fix(keyExpectedValue): ansible-gcp queries convert to a recommendatio…

…n rather than a current status

assets/queries/ansible/gcp/client_certificate_disabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_cluster.master_auth is defined",
+		"keyExpectedValue": "gcp_container_cluster.master_auth should be defined",
 		"keyActualValue": "gcp_container_cluster.master_auth is undefined",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.master_auth", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_cluster.master_auth.client_certificate_config is defined",
+		"keyExpectedValue": "gcp_container_cluster.master_auth.client_certificate_config should be defined",
 		"keyActualValue": "gcp_container_cluster.master_auth.client_certificate_config is undefined",
 	}
 }
@@ -54,7 +54,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.master_auth.client_certificate_config.issue_client_certificate", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_container_cluster.master_auth.password is true",
+		"keyExpectedValue": "gcp_container_cluster.master_auth.password should be true",
 		"keyActualValue": "gcp_container_cluster.master_auth.password is false",
 	}
 }

assets/queries/ansible/gcp/cloud_dns_without_dnnsec/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_dns_managed_zone.dnssec_config is defined",
+		"keyExpectedValue": "gcp_dns_managed_zone.dnssec_config should be defined",
 		"keyActualValue": "gcp_dns_managed_zone.dnssec_config is undefined",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.dnssec_config", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_dns_managed_zone.dnssec_config.state is defined",
+		"keyExpectedValue": "gcp_dns_managed_zone.dnssec_config.state should be defined",
 		"keyActualValue": "gcp_dns_managed_zone.dnssec_config.state is undefined",
 	}
 }
@@ -54,7 +54,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.dnssec_config.state", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_dns_managed_zone.dnssec_config.state is equal to 'on'",
+		"keyExpectedValue": "gcp_dns_managed_zone.dnssec_config.state should equal to 'on'",
 		"keyActualValue": "gcp_dns_managed_zone.dnssec_config.state is not equal to 'on'",
 	}
 }

assets/queries/ansible/gcp/cloud_sql_instance_with_contained_database_authentication_on/query.rego

@@ -17,7 +17,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.settings.database_flags", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "cloud_gcp_sql_instance.settings.database_flags are correct",
+		"keyExpectedValue": "cloud_gcp_sql_instance.settings.database_flags should be correct",
 		"keyActualValue": "cloud_gcp_sql_instance.settings.database_flags.name is 'contained database authentication' and cloud_gcp_sql_instance.settings.database_flags.value is not 'off'",
 	}
 }

assets/queries/ansible/gcp/cloud_sql_instance_with_cross_db_ownership_chaining_on/query.rego

@@ -17,7 +17,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.settings.database_flags", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "{{cloud_gcp_sql_instance}}.settings.database_flags are correct",
+		"keyExpectedValue": "{{cloud_gcp_sql_instance}}.settings.database_flags should be correct",
 		"keyActualValue": "{{cloud_gcp_sql_instance}}.settings.database_flags.name is 'cross db ownership chaining' and cloud_gcp_sql_instance.settings.database_flags.value is not 'off'",
 	}
 }

assets/queries/ansible/gcp/cloud_storage_anonymous_or_publicly_accessible/query.rego

@@ -19,7 +19,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_storage_bucket.default_object_acl is defined",
+		"keyExpectedValue": "gcp_storage_bucket.default_object_acl should be defined",
 		"keyActualValue": "gcp_storage_bucket.default_object_acl is undefined",
 	}
 }
@@ -37,7 +37,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.acl.entity", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_storage_bucket.acl.entity isn't 'allUsers' or 'allAuthenticatedUsers'",
+		"keyExpectedValue": "gcp_storage_bucket.acl.entity should not be 'allUsers' or 'allAuthenticatedUsers'",
 		"keyActualValue": "gcp_storage_bucket.acl.entity is 'allUsers' or 'allAuthenticatedUsers'",
 	}
 }
@@ -56,7 +56,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.default_object_acl.entity", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_storage_bucket.default_object_acl.entity isn't 'allUsers' or 'allAuthenticatedUsers'",
+		"keyExpectedValue": "gcp_storage_bucket.default_object_acl.entity should not be 'allUsers' or 'allAuthenticatedUsers'",
 		"keyActualValue": "gcp_storage_bucket.default_object_acl.entity is 'allUsers' or 'allAuthenticatedUsers'",
 	}
 }

