Add Cloud Spanner security policies and documentation by anushav12345 · Pull Request #419 · Hardhat-Enterprises/Policy-Deployment-Engine

anushav12345 · 2026-05-19T07:01:57Z

Overview

This PR adds Cloud Spanner security policy improvements and documentation updates.
Changes Included

Added Cloud Spanner enable_drop_protection policy
Added compliant and non-compliant Terraform examples
Added .config.tf and .terraform.lock.hcl
Updated Cloud Spanner resource JSON documentation
Added generated markdown documentation
Updated policy format to align with PDE standards
Corrected branch naming format to PDE standards

github-actions · 2026-05-19T07:02:23Z

🔍 Policy Check Results

Status: ❌ CHECKS FAILED

⚠️ Your PR will not be reviewed until you fix all policy check failures below:

Test Output

OPA eval failed: data.terraform.gcp.security.cloud_spanner.google_spanner_database.vars.variables.resource_type
{
  "errors": [
    {
      "message": "undefined function data.terraform.helpers.evaluate",
      "code": "rego_type_error",
      "location": {
        "file": "/home/runner/work/Policy-Deployment-Engine/Policy-Deployment-Engine/policies/gcp/cloud_spanner/google_spanner_database/enable_drop_protection/policy.rego",
        "row": 29,
        "col": 5
      }
    }
  ]
}



Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_database
    Policy: enable_drop_protection - ❌


Failures:
Service: cloud_spanner | Resource: google_spanner_database | Policy: enable_drop_protection
Could not find any resources!

github-actions · 2026-05-19T14:08:26Z

🔍 Policy Check Results

Status: ❌ CHECKS FAILED

⚠️ Your PR will not be reviewed until you fix all policy check failures below:

Test Output


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_database
    Policy: enable_drop_protection - ❌


Failures:
Service: cloud_spanner | Resource: google_spanner_database | Policy: enable_drop_protection
Could not find any resources!

github-actions · 2026-05-19T14:11:35Z

🔍 Policy Check Results

Status: ❌ CHECKS FAILED

⚠️ Your PR will not be reviewed until you fix all policy check failures below:

Test Output


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_database
    Policy: enable_drop_protection - ❌


Failures:
Service: cloud_spanner | Resource: google_spanner_database | Policy: enable_drop_protection
Could not find any resources!

github-actions · 2026-05-20T13:53:08Z

🔍 Policy Check Results

Status: ❌ CHECKS FAILED

⚠️ Your PR will not be reviewed until you fix all policy check failures below:

Test Output

❌ Command failed: terraform init -backend=false
--- stdout ---
::error::Terraform exited with code 1.

--- stderr ---
�[31m╷�[0m�[0m
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1m�[0mTerraform encountered problems during initialisation, including problems
�[31m│�[0m �[0mwith the configuration, described below.
�[31m│�[0m �[0m
�[31m│�[0m �[0mThe Terraform configuration must be valid before initialization so that
�[31m│�[0m �[0mTerraform can determine which modules and providers need to be installed.�[0m�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0m�[0m
�[31m╵�[0m�[0m
�[31m╷�[0m�[0m
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1mDuplicate resource "google_spanner_database" configuration�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0m�[0m  on nc.tf line 1:
�[31m│�[0m �[0m   1: �[4mresource "google_spanner_database" "database"�[0m {�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0mA google_spanner_database resource named "database" was already declared at
�[31m│�[0m �[0mc.tf:1,1-46. Resource names must be unique per type in each module.
�[31m╵�[0m�[0m


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_database
    Policy: enable_drop_protection - ❌


Failures:
Service: cloud_spanner | Resource: google_spanner_database | Policy: enable_drop_protection
Terraform failed to compile!

github-actions · 2026-05-20T13:56:02Z

🔍 Policy Check Results

Status: ❌ CHECKS FAILED

⚠️ Your PR will not be reviewed until you fix all policy check failures below:

Test Output

❌ Command failed: terraform init -backend=false
--- stdout ---
::error::Terraform exited with code 1.

