Add Cloud VMware Engine policies and documentation - Gcp/service/cloud vmware engine by kisara07 · Pull Request #420 · Hardhat-Enterprises/Policy-Deployment-Engine

kisara07 · 2026-05-19T12:17:52Z

This PR adds and updates Cloud VMware Engine policies, Terraform input test cases, generated plan files, and documentation.

github-actions · 2026-05-19T12:20:04Z

🔍 Policy Check Results

Status: ❌ CHECKS FAILED

⚠️ Your PR will not be reviewed until you fix all policy check failures below:

Test Output

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_peering.block_thirdparty.message
Total VMWare Engine Network Peering detected: 2 
['Situation 1: Third party peering should be blocked', 'Non-Compliant Resources: nc', 'Potential Remedies: Third party peering should be blocked']
Unique resource names in plan (google_vmwareengine_network_peering): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_peering.block_custom_routes.message
Total VMWare Engine Network Peering detected: 2 
['Situation 1: Custom routes with public ip should be blocked', 'Non-Compliant Resources: nc', 'Potential Remedies: Set public ip to false for custom routes']
Unique resource names in plan (google_vmwareengine_network_peering): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_datastore.file_share.message
Total cloud vmware engine datastore detected: 2 
['Situation 1: is using an unapproved NFS file share', 'Non-Compliant Resources: nc', 'Potential Remedies: change the file_share to /share1']
Unique resource names in plan (google_vmwareengine_datastore): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_datastore.location.message
Total cloud vmware engine datastore detected: 2 
['Situation 1: is deployed in an unapproved location', 'Non-Compliant Resources: nc', 'Potential Remedies: change the location to us-west1-a']
Unique resource names in plan (google_vmwareengine_datastore): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_datastore.servers.message
Total cloud vmware engine datastore detected: 2 
['Situation 1: is using an unapproved NFS server', 'Non-Compliant Resources: nc', 'Potential Remedies: change/remove unapproved server IP addresses from servers']
Unique resource names in plan (google_vmwareengine_datastore): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_datastore.name.message
Total cloud vmware engine datastore detected: 2 
['Situation 1: is using an unapproved datastore name', 'Non-Compliant Resources: nc', 'Potential Remedies: change the name to an approved name']
Unique resource names in plan (google_vmwareengine_datastore): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_external_access_rule.block_broad_external_access.message
Total VMWare Engine External Access Rule detected: 2 
['Situation 1: Network configuration is too broad', 'Non-Compliant Resources: nc', 'Potential Remedies: Set  ip range for required ips and make sure that all ports are not opened']
Unique resource names in plan (google_vmwareengine_external_access_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_cluster.parent.message
Total cloud vmware engine cluster detected: 2 
['Situation 1: is created under an unapproved private cloud parent', 'Non-Compliant Resources: nc', 'Potential Remedies: change the parent to projects/599444694846/locations/us-west1-a/privateClouds/c']
Check failed: Resources in output other than 'nc' found: c

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_cluster.node_type_id.message
Total cloud vmware engine cluster detected: 2 
['Situation 1: is using an unapproved node type', 'Non-Compliant Resources: nc', 'Potential Remedies: change the node_type_id to standard-72']
Unique resource names in plan (google_vmwareengine_cluster): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_cluster.node_count.message
Total cloud vmware engine cluster detected: 2 
['Situation 1: is using an unapproved node count', 'Non-Compliant Resources: nc', 'Potential Remedies: change the node_count to 3 ']
Unique resource names in plan (google_vmwareengine_cluster): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_cluster.name.message
Total cloud vmware engine cluster detected: 2 
['Situation 1: is using an unapproved cluster name', 'Non-Compliant Resources: nc', 'Potential Remedies: change the name to approved cluster name']
Unique resource names in plan (google_vmwareengine_cluster): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network.block_legacy.message
Total VMWare Engine Network detected: 2 
['Situation 1: Check if legacy network type is used', 'Non-Compliant Resources: nc', 'Potential Remedies: Do not use legacy network as it is being phased out now, use standard instead']
Unique resource names in plan (google_vmwareengine_network): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network.allowed_location.message
Total VMWare Engine Network detected: 2 
['Situation 1: Network  is within australia region', 'Non-Compliant Resources: nc', 'Potential Remedies: Use Australian regions']
Unique resource names in plan (google_vmwareengine_network): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_policy.block_external_ip.message
Total VMWare Engine Network Policy detected: 2 
['Situation 1: External IP address is blocked', 'Non-Compliant Resources: nc', 'Potential Remedies: External IPs should not be allocated']
Unique resource names in plan (google_vmwareengine_network_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_policy.allowed_location.message
Total VMWare Engine Network Policy detected: 2 
['Situation 1: Network policy is within australia region', 'Non-Compliant Resources: nc', 'Potential Remedies: Use Australian regions']
Unique resource names in plan (google_vmwareengine_network_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_policy.block_internet_access.message
Total VMWare Engine Network Policy detected: 2 
['Situation 1: Internet access is blocked', 'Non-Compliant Resources: nc', 'Potential Remedies: Block internet access']
Unique resource names in plan (google_vmwareengine_network_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_subnet.parent.message
Total cloud vmware engine subnet detected: 2 
['Situation 1: is created under an unapproved private cloud parent', 'Non-Compliant Resources: nc', 'Potential Remedies: change the parent to projects/599444694846/locations/us-west1-a/privateClouds/c']
Check failed: Resources in output other than 'nc' found: c

