data "google_compute_image" "this" { family = "debian-10" project = "debian-cloud" } resource "google_compute_project_metadata_item" "this" { key = "test" value = "TRUE" } resource "google_compute_instance" "this" { name = var.instance_name machine_type = var.machine_type zone = var.zone boot_disk { initialize_params { image = data.google_compute_image.this.self_link } } network_interface { network = var.network } metadata = { enable-oslogin = "FALSE" } labels = { custodianrule = "ecc-gcp-194-oslogin_disabled_for_instance" compliancestatus = "red" } }