Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(bicep): adding bicep support #6980

Merged
merged 181 commits into from
May 15, 2024
Merged

feat(bicep): adding bicep support #6980

Show file tree
Hide file tree
Changes from 178 commits
Commits
Show all changes
181 commits
Select commit Hold shift + click to select a range
422312d
initial setup changes
JulioSCX Apr 2, 2024
2468d7a
created antlr for bicep
JulioSCX Apr 2, 2024
8f30126
generation of antlr files for parser
ArturRibeiro-CX Apr 2, 2024
561d66c
visit resource, param & var implementation
ArturRibeiro-CX Apr 2, 2024
768301d
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 3, 2024
2b1b1c5
fixed functioncall grammar
JulioSCX Apr 3, 2024
094c916
generating payload for bicep files
JulioSCX Apr 3, 2024
7b39ad9
fixed parsing of function call
ArturRibeiro-CX Apr 3, 2024
77beeeb
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 3, 2024
1a1efc5
fix grammar for arrays
ArturRibeiro-CX Apr 3, 2024
9942546
added parsing for corner cases
JulioSCX Apr 3, 2024
84d382c
small adjustments in return values and linting problems
ArturRibeiro-CX Apr 4, 2024
c410d6b
fix types from literal value
ArturRibeiro-CX Apr 4, 2024
ba8f644
changes to grammar for secure decorator
ArturRibeiro-CX Apr 4, 2024
c02c510
added parsing for secure decorators and function call with dot
JulioSCX Apr 4, 2024
db8a355
adding variables and parameters label
JulioSCX Apr 5, 2024
3f035cf
Added function to parse chained dots and function calls
JulioSCX Apr 8, 2024
a471a00
Merge branch 'master' into bicep-kics-1313
JulioSCX Apr 8, 2024
a177f92
fixed decorators in parameters
JulioSCX Apr 8, 2024
6569320
changed identifier type assertions
JulioSCX Apr 8, 2024
bda9c77
changed interpstring type assertions
JulioSCX Apr 8, 2024
0b59e14
added type assertion error checking to prevent crashes
JulioSCX Apr 8, 2024
3959557
improved type assertion error checking
JulioSCX Apr 8, 2024
6acb50e
improved type assertion error handling
JulioSCX Apr 8, 2024
3349a61
unit tests for parameters, variables and completed bicep file
ArturRibeiro-CX Apr 8, 2024
1ff1043
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
ArturRibeiro-CX Apr 8, 2024
8661c63
added go get antlr4 to go.mod
ArturRibeiro-CX Apr 8, 2024
d95f727
added some more unit tests for go coverage
ArturRibeiro-CX Apr 8, 2024
9828092
fix parameters parser and delete comments
ArturRibeiro-CX Apr 8, 2024
71ce7cf
fixed crash when object expression is null
JulioSCX Apr 9, 2024
d71430f
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX Apr 9, 2024
24ddfb4
changed visitexpression default return value
JulioSCX Apr 9, 2024
8a95b76
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 9, 2024
4e8ccf6
params changes
JulioSCX Apr 9, 2024
4600d19
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX Apr 9, 2024
b33dbe5
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 9, 2024
fb1c786
fix property naming
ArturRibeiro-CX Apr 9, 2024
2730eab
fix more property naming
ArturRibeiro-CX Apr 9, 2024
9da4bd3
fixed brackets in arrays
JulioSCX Apr 10, 2024
799f191
fixed functions in parameters
JulioSCX Apr 10, 2024
98efc5f
replaced slices with new function
JulioSCX Apr 10, 2024
8257207
fix unit tests and dotFunction in parameters
ArturRibeiro-CX Apr 10, 2024
04c8f2b
fix unit tests and added more use cases
ArturRibeiro-CX Apr 10, 2024
3bccb1a
lint fixes
JulioSCX Apr 10, 2024
82f0876
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX Apr 10, 2024
53ece3a
lint fixes
JulioSCX Apr 10, 2024
2aaaa9d
lint fix
