-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(arm): add CKV_AZURE_191 to ensure that Managed identity provider is enabled for Azure Event Grid Topic #6496
feat(arm): add CKV_AZURE_191 to ensure that Managed identity provider is enabled for Azure Event Grid Topic #6496
Conversation
# Regular checks of the monitored path allow Azure App Service to route traffic based on availability." | ||
name = "Ensure that App Service configures health check" | ||
id = "CKV_AZURE_213" | ||
supported_resources = ('Microsoft.Web/sites', 'Microsoft.Web/sites/slots',) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can add Microsoft.Web/sites/config
to the supported resource_types.
supported_resources = ("Microsoft.EventGrid/topics",) | ||
categories = (CheckCategories.IAM,) | ||
super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be missing_block_result
passed, as the default value here is false.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was wrong, shouldnt be missing_block_result=CheckResult.PASSED
return "properties/publicNetworkAccess" | ||
|
||
def get_expected_value(self) -> str: | ||
return "disabled" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be Upper Case -> Disabled and Enabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, please fix my comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
return "properties/disableLocalAuth" | ||
|
||
def get_expected_value(self) -> bool: | ||
return False |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return False | |
return True |
supported_resources = ("Microsoft.EventGrid/topics",) | ||
categories = (CheckCategories.IAM,) | ||
super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was wrong, shouldnt be missing_block_result=CheckResult.PASSED
checkov/arm/checks/resource/EventgridTopicLocalAuthentication.py
Outdated
Show resolved
Hide resolved
… is enabled for Azure Event Grid Topic (bridgecrewio#6496) * feat(ARM): AppServiceSetHealthCheck CKV_AZURE_213 * feat(arm): CKV_AZURE_193 * feat(arm): CKV_AZURE_192 * feat(arm): CKV_AZURE_191 * fix * fix * git commit -m "Remove check * Update checkov/arm/checks/resource/EventgridTopicLocalAuthentication.py --------- Co-authored-by: Rachel <bb50305030@gmail.com> Co-authored-by: ChanochShayner <57212002+ChanochShayner@users.noreply.github.com>
… is enabled for Azure Event Grid Topic (bridgecrewio#6496) * feat(ARM): AppServiceSetHealthCheck CKV_AZURE_213 * feat(arm): CKV_AZURE_193 * feat(arm): CKV_AZURE_192 * feat(arm): CKV_AZURE_191 * fix * fix * git commit -m "Remove check * Update checkov/arm/checks/resource/EventgridTopicLocalAuthentication.py --------- Co-authored-by: Rachel <bb50305030@gmail.com> Co-authored-by: ChanochShayner <57212002+ChanochShayner@users.noreply.github.com>
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
Added new policy for -
EventgridTopicIdentityProviderEnabled - CKV_AZURE_191
Fixes # (issue)
New/Edited policies (Delete if not relevant)
Description
policy to ensure that Managed identity provider is enabled for Azure Event Grid Topic
Fix
How does someone fix the issue in code and/or in runtime?
Checklist: