Google storage buckets should have an
encryption block to ensure that the data is encrypted at rest.
When specifying an
encryption block, by not including the optional
default_kms_key_name you are deferring to Google Provided Encryption.
The following example will fail the GCP002 check.
The following example will pass the GCP002 check.