mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-05 20:40:16 -08:00
refactor(misconf): parse azure_policy_enabled to addonprofile.azurepolicy.enabled (#9851)
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
This commit is contained in:
Nikita Pivkin
@@ -33,7 +33,6 @@ func adaptCluster(resource *terraform.Block) container.KubernetesCluster {
|
|||||||
},
|
},
|
||||||
EnablePrivateCluster: iacTypes.BoolDefault(false, resource.GetMetadata()),
|
EnablePrivateCluster: iacTypes.BoolDefault(false, resource.GetMetadata()),
|
||||||
APIServerAuthorizedIPRanges: nil,
|
APIServerAuthorizedIPRanges: nil,
|
||||||
AzurePolicyEnabled: iacTypes.BoolDefault(false, resource.GetMetadata()),
|
|
||||||
DiskEncryptionSetID: iacTypes.StringDefault("", resource.GetMetadata()),
|
DiskEncryptionSetID: iacTypes.StringDefault("", resource.GetMetadata()),
|
||||||
AgentPools: []container.AgentPool{},
|
AgentPools: []container.AgentPool{},
|
||||||
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
||||||
@@ -71,24 +70,35 @@ func adaptCluster(resource *terraform.Block) container.KubernetesCluster {
|
|||||||
addonProfileBlock := resource.GetBlock("addon_profile")
|
addonProfileBlock := resource.GetBlock("addon_profile")
|
||||||
if addonProfileBlock.IsNotNil() {
|
if addonProfileBlock.IsNotNil() {
|
||||||
cluster.AddonProfile.Metadata = addonProfileBlock.GetMetadata()
|
cluster.AddonProfile.Metadata = addonProfileBlock.GetMetadata()
|
||||||
omsAgentBlock := addonProfileBlock.GetBlock("oms_agent")
|
if block := addonProfileBlock.GetBlock("oms_agent"); block.IsNotNil() {
|
||||||
if omsAgentBlock.IsNotNil() {
|
cluster.AddonProfile.OMSAgent = container.OMSAgent{
|
||||||
cluster.AddonProfile.OMSAgent.Metadata = omsAgentBlock.GetMetadata()
|
Metadata: block.GetMetadata(),
|
||||||
enabledAttr := omsAgentBlock.GetAttribute("enabled")
|
Enabled: block.GetAttribute("enabled").AsBoolValueOrDefault(false, block),
|
||||||
cluster.AddonProfile.OMSAgent.Enabled = enabledAttr.AsBoolValueOrDefault(false, omsAgentBlock)
|
}
|
||||||
}
|
}
|
||||||
azurePolicyBlock := addonProfileBlock.GetBlock("azure_policy")
|
|
||||||
if azurePolicyBlock.IsNotNil() {
|
if block := addonProfileBlock.GetBlock("azure_policy"); block.IsNotNil() {
|
||||||
cluster.AddonProfile.AzurePolicy.Metadata = azurePolicyBlock.GetMetadata()
|
cluster.AddonProfile.AzurePolicy = container.AzurePolicy{
|
||||||
enabledAttr := azurePolicyBlock.GetAttribute("enabled")
|
Metadata: block.GetMetadata(),
|
||||||
cluster.AddonProfile.AzurePolicy.Enabled = enabledAttr.AsBoolValueOrDefault(false, azurePolicyBlock)
|
Enabled: block.GetAttribute("enabled").AsBoolValueOrDefault(false, block),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// >= azurerm 2.97.0
|
// >= azurerm 2.97.0
|
||||||
if omsAgentBlock := resource.GetBlock("oms_agent"); omsAgentBlock.IsNotNil() {
|
if block := resource.GetBlock("oms_agent"); block.IsNotNil() {
|
||||||
cluster.AddonProfile.OMSAgent.Metadata = omsAgentBlock.GetMetadata()
|
cluster.AddonProfile.OMSAgent = container.OMSAgent{
|
||||||
cluster.AddonProfile.OMSAgent.Enabled = iacTypes.Bool(true, omsAgentBlock.GetMetadata())
|
Metadata: block.GetMetadata(),
|
||||||
|
Enabled: iacTypes.Bool(true, block.GetMetadata()),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// azurerm >= 3.0.0 - new syntax for azure policy
|
||||||
|
if attr := resource.GetAttribute("azure_policy_enabled"); attr.IsNotNil() {
|
||||||
|
cluster.AddonProfile.AzurePolicy = container.AzurePolicy{
|
||||||
|
Metadata: attr.GetMetadata(),
|
||||||
|
Enabled: attr.AsBoolValueOrDefault(false, resource),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// azurerm < 2.99.0
|
// azurerm < 2.99.0
|
||||||
@@ -112,12 +122,6 @@ func adaptCluster(resource *terraform.Block) container.KubernetesCluster {
|
|||||||
cluster.RoleBasedAccessControl.Enabled = enabledAttr.AsBoolValueOrDefault(false, block)
|
cluster.RoleBasedAccessControl.Enabled = enabledAttr.AsBoolValueOrDefault(false, block)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// azurerm >= 3.0.0 - new syntax for azure policy
|
|
||||||
if azurePolicyEnabledAttr := resource.GetAttribute("azure_policy_enabled"); azurePolicyEnabledAttr.IsNotNil() {
|
|
||||||
cluster.AzurePolicyEnabled = azurePolicyEnabledAttr.AsBoolValueOrDefault(false, resource)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if diskEncryptionSetIDAttr := resource.GetAttribute("disk_encryption_set_id"); diskEncryptionSetIDAttr.IsNotNil() {
|
if diskEncryptionSetIDAttr := resource.GetAttribute("disk_encryption_set_id"); diskEncryptionSetIDAttr.IsNotNil() {