--- stderr ---
�[31m╷�[0m�[0m
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1m�[0mTerraform encountered problems during initialisation, including problems
�[31m│�[0m �[0mwith the configuration, described below.
�[31m│�[0m �[0m
�[31m│�[0m �[0mThe Terraform configuration must be valid before initialization so that
�[31m│�[0m �[0mTerraform can determine which modules and providers need to be installed.�[0m�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0m�[0m
�[31m╵�[0m�[0m
�[31m╷�[0m�[0m
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1mDuplicate resource "google_spanner_database" configuration�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0m�[0m  on nc.tf line 1:
�[31m│�[0m �[0m   1: �[4mresource "google_spanner_database" "database"�[0m {�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0mA google_spanner_database resource named "database" was already declared at
�[31m│�[0m �[0mc.tf:1,1-46. Resource names must be unique per type in each module.
�[31m╵�[0m�[0m
�[31m╷�[0m�[0m
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1mDuplicate resource "google_spanner_instance" configuration�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0m�[0m  on nc.tf line 8:
�[31m│�[0m �[0m   8: �[4mresource "google_spanner_instance" "instance"�[0m {�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0mA google_spanner_instance resource named "instance" was already declared at
�[31m│�[0m �[0mc.tf:8,1-46. Resource names must be unique per type in each module.
�[31m╵�[0m�[0m


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_database
    Policy: enable_drop_protection - ❌


Failures:
Service: cloud_spanner | Resource: google_spanner_database | Policy: enable_drop_protection
Terraform failed to compile!

github-actions · 2026-05-20T14:10:36Z

🔍 Policy Check Results

Status: ❌ CHECKS FAILED

⚠️ Your PR will not be reviewed until you fix all policy check failures below:

Test Output

❌ Command failed: terraform init -backend=false
--- stdout ---
::error::Terraform exited with code 1.

--- stderr ---
�[31m╷�[0m�[0m
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1m�[0mTerraform encountered problems during initialisation, including problems
�[31m│�[0m �[0mwith the configuration, described below.
�[31m│�[0m �[0m
�[31m│�[0m �[0mThe Terraform configuration must be valid before initialization so that
�[31m│�[0m �[0mTerraform can determine which modules and providers need to be installed.�[0m�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0m�[0m
�[31m╵�[0m�[0m
�[31m╷�[0m�[0m
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1mDuplicate resource "google_spanner_database" configuration�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0m�[0m  on nc.tf line 1:
�[31m│�[0m �[0m   1: �[4mresource "google_spanner_database" "database"�[0m {�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0mA google_spanner_database resource named "database" was already declared at
�[31m│�[0m �[0mc.tf:1,1-46. Resource names must be unique per type in each module.
�[31m╵�[0m�[0m
�[31m╷�[0m�[0m
�[31m│�[0m �[0m�[1m�[31mError: �[0m�[0m�[1mDuplicate resource "google_spanner_instance" configuration�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0m�[0m  on nc.tf line 8:
�[31m│�[0m �[0m   8: �[4mresource "google_spanner_instance" "instance"�[0m {�[0m
�[31m│�[0m �[0m
�[31m│�[0m �[0mA google_spanner_instance resource named "instance" was already declared at
�[31m│�[0m �[0mc.tf:8,1-46. Resource names must be unique per type in each module.
�[31m╵�[0m�[0m


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_database
    Policy: enable_drop_protection - ❌


Failures:
Service: cloud_spanner | Resource: google_spanner_database | Policy: enable_drop_protection
Terraform failed to compile!

github-actions · 2026-05-20T14:12:44Z

🔍 Documentation Check Failed

Status: ❌ CHECKS FAILED

⚠️ Your PR does not include documentation updates:

❌ No documentation changes found - please update docs for your assigned service

Please add or update documentation in the docs/gcp/ folder for your changes before this PR can be reviewed.

github-actions · 2026-05-20T14:22:58Z

🔍 Documentation Check Failed

Status: ❌ CHECKS FAILED

⚠️ Your PR does not include documentation updates:

❌ No documentation changes found - please update docs for your assigned service

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database.enable_drop_protection.message
Total Cloud Spanner Database detected: 2 
['Situation 1: Cloud Spanner database does not have enable_drop_protection enabled.', 'Non-Compliant Resources: database', 'Potential Remedies: Set enable_drop_protection = true on the database.']
Check failed: Resources in output other than 'nc' found: database


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_database
    Policy: enable_drop_protection - ❌