assets/queries/ansible/gcp/cloud_storage_bucket_logging_not_enabled/query.rego

@@ -17,7 +17,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_storage_bucket.logging is defined",
+		"keyExpectedValue": "gcp_storage_bucket.logging should be defined",
 		"keyActualValue": "gcp_storage_bucket.logging is undefined",
 	}
 }

assets/queries/ansible/gcp/cloud_storage_bucket_versioning_disabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_storage_bucket.versioning is defined",
+		"keyExpectedValue": "gcp_storage_bucket.versioning should be defined",
 		"keyActualValue": "gcp_storage_bucket.versioning is undefined",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.versioning.enabled", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_storage_bucket.versioning.enabled is true",
+		"keyExpectedValue": "gcp_storage_bucket.versioning.enabled should be true",
 		"keyActualValue": "gcp_storage_bucket.versioning.enabled is false",
 	}
 }

assets/queries/ansible/gcp/cluster_labels_disabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": sprintf("%s is defined and not null", [modules[m]]),
+		"keyExpectedValue": sprintf("%s should be defined and not null", [modules[m]]),
 		"keyActualValue": sprintf("%s is undefined and null", [modules[m]]),
 	}
 }

assets/queries/ansible/gcp/cluster_master_authentication_disabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_cluster.master_auth is defined and not null",
+		"keyExpectedValue": "gcp_container_cluster.master_auth should be defined and not null",
 		"keyActualValue": "gcp_container_cluster.master_auth is undefined or null",
 	}
 }
@@ -38,7 +38,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.master_auth", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": sprintf("gcp_container_cluster.master_auth.%s is defined and not null", [field]),
+		"keyExpectedValue": sprintf("gcp_container_cluster.master_auth.%s should be defined and not null", [field]),
 		"keyActualValue": sprintf("gcp_container_cluster.master_auth.%s is undefined or null", [field]),
 	}
 }

assets/queries/ansible/gcp/disk_encryption_disabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_compute_disk.disk_encryption_key is defined and not null",
+		"keyExpectedValue": "gcp_compute_disk.disk_encryption_key should be defined and not null",
 		"keyActualValue": "gcp_compute_disk.disk_encryption_key is undefined or null",
 	}
 }
@@ -37,7 +37,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.disk_encryption_key", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_compute_disk.disk_encryption_key.raw_key or gcp_compute_disk.disk_encryption_key.kms_key_name is defined and not null",
+		"keyExpectedValue": "gcp_compute_disk.disk_encryption_key.raw_key or gcp_compute_disk.disk_encryption_key.kms_key_name should be defined and not null",
 		"keyActualValue": "gcp_compute_disk.disk_encryption_key.raw_key and gcp_compute_disk.disk_encryption_key.kms_key_name are undefined or null",
 	}
 }

assets/queries/ansible/gcp/gke_basic_authentication_enabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_cluster.master_auth is defined",
+		"keyExpectedValue": "gcp_container_cluster.master_auth should be defined",
 		"keyActualValue": "gcp_container_cluster.master_auth is undefined",
 	}
 }
@@ -38,7 +38,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.master_auth", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": sprintf("gcp_container_cluster.master_auth.%s is defined", [fields[f]]),
+		"keyExpectedValue": sprintf("gcp_container_cluster.master_auth.%s should be defined", [fields[f]]),
 		"keyActualValue": sprintf("gcp_container_cluster.master_auth.%s is undefined", [fields[f]]),
 	}
 }
@@ -58,7 +58,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.master_auth.%s", [task.name, modules[m], fields[f]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": sprintf("gcp_container_cluster.master_auth.%s is empty", [fields[f]]),
+		"keyExpectedValue": sprintf("gcp_container_cluster.master_auth.%s should be empty", [fields[f]]),
 		"keyActualValue": sprintf("gcp_container_cluster.master_auth.%s is not empty", [fields[f]]),
 	}
 }

