Skip to content

Gcp/service/contact center ai insights#361

Open
RoshMohotti wants to merge 16 commits into
devfrom
gcp/service/contact_center_ai_insights
Open

Gcp/service/contact center ai insights#361
RoshMohotti wants to merge 16 commits into
devfrom
gcp/service/contact_center_ai_insights

Conversation

@RoshMohotti
Copy link
Copy Markdown
Contributor

@RoshMohotti RoshMohotti commented May 4, 2026

  • Added security policies for Contact Center AI Insights
  • Implemented policies for:
    • Analysis Rule
    • Assessment Rule
    • Auto Labeling Rule
  • created documentation

All policies tested and passing pre-commit hooks.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.cloud_asset_inventory.google_cloud_asset_folder_feed.content_type.message
Total Cloud Asset Folder Feed detected: 2 
['Situation 1: Cloud Asset Folder Feed is using an unapproved content type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set the content_type to an approved value for security-relevant monitoring., Use RESOURCE, IAM_POLICY, ORG_POLICY, or ACCESS_POLICY based on monitoring requirements']
Unique resource names in plan (google_cloud_asset_folder_feed): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_asset_inventory.google_cloud_asset_folder_feed.pubsub_destination.message
Total Cloud Asset Folder Feed detected: 2 
['Situation 1: Cloud Asset Folder Feed is using an unapproved Pub/Sub destination topic.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set the Pub/Sub destination topic to an approved value for security-relevant monitoring.']
Unique resource names in plan (google_cloud_asset_folder_feed): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_asset_inventory.google_cloud_asset_folder_feed.asset_types.message
Total Cloud Asset Folder Feed detected: 2 
['Situation 1: Cloud Asset Folder Feed is using an unapproved asset type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set asset_types to approved values for security monitoring.']
Unique resource names in plan (google_cloud_asset_folder_feed): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_asset_inventory.google_cloud_asset_folder_feed.condition_expression.message
Total Cloud Asset Folder Feed detected: 2 
['Situation 1: Cloud Asset Folder Feed is using an unapproved condition expression.', 'Non-Compliant Resources: nc', "Potential Remedies: Set the condition expression to 'temporal_asset.deleted == false' to ensure monitoring covers active assets."]
Unique resource names in plan (google_cloud_asset_folder_feed): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_asset_inventory
  Resource: google_cloud_asset_folder_feed
    Policy: content_type - ✅
    Policy: pubsub_destination - ✅
    Policy: asset_types - ✅
    Policy: condition_expression - ✅


OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_sample_percentage.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule has invalid sample percentage.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set sample_percentage to an approved value such as 10, 25, or 50.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_conversation_filter.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule is using an empty sample rule conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific sample rule conversation filter to limit assessment to approved conversation types.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.conversation_filter.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is using an empty conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific conversation filter to limit analysis to approved conversation types., Avoid empty filters because they may analyse all conversations and increase risk.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.location.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is deployed in an unapproved location.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set location to an approved region such as australia-southeast1 or australia-southeast2.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule does not have a label key configured.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key to a meaningful label key so conversations are classified correctly.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key_type.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule is using an unapproved label key type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key_type to LABEL_KEY_TYPE_CUSTOM for controlled custom classification.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: contact_center_ai_insights
  Resource: google_contact_center_insights_analysis_rule
    Policy: conversation_filter - ✅
    Policy: location - ✅
  Resource: google_contact_center_insights_assessment_rule
    Policy: sample_rule_sample_percentage - ✅
    Policy: sample_rule_conversation_filter - ✅
  Resource: google_contact_center_insights_auto_labeling_rule
    Policy: label_key - ✅
    Policy: label_key_type - ✅

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_sample_percentage.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule has invalid sample percentage.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set sample_percentage to an approved value such as 10, 25, or 50.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_conversation_filter.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule is using an empty sample rule conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific sample rule conversation filter to limit assessment to approved conversation types.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.conversation_filter.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is using an empty conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific conversation filter to limit analysis to approved conversation types., Avoid empty filters because they may analyse all conversations and increase risk.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.location.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is deployed in an unapproved location.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set location to an approved region such as australia-southeast1 or australia-southeast2.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule does not have a label key configured.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key to a meaningful label key so conversations are classified correctly.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key_type.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule is using an unapproved label key type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key_type to LABEL_KEY_TYPE_CUSTOM for controlled custom classification.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: contact_center_ai_insights
  Resource: google_contact_center_insights_analysis_rule
    Policy: conversation_filter - ✅
    Policy: location - ✅
  Resource: google_contact_center_insights_assessment_rule
    Policy: sample_rule_sample_percentage - ✅
    Policy: sample_rule_conversation_filter - ✅
  Resource: google_contact_center_insights_auto_labeling_rule
    Policy: label_key - ✅
    Policy: label_key_type - ✅

@adi001-beep @Shani1116
@jinglong857 @RoshMohotti
Cloud ids policies (#318)
83906ab 
This PR introduces security policies for Google Cloud IDS Endpoint to
enforce secure configuration and prevent misconfigurations.

Implemented Policies:

1. Location Policy  
Ensures that all Cloud IDS endpoints are deployed only in the approved
region (australia-southeast1) to meet compliance and data residency
requirements.

2. Severity Policy  
Prevents the use of weak severity levels (LOW, MEDIUM, INFORMATIONAL)
and enforces strong threat detection using HIGH or CRITICAL severity.

3. Network Policy  
Restricts the use of insecure default or public networks and ensures
endpoints are deployed within secure private VPC networks.

4. Description Policy  
Enforces proper resource labeling by requiring endpoints to be marked as
production resources.

5. Name Policy  
Prevents the use of non-production naming conventions such as "test" to
ensure clarity and avoid misconfiguration risks.

6. Threat Exceptions Policy  
Blocks the use of wildcard or overly broad threat exceptions, ensuring
only specific and controlled exclusions are allowed.

7. Combined Policy  
Implements advanced validation by combining multiple conditions. A
resource is flagged as non-compliant only when it uses weak severity and
an insecure network simultaneously, reducing false positives and
improving accuracy.

Testing:

- Created compliant (c.tf) and non-compliant (nc.tf) Terraform
configurations for each policy
- Generated Terraform plan.json files
- Evaluated policies using OPA commands
- Verified that all non-compliant resources are correctly detected and
reported

All policies follow PDE helper templates and produce accurate outputs
aligned with security
<img width="2270" height="456" alt="11 04 2026_23 00 16_REC"
src="https://github.com/user-attachments/assets/1ea510ba-29a6-4915-84af-d0b64916a065"
/>
<img width="3156" height="1008" alt="11 04 2026_23 03 36_REC"
src="https://github.com/user-attachments/assets/85a96b53-2ac1-45a6-856a-fd7e240128ce"
/>
<img width="3188" height="470" alt="11 04 2026_23 28 23_REC"
src="https://github.com/user-attachments/assets/3c8c7e51-beb0-41dc-975c-5321953c3762"
/>
<img width="3117" height="364" alt="12 04 2026_00 01 49_REC"
src="https://github.com/user-attachments/assets/8acac7b3-807a-45c9-957f-57b739da2095"
/>
<img width="3157" height="374" alt="12 04 2026_00 11 47_REC"
src="https://github.com/user-attachments/assets/631f46f3-bb8f-48f5-8069-c2067aa69ab2"
/>
<img width="3200" height="384" alt="12 04 2026_00 23 42_REC"
src="https://github.com/user-attachments/assets/81484d6e-4bfa-423e-bdef-82929dbe192c"
/>
<img width="3192" height="378" alt="12 04 2026_00 31 54_REC"
src="https://github.com/user-attachments/assets/e30fd43a-0fa7-4381-b0a0-d30ea1589312"
/>
<img width="3189" height="368" alt="12 04 2026_00 36 20_REC"
src="https://github.com/user-attachments/assets/d6c4c3e1-3daf-48fb-bef0-9f24fbc3c26d"
/>

---------

Co-authored-by: Aditya Singh Juneja <fresnoadi@gmail.com>
Co-authored-by: Shanika Perera <0.perera.hishi@gmail.com>
Co-authored-by: Jinglong <jinglong.857@gmail.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 5, 2026