Failures:
Service: cloud_spanner | Resource: google_spanner_database | Policy: enable_drop_protection
Resources in output other than 'nc' found: database

github-actions · 2026-05-30T06:09:17Z

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.force_destroy.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance has force_destroy enabled, allowing the instance to be destroyed even if it contains databases.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set force_destroy = false on the instance to prevent accidental destruction.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.default_backup_schedule_type.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance does not set default_backup_schedule_type to AUTOMATIC, so new databases are not automatically backed up.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set default_backup_schedule_type = AUTOMATIC on the instance to ensure new databases are backed up automatically.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.data_residency.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance is configured in a region that is not an approved data-residency location, risking storage of data outside permitted jurisdictions.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set config to an approved regional configuration, e.g. regional-australia-southeast1 or regional-australia-southeast2.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_policy.no_public_access.message
Total Cloud Spanner Instance IAM Policy detected: 2 
['Situation 1: Cloud Spanner instance IAM policy grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_policy.no_public_access.message
Total Cloud Spanner Database IAM Policy detected: 2 
['Situation 1: Cloud Spanner database IAM policy grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_binding.no_public_access.message
Total Cloud Spanner Instance IAM Binding detected: 2 
['Situation 1: Cloud Spanner instance IAM binding grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_backup_schedule.encryption_config.message
Total Cloud Spanner Backup Schedule detected: 2 
['Situation 1: Cloud Spanner backup schedule does not use customer-managed encryption.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set encryption_config.encryption_type = CUSTOMER_MANAGED_ENCRYPTION and specify a kms_key_name.']
Unique resource names in plan (google_spanner_backup_schedule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_binding.no_public_access.message
Total Cloud Spanner Database IAM Binding detected: 2 
['Situation 1: Cloud Spanner database IAM binding grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_member.no_public_access.message
Total Cloud Spanner Database IAM Member detected: 2 
['Situation 1: Cloud Spanner database IAM member grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database.enable_drop_protection.message
Total Cloud Spanner Database detected: 2 
['Situation 1: Cloud Spanner database does not have enable_drop_protection enabled.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set enable_drop_protection = true on the database.']
Unique resource names in plan (google_spanner_database): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_member.no_public_access.message
Total Cloud Spanner Instance IAM Member detected: 2 
['Situation 1: Cloud Spanner instance IAM member grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_backup_schedule
    Policy: encryption_config - ✅
  Resource: google_spanner_database
    Policy: enable_drop_protection - ✅
  Resource: google_spanner_database_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_policy
    Policy: no_public_access - ✅
  Resource: google_spanner_instance
    Policy: force_destroy - ✅
    Policy: default_backup_schedule_type - ✅
    Policy: data_residency - ✅
  Resource: google_spanner_instance_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_policy
    Policy: no_public_access - ✅

github-actions · 2026-05-31T13:24:42Z

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.force_destroy.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance has force_destroy enabled, allowing the instance to be destroyed even if it contains databases.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set force_destroy = false on the instance to prevent accidental destruction.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.default_backup_schedule_type.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance does not set default_backup_schedule_type to AUTOMATIC, so new databases are not automatically backed up.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set default_backup_schedule_type = AUTOMATIC on the instance to ensure new databases are backed up automatically.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.data_residency.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance is configured in a region that is not an approved data-residency location, risking storage of data outside permitted jurisdictions.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set config to an approved regional configuration, e.g. regional-australia-southeast1 or regional-australia-southeast2.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_policy.no_public_access.message
Total Cloud Spanner Instance IAM Policy detected: 2 
['Situation 1: Cloud Spanner instance IAM policy grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_policy.no_public_access.message
Total Cloud Spanner Database IAM Policy detected: 2 
['Situation 1: Cloud Spanner database IAM policy grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_binding.no_public_access.message
Total Cloud Spanner Instance IAM Binding detected: 2 
['Situation 1: Cloud Spanner instance IAM binding grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_backup_schedule.encryption_config.message
Total Cloud Spanner Backup Schedule detected: 2 
['Situation 1: Cloud Spanner backup schedule does not use customer-managed encryption.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set encryption_config.encryption_type = CUSTOMER_MANAGED_ENCRYPTION and specify a kms_key_name.']
Unique resource names in plan (google_spanner_backup_schedule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_binding.no_public_access.message
Total Cloud Spanner Database IAM Binding detected: 2 
['Situation 1: Cloud Spanner database IAM binding grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_member.no_public_access.message
Total Cloud Spanner Database IAM Member detected: 2 
['Situation 1: Cloud Spanner database IAM member grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database.enable_drop_protection.message
Total Cloud Spanner Database detected: 2 
['Situation 1: Cloud Spanner database does not have enable_drop_protection enabled.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set enable_drop_protection = true on the database.']
Unique resource names in plan (google_spanner_database): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_member.no_public_access.message
Total Cloud Spanner Instance IAM Member detected: 2 
['Situation 1: Cloud Spanner instance IAM member grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_backup_schedule
    Policy: encryption_config - ✅
  Resource: google_spanner_database
    Policy: enable_drop_protection - ✅
  Resource: google_spanner_database_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_policy
    Policy: no_public_access - ✅
  Resource: google_spanner_instance
    Policy: force_destroy - ✅
    Policy: default_backup_schedule_type - ✅
    Policy: data_residency - ✅
  Resource: google_spanner_instance_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_policy
    Policy: no_public_access - ✅

