Skip to content

Commit

Permalink
add search value to Key Vault Not Recoverable
Browse files Browse the repository at this point in the history
  • Loading branch information
@JoaoAtGit
JoaoAtGit committed Jan 30, 2024
1 parent 1f4a7af commit a5dc694
Show file tree
Hide file tree
Showing 3 changed files with 204 additions and 1 deletion.
3 changes: 2 additions & 1 deletion assets/queries/azureResourceManager/key_vault_not_recoverable/query.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ CxPolicy[result] {
"keyExpectedValue": sprintf("resource with type 'Microsoft.KeyVault/vaults' should have '%s' property defined", [fields[x]]),
"keyActualValue": sprintf("resource with type 'Microsoft.KeyVault/vaults' doesn't have '%s' property defined", [fields[x]]),
"searchLine": common_lib.build_search_line(path, ["properties"]),

"searchValue": sprintf("%s",[fields[x]]),
}
}

Expand All @@ -45,5 +45,6 @@ CxPolicy[result] {
"keyExpectedValue": sprintf("resource with type 'Microsoft.KeyVault/vaults' %s should have '%s' property set to true", [type, fields[x]]),
"keyActualValue": sprintf("resource with type 'Microsoft.KeyVault/vaults' doesn't have '%s' property set to true", [fields[x]]),
"searchLine": common_lib.build_search_line(path, ["properties", fields[x]]),
"searchValue": sprintf("%s",[fields[x]]),
}
}
190 changes: 190 additions & 0 deletions assets/queries/azureResourceManager/key_vault_not_recoverable/test/positive5.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,190 @@
{
"properties": {
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "2.0.0.0",
"apiProfile": "2019-03-01-hybrid",
"parameters": {},
"variables": {},
"functions": [],
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2016-10-01",
"name": "[parameters('vaults_pgs_bot_prod_name')]",
"location": "westeurope",
"tags": {
"ProjectCodeBU": "UKMUMD",
"ApplicationName": "PGS HR Chatbot",
"ProjectCodePGDS": "PRJ0024896",
"CostCentreBU": "UKMUMD",
"DataClassification": "General",
"BusinessUnit": "PGS",
"Owner": "Pru UK Andover Innovation Team",
"Contact": "andover2@prudential.co.uk",
"CostCentrePGDS": "ITBUEXP",
"Criticality": "Low"
},
"properties": {
"sku": {
"family": "A",
"name": "standard"
},
"tenantId": "aa42167d-6f8d-45ce-b655-d245ef97da66",
"accessPolicies": [
{
"tenantId": "aa42167d-6f8d-45ce-b655-d245ef97da66",
"objectId": "f3e7baf5-8d66-4fb2-b7aa-7b7484309df6",
"permissions": {
"keys": [
"Get",
"Create",
"Delete",
"List",
"Update",
"Import",
"Backup",
"Restore",
"Recover"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Backup",
"Restore",
"Recover"
],
"certificates": [
"Get",
"Delete",
"List",
"Create",
"Import",
"Update",
"DeleteIssuers",
"GetIssuers",
"ListIssuers",
"ManageContacts",
"ManageIssuers",
"SetIssuers"
],
"storage": [
"delete",
"deletesas",
"get",
"getsas",
"list",
"listsas",
"regeneratekey",
"set",
"setsas",
"update"
]
}
},
{
"tenantId": "aa42167d-6f8d-45ce-b655-d245ef97da66",
"objectId": "1033a977-ffdc-4359-869a-b673d075f128",
"permissions": {
"keys": [],
"secrets": [
"Get"
],
"certificates": [],
"storage": []
}
},
{
"tenantId": "aa42167d-6f8d-45ce-b655-d245ef97da66",
"objectId": "13be5d2d-6e1f-4667-add4-02d2d1142ac5",
"permissions": {
"keys": [],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Backup",
"Restore",
"Recover",
"Purge"
],
"certificates": [],
"storage": []
}
},
{
"tenantId": "aa42167d-6f8d-45ce-b655-d245ef97da66",
"objectId": "e56a2de8-a788-415f-b10f-14bfd3000e1d",
"permissions": {
"keys": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"Decrypt",
"Encrypt",
"UnwrapKey",
"WrapKey",
"Verify",
"Sign",
"Purge"
],
"secrets": [
"Get",
"List",
"Set",
"Delete",
"Recover",
"Backup",
"Restore",
"Purge"
],
"certificates": [
"Get",
"List",
"Update",
"Create",
"Import",
"Delete",
"Recover",
"Backup",
"Restore",
"ManageContacts",
"ManageIssuers",
"GetIssuers",
"ListIssuers",
"SetIssuers",
"DeleteIssuers",
"Purge"
]
}
}
],
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false
}
}
],
"outputs": {}
},
"resourceGroup": "storageRG",
"parameters": {
"storageAccountType": {
"value": "[parameters('storageAccountType')]"
}
}
},
"kind": "template",
"id": "/providers/Microsoft.Management/managementGroups/ContosoOnlineGroup/providers/Microsoft.Blueprint/blueprints/simpleBlueprint/artifacts/storageTemplate",
"type": "Microsoft.Blueprint/blueprints/artifacts",
"name": "storageTemplate"
}
12 changes: 12 additions & 0 deletions ...queries/azureResourceManager/key_vault_not_recoverable/test/positive_expected_result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,17 @@
"severity": "HIGH",
"line": 41,
"fileName": "positive4.json"
},
{
"queryName": "Key Vault Not Recoverable",
"severity": "HIGH",
"line": 28,
"fileName": "positive5.json"
},
{
"queryName": "Key Vault Not Recoverable",
"severity": "HIGH",
"line": 28,
"fileName": "positive5.json"
}
]

0 comments on commit a5dc694

Please sign in to comment.