github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/container/use_rbac_permissions.tf.go (about) 1 package container 2 3 var terraformUseRbacPermissionsGoodExamples = []string{ 4 ` 5 resource "azurerm_kubernetes_cluster" "good_example" { 6 // azurerm < 2.99.0 7 role_based_access_control { 8 enabled = true 9 } 10 11 // azurerm >= 2.99.0 12 role_based_access_control_enabled = true 13 } 14 `, ` 15 resource "azurerm_kubernetes_cluster" "aks_cluster" { 16 name = var.name 17 location = var.location 18 resource_group_name = var.resource_group_name 19 dns_prefix = var.name 20 kubernetes_version = var.cluster_version 21 api_server_authorized_ip_ranges = var.ip_whitelist 22 azure_policy_enabled = true 23 default_node_pool { 24 name = "default" 25 enable_auto_scaling = true 26 min_count = var.node_min_count 27 max_count = var.node_max_count 28 max_pods = var.pod_max_count # If you don't specify only allows 30 pods 29 vm_size = var.vm_size 30 os_disk_size_gb = 250 # default 30GB 31 vnet_subnet_id = var.vnet_subnet_id 32 } 33 34 network_profile { 35 network_plugin = "azure" 36 network_policy = "azure" 37 } 38 39 identity { 40 type = "SystemAssigned" 41 } 42 43 azure_active_directory_role_based_access_control { 44 managed = true 45 azure_rbac_enabled = true 46 admin_group_object_ids = [data.azuread_group.aks_admins.object_id] 47 } 48 49 } 50 `, 51 } 52 53 var terraformUseRbacPermissionsBadExamples = []string{ 54 ` 55 resource "azurerm_kubernetes_cluster" "bad_example" { 56 // azurerm < 2.99.0 57 role_based_access_control { 58 enabled = false 59 } 60 61 // azurerm >= 2.99.0 62 role_based_access_control_enabled = false 63 } 64 `, 65 } 66 67 var terraformUseRbacPermissionsLinks = []string{ 68 `https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html#role_based_access_control`, 69 } 70 71 var terraformUseRbacPermissionsRemediationMarkdown = ``