Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the test fixture's security. #183

Closed
lonegunmanb opened this issue Jun 20, 2022 · 1 comment
Closed

Improve the test fixture's security. #183

lonegunmanb opened this issue Jun 20, 2022 · 1 comment

Comments

@lonegunmanb
Copy link
Member

We've met some compliance issues when we scan this module with bridgecrew's Checkov:

Check: CKV_AZURE_117: "Ensure that AKS uses disk encryption set"
FAILED for resource: module.aks.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:33-74
Guide: https://docs.bridgecrew.io/docs/ensure-that-aks-uses-disk-encryption-set

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_141: "Ensure AKS local admin account is disabled"
FAILED for resource: module.aks.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:33-74

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_5: "Ensure RBAC is enabled on AKS clusters"
FAILED for resource: module.aks.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:33-74
Guide: https://docs.bridgecrew.io/docs/bc_azr_kubernetes_2

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_4: "Ensure AKS logging to Azure Monitoring is Configured"
FAILED for resource: module.aks.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:33-74
Guide: https://docs.bridgecrew.io/docs/bc_azr_kubernetes_1

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_117: "Ensure that AKS uses disk encryption set"
FAILED for resource: module.aks_without_monitor.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:76-84
Guide: https://docs.bridgecrew.io/docs/ensure-that-aks-uses-disk-encryption-set

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_115: "Ensure that AKS enables private clusters"
FAILED for resource: module.aks_without_monitor.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:76-84
Guide: https://docs.bridgecrew.io/docs/ensure-that-aks-enables-private-clusters

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_141: "Ensure AKS local admin account is disabled"
FAILED for resource: module.aks_without_monitor.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:76-84

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_5: "Ensure RBAC is enabled on AKS clusters"
FAILED for resource: module.aks_without_monitor.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:76-84
Guide: https://docs.bridgecrew.io/docs/bc_azr_kubernetes_2

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_4: "Ensure AKS logging to Azure Monitoring is Configured"
FAILED for resource: module.aks_without_monitor.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:76-84
Guide: https://docs.bridgecrew.io/docs/bc_azr_kubernetes_1

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_116: "Ensure that AKS uses Azure Policies Add-on"
FAILED for resource: module.aks_without_monitor.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:76-84
Guide: https://docs.bridgecrew.io/docs/ensure-that-aks-uses-azure-policies-add-on

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_6: "Ensure AKS has an API Server Authorized IP Ranges enabled"
FAILED for resource: module.aks_without_monitor.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:76-84
Guide: https://docs.bridgecrew.io/docs/bc_azr_kubernetes_3

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_117: "Ensure that AKS uses disk encryption set"
FAILED for resource: module.aks_cluster_name.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:86-98
Guide: https://docs.bridgecrew.io/docs/ensure-that-aks-uses-disk-encryption-set

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_115: "Ensure that AKS enables private clusters"
FAILED for resource: module.aks_cluster_name.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:86-98
Guide: https://docs.bridgecrew.io/docs/ensure-that-aks-enables-private-clusters

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_141: "Ensure AKS local admin account is disabled"
FAILED for resource: module.aks_cluster_name.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:86-98

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_5: "Ensure RBAC is enabled on AKS clusters"
FAILED for resource: module.aks_cluster_name.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:86-98
Guide: https://docs.bridgecrew.io/docs/bc_azr_kubernetes_2

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_4: "Ensure AKS logging to Azure Monitoring is Configured"
FAILED for resource: module.aks_cluster_name.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:86-98
Guide: https://docs.bridgecrew.io/docs/bc_azr_kubernetes_1

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_116: "Ensure that AKS uses Azure Policies Add-on"
FAILED for resource: module.aks_cluster_name.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:86-98
Guide: https://docs.bridgecrew.io/docs/ensure-that-aks-uses-azure-policies-add-on

            Code lines for this resource are too many. Please use IDE of your choice to review the file.

Check: CKV_AZURE_6: "Ensure AKS has an API Server Authorized IP Ranges enabled"
FAILED for resource: module.aks_cluster_name.azurerm_kubernetes_cluster.main
File: /main.tf:10-142
Calling File: /test/fixture/main.tf:86-98
Guide: https://docs.bridgecrew.io/docs/bc_azr_kubernetes_3
This was referenced Jun 21, 2022
Closed
Merged
Merged
Merged
Merged
@lonegunmanb lonegunmanb mentioned this issue Jul 6, 2022
Closed
lonegunmanb added a commit to lonegunmanb/terraform-azurerm-aks that referenced this issue Jul 8, 2022
@lonegunmanb
This patch add support for disk_encryption_set_id to harden the clu…
89b530a 
…ster's security and solve Azure#194 . This patch should partially solve Azure#183.
lonegunmanb added a commit to lonegunmanb/terraform-azurerm-aks that referenced this issue Jul 8, 2022
@lonegunmanb
This patch add support for disk_encryption_set_id to harden the clu…
c6fe6db 
…ster's security and solve Azure#194 . This patch should partially solve Azure#183.
This was referenced Jul 8, 2022
Closed
Closed
Merged
lonegunmanb added a commit to lonegunmanb/terraform-azurerm-aks that referenced this issue Jul 11, 2022
@lonegunmanb
This patch add support for disk_encryption_set_id to harden the clu…
c699f06 
…ster's security and solve Azure#194 . This patch should partially solve Azure#183.
lonegunmanb added a commit to lonegunmanb/terraform-azurerm-aks that referenced this issue Jul 13, 2022
@lonegunmanb
This patch add support for disk_encryption_set_id to harden the clu…
54d549c 
…ster's security and solve Azure#194 . This patch should partially solve Azure#183.
lonegunmanb added a commit that referenced this issue Jul 13, 2022
@lonegunmanb
This patch add support for disk_encryption_set_id to harden the clu…
e7cf5e4 
…ster's security and solve #194 . This patch should partially solve #183.
@lonegunmanb
Copy link
Member Author

All features have been implemented. I'm closing this issue now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lonegunmanb