JulioSCX Apr 10, 2024
d247454
fix linting problems
ArturRibeiro-CX Apr 10, 2024
b2484c1
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 10, 2024
8375b0c
fix gocyclo linting and constant parenthesis addition
ArturRibeiro-CX Apr 10, 2024
537f32b
fix naming const variable to camel case
ArturRibeiro-CX Apr 10, 2024
27592fc
fix decorator parsing and unit tests
ArturRibeiro-CX Apr 11, 2024
7e5c943
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 11, 2024
1b49631
grammar update to ignore fors
ArturRibeiro-CX Apr 11, 2024
9091b0c
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 11, 2024
d2678a1
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 11, 2024
fcb23a2
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 12, 2024
3023c94
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 12, 2024
ddb2652
added documentation for bicep support
ArturRibeiro-CX Apr 12, 2024
83d6c7f
improvements to platforms documentation regarding bicep
ArturRibeiro-CX Apr 15, 2024
99b4bc3
Fix phrase construction on documentation
ArturRibeiro-CX Apr 15, 2024
66b316f
fix typo on flag usage
ArturRibeiro-CX Apr 15, 2024
e135c42
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 15, 2024
04ff09f
Merge branch 'master' of https://github.com/Checkmarx/kics into bicep…
ArturRibeiro-CX Apr 17, 2024
e4a3a6c
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 17, 2024
f1f6e7c
add generated files from antlr to coverageignore
ArturRibeiro-CX Apr 17, 2024
e35d085
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
ArturRibeiro-CX Apr 17, 2024
6d66475
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 18, 2024
85e91d2
added bicep line detection
JulioSCX Apr 18, 2024
68122a2
lint fixes
JulioSCX Apr 18, 2024
cfdddff
lint fixes
JulioSCX Apr 18, 2024
edb9c7f
update antlr make dkr-build-antlr
cxMiguelSilva Apr 18, 2024
5899131
update .golangci to skip bicep directory
ArturRibeiro-CX Apr 18, 2024
b8c21f1
added unit test for kics lines
ArturRibeiro-CX Apr 18, 2024
5fec549
fixing lines not working on some queries
JulioSCX Apr 18, 2024
809434a
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX Apr 18, 2024
07fa9e5
remove unnecessary verifications
ArturRibeiro-CX Apr 18, 2024
7a7305d
increase unit tests coverage
ArturRibeiro-CX Apr 18, 2024
7a51eae
Merge branch 'master' into bicep-kics-1313
JulioSCX Apr 18, 2024
1db2483
increasing test coverage in unit tests
ArturRibeiro-CX Apr 19, 2024
131563e
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
ArturRibeiro-CX Apr 19, 2024
2dd6947
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 19, 2024
e53a2ab
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 19, 2024
eb1203d
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 19, 2024
84d3319
added bicep query tests
ArturRibeiro-CX Apr 22, 2024
cba79da
finished query testing
JulioSCX Apr 22, 2024
40d3b2b
changed kics lines in parameters
JulioSCX Apr 22, 2024
e0d93a0
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 22, 2024
22eb183
fix unit tests with new kics lines for parameters
ArturRibeiro-CX Apr 22, 2024
f407875
added bicep tests for hardcoded securestring query
ArturRibeiro-CX Apr 22, 2024
753fd54
added bicep tests for app service authentication not set query
ArturRibeiro-CX Apr 22, 2024
09937df
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 24, 2024
4ddedfb
updated bicep tests for default storage account too permissive query
JulioSCX Apr 24, 2024
9d7ec7a
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX Apr 24, 2024
360b9fa
fixed unit tests for resources
ArturRibeiro-CX Apr 24, 2024
