87 lines
1.7 KiB
Plaintext
87 lines
1.7 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
For https://azure.microsoft.com/fr-fr/services/kubernetes-service/[Azure Kubernetes Services]:
|
|
|
|
[source,terraform,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
resource "azurerm_kubernetes_cluster" "example" {
|
|
role_based_access_control {
|
|
enabled = false # Sensitive
|
|
}
|
|
}
|
|
|
|
resource "azurerm_kubernetes_cluster" "example2" {
|
|
role_based_access_control {
|
|
enabled = true
|
|
|
|
azure_active_directory {
|
|
managed = true
|
|
azure_rbac_enabled = false # Sensitive
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
For https://azure.microsoft.com/fr-fr/services/key-vault/[Key Vaults]:
|
|
|
|
[source,terraform,diff-id=2,diff-type=noncompliant]
|
|
----
|
|
resource "azurerm_key_vault" "example" {
|
|
enable_rbac_authorization = false # Sensitive
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
For https://azure.microsoft.com/fr-fr/services/kubernetes-service/[Azure Kubernetes Services]:
|
|
|
|
[source,terraform,diff-id=1,diff-type=compliant]
|
|
----
|
|
resource "azurerm_kubernetes_cluster" "example" {
|
|
role_based_access_control {
|
|
enabled = true
|
|
}
|
|
}
|
|
|
|
resource "azurerm_kubernetes_cluster" "example" {
|
|
role_based_access_control {
|
|
enabled = true
|
|
|
|
azure_active_directory {
|
|
managed = true
|
|
azure_rbac_enabled = true
|
|
}
|
|
}
|
|
}
|
|
----
|
|
|
|
For https://azure.microsoft.com/fr-fr/services/key-vault/[Key Vaults]:
|
|
|
|
[source,terraform,diff-id=2,diff-type=compliant]
|
|
----
|
|
resource "azurerm_key_vault" "example" {
|
|
enable_rbac_authorization = true
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
include::../highlighting.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|
|
|