github-actions · 2026-06-01T01:22:18Z

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.force_destroy.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance has force_destroy enabled, allowing the instance to be destroyed even if it contains databases.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set force_destroy = false on the instance to prevent accidental destruction.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.default_backup_schedule_type.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance does not set default_backup_schedule_type to AUTOMATIC, so new databases are not automatically backed up.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set default_backup_schedule_type = AUTOMATIC on the instance to ensure new databases are backed up automatically.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.data_residency.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance is configured in a region that is not an approved data-residency location, risking storage of data outside permitted jurisdictions.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set config to an approved regional configuration, e.g. regional-australia-southeast1 or regional-australia-southeast2.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_policy.no_public_access.message
Total Cloud Spanner Instance IAM Policy detected: 2 
['Situation 1: Cloud Spanner instance IAM policy grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_policy.no_public_access.message
Total Cloud Spanner Database IAM Policy detected: 2 
['Situation 1: Cloud Spanner database IAM policy grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_binding.no_public_access.message
Total Cloud Spanner Instance IAM Binding detected: 2 
['Situation 1: Cloud Spanner instance IAM binding grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_backup_schedule.encryption_config.message
Total Cloud Spanner Backup Schedule detected: 2 
['Situation 1: Cloud Spanner backup schedule does not use customer-managed encryption.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set encryption_config.encryption_type = CUSTOMER_MANAGED_ENCRYPTION and specify a kms_key_name.']
Unique resource names in plan (google_spanner_backup_schedule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_binding.no_public_access.message
Total Cloud Spanner Database IAM Binding detected: 2 
['Situation 1: Cloud Spanner database IAM binding grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_member.no_public_access.message
Total Cloud Spanner Database IAM Member detected: 2 
['Situation 1: Cloud Spanner database IAM member grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database.enable_drop_protection.message
Total Cloud Spanner Database detected: 2 
['Situation 1: Cloud Spanner database does not have enable_drop_protection enabled.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set enable_drop_protection = true on the database.']
Unique resource names in plan (google_spanner_database): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_member.no_public_access.message
Total Cloud Spanner Instance IAM Member detected: 2 
['Situation 1: Cloud Spanner instance IAM member grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_backup_schedule
    Policy: encryption_config - ✅
  Resource: google_spanner_database
    Policy: enable_drop_protection - ✅
  Resource: google_spanner_database_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_policy
    Policy: no_public_access - ✅
  Resource: google_spanner_instance
    Policy: force_destroy - ✅
    Policy: default_backup_schedule_type - ✅
    Policy: data_residency - ✅
  Resource: google_spanner_instance_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_policy
    Policy: no_public_access - ✅