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_subnet.ip_cidr_range.message
Total cloud vmware engine subnet detected: 2 
['Situation 1: is using an unapproved subnet IP CIDR range', 'Non-Compliant Resources: nc', 'Potential Remedies: change the ip_cidr_range to 192.168.100.0/26']
Unique resource names in plan (google_vmwareengine_subnet): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_subnet.name.message
Total cloud vmware engine subnet detected: 2 
['Situation 1: is using an unapproved subnet name', 'Non-Compliant Resources: nc', 'Potential Remedies: change the name to an approved name ']
Unique resource names in plan (google_vmwareengine_subnet): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_private_cloud.allowed_location.message
Total VMWare Engine Private Cloud detected: 2 
['Situation 1: Cloud is within australia region', 'Non-Compliant Resources: nc', 'Potential Remedies: Use Australian regions']
Unique resource names in plan (google_vmwareengine_private_cloud): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_private_cloud.zonal_location.message
Total VMWare Engine Private Cloud detected: 2 
['Situation 1: Cloud is within australia zone', 'Non-Compliant Resources: nc', 'Potential Remedies: Use Australian zones']
Unique resource names in plan (google_vmwareengine_private_cloud): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_external_address.parent.message
Total cloud vmware engine external address detected: 2 
['Situation 1: is created under an unapproved private cloud parent', 'Non-Compliant Resources: nc', 'Potential Remedies: change the parent to projects/599444694846/locations/us-west1-a/privateClouds/c']
Check failed: Resources in output other than 'nc' found: c

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_external_address.internal_ip.message
Total cloud vmware engine external address detected: 2 
['Situation 1: is using an unapproved internal IP address', 'Non-Compliant Resources: nc', 'Potential Remedies: change the internal_ip to 192.168.0.66']
Unique resource names in plan (google_vmwareengine_external_address): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_external_address.name.message
Total cloud vmware engine external address detected: 2 
['Situation 1: is using an unapproved external address name', 'Non-Compliant Resources: nc', 'Potential Remedies: change the name to an approved name']
Unique resource names in plan (google_vmwareengine_external_address): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_vmware_engine
  Resource: google_vmwareengine_cluster
    Policy: parent - ❌
    Policy: node_type_id - ✅
    Policy: node_count - ✅
    Policy: name - ✅
  Resource: google_vmwareengine_datastore
    Policy: file_share - ✅
    Policy: location - ✅
    Policy: servers - ✅
    Policy: name - ✅
  Resource: google_vmwareengine_external_access_rule
    Policy: block_broad_external_access - ✅
  Resource: google_vmwareengine_external_address
    Policy: parent - ❌
    Policy: internal_ip - ✅
    Policy: name - ✅
  Resource: google_vmwareengine_network
    Policy: block_legacy - ✅
    Policy: allowed_location - ✅
  Resource: google_vmwareengine_network_peering
    Policy: block_thirdparty - ✅
    Policy: block_custom_routes - ✅
  Resource: google_vmwareengine_network_policy
    Policy: block_external_ip - ✅
    Policy: allowed_location - ✅
    Policy: block_internet_access - ✅
  Resource: google_vmwareengine_private_cloud
    Policy: allowed_location - ✅
    Policy: zonal_location - ✅
  Resource: google_vmwareengine_subnet
    Policy: parent - ❌
    Policy: ip_cidr_range - ✅
    Policy: name - ✅


Failures:
Service: cloud_vmware_engine | Resource: google_vmwareengine_cluster | Policy: parent
Resources in output other than 'nc' found: c

Service: cloud_vmware_engine | Resource: google_vmwareengine_external_address | Policy: parent
Resources in output other than 'nc' found: c