assets/queries/ansible/gcp/gke_master_authorized_networks_disabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_cluster.master_authorized_networks_config is defined",
+		"keyExpectedValue": "gcp_container_cluster.master_authorized_networks_config should be defined",
 		"keyActualValue": "gcp_container_cluster.master_authorized_networks_config is undefined",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.master_authorized_networks_config", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_cluster.master_authorized_networks_config.enabled is defined",
+		"keyExpectedValue": "gcp_container_cluster.master_authorized_networks_config.enabled should be defined",
 		"keyActualValue": "gcp_container_cluster.master_authorized_networks_config.enabled is undefined",
 	}
 }
@@ -54,7 +54,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.master_authorized_networks_config.enabled", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_container_cluster.master_authorized_networks_config.enabled is true",
+		"keyExpectedValue": "gcp_container_cluster.master_authorized_networks_config.enabled should be true",
 		"keyActualValue": "gcp_container_cluster.master_authorized_networks_config.enabled is false",
 	}
 }

assets/queries/ansible/gcp/google_compute_ssl_policy_weak_cipher_in_use/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_compute_ssl_policy has min_tls_version set to 'TLS_1_2'",
+		"keyExpectedValue": "gcp_compute_ssl_policy has min_tls_version should be set to 'TLS_1_2'",
 		"keyActualValue": "gcp_compute_ssl_policy does not have min_tls_version set to 'TLS_1_2'",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.min_tls_version", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_compute_ssl_policy.min_tls_version has min_tls_version set to 'TLS_1_2'",
+		"keyExpectedValue": "gcp_compute_ssl_policy.min_tls_version has min_tls_version should be set to 'TLS_1_2'",
 		"keyActualValue": "gcp_compute_ssl_policy.min_tls_version does not have min_tls_version set to 'TLS_1_2'",
 	}
 }

assets/queries/ansible/gcp/google_compute_subnetwork_with_private_google_access_disabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": sprintf("%s.private_ip_google_access is defined and not null", [modules[m]]),
+		"keyExpectedValue": sprintf("%s.private_ip_google_access should be defined and not null", [modules[m]]),
 		"keyActualValue": sprintf("%s.private_ip_google_access is undefined or null", [modules[m]]),
 		"searchLine": common_lib.build_search_line(["playbooks", t, modules[m]], []),
 	}
@@ -37,7 +37,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.private_ip_google_access", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue":  sprintf("%s.private_ip_google_access is set to yes", [modules[m]]),
+		"keyExpectedValue":  sprintf("%s.private_ip_google_access should be set to yes", [modules[m]]),
 		"keyActualValue": sprintf("%s.private_ip_google_access is set to no", [modules[m]]),
 		"searchLine": common_lib.build_search_line(["playbooks", t, modules[m], "private_ip_google_access"], []),
 	}

assets/queries/ansible/gcp/google_container_node_pool_auto_repair_disabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_node_pool.management is defined",
+		"keyExpectedValue": "gcp_container_node_pool.management should be defined",
 		"keyActualValue": "gcp_container_node_pool.management is undefined",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.management.auto_repair", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_container_node_pool.management.auto_repair is set to true",
+		"keyExpectedValue": "gcp_container_node_pool.management.auto_repair should be set to true",
 		"keyActualValue": "gcp_container_node_poolmanagement.auto_repair is set to false",
 	}
 }

