terraform.gcp.best-practice.gcp-postgresql-log-temp.gcp-postgresql-log-temp
semgrep
Author
unknown
Download Count*
License
Ensure PostgreSQL database 'log_temp_files' flag is set to '0'
Run Locally
Run in CI
Defintion
rules:
- id: gcp-postgresql-log-temp
patterns:
- pattern: resource
- pattern-inside: |
resource "google_sql_database_instance" "..." {
...
database_flags {
...
}
...
}
- pattern-not-inside: |
resource "google_sql_database_instance" "..." {
...
database_flags {
...
name = "log_temp_files"
value = "0"
...
}
...
}
message: Ensure PostgreSQL database 'log_temp_files' flag is set to '0'
metadata:
category: best-practice
technology:
- terraform
- gcp
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
languages:
- hcl
severity: WARNING
Examples
gcp-postgresql-log-temp.tf
# fail
# ruleid: gcp-postgresql-log-temp
resource "google_sql_database_instance" "fail" {
database_version = "POSTGRES_12"
name = "general-pos121"
project = "gcp-bridgecrew-deployment"
region = "us-central1"
settings {
activation_policy = "ALWAYS"
availability_type = "ZONAL"
database_flags {
name = "log_checkpoints"
value = "on"
}
database_flags {
name = "log_connections"
value = "on"
}
database_flags {
name = "log_disconnections"
value = "off"
}
database_flags {
name = "log_min_messages"
value = "debug6"
}
database_flags {
name = "log_lock_waits"
value = "off"
}
database_flags {
name = "log_temp_files"
value = "30"
}
database_flags {
name = "log_min_duration_statement"
value = "1"
}
pricing_plan = "PER_USE"
tier = "db-custom-1-3840"
}
}
# ok: gcp-postgresql-log-temp
resource "google_sql_database_instance" "pass" {
database_version = "POSTGRES_12"
name = "general-pos121"
project = "gcp-bridgecrew-deployment"
region = "us-central1"
settings {
activation_policy = "ALWAYS"
availability_type = "ZONAL"
database_flags {
name = "log_checkpoints"
value = "off"
}
database_flags {
name = "log_connections"
value = "on"
}
database_flags {
name = "log_disconnections"
value = "on"
}
database_flags {
name = "log_min_messages"
value = "debug5"
}
database_flags {
name = "log_lock_waits"
value = "on"
}
database_flags {
name = "log_temp_files"
value = "0"
}
database_flags {
name = "log_min_duration_statement"
value = "1"
}
pricing_plan = "PER_USE"
tier = "db-custom-1-3840"
}
}
# ok: gcp-postgresql-log-temp
resource "google_sql_database_instance" "pass2" {
database_version = "POSTGRES_14"
name = "general-pos121"
project = "gcp-bridgecrew-deployment"
region = "us-central1"
settings {
activation_policy = "ALWAYS"
availability_type = "ZONAL"
database_flags {
name = "log_checkpoints"
value = "on"
}
database_flags {
name = "log_connections"
value = "off"
}
database_flags {
name = "log_disconnections"
value = "on"
}
database_flags {
name = "log_min_messages"
value = "debug6"
}
database_flags {
name = "log_lock_waits"
value = "on"
}
database_flags {
name = "log_temp_files"
value = "0"
}
database_flags {
name = "log_min_duration_statement"
value = "1"
}
pricing_plan = "PER_USE"
tier = "db-custom-1-3840"
}
}
Short Link: https://sg.run/zZZd