|
||||||
|
|||||||
@@ -48,31 +48,20 @@ func Test_adaptCluster(t *testing.T) {
|
|||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
expected: container.KubernetesCluster{
|
expected: container.KubernetesCluster{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkProfile: container.NetworkProfile{
|
NetworkProfile: container.NetworkProfile{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
NetworkPolicy: iacTypes.StringTest("calico"),
|
||||||
NetworkPolicy: iacTypes.String("calico", iacTypes.NewTestMetadata()),
|
|
||||||
},
|
},
|
||||||
EnablePrivateCluster: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
|
EnablePrivateCluster: iacTypes.BoolTest(true),
|
||||||
APIServerAuthorizedIPRanges: []iacTypes.StringValue{
|
APIServerAuthorizedIPRanges: []iacTypes.StringValue{
|
||||||
iacTypes.String("1.2.3.4/32", iacTypes.NewTestMetadata()),
|
iacTypes.StringTest("1.2.3.4/32"),
|
||||||
},
|
},
|
||||||
AzurePolicyEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
DiskEncryptionSetID: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
AddonProfile: container.AddonProfile{
|
AddonProfile: container.AddonProfile{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
OMSAgent: container.OMSAgent{
|
OMSAgent: container.OMSAgent{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
Enabled: iacTypes.BoolTest(true),
|
||||||
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
AzurePolicy: container.AzurePolicy{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
Enabled: iacTypes.BoolTest(true),
|
||||||
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@@ -84,28 +73,9 @@ func Test_adaptCluster(t *testing.T) {
|
|||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
expected: container.KubernetesCluster{
|
expected: container.KubernetesCluster{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
AddonProfile: container.AddonProfile{},
|
||||||
NetworkProfile: container.NetworkProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
AzurePolicyEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
DiskEncryptionSetID: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
AddonProfile: container.AddonProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
OMSAgent: container.OMSAgent{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
AzurePolicy: container.AzurePolicy{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
Enabled: iacTypes.BoolTest(true),
|
||||||
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@@ -115,31 +85,7 @@ func Test_adaptCluster(t *testing.T) {
|
|||||||
resource "azurerm_kubernetes_cluster" "example" {
|
resource "azurerm_kubernetes_cluster" "example" {
|
||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
expected: container.KubernetesCluster{
|
expected: container.KubernetesCluster{},
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkProfile: container.NetworkProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
AzurePolicyEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
DiskEncryptionSetID: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
AddonProfile: container.AddonProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
OMSAgent: container.OMSAgent{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
AzurePolicy: container.AzurePolicy{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "rbac off with k8s rbac on",
|
name: "rbac off with k8s rbac on",
|
||||||
@@ -153,28 +99,8 @@ resource "azurerm_kubernetes_cluster" "misreporting_example" {
|
|||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
expected: container.KubernetesCluster{
|
expected: container.KubernetesCluster{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkProfile: container.NetworkProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
AzurePolicyEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
DiskEncryptionSetID: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
AddonProfile: container.AddonProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
OMSAgent: container.OMSAgent{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
AzurePolicy: container.AzurePolicy{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
Enabled: iacTypes.BoolTest(true),
|
||||||
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@@ -186,29 +112,11 @@ resource "azurerm_kubernetes_cluster" "misreporting_example" {
|
|||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
expected: container.KubernetesCluster{
|
expected: container.KubernetesCluster{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkProfile: container.NetworkProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
AzurePolicyEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
|
|
||||||
DiskEncryptionSetID: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
AddonProfile: container.AddonProfile{
|
AddonProfile: container.AddonProfile{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
OMSAgent: container.OMSAgent{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
AzurePolicy: container.AzurePolicy{
|
AzurePolicy: container.AzurePolicy{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
Enabled: iacTypes.BoolTest(true),
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -223,62 +131,22 @@ resource "azurerm_kubernetes_cluster" "misreporting_example" {
|
|||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
expected: container.KubernetesCluster{
|
expected: container.KubernetesCluster{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkProfile: container.NetworkProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
AzurePolicyEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
DiskEncryptionSetID: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
AddonProfile: container.AddonProfile{
|
AddonProfile: container.AddonProfile{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
OMSAgent: container.OMSAgent{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
AzurePolicy: container.AzurePolicy{
|
AzurePolicy: container.AzurePolicy{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
Enabled: iacTypes.BoolTest(true),
|
||||||
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "disk encryption set defined",
|
name: "disk encryption set defined",
|
||||||
terraform: `
|
terraform: `
|
||||||
resource "azurerm_kubernetes_cluster" "example" {
|
resource "azurerm_kubernetes_cluster" "example" {
|
||||||
disk_encryption_set_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/diskEncryptionSets/example-des"
|
disk_encryption_set_id = "test-id"
|
||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
expected: container.KubernetesCluster{
|
expected: container.KubernetesCluster{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
DiskEncryptionSetID: iacTypes.StringTest("test-id"),
|
||||||
NetworkProfile: container.NetworkProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
AzurePolicyEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
DiskEncryptionSetID: iacTypes.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/diskEncryptionSets/example-des", iacTypes.NewTestMetadata()),
|
|
||||||
AddonProfile: container.AddonProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
OMSAgent: container.OMSAgent{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
AzurePolicy: container.AzurePolicy{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -290,41 +158,17 @@ resource "azurerm_kubernetes_cluster" "misreporting_example" {
|
|||||||
node_count = 1
|
node_count = 1
|
||||||
vm_size = "Standard_DS2_v2"
|
vm_size = "Standard_DS2_v2"
|
||||||
type = "VirtualMachineScaleSets"
|
type = "VirtualMachineScaleSets"
|
||||||
disk_encryption_set_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/diskEncryptionSets/node-pool-des"
|
disk_encryption_set_id = "test-id"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
expected: container.KubernetesCluster{
|
expected: container.KubernetesCluster{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkProfile: container.NetworkProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
AzurePolicyEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
DiskEncryptionSetID: iacTypes.String("", iacTypes.NewTestMetadata()),
|
|
||||||
AgentPools: []container.AgentPool{
|
AgentPools: []container.AgentPool{
|
||||||
{
|
{
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
DiskEncryptionSetID: iacTypes.StringTest("test-id"),
|
||||||
DiskEncryptionSetID: iacTypes.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.Compute/diskEncryptionSets/node-pool-des", iacTypes.NewTestMetadata()),
|
NodeType: iacTypes.StringTest("VirtualMachineScaleSets"),
|
||||||
NodeType: iacTypes.String("VirtualMachineScaleSets", iacTypes.NewTestMetadata()),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
AddonProfile: container.AddonProfile{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
OMSAgent: container.OMSAgent{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
AzurePolicy: container.AzurePolicy{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
|
||||||
RoleBasedAccessControl: container.RoleBasedAccessControl{
|
|
||||||
Metadata: iacTypes.NewTestMetadata(),
|
|
||||||