16083da
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 24, 2024
e059263
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 25, 2024
9a0cd20
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 30, 2024
60aa2a7
added disable secrets disclaimer to docs
ArturRibeiro-CX Apr 30, 2024
577cd09
fix unit tests for bicep completed file
ArturRibeiro-CX Apr 30, 2024
f50ffd7
added test files for postgres1
JulioSCX Apr 30, 2024
b3d04bc
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX Apr 30, 2024
6022008
added test files for postgres2
JulioSCX Apr 30, 2024
e96f5ca
added test files for postgres3
JulioSCX Apr 30, 2024
1d169b1
added test files for postgres4
JulioSCX Apr 30, 2024
abb9bc2
added test files for low retention days query
JulioSCX Apr 30, 2024
39ad94c
added test files for auditing query
JulioSCX Apr 30, 2024
3eeb71f
early implementation of nested resources formatting
JulioSCX Apr 30, 2024
72fba13
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX Apr 30, 2024
e7c9a01
update unit tests for bicep nested resources
ArturRibeiro-CX May 2, 2024
c285681
improved nested function
JulioSCX May 2, 2024
e83d28b
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX May 3, 2024
ae3cc3d
fixed bicep tests
JulioSCX May 3, 2024
2a98cba
Merge branch 'master' into bicep-kics-1313
JulioSCX May 3, 2024
85eb2a8
added unit tests for arm storage blob and storage rwd queries
ArturRibeiro-CX May 3, 2024
059ae26
improved nested resources functions
JulioSCX May 3, 2024
889d64a
lint fixes
JulioSCX May 3, 2024
344dc2c
lint fixes
JulioSCX May 3, 2024
46ec0f0
lint
JulioSCX May 3, 2024
c1d1179
fixed support for non-sequential nested resources
JulioSCX May 6, 2024
e45909a
added safety verification in nested resources function
JulioSCX May 6, 2024
b2cd4cd
added more protection against panics
JulioSCX May 7, 2024
c39a1fd
fixed typos
JulioSCX May 7, 2024
f0203ea
fixed redundant assignment
JulioSCX May 7, 2024
d89e441
upgraded aws back to 1.26.1
JulioSCX May 7, 2024
afecbfa
added analyzer test for bicep
JulioSCX May 7, 2024
ad46770
grammar update to parse expression with double COL
ArturRibeiro-CX May 7, 2024
027ad43
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
ArturRibeiro-CX May 7, 2024
70416b2
update bicep grammar to parse comments correctly
ArturRibeiro-CX May 7, 2024
dfb1d81
update grammar to parse outputs
ArturRibeiro-CX May 7, 2024
b24eb43
added safety verifications to interpstring visitor
JulioSCX May 8, 2024
fe81dc5
added new elements to grammar to account for more possibilities
JulioSCX May 8, 2024
a23eabc
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX May 8, 2024
279d8fa
update bicep grammar to include new elements and safety verifications
ArturRibeiro-CX May 8, 2024
973eb5b
fixed issues with interpstring
JulioSCX May 8, 2024
8a51a9f
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX May 8, 2024
53d87c9
changed expression with COL to accept more use cases
ArturRibeiro-CX May 8, 2024
5d32054
added safety verifications to interpstring visitor and made it more r…
JulioSCX May 8, 2024
86c81a7
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX May 8, 2024
d326f38
improved interpString readability
JulioSCX May 8, 2024
0d35d7e
created function to remove reused code
JulioSCX May 8, 2024
c37df95
update go version for govulncheck
ArturRibeiro-CX May 8, 2024
b5527c4
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX May 8, 2024
edb1d8e
added metadata, imports and target scope to bicep grammar
ArturRibeiro-CX May 8, 2024
85fe3dd
