github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/authorization/limit_role_actions.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/authorization/limit_role_actions.tf.go (about)

     1  package authorization
     2  
     3  var terraformLimitRoleActionsGoodExamples = []string{
     4  	`
     5   data "azurerm_subscription" "primary" {
     6   }
     7   
     8   resource "azurerm_role_definition" "example" {
     9     name        = "my-custom-role"
    10     scope       = data.azurerm_subscription.primary.id
    11     description = "This is a custom role created via Terraform"
    12   
    13     permissions {
    14       actions     = ["*"]
    15       not_actions = []
    16     }
    17   
    18     assignable_scopes = [
    19       data.azurerm_subscription.primary.id,
    20     ]
    21   }
    22   `,
    23  }
    24  
    25  var terraformLimitRoleActionsBadExamples = []string{
    26  	`
    27   data "azurerm_subscription" "primary" {
    28   }
    29   
    30   resource "azurerm_role_definition" "example" {
    31     name        = "my-custom-role"
    32     scope       = data.azurerm_subscription.primary.id
    33     description = "This is a custom role created via Terraform"
    34   
    35     permissions {
    36       actions     = ["*"]
    37       not_actions = []
    38     }
    39   
    40     assignable_scopes = [
    41       "/"
    42     ]
    43   }
    44   `,
    45  }
    46  
    47  var terraformLimitRoleActionsLinks = []string{
    48  	`https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition#actions`,
    49  }
    50  
    51  var terraformLimitRoleActionsRemediationMarkdown = ``