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -15,7 +15,6 @@ type KubernetesCluster struct {
|
|||||||
APIServerAuthorizedIPRanges []iacTypes.StringValue
|
APIServerAuthorizedIPRanges []iacTypes.StringValue
|
||||||
AddonProfile AddonProfile
|
AddonProfile AddonProfile
|
||||||
RoleBasedAccessControl RoleBasedAccessControl
|
RoleBasedAccessControl RoleBasedAccessControl
|
||||||
AzurePolicyEnabled iacTypes.BoolValue
|
|
||||||
DiskEncryptionSetID iacTypes.StringValue
|
DiskEncryptionSetID iacTypes.StringValue
|
||||||
AgentPools []AgentPool
|
AgentPools []AgentPool
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4500,6 +4500,19 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Authentication": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"__defsec_metadata": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.Metadata"
|
||||||
|
},
|
||||||
|
"enabled": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.FunctionApp": {
|
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.FunctionApp": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
@@ -4513,6 +4526,19 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Identity": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"__defsec_metadata": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.Metadata"
|
||||||
|
},
|
||||||
|
"type": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service": {
|
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
@@ -4522,7 +4548,7 @@
|
|||||||
},
|
},
|
||||||
"authentication": {
|
"authentication": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Authentication"
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Authentication"
|
||||||
},
|
},
|
||||||
"enableclientcert": {
|
"enableclientcert": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
@@ -4534,7 +4560,7 @@
|
|||||||
},
|
},
|
||||||
"identity": {
|
"identity": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Identity"
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Identity"
|
||||||
},
|
},
|
||||||
"site": {
|
"site": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
@@ -4542,27 +4568,13 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Authentication": {
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"enabled": {
|
|
||||||
"type": "object",
|
|
||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Identity": {
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"type": {
|
|
||||||
"type": "object",
|
|
||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Site": {
|
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Site": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
"__defsec_metadata": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.Metadata"
|
||||||
|
},
|
||||||
"enablehttp2": {
|
"enablehttp2": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue"
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue"
|
||||||
@@ -4867,10 +4879,6 @@
|
|||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"azurepolicyenabled": {
|
|
||||||
"type": "object",
|
|
||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue"
|
|
||||||
},
|
|
||||||
"diskencryptionsetid": {
|
"diskencryptionsetid": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
||||||
@@ -5333,6 +5341,31 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.IPConfiguration": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"__defsec_metadata": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.Metadata"
|
||||||
|
},
|
||||||
|
"haspublicip": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue"
|
||||||
|
},
|
||||||
|
"primary": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue"
|
||||||
|
},
|
||||||
|
"publicipaddress": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
||||||
|
},
|
||||||
|
"subnetid": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.Network": {
|
"github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.Network": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
@@ -5374,6 +5407,13 @@
|
|||||||
"type": "object",
|
"type": "object",
|
||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue"
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue"
|
||||||
},
|
},
|
||||||
|
"ipconfigurations": {
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"type": "object",
|
||||||
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.IPConfiguration"
|
||||||
|
}
|
||||||
|
},
|
||||||
"publicipaddress": {
|
"publicipaddress": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
"$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
|
||||||
|
|||||||
Reference in New Issue
Block a user