support for more identifiers for panic handling
ArturRibeiro-CX May 9, 2024
c65767e
added modules and type to bicep grammar
ArturRibeiro-CX May 9, 2024
393e6d1
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX May 9, 2024
37861c7
fix identation from merge conflicts
ArturRibeiro-CX May 9, 2024
edbbe7d
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX May 9, 2024
45180ff
update imports to contain v2
ArturRibeiro-CX May 9, 2024
a70d473
changed grammar structure
JulioSCX May 9, 2024
621953a
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX May 9, 2024
c7f3574
added lambdaExpression to bicep grammar and fix lint
ArturRibeiro-CX May 9, 2024
9332f9a
update unit tests
ArturRibeiro-CX May 9, 2024
dc9cad0
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX May 9, 2024
0e38810
added missing contexts to visit identifier
ArturRibeiro-CX May 9, 2024
653fc73
Merge branch 'master' into bicep-kics-1313
JulioSCX May 9, 2024
3e8c366
fix gocyclo lint
ArturRibeiro-CX May 9, 2024
1b738d9
fix LOC on analyze test bicep
ArturRibeiro-CX May 9, 2024
54ee888
added security checks
JulioSCX May 9, 2024
45c4cbf
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
JulioSCX May 9, 2024
de1f32d
added safety checks
JulioSCX May 9, 2024
8f39af4
added safety checks
JulioSCX May 9, 2024
d14b1f3
Merge branch 'master' into bicep-kics-1313
JulioSCX May 9, 2024
db2a9ae
added safety verifications
JulioSCX May 10, 2024
b8814c5
update future improvements documentation for commands on comments
ArturRibeiro-CX May 10, 2024
019bcf2
refactored functions to make them simpler
JulioSCX May 13, 2024
85f6f46
added bicep to --type flag and scan help
ArturRibeiro-CX May 13, 2024
bc6451f
added documentation for bicep linting and file validation
ArturRibeiro-CX May 13, 2024
ebdccee
added unit tests for unsuported content on bicep files
ArturRibeiro-CX May 13, 2024
5cb18e7
Merge branch 'bicep-kics-1313' of https://github.com/Checkmarx/kics i…
ArturRibeiro-CX May 13, 2024
4c03d9b
update LOC count in analyzer_test and add Bicep to supported platform…
ArturRibeiro-CX May 13, 2024
e9d4f57
fix e2e outputs with Bicep addition
ArturRibeiro-CX May 13, 2024
f52979e
e2e addition for bicep results and payload
ArturRibeiro-CX May 13, 2024
dfaf29d
update analyze test for bicep
ArturRibeiro-CX May 13, 2024
81abbce
fix path -d flag
ArturRibeiro-CX May 13, 2024
43acf7a
fix file and id on E2E payload
ArturRibeiro-CX May 13, 2024
b913c16
Merge branch 'master' into bicep-kics-1313
ArturRibeiro-CX May 14, 2024
5494846
update parser resolve with max resolver depth flag value
ArturRibeiro-CX May 14, 2024
8c3a7a2
Merge branch 'master' into bicep-kics-1313
JulioSCX May 15, 2024
03b966d
solved conflicts in unrestricted ssh access query
JulioSCX May 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
1 change: 1 addition & 0 deletions .github/scripts/coverage/.coverageignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ pkg/engine/mock/*.go
*/**/*_test.go
**/*_mock.go
pkg/parser/jsonfilter/parser/jsonfilter*
pkg/parser/bicep/antlr/parser/bicep*
internal/sentry
1 change: 1 addition & 0 deletions .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,3 +137,4 @@ run:
- docs
- vendor
- pkg/parser/jsonfilter/parser
- pkg/parser/bicep/antlr
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ dkr-compose: ## build docker image and runs docker-compose up
.PHONY: dkr-build-antlr
dkr-build-antlr: ## build ANTLRv4 docker image and generate parser based on given grammar
@docker build -t antlr4-generator:dev -f ./docker/Dockerfile.antlr .