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.cloud_ids.google_cloud_ids_endpoint.location.message
Total Cloud IDS Endpoint detected: 2 
['Situation 1: IDS endpoint deployed outside Australia', 'Non-Compliant Resources: nc', 'Potential Remedies: Deploy only in australia-southeast1']
Unique resource names in plan (google_cloud_ids_endpoint): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_ids.google_cloud_ids_endpoint.network.message
Total Cloud IDS Endpoint detected: 2 
['Situation 1: IDS endpoint is using an insecure default or public network', 'Non-Compliant Resources: nc', 'Potential Remedies: Use a private VPC network instead of default or public networks']
Unique resource names in plan (google_cloud_ids_endpoint): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_ids.google_cloud_ids_endpoint.threat_exceptions.message
Total Cloud IDS Endpoint detected: 2 
['Situation 1: Threat exceptions include unsafe wildcard values', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove wildcard (*) or broad exceptions']
Unique resource names in plan (google_cloud_ids_endpoint): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_ids.google_cloud_ids_endpoint.severity.message
Total Cloud IDS Endpoint detected: 2 
['Situation 1: IDS endpoint is using weak severity level', 'Non-Compliant Resources: nc', 'Potential Remedies: Set severity to HIGH or CRITICAL']
Unique resource names in plan (google_cloud_ids_endpoint): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_ids
  Resource: google_cloud_ids_endpoint
    Policy: location - ✅
    Policy: network - ✅
    Policy: threat_exceptions - ✅
    Policy: severity - ✅


OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_sample_percentage.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule has invalid sample percentage.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set sample_percentage to an approved value such as 10, 25, or 50.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_conversation_filter.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule is using an empty sample rule conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific sample rule conversation filter to limit assessment to approved conversation types.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.conversation_filter.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is using an empty conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific conversation filter to limit analysis to approved conversation types., Avoid empty filters because they may analyse all conversations and increase risk.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.location.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is deployed in an unapproved location.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set location to an approved region such as australia-southeast1 or australia-southeast2.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule does not have a label key configured.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key to a meaningful label key so conversations are classified correctly.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key_type.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule is using an unapproved label key type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key_type to LABEL_KEY_TYPE_CUSTOM for controlled custom classification.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: contact_center_ai_insights
  Resource: google_contact_center_insights_analysis_rule
    Policy: conversation_filter - ✅
    Policy: location - ✅
  Resource: google_contact_center_insights_assessment_rule
    Policy: sample_rule_sample_percentage - ✅
    Policy: sample_rule_conversation_filter - ✅
  Resource: google_contact_center_insights_auto_labeling_rule
    Policy: label_key - ✅
    Policy: label_key_type - ✅

@RoshMohotti RoshMohotti requested a review from Shani1116 May 5, 2026 05:56
@RoshMohotti RoshMohotti self-assigned this May 6, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 6, 2026

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.cloud_ids.google_cloud_ids_endpoint.location.message
Total Cloud IDS Endpoint detected: 2 
['Situation 1: IDS endpoint deployed outside Australia', 'Non-Compliant Resources: nc', 'Potential Remedies: Deploy only in australia-southeast1']
Unique resource names in plan (google_cloud_ids_endpoint): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_ids.google_cloud_ids_endpoint.network.message
Total Cloud IDS Endpoint detected: 2 
['Situation 1: IDS endpoint is using an insecure default or public network', 'Non-Compliant Resources: nc', 'Potential Remedies: Use a private VPC network instead of default or public networks']
Unique resource names in plan (google_cloud_ids_endpoint): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_ids.google_cloud_ids_endpoint.threat_exceptions.message
Total Cloud IDS Endpoint detected: 2 
['Situation 1: Threat exceptions include unsafe wildcard values', 'Non-Compliant Resources: nc', 'Potential Remedies: Remove wildcard (*) or broad exceptions']
Unique resource names in plan (google_cloud_ids_endpoint): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.cloud_ids.google_cloud_ids_endpoint.severity.message
Total Cloud IDS Endpoint detected: 2 
['Situation 1: IDS endpoint is using weak severity level', 'Non-Compliant Resources: nc', 'Potential Remedies: Set severity to HIGH or CRITICAL']
Unique resource names in plan (google_cloud_ids_endpoint): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: cloud_ids
  Resource: google_cloud_ids_endpoint
    Policy: location - ✅
    Policy: network - ✅
    Policy: threat_exceptions - ✅
    Policy: severity - ✅


OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_sample_percentage.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule has invalid sample percentage.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set sample_percentage to an approved value such as 10, 25, or 50.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_conversation_filter.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule is using an empty sample rule conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific sample rule conversation filter to limit assessment to approved conversation types.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.conversation_filter.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is using an empty conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific conversation filter to limit analysis to approved conversation types., Avoid empty filters because they may analyse all conversations and increase risk.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.location.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is deployed in an unapproved location.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set location to an approved region such as australia-southeast1 or australia-southeast2.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule does not have a label key configured.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key to a meaningful label key so conversations are classified correctly.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key_type.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule is using an unapproved label key type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key_type to LABEL_KEY_TYPE_CUSTOM for controlled custom classification.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: contact_center_ai_insights
  Resource: google_contact_center_insights_analysis_rule
    Policy: conversation_filter - ✅
    Policy: location - ✅
  Resource: google_contact_center_insights_assessment_rule
    Policy: sample_rule_sample_percentage - ✅
    Policy: sample_rule_conversation_filter - ✅
  Resource: google_contact_center_insights_auto_labeling_rule
    Policy: label_key - ✅
    Policy: label_key_type - ✅

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_sample_percentage.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule has invalid sample percentage.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set sample_percentage to an approved value such as 10, 25, or 50.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_conversation_filter.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule is using an empty sample rule conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific sample rule conversation filter to limit assessment to approved conversation types.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.conversation_filter.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is using an empty conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific conversation filter to limit analysis to approved conversation types., Avoid empty filters because they may analyse all conversations and increase risk.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.location.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is deployed in an unapproved location.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set location to an approved region such as australia-southeast1 or australia-southeast2.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule does not have a label key configured.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key to a meaningful label key so conversations are classified correctly.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key_type.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule is using an unapproved label key type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key_type to LABEL_KEY_TYPE_CUSTOM for controlled custom classification.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: contact_center_ai_insights
  Resource: google_contact_center_insights_analysis_rule
    Policy: conversation_filter - ✅
    Policy: location - ✅
  Resource: google_contact_center_insights_assessment_rule
    Policy: sample_rule_sample_percentage - ✅
    Policy: sample_rule_conversation_filter - ✅
  Resource: google_contact_center_insights_auto_labeling_rule
    Policy: label_key - ✅
    Policy: label_key_type - ✅

@jinglong857 jinglong857 self-assigned this May 10, 2026
jinglong857
jinglong857 requested changes May 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jinglong857 jinglong857 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@RoshMohotti please ensure your document is completed: all value for security impact needs to be set for all arguments and rationales provided (why it has security impact or why not). These needs to be done for further review.

jinglong857
jinglong857 reviewed May 10, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jinglong857 jinglong857 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please ensure your document is completed.

Comment thread docs/gcp/Contact_Center_AI_Insights/resource_json/contact_center_insights_analysis_rule.json Outdated
Comment thread docs/gcp/Contact_Center_AI_Insights/resource_json/contact_center_insights_analysis_rule.json Outdated
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_sample_percentage.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule has invalid sample percentage.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set sample_percentage to an approved value such as 10, 25, or 50.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_conversation_filter.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule is using an empty sample rule conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific sample rule conversation filter to limit assessment to approved conversation types.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.conversation_filter.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is using an empty conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific conversation filter to limit analysis to approved conversation types., Avoid empty filters because they may analyse all conversations and increase risk.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.location.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is deployed in an unapproved location.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set location to an approved region such as australia-southeast1 or australia-southeast2.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule does not have a label key configured.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key to a meaningful label key so conversations are classified correctly.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key_type.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule is using an unapproved label key type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key_type to LABEL_KEY_TYPE_CUSTOM for controlled custom classification.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: contact_center_ai_insights
  Resource: google_contact_center_insights_analysis_rule
    Policy: conversation_filter - ✅
    Policy: location - ✅
  Resource: google_contact_center_insights_assessment_rule
    Policy: sample_rule_sample_percentage - ✅
    Policy: sample_rule_conversation_filter - ✅
  Resource: google_contact_center_insights_auto_labeling_rule
    Policy: label_key - ✅
    Policy: label_key_type - ✅

