fcda64cd35
## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
73 lines
1.4 KiB
Plaintext
73 lines
1.4 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
For Typical identity blocks:
|
|
|
|
[source,terraform,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
resource "azurerm_api_management" "example" { # Sensitive, the identity block is missing
|
|
name = "example"
|
|
publisher_name = "company"
|
|
}
|
|
----
|
|
|
|
For connections between Kusto Clusters and Azure Data Factory:
|
|
|
|
[source,terraform,diff-id=2,diff-type=noncompliant]
|
|
----
|
|
resource "azurerm_data_factory_linked_service_kusto" "example" {
|
|
name = "example"
|
|
use_managed_identity = false # Sensitive
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
For Typical identity blocks:
|
|
|
|
[source,terraform,diff-id=1,diff-type=compliant]
|
|
----
|
|
resource "azurerm_api_management" "example" {
|
|
name = "example"
|
|
publisher_name = "company"
|
|
|
|
identity {
|
|
type = "SystemAssigned"
|
|
}
|
|
}
|
|
----
|
|
|
|
For connections between Kusto Clusters and Azure Data Factory:
|
|
|
|
[source,terraform,diff-id=2,diff-type=compliant]
|
|
----
|
|
resource "azurerm_data_factory_linked_service_kusto" "example" {
|
|
name = "example"
|
|
use_managed_identity = true
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
Only for Azure Data Factory:
|
|
|
|
- Make sure that disabling Azure Managed Identities is safe here.
|
|
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|