Service: cloud_vmware_engine | Resource: google_vmwareengine_subnet | Policy: parent
Resources in output other than 'nc' found: c

github-actions · 2026-05-19T12:30:45Z

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_peering.block_thirdparty.message
Total VMWare Engine Network Peering detected: 2 
['Situation 1: Third party peering should be blocked', 'Non-Compliant Resources: nc', 'Potential Remedies: Third party peering should be blocked']
Unique resource names in plan (google_vmwareengine_network_peering): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_peering.block_custom_routes.message
Total VMWare Engine Network Peering detected: 2 
['Situation 1: Custom routes with public ip should be blocked', 'Non-Compliant Resources: nc', 'Potential Remedies: Set public ip to false for custom routes']
Unique resource names in plan (google_vmwareengine_network_peering): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_datastore.file_share.message
Total cloud vmware engine datastore detected: 2 
['Situation 1: is using an unapproved NFS file share', 'Non-Compliant Resources: nc', 'Potential Remedies: change the file_share to /share1']
Unique resource names in plan (google_vmwareengine_datastore): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_datastore.location.message
Total cloud vmware engine datastore detected: 2 
['Situation 1: is deployed in an unapproved location', 'Non-Compliant Resources: nc', 'Potential Remedies: change the location to us-west1-a']
Unique resource names in plan (google_vmwareengine_datastore): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_datastore.servers.message
Total cloud vmware engine datastore detected: 2 
['Situation 1: is using an unapproved NFS server', 'Non-Compliant Resources: nc', 'Potential Remedies: change/remove unapproved server IP addresses from servers']
Unique resource names in plan (google_vmwareengine_datastore): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_datastore.name.message
Total cloud vmware engine datastore detected: 2 
['Situation 1: is using an unapproved datastore name', 'Non-Compliant Resources: nc', 'Potential Remedies: change the name to an approved name']
Unique resource names in plan (google_vmwareengine_datastore): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_external_access_rule.block_broad_external_access.message
Total VMWare Engine External Access Rule detected: 2 
['Situation 1: Network configuration is too broad', 'Non-Compliant Resources: nc', 'Potential Remedies: Set  ip range for required ips and make sure that all ports are not opened']
Unique resource names in plan (google_vmwareengine_external_access_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_cluster.parent.message
Total cloud vmware engine cluster detected: 2 
['Situation 1: is created under an unapproved private cloud parent', 'Non-Compliant Resources: nc', 'Potential Remedies: change the parent to to an approved private cloud parent']
Unique resource names in plan (google_vmwareengine_cluster): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_cluster.node_type_id.message
Total cloud vmware engine cluster detected: 2 
['Situation 1: is using an unapproved node type', 'Non-Compliant Resources: nc', 'Potential Remedies: change the node_type_id to standard-72']
Unique resource names in plan (google_vmwareengine_cluster): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_cluster.node_count.message
Total cloud vmware engine cluster detected: 2 
['Situation 1: is using an unapproved node count', 'Non-Compliant Resources: nc', 'Potential Remedies: change the node_count to 3 ']
Unique resource names in plan (google_vmwareengine_cluster): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_cluster.name.message
Total cloud vmware engine cluster detected: 2 
['Situation 1: is using an unapproved cluster name', 'Non-Compliant Resources: nc', 'Potential Remedies: change the name to approved cluster name']
Unique resource names in plan (google_vmwareengine_cluster): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network.block_legacy.message
Total VMWare Engine Network detected: 2 
['Situation 1: Check if legacy network type is used', 'Non-Compliant Resources: nc', 'Potential Remedies: Do not use legacy network as it is being phased out now, use standard instead']
Unique resource names in plan (google_vmwareengine_network): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network.allowed_location.message
Total VMWare Engine Network detected: 2 
['Situation 1: Network  is within australia region', 'Non-Compliant Resources: nc', 'Potential Remedies: Use Australian regions']
Unique resource names in plan (google_vmwareengine_network): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_policy.block_external_ip.message
Total VMWare Engine Network Policy detected: 2 
['Situation 1: External IP address is blocked', 'Non-Compliant Resources: nc', 'Potential Remedies: External IPs should not be allocated']
Unique resource names in plan (google_vmwareengine_network_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_policy.allowed_location.message
Total VMWare Engine Network Policy detected: 2 
['Situation 1: Network policy is within australia region', 'Non-Compliant Resources: nc', 'Potential Remedies: Use Australian regions']
Unique resource names in plan (google_vmwareengine_network_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_network_policy.block_internet_access.message
