github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/storage/allow_microsoft_service_bypass.tf.go (about)

     1  package storage
     2  
     3  var terraformAllowMicrosoftServiceBypassGoodExamples = []string{
     4  	`
     5   resource "azurerm_storage_account" "good_example" {
     6     name                = "storageaccountname"
     7     resource_group_name = azurerm_resource_group.example.name
     8   
     9     location                 = azurerm_resource_group.example.location
    10     account_tier             = "Standard"
    11     account_replication_type = "LRS"
    12   
    13     network_rules {
    14       default_action             = "Deny"
    15       ip_rules                   = ["100.0.0.1"]
    16       virtual_network_subnet_ids = [azurerm_subnet.example.id]
    17       bypass                     = ["Metrics", "AzureServices"]
    18     }
    19   
    20     tags = {
    21       environment = "staging"
    22     }
    23   }
    24   
    25   resource "azurerm_storage_account_network_rules" "test" {
    26     resource_group_name  = azurerm_resource_group.test.name
    27     storage_account_name = azurerm_storage_account.test.name
    28   
    29     default_action             = "Allow"
    30     ip_rules                   = ["127.0.0.1"]
    31     virtual_network_subnet_ids = [azurerm_subnet.test.id]
    32     bypass                     = ["Metrics", "AzureServices"]
    33   }
    34   `,
    35  }
    36  
    37  var terraformAllowMicrosoftServiceBypassBadExamples = []string{
    38  	`
    39   resource "azurerm_storage_account" "bad_example" {
    40     name                = "storageaccountname"
    41     resource_group_name = azurerm_resource_group.example.name
    42   
    43     location                 = azurerm_resource_group.example.location
    44     account_tier             = "Standard"
    45     account_replication_type = "LRS"
    46   
    47     network_rules {
    48       default_action             = "Deny"
    49       ip_rules                   = ["100.0.0.1"]
    50       virtual_network_subnet_ids = [azurerm_subnet.example.id]
    51   	bypass                     = ["Metrics"]
    52     }
    53   
    54     tags = {
    55       environment = "staging"
    56     }
    57   }
    58   
    59   resource "azurerm_storage_account_network_rules" "test" {
    60     resource_group_name  = azurerm_resource_group.test.name
    61     storage_account_name = azurerm_storage_account.test.name
    62   
    63     default_action             = "Allow"
    64     ip_rules                   = ["127.0.0.1"]
    65     virtual_network_subnet_ids = [azurerm_subnet.test.id]
    66     bypass                     = ["Metrics"]
    67   }
    68   `,
    69  }
    70  
    71  var terraformAllowMicrosoftServiceBypassLinks = []string{
    72  	`https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#bypass`, `https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules#bypass`,
    73  }
    74  
    75  var terraformAllowMicrosoftServiceBypassRemediationMarkdown = ``