[new-command-request] gcpdiag lint --project #360
Description
What do you need the command to do?
https://gcpdiag.dev/docs/running/
The gcpdiag command can be used as a general project configuration linter. This could be useful to surface up potential issues, and generally provides output in a format of OK or FAIL. We could surface up all fails in the output.
Note, issues should be considered a minor warning I suspect, as there can be some output that is considered a FAIL by the utility but is intentional by the user. Maybe we consider some type of whitelist based on the output
What should the output look like?
The output looks a little like this:
vpc/BP/2022_001: Explicit routes for Google APIs if the default route is modified.
- runwhen-nonprod-sandbox [ OK ]
🔎 vpc/BP/2023_001: DNS logging is enabled for public zones.
- runwhen-nonprod-sandbox/sandbox-zone [FAIL] logging is disabled for this public zone
If not enabled, customers wouldn't have visbility to what queries are being
made to the zone.
https://gcpdiag.dev/rules/vpc/BP/2023_001
🔎 vpc/SEC/2023_001: DNSSEC is enabled for public zones.
- runwhen-nonprod-sandbox/sandbox-zone [FAIL] DNSSEC is disabled for this public zone
It is recommended to enable DNSSEC for public zones.
https://gcpdiag.dev/rules/vpc/SEC/2023_001
🔎 vpc/WARN/2022_001: Per-project quotas are not near the limit.
- runwhen-nonprod-sandbox [ OK ]
🔎 vpc/WARN/2023_002: Private zone is attached to a VPC.
- runwhen-nonprod-sandbox/sandbox-zone [ OK ]
Rules summary: 135 skipped, 75 ok, 21 failed
Any other helpful context?
No response
Contact
None