16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
44 lines
883 B
Plaintext
44 lines
883 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
resource "azurerm_role_assignment" "example" {
|
|
scope = data.azurerm_subscription.primary.id # Sensitive
|
|
role_definition_name = "Reader"
|
|
principal_id = data.azuread_user.user.object_id
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,terraform]
|
|
----
|
|
resource "azurerm_role_assignment" "example" {
|
|
scope = azurerm_resource_group.example.id
|
|
role_definition_name = "Reader"
|
|
principal_id = data.azuread_user.user.object_id
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
=== Highlighting
|
|
|
|
Highlight the `scope` property from the `azurerm_role_assignment` block
|
|
|
|
|
|
endif::env-github,rspecator-view[] |