@docker run --rm -u $(id -u ${USER}):$(id -g ${USER}) -v $(pwd)/pkg/parser/jsonfilter/:/work -it antlr4-generator:dev
@docker run --rm -u $(id -u ${USER}):$(id -g ${USER}) -v $(pwd)/pkg/parser:/work -it antlr4-generator:dev

.PHONY: release
release: ## goreleaser --rm-dist
Expand Down
9 changes: 9 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/negative1.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAccountAdmins: true
emailAddresses: ['sample@email.com']
retentionDays: 4
state: 'Enabled'
}
}
9 changes: 9 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/negative2.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAccountAdmins: true
emailAddresses: ['sample@email.com']
retentionDays: 4
state: 'Enabled'
}
}
9 changes: 9 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/positive1.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAccountAdmins: false
emailAddresses: ['sample@email.com']
retentionDays: 4
state: 'Enabled'
}
}
8 changes: 8 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/positive2.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAddresses: ['sample@email.com']
retentionDays: 4
state: 'Enabled'
}
}
9 changes: 9 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/positive3.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAccountAdmins: false
emailAddresses: ['sample@email.com']
retentionDays: 4
state: 'Enabled'
}
}
8 changes: 8 additions & 0 deletions ...ts/queries/azureResourceManager/account_admins_not_notified_by_email/test/positive4.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resource sample_server_default 'Microsoft.Sql/servers/databases/securityAlertPolicies@2021-02-01-preview' = {
name: 'sample/server/default'
properties: {
emailAddresses: ['sample@email.com']
retentionDays: 4
state: 'Enabled'
}
}
24 changes: 24 additions & 0 deletions ...reResourceManager/account_admins_not_notified_by_email/test/positive_expected_result.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,29 @@
"severity": "INFO",
"line": 15,
"filename": "positive4.json"
},
{
"queryName": "Account Admins Not Notified By Email",
"severity": "INFO",
"line": 4,
"filename": "positive1.bicep"
},
{
"queryName": "Account Admins Not Notified By Email",
"severity": "INFO",
"line": 3,
"filename": "positive2.bicep"
},
{
"queryName": "Account Admins Not Notified By Email",
"severity": "INFO",
"line": 4,
"filename": "positive3.bicep"
},
{
"queryName": "Account Admins Not Notified By Email",
"severity": "INFO",
"line": 3,
"filename": "positive4.bicep"
}
]
34 changes: 34 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/negative1.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
networkProfile: {
networkPolicy: 'azure'
}
}
}
34 changes: 34 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/negative2.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
networkProfile: {
networkPolicy: 'azure'
}
}
}
31 changes: 31 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/positive1.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
}
}
34 changes: 34 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/positive2.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
networkProfile: {
networkPolicy: ''
}
}
}
31 changes: 31 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/positive3.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
}
}
34 changes: 34 additions & 0 deletions ...eries/azureResourceManager/aks_cluster_network_policy_not_configured/test/positive4.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
networkProfile: {
networkPolicy: ''
}
}
}
24 changes: 24 additions & 0 deletions ...ourceManager/aks_cluster_network_policy_not_configured/test/positive_expected_result.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,29 @@
"severity": "MEDIUM",
"line": 39,
"filename": "positive4.json"
},
{
"queryName": "AKS Cluster Network Policy Not Configured",
"severity": "MEDIUM",
"line": 2,
"filename": "positive1.bicep"
},
{
"queryName": "AKS Cluster Network Policy Not Configured",
"severity": "MEDIUM",
"line": 31,
"filename": "positive2.bicep"
},
{
"queryName": "AKS Cluster Network Policy Not Configured",
"severity": "MEDIUM",
"line": 2,
"filename": "positive3.bicep"
},
{
"queryName": "AKS Cluster Network Policy Not Configured",
"severity": "MEDIUM",
"line": 31,
"filename": "positive4.bicep"
}
]
32 changes: 32 additions & 0 deletions assets/queries/azureResourceManager/aks_cluster_rbac_disabled/test/negative1.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
resource aksCluster1 'Microsoft.ContainerService/managedClusters@2020-02-01' = {
name: 'aksCluster1'
location: resourceGroup().location
properties: {
enableRBAC: true
kubernetesVersion: '1.15.7'
dnsPrefix: 'dnsprefix'
agentPoolProfiles: [
{
name: 'agentpool'
count: 2
vmSize: 'Standard_A1'
osType: 'Linux'
storageProfile: 'ManagedDisks'
}
]
linuxProfile: {
adminUsername: 'adminUserName'
ssh: {
publicKeys: [
{
keyData: 'keyData'
}
]
}
}
servicePrincipalProfile: {
clientId: 'servicePrincipalAppId'
secret: 'servicePrincipalAppPassword'
}
}
}
Loading
Loading