@github-actions github-actions Bot added the CI-Approved PR approved by CI checks label May 11, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_sample_percentage.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule has invalid sample percentage.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set sample_percentage to an approved value such as 10, 25, or 50.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_conversation_filter.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule is using an empty sample rule conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific sample rule conversation filter to limit assessment to approved conversation types.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.conversation_filter.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is using an empty conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific conversation filter to limit analysis to approved conversation types., Avoid empty filters because they may analyse all conversations and increase risk.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.location.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is deployed in an unapproved location.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set location to an approved region such as australia-southeast1 or australia-southeast2.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule does not have a label key configured.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key to a meaningful label key so conversations are classified correctly.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key_type.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule is using an unapproved label key type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key_type to LABEL_KEY_TYPE_CUSTOM for controlled custom classification.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: contact_center_ai_insights
  Resource: google_contact_center_insights_analysis_rule
    Policy: conversation_filter - ✅
    Policy: location - ✅
  Resource: google_contact_center_insights_assessment_rule
    Policy: sample_rule_sample_percentage - ✅
    Policy: sample_rule_conversation_filter - ✅
  Resource: google_contact_center_insights_auto_labeling_rule
    Policy: label_key - ✅
    Policy: label_key_type - ✅

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026

🔍 Policy Check Results

Status: ✅ All checks passed

Test Output

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_sample_percentage.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule has invalid sample percentage.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set sample_percentage to an approved value such as 10, 25, or 50.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_assessment_rule.sample_rule_conversation_filter.message
Total Contact Center Insights Assessment Rule detected: 2 
['Situation 1: Contact Center Insights Assessment Rule is using an empty sample rule conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific sample rule conversation filter to limit assessment to approved conversation types.']
Unique resource names in plan (google_contact_center_insights_assessment_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.conversation_filter.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is using an empty conversation filter.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set a specific conversation filter to limit analysis to approved conversation types., Avoid empty filters because they may analyse all conversations and increase risk.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_analysis_rule.location.message
Total Contact Center Insights Analysis Rule detected: 2 
['Situation 1: Contact Center Insights Analysis Rule is deployed in an unapproved location.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set location to an approved region such as australia-southeast1 or australia-southeast2.']
Unique resource names in plan (google_contact_center_insights_analysis_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule does not have a label key configured.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key to a meaningful label key so conversations are classified correctly.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed

OPA check: data.terraform.gcp.security.contact_center_ai_insights.google_contact_center_insights_auto_labeling_rule.label_key_type.message
Total Contact Center Insights Auto Labeling Rule detected: 2 
['Situation 1: Contact Center Insights Auto Labeling Rule is using an unapproved label key type.', 'Non-Compliant Resources: nc', 'Potential Remedies: Set label_key_type to LABEL_KEY_TYPE_CUSTOM for controlled custom classification.']
Unique resource names in plan (google_contact_center_insights_auto_labeling_rule): 2
Names mentioned in output: 1
 Missing mentions: c
Only compliant resources are unmentioned; ignoring
Check passed


Summary of policy checks:
Service: contact_center_ai_insights
  Resource: google_contact_center_insights_analysis_rule
    Policy: conversation_filter - ✅
    Policy: location - ✅
  Resource: google_contact_center_insights_assessment_rule
    Policy: sample_rule_sample_percentage - ✅
    Policy: sample_rule_conversation_filter - ✅
  Resource: google_contact_center_insights_auto_labeling_rule
    Policy: label_key - ✅
    Policy: label_key_type - ✅

@RoshMohotti RoshMohotti requested a review from jinglong857 May 11, 2026 11:44
@RoshMohotti
Copy link
Copy Markdown
Contributor Author

RoshMohotti commented May 13, 2026

Hi, I have updated the documentation and resolved the review comments. Could you please re-review when available? Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Shani1116 Shani1116 Awaiting requested review from Shani1116

@jinglong857 jinglong857 Awaiting requested review from jinglong857

Requested changes must be addressed to merge this pull request.

Assignees

@jinglong857 jinglong857

Labels

1st review CI-Approved PR approved by CI checks

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@RoshMohotti @jinglong857 @Shani1116 @SnehithJothiShiju @adi001-beep