gcp-sql v5.12.1 - Authorized network approvals now respect approved CIDR ranges
Jul 13, 2026•GuardrailsMods
Bug fixes
- The GCP > SQL > Instance > Authorized Network > Approved control now approves an authorized network entry when it falls within an approved CIDR range, instead of requiring an exact match. Previously an entry such as 203.0.113.50/32 was flagged as unapproved — and removed when set to enforce — even when the Approved > CIDR Ranges policy allowed 203.0.113.0/24. The policy also now accepts /31 and /32 masks, so single hosts can be listed in CIDR notation.
- Alarms from the GCP > SQL > Instance > Authorized Network > Approved control now name the offending authorized networks and include the approved entries and the configured allow-list in the control details, so operators can see exactly what needs attention without inspecting the raw resource. The control also no longer errors on instances that have no authorized networks configured.