assets/queries/ansible/gcp/high_google_kms_crypto_key_rotation_period/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_kms_key_ring.rotation_period is defined",
+		"keyExpectedValue": "gcp_kms_key_ring.rotation_period should be defined",
 		"keyActualValue": "gcp_kms_key_ring.rotation_period is undefined",
 	}
 }
@@ -37,7 +37,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.rotation_period", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_kms_key_ring.rotation_period is >= 7776000",
+		"keyExpectedValue": "gcp_kms_key_ring.rotation_period should be >= 7776000",
 		"keyActualValue": "gcp_kms_key_ring.rotation_period is < 7776000",
 	}
 }

assets/queries/ansible/gcp/high_kms_rotation_period/query.rego

@@ -20,7 +20,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.rotation_period", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_kms_crypto_key.rotation_period is at most '315356000s'",
+		"keyExpectedValue": "gcp_kms_crypto_key.rotation_period should be at most '315356000s'",
 		"keyActualValue": "gcp_kms_crypto_key.rotation_period is greater than '315356000s'",
 	}
 }
@@ -38,7 +38,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_kms_crypto_key.rotation_period is set",
+		"keyExpectedValue": "gcp_kms_crypto_key.rotation_period should be set",
 		"keyActualValue": "gcp_kms_crypto_key.rotation_period is undefined",
 	}
 }

assets/queries/ansible/gcp/ip_aliasing_disabled/query.rego

@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_cluster.ip_allocation_policy is defined",
+		"keyExpectedValue": "gcp_container_cluster.ip_allocation_policy should be defined",
 		"keyActualValue": "gcp_container_cluster.ip_allocation_policy is undefined",
 	}
 }
@@ -36,7 +36,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.ip_allocation_policy", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_cluster.ip_allocation_policy.use_ip_aliases is set to true",
+		"keyExpectedValue": "gcp_container_cluster.ip_allocation_policy.use_ip_aliases should be set to true",
 		"keyActualValue": "gcp_container_cluster.ip_allocation_policy.use_ip_aliases is undefined",
 	}
 }
@@ -54,7 +54,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.ip_allocation_policy.use_ip_aliases", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_container_cluster.ip_allocation_policy.use_ip_aliases is true",
+		"keyExpectedValue": "gcp_container_cluster.ip_allocation_policy.use_ip_aliases should be true",
 		"keyActualValue": "gcp_container_cluster.ip_allocation_policy.use_ip_aliases is false",
 	}
 }

assets/queries/ansible/gcp/mysql_instance_with_local_infile_on/query.rego

@@ -17,7 +17,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.settings.database_flags", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "cloud_gcp_sql_instance.settings.database_flags are correct",
+		"keyExpectedValue": "cloud_gcp_sql_instance.settings.database_flags should be correct",
 		"keyActualValue": "cloud_gcp_sql_instance.settings.database_flags.name is 'local_infile' and cloud_gcp_sql_instance.settings.database_flags.value is not 'off'",
 	}
 }

assets/queries/ansible/gcp/network_policy_disabled/query.rego

@@ -20,7 +20,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": sprintf("gcp_container_cluster.%s is defined", [fields[f]]),
+		"keyExpectedValue": sprintf("gcp_container_cluster.%s should be defined", [fields[f]]),
 		"keyActualValue": sprintf("gcp_container_cluster.%s is undefined", [fields[f]]),
 	}
 }
@@ -38,7 +38,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.addons_config", [task.name, modules[m]]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": "gcp_container_cluster.addons_config.network_policy_config is defined",
+		"keyExpectedValue": "gcp_container_cluster.addons_config.network_policy_config should be defined",
 		"keyActualValue": "gcp_container_cluster.addons_config.network_policy_config is undefined",
 	}
 }
@@ -56,7 +56,7 @@ CxPolicy[result] {
 		"resourceName": task.name,
 		"searchKey": sprintf("name={{%s}}.{{%s}}.network_policy.enabled", [task.name, modules[m]]),
 		"issueType": "IncorrectValue",
-		"keyExpectedValue": "gcp_container_cluster.network_policy.enabled is true",
+		"keyExpectedValue": "gcp_container_cluster.network_policy.enabled should be true",
 		"keyActualValue": "gcp_container_cluster.network_policy.enabled is false",
 	}
 }