Ensure secure boot for shielded GKE nodes is enabled org.openrewrite.terraform.gcp.EnsureSecureBootForShieldedGKENodesIsEnabled
Ensure secure boot for shielded GKE nodes is enabled.
Tags
Recipe source
GitHub , Issue Tracker , Maven Central
groupId: org.openrewrite.recipe
artifactId: rewrite-terraform
This recipe is composed of more than one recipe. If you want to customize the set of recipes this is composed of, you can find and copy the GitHub source for the recipe from the link above.
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-terraform:2.2.0
in your build file or by running a shell command (in which case no build changes are needed):
Gradle Gradle init script Maven POM Maven Command Line Moderne CLI
Add the following to your build.gradle
file:
Copy plugins {
id( "org.openrewrite.rewrite" ) version( "6.12.0" )
}
rewrite {
activeRecipe( "org.openrewrite.terraform.gcp.EnsureSecureBootForShieldedGKENodesIsEnabled" )
}
repositories {
mavenCentral()
}
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-terraform:2.2.0" )
}
Run gradle rewriteRun
to run the recipe.
Create a file named init.gradle
in the root of your project.
Copy initscript {
repositories {
maven { url "https://plugins.gradle.org/m2" }
}
dependencies { classpath( "org.openrewrite:plugin:6.12.0" ) }
}
rootProject {
plugins . apply( org.openrewrite.gradle.RewritePlugin )
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-terraform:2.2.0" )
}
rewrite {
activeRecipe( "org.openrewrite.terraform.gcp.EnsureSecureBootForShieldedGKENodesIsEnabled" )
}
afterEvaluate {
if (repositories . isEmpty()) {
repositories {
mavenCentral()
}
}
}
}
Run gradle --init-script init.gradle rewriteRun
to run the recipe.
Add the following to your pom.xml
file:
Copy < project >
< build >
< plugins >
< plugin >
< groupId >org.openrewrite.maven</ groupId >
< artifactId >rewrite-maven-plugin</ artifactId >
< version >5.29.0</ version >
< configuration >
< activeRecipes >
< recipe >org.openrewrite.terraform.gcp.EnsureSecureBootForShieldedGKENodesIsEnabled</ recipe >
</ activeRecipes >
</ configuration >
< dependencies >
< dependency >
< groupId >org.openrewrite.recipe</ groupId >
< artifactId >rewrite-terraform</ artifactId >
< version >2.2.0</ version >
</ dependency >
</ dependencies >
</ plugin >
</ plugins >
</ build >
</ project >
Run mvn rewrite:run
to run the recipe.
Copy mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-terraform:RELEASE -Drewrite.activeRecipes=org.openrewrite.terraform.gcp.EnsureSecureBootForShieldedGKENodesIsEnabled
You will need to have configured the Moderne CLI on your machine before you can run the following command.
Copy mod run . --recipe EnsureSecureBootForShieldedGKENodesIsEnabled
Definition
Recipe List Yaml Recipe List
Add Terraform configuration
resourceName: google_container_cluster
content: node_config { shielded_instance_config { enable_secure_boot = true } }
Add Terraform configuration
resourceName: google_container_node_pool
content: node_config { shielded_instance_config { enable_secure_boot = true } }
Copy ---
type : specs.openrewrite.org/v1beta/recipe
name : org.openrewrite.terraform.gcp.EnsureSecureBootForShieldedGKENodesIsEnabled
displayName : Ensure secure boot for shielded GKE nodes is enabled
description : Ensure secure boot for shielded GKE nodes is enabled.
tags :
- GCP
- CKV_GCP_68
- terraform
recipeList :
- org.openrewrite.terraform.AddConfiguration :
resourceName : google_container_cluster
content : node_config {
shielded_instance_config {
enable_secure_boot = true
}
}
- org.openrewrite.terraform.AddConfiguration :
resourceName : google_container_node_pool
content : node_config {
shielded_instance_config {
enable_secure_boot = true
}
}
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.
Contributors
Jonathan Schneider , Aaron Gershman , pocan101 , Kun Li , Knut Wannheden , Sam Snyder