github-actions · 2026-06-01T01:25:40Z

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.force_destroy.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance has force_destroy enabled, allowing the instance to be destroyed even if it contains databases.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set force_destroy = false on the instance to prevent accidental destruction.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.default_backup_schedule_type.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance does not set default_backup_schedule_type to AUTOMATIC, so new databases are not automatically backed up.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set default_backup_schedule_type = AUTOMATIC on the instance to ensure new databases are backed up automatically.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.data_residency.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance is configured in a region that is not an approved data-residency location, risking storage of data outside permitted jurisdictions.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set config to an approved regional configuration, e.g. regional-australia-southeast1 or regional-australia-southeast2.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_policy.no_public_access.message
Total Cloud Spanner Instance IAM Policy detected: 2 
['Situation 1: Cloud Spanner instance IAM policy grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_policy.no_public_access.message
Total Cloud Spanner Database IAM Policy detected: 2 
['Situation 1: Cloud Spanner database IAM policy grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_binding.no_public_access.message
Total Cloud Spanner Instance IAM Binding detected: 2 
['Situation 1: Cloud Spanner instance IAM binding grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_backup_schedule.encryption_config.message
Total Cloud Spanner Backup Schedule detected: 2 
['Situation 1: Cloud Spanner backup schedule does not use customer-managed encryption.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set encryption_config.encryption_type = CUSTOMER_MANAGED_ENCRYPTION and specify a kms_key_name.']
Unique resource names in plan (google_spanner_backup_schedule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_binding.no_public_access.message
Total Cloud Spanner Database IAM Binding detected: 2 
['Situation 1: Cloud Spanner database IAM binding grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_member.no_public_access.message
Total Cloud Spanner Database IAM Member detected: 2 
['Situation 1: Cloud Spanner database IAM member grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database.enable_drop_protection.message
Total Cloud Spanner Database detected: 2 
['Situation 1: Cloud Spanner database does not have enable_drop_protection enabled.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set enable_drop_protection = true on the database.']
Unique resource names in plan (google_spanner_database): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_member.no_public_access.message
Total Cloud Spanner Instance IAM Member detected: 2 
['Situation 1: Cloud Spanner instance IAM member grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_backup_schedule
    Policy: encryption_config - ✅
  Resource: google_spanner_database
    Policy: enable_drop_protection - ✅
  Resource: google_spanner_database_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_policy
    Policy: no_public_access - ✅
  Resource: google_spanner_instance
    Policy: force_destroy - ✅
    Policy: default_backup_schedule_type - ✅
    Policy: data_residency - ✅
  Resource: google_spanner_instance_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_policy
    Policy: no_public_access - ✅

anushav12345 · 2026-06-01T05:38:31Z

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.force_destroy.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance has force_destroy enabled, allowing the instance to be destroyed even if it contains databases.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set force_destroy = false on the instance to prevent accidental destruction.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.default_backup_schedule_type.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance does not set default_backup_schedule_type to AUTOMATIC, so new databases are not automatically backed up.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set default_backup_schedule_type = AUTOMATIC on the instance to ensure new databases are backed up automatically.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance.data_residency.message
Total Cloud Spanner Instance detected: 2 
['Situation 1: Cloud Spanner instance is configured in a region that is not an approved data-residency location, risking storage of data outside permitted jurisdictions.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set config to an approved regional configuration, e.g. regional-australia-southeast1 or regional-australia-southeast2.']
Unique resource names in plan (google_spanner_instance): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_policy.no_public_access.message
Total Cloud Spanner Instance IAM Policy detected: 2 
['Situation 1: Cloud Spanner instance IAM policy grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_policy.no_public_access.message
Total Cloud Spanner Database IAM Policy detected: 2 
['Situation 1: Cloud Spanner database IAM policy grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the policy bindings and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_binding.no_public_access.message
Total Cloud Spanner Instance IAM Binding detected: 2 
['Situation 1: Cloud Spanner instance IAM binding grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_backup_schedule.encryption_config.message
Total Cloud Spanner Backup Schedule detected: 2 
['Situation 1: Cloud Spanner backup schedule does not use customer-managed encryption.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set encryption_config.encryption_type = CUSTOMER_MANAGED_ENCRYPTION and specify a kms_key_name.']
Unique resource names in plan (google_spanner_backup_schedule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_binding.no_public_access.message
Total Cloud Spanner Database IAM Binding detected: 2 
['Situation 1: Cloud Spanner database IAM binding grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the members list and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_binding): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database_iam_member.no_public_access.message
Total Cloud Spanner Database IAM Member detected: 2 
['Situation 1: Cloud Spanner database IAM member grants access to allUsers or allAuthenticatedUsers, making the database publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_database_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_database.enable_drop_protection.message
Total Cloud Spanner Database detected: 2 
['Situation 1: Cloud Spanner database does not have enable_drop_protection enabled.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set enable_drop_protection = true on the database.']
Unique resource names in plan (google_spanner_database): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_spanner.google_spanner_instance_iam_member.no_public_access.message
Total Cloud Spanner Instance IAM Member detected: 2 
['Situation 1: Cloud Spanner instance IAM member grants access to allUsers or allAuthenticatedUsers, making the instance publicly accessible.', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove allUsers and allAuthenticatedUsers from the member field and grant access only to specific identities.']
Unique resource names in plan (google_spanner_instance_iam_member): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_spanner
  Resource: google_spanner_backup_schedule
    Policy: encryption_config - ✅
  Resource: google_spanner_database
    Policy: enable_drop_protection - ✅
  Resource: google_spanner_database_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_database_iam_policy
    Policy: no_public_access - ✅
  Resource: google_spanner_instance
    Policy: force_destroy - ✅
    Policy: default_backup_schedule_type - ✅
    Policy: data_residency - ✅
  Resource: google_spanner_instance_iam_binding
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_member
    Policy: no_public_access - ✅
  Resource: google_spanner_instance_iam_policy
    Policy: no_public_access - ✅

