github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/compute/disable_password_authentication.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/compute/disable_password_authentication.tf.go (about)

     1  package compute
     2  
     3  var terraformDisablePasswordAuthenticationGoodExamples = []string{
     4  	`
     5   resource "azurerm_linux_virtual_machine" "good_linux_example" {
     6     name                            = "good-linux-machine"
     7     resource_group_name             = azurerm_resource_group.example.name
     8     location                        = azurerm_resource_group.example.location
     9     size                            = "Standard_F2"
    10     admin_username                  = "adminuser"
    11     admin_password                  = "somePassword"
    12     
    13     admin_ssh_key {
    14       username   = "adminuser"
    15       public_key = file("~/.ssh/id_rsa.pub")
    16     }
    17   }
    18   
    19   resource "azurerm_virtual_machine" "good_example" {
    20   	name                            = "good-linux-machine"
    21   	resource_group_name             = azurerm_resource_group.example.name
    22   	location                        = azurerm_resource_group.example.location
    23   	size                            = "Standard_F2"
    24   	admin_username                  = "adminuser"
    25   
    26   	
    27   	os_profile_linux_config {
    28   		ssh_keys = [{
    29   			key_data = file("~/.ssh/id_rsa.pub")
    30   			path = "~/.ssh/id_rsa.pub"
    31   		}]
    32   
    33   		disable_password_authentication = true
    34   	}
    35   }
    36   `,
    37  }
    38  
    39  var terraformDisablePasswordAuthenticationBadExamples = []string{
    40  	`
    41   resource "azurerm_linux_virtual_machine" "bad_linux_example" {
    42     name                            = "bad-linux-machine"
    43     resource_group_name             = azurerm_resource_group.example.name
    44     location                        = azurerm_resource_group.example.location
    45     size                            = "Standard_F2"
    46     admin_username                  = "adminuser"
    47     admin_password                  = "somePassword"
    48     disable_password_authentication = false
    49   }
    50   
    51   resource "azurerm_virtual_machine" "bad_example" {
    52   	name                            = "bad-linux-machine"
    53   	resource_group_name             = azurerm_resource_group.example.name
    54   	location                        = azurerm_resource_group.example.location
    55   	size                            = "Standard_F2"
    56   	admin_username                  = "adminuser"
    57   	admin_password                  = "somePassword"
    58   
    59   	os_profile {
    60   		computer_name  = "hostname"
    61   		admin_username = "testadmin"
    62   		admin_password = "Password1234!"
    63   	}
    64   
    65   	os_profile_linux_config {
    66   		disable_password_authentication = false
    67   	}
    68     }
    69   `,
    70  }
    71  
    72  var terraformDisablePasswordAuthenticationLinks = []string{
    73  	`https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine#disable_password_authentication`, `https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine#disable_password_authentication`,
    74  }
    75  
    76  var terraformDisablePasswordAuthenticationRemediationMarkdown = ``