_block_kms_decryptor_all_users.yaml	20
policy-library/policies/constraints/dnssec.yaml.yaml	9
policy-library/policies/constraints/allowed_resources_types_data_governance.yaml	17
policy-library/policies/constraints/bigquery_dataset_location.yaml	15
policy-library/policies/constraints/dnssec_prevent_rsasha1_zsk.yaml	12
policy-library/policies/constraints/compute_vm_external_ip.yaml	17
policy-library/policies/constraints/storage_bucket_retention.yaml	12
policy-library/policies/constraints/allowed_resources_types_data_ingestion.yaml	17
policy-library/policies/constraints/vpc_sc_allowlist_regions.yaml	17
policy-library/policies/constraints/restrict_fw_rules_rdp_world_open.yaml	22
policy-library/policies/constraints/bigquery_cmek.yaml	12
policy-library/policies/constraints/iam_deny_storage_viewing_from_any_human.yaml	18
policy-library/policies/constraints/storage_location.yaml.yaml	19
policy-library/policies/constraints/cmek_rotation_30_days.yaml	13
policy-library/policies/constraints/iam_deny_pubsub_viewing_from_any_human.yaml	18
policy-library/policies/constraints/bigquery_world_readable.yaml	13
iam.tf	141
helpers/sample-cc-generator/main.go	169
helpers/wrapped-key/wrapped_key.py	86
outputs.tf	191
flex-templates/python/modules/cloudbuild.yaml	13
flex-templates/python/regional_dlp_de_identification/pubsub_dlp_bigquery.py	248
flex-templates/python/regional_dlp_de_identification/cloudbuild.yaml	28
flex-templates/python/regional_dlp_transform/cloudbuild.yaml	28
flex-templates/python/regional_dlp_transform/bigquery_dlp_bigquery.py	332
flex-templates/template-artifact-storage/main.tf	102
flex-templates/template-artifact-storage/variables.tf	34
flex-templates/template-artifact-storage/outputs.tf	31