Vinnakota Anusha added 5 commits May 19, 2026 10:47

Add Cloud Spanner enable drop protection policy

826ee5f

Add enable_drop_protection policy and update Cloud Spanner documentation

8914283

Add generated markdown docs and terraform lock file

84fc0b4

Fix PDE policy format for enable_drop_protection

448585b

Add Terraform config file for Cloud Spanner policy input

e43fda8

github-actions Bot added the CI-Review-Required PR requires review due to failed CI checks label May 19, 2026

Remove unsupported helper evaluation from policy

2a3db5f

Add missing config file for Cloud Spanner policy

a34830c

Fix enable_drop_protection examples

8d57f7e

Update Cloud Spanner policy examples

0dc84ab

Trigger policy check rerun

d2991de

Remove unrelated generated files

c5e6d9b

Remove Cloud_Spanner docs from PR

b9c96f8

fix: rename Cloud_Spanner to cloud_spanner in docs folder

fa4bb44

fix: rename duplicate resource names in nc.tf

6f3991b

fix: add missing config.tf for enable_drop_protection

b068f4a

fix: add missing vars.rego for google_spanner_database

5bb5b9a

fix: use unique name values in nc.tf

323459e

github-actions Bot added CI-Approved PR approved by CI checks and removed CI-Review-Required PR requires review due to failed CI checks labels May 30, 2026

Merge branch 'dev' into gcp/service/cloud_spanner

fe4c7d5

Update policy.rego

a26b752

JBarazani requested changes May 31, 2026

View reviewed changes

Update spanner_instance_config.json

e058983

Update spanner_instance_partition.json

bf269b8

anushav12345 requested a review from JBarazani June 1, 2026 17:34

Update spanner_backup_schedule.json

d79bbd5

Update spanner_backup_schedule.json

a4e485a

anushav12345 added 2 commits June 2, 2026 19:35

Update spanner_backup_schedule.json

729dfcb

Update spanner_backup_schedule.json

da20eeb

Update spanner_backup_schedule.json

e335c7b

Update spanner_backup_schedule.json

c999f0f

Update spanner_backup_schedule.json

41a4657

JBarazani approved these changes Jun 3, 2026

View reviewed changes

anushav12345 merged commit b4a5b3f into dev Jun 3, 2026
1 check passed

anushav12345 deleted the gcp/service/cloud_spanner branch June 3, 2026 01:19

Conversation

anushav12345 commented May 19, 2026

Uh oh!

github-actions Bot commented May 19, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 19, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 19, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 20, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 20, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 20, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 20, 2026

🔍 Documentation Check Failed

Uh oh!

github-actions Bot commented May 20, 2026

🔍 Documentation Check Failed

Uh oh!

github-actions Bot commented May 20, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 20, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 20, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 20, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 30, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 31, 2026

🔍 Policy Check Results

Test Output

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

github-actions Bot commented Jun 1, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented Jun 1, 2026

🔍 Policy Check Results

Test Output

Uh oh!

anushav12345 commented Jun 1, 2026

Uh oh!

github-actions Bot commented Jun 2, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented Jun 2, 2026

🔍 Policy Check Results