github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/keyvault/ensure_secret_expiry.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/keyvault/ensure_secret_expiry.tf.go (about)

     1  package keyvault
     2  
     3  var terraformEnsureSecretExpiryGoodExamples = []string{
     4  	`
     5   resource "azurerm_key_vault_secret" "good_example" {
     6     name            = "secret-sauce"
     7     value           = "szechuan"
     8     key_vault_id    = azurerm_key_vault.example.id
     9     expiration_date = "1982-12-31T00:00:00Z"
    10   }
    11   `,
    12  	`
    13  resource "azuread_application" "myapp" {
    14    display_name = "MyAzureAD App"
    15  
    16    group_membership_claims = ["ApplicationGroup"]
    17    prevent_duplicate_names = true
    18  
    19  }
    20  
    21  resource "azuread_application_password" "myapp" {
    22    application_object_id = azuread_application.myapp.object_id
    23  }
    24  
    25  resource "azurerm_key_vault_secret" "myapp_pass" {
    26    name            = "myapp-oauth"
    27    value           = azuread_application_password.myapp.value
    28    key_vault_id    = azurerm_key_vault.cluster_key_vault.id
    29    expiration_date = azuread_application_password.myapp.end_date
    30    content_type    = "Password"
    31  }
    32  `,
    33  }
    34  
    35  var terraformEnsureSecretExpiryBadExamples = []string{
    36  	`
    37   resource "azurerm_key_vault_secret" "bad_example" {
    38     name         = "secret-sauce"
    39     value        = "szechuan"
    40     key_vault_id = azurerm_key_vault.example.id
    41   }
    42   `,
    43  }
    44  
    45  var terraformEnsureSecretExpiryLinks = []string{
    46  	`https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret#expiration_date`,
    47  }
    48  
    49  var terraformEnsureSecretExpiryRemediationMarkdown = ``