BigQuery views are evaluated as tables and checking for CMEK

[Clausewitz45]

Hi Team,

I was scared first that our DEVs are messed up something, but then I found during the investigation that the check are running on views/materialized views and during the runtime we are failing on them:

     ×  [production-project] BigQuery Table v_rep_week_periods_materialize should use customer-managed encryption keys (CMEK) kms_key_name is expected not to eq nil

     expected: value != nil
          got: nil

     (compared using ==)

Can you please exclude the views from the checks itself? Thank you in advance

[Clausewitz45]

Hi Team, I have the same request regarding external tables. We have a bunch of files in GCS, and the tables are basically the pointers only to the CSV content there. They exists in BigQuery, but the content is coming from an already CMEK protected GCS bucket. Can these type of tables are excluded too?

[aaronlippold]

Hi, I think you guys have the wrong project. This wouldn’t be the right support channel to answer those questions.

On Mon, Apr 4, 2022 at 06:03 Csaba SÁRI ***@***.***> wrote: Hi Team, I have the same request regarding external tables. We have a bunch of files in GCS, and the tables are basically the pointers only to the CSV content there. They exists in BigQuery, but the content is coming from an already CMEK protected GCS bucket. Can these type of tables are excluded too? — Reply to this email directly, view it on GitHub <#92 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AALK42F26DYEXSHNLZSMYQ3VDK45LANCNFSM5SNSTCNA> . You are receiving this because you are subscribed to this thread.Message ID: <GoogleCloudPlatform/inspec-gcp-cis-benchmark/issues/92/1087356454@ github.com>

-- -------- Aaron Lippold ***@***.*** 260-255-4779 twitter/aim/yahoo,etc. 'aaronlippold'

[Clausewitz45]

Hi, I think you guys have the wrong project. This wouldn’t be the right support channel to answer those questions.
On Mon, Apr 4, 2022 at 06:03 Csaba SÁRI @.> wrote: Hi Team, I have the same request regarding external tables. We have a bunch of files in GCS, and the tables are basically the pointers only to the CSV content there. They exists in BigQuery, but the content is coming from an already CMEK protected GCS bucket. Can these type of tables are excluded too? — Reply to this email directly, view it on GitHub <#92 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALK42F26DYEXSHNLZSMYQ3VDK45LANCNFSM5SNSTCNA . You are receiving this because you are subscribed to this thread.Message ID: </issues/92/1087356454@ github.com>
-- -------- Aaron Lippold @. 260-255-4779 twitter/aim/yahoo,etc. 'aaronlippold'

I'm sorry if this was some misunderstanding. I was running this benchmarks against our GCP projects, and received false alerts on BigQuery tables for missing CMEK on resources, where I cannot assign keys because they are views, or external tables.