Total VMWare Engine Network Policy detected: 2 
['Situation 1: Internet access is blocked', 'Non-Compliant Resources: nc', 'Potential Remedies: Block internet access']
Unique resource names in plan (google_vmwareengine_network_policy): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_subnet.parent.message
Total cloud vmware engine subnet detected: 2 
['Situation 1: is created under an unapproved private cloud parent', 'Non-Compliant Resources: nc']
Unique resource names in plan (google_vmwareengine_subnet): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_subnet.ip_cidr_range.message
Total cloud vmware engine subnet detected: 2 
['Situation 1: is using an unapproved subnet IP CIDR range', 'Non-Compliant Resources: nc', 'Potential Remedies: change the ip_cidr_range to 192.168.100.0/26']
Unique resource names in plan (google_vmwareengine_subnet): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_subnet.name.message
Total cloud vmware engine subnet detected: 2 
['Situation 1: is using an unapproved subnet name', 'Non-Compliant Resources: nc', 'Potential Remedies: change the name to an approved name ']
Unique resource names in plan (google_vmwareengine_subnet): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_private_cloud.allowed_location.message
Total VMWare Engine Private Cloud detected: 2 
['Situation 1: Cloud is within australia region', 'Non-Compliant Resources: nc', 'Potential Remedies: Use Australian regions']
Unique resource names in plan (google_vmwareengine_private_cloud): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_private_cloud.zonal_location.message
Total VMWare Engine Private Cloud detected: 2 
['Situation 1: Cloud is within australia zone', 'Non-Compliant Resources: nc', 'Potential Remedies: Use Australian zones']
Unique resource names in plan (google_vmwareengine_private_cloud): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_external_address.parent.message
Total cloud vmware engine external address detected: 2 
['Situation 1: is created under an unapproved private cloud parent', 'Non-Compliant Resources: nc', 'Potential Remedies: change the parent to an approved private cloud parent']
Unique resource names in plan (google_vmwareengine_external_address): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_external_address.internal_ip.message
Total cloud vmware engine external address detected: 2 
['Situation 1: is using an unapproved internal IP address', 'Non-Compliant Resources: nc', 'Potential Remedies: change the internal_ip to 192.168.0.66']
Unique resource names in plan (google_vmwareengine_external_address): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_vmware_engine.google_vmwareengine_external_address.name.message
Total cloud vmware engine external address detected: 2 
['Situation 1: is using an unapproved external address name', 'Non-Compliant Resources: nc', 'Potential Remedies: change the name to an approved name']
Unique resource names in plan (google_vmwareengine_external_address): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_vmware_engine
  Resource: google_vmwareengine_cluster
    Policy: parent - ✅
    Policy: node_type_id - ✅
    Policy: node_count - ✅
    Policy: name - ✅
  Resource: google_vmwareengine_datastore
    Policy: file_share - ✅
    Policy: location - ✅
    Policy: servers - ✅
    Policy: name - ✅
  Resource: google_vmwareengine_external_access_rule
    Policy: block_broad_external_access - ✅
  Resource: google_vmwareengine_external_address
    Policy: parent - ✅
    Policy: internal_ip - ✅
    Policy: name - ✅
  Resource: google_vmwareengine_network
    Policy: block_legacy - ✅
    Policy: allowed_location - ✅
  Resource: google_vmwareengine_network_peering
    Policy: block_thirdparty - ✅
    Policy: block_custom_routes - ✅
  Resource: google_vmwareengine_network_policy
    Policy: block_external_ip - ✅
    Policy: allowed_location - ✅
    Policy: block_internet_access - ✅
  Resource: google_vmwareengine_private_cloud
    Policy: allowed_location - ✅
    Policy: zonal_location - ✅
  Resource: google_vmwareengine_subnet
    Policy: parent - ✅
    Policy: ip_cidr_range - ✅
    Policy: name - ✅

kisara07 added 2 commits May 15, 2026 22:43

Add Cloud VMware Engine policies and inputs

278d0fd

polices, inputs and docs

8130abc

github-actions Bot added the CI-Review-Required PR requires review due to failed CI checks label May 19, 2026

Fix parent policy remedy outputs

977df5e

github-actions Bot added CI-Approved PR approved by CI checks and removed CI-Review-Required PR requires review due to failed CI checks labels May 19, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Cloud VMware Engine policies and documentation - Gcp/service/cloud vmware engine#420

Add Cloud VMware Engine policies and documentation - Gcp/service/cloud vmware engine#420
kisara07 wants to merge 3 commits into
devfrom
gcp/service/cloud_vmware_engine

kisara07 commented May 19, 2026

Uh oh!

github-actions Bot commented May 19, 2026

Uh oh!

github-actions Bot commented May 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

kisara07 commented May 19, 2026

Uh oh!

github-actions Bot commented May 19, 2026

🔍 Policy Check Results

Test Output

Uh oh!

github-actions Bot commented May 19, 2026

🔍 Policy Check Results

Test Output

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant