Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure rule 9.4 property change #330

Merged
merged 1 commit into from
Oct 25, 2023
Merged

Azure rule 9.4 property change #330

merged 1 commit into from
Oct 25, 2023

Conversation

jeniawhite
Copy link
Contributor

@jeniawhite jeniawhite commented Oct 25, 2023
edited
Loading

Summary of your changes

We've decided to change the checked property after reading the description and the actual rule.
The previous implementation followed the CIS remediation and Azure's implementation.

Related Issues

Checklist

  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary README/documentation (if appropriate)

Introducing a new rule?

Note Make sure to bump cloudbeat version/policy.go after merging this PR and drafting a new release.

@jeniawhite jeniawhite requested a review from a team as a code owner October 25, 2023 11:01
@mergify
Copy link

mergify bot commented Oct 25, 2023

This pull request does not have a backport label. Could you fix it @jeniawhite? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit
    NOTE: backport-skip has been added to this pull request.

orestisfl
orestisfl approved these changes Oct 25, 2023
View reviewed changes
bundle/compliance/cis_azure/rules/cis_9_4/rule.rego
data_adapter.properties.clientCertEnabled == true
# Benchmark and Azure implementation in remediation checks previous implemented value
# Reading the description and rule metadata, we've decided to check the value of the property clientCertMode
data_adapter.properties.clientCertMode == "Required"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also check the data_adapter.properties.clientCertEnabled value for completeness/sanity?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is part of the schema of the ARG.
If the value doesn't exist it will be evaluated as false, do we want to have no evaluation in that case?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In which case should it not exist?

@jeniawhite jeniawhite merged commit 1f7142b into elastic:main Oct 25, 2023
5 checks passed
mergify bot pushed a commit that referenced this pull request Oct 25, 2023
@jeniawhite @mergify
Property change (#330)
be72e21 
(cherry picked from commit 1f7142b)
@mergify mergify bot mentioned this pull request Oct 25, 2023
Merged
jeniawhite added a commit that referenced this pull request Oct 25, 2023
@mergify @jeniawhite
Property change (#330) (#331)
d7ec077 
(cherry picked from commit 1f7142b)

Co-authored-by: Evgeniy Belyi <[email protected]>
orestisfl pushed a commit to orestisfl/csp-security-policies that referenced this pull request Oct 30, 2023
@jeniawhite @orestisfl
[Security Policies] Property change (elastic#330)
32ce4df
orestisfl pushed a commit to orestisfl/csp-security-policies that referenced this pull request Oct 30, 2023
@jeniawhite @orestisfl
[Security Policies] Property change
89f86a6 
elastic#330

---NOTE---
This is an imported commit, it was initially committed to the
csp-security-policies repo which was then merged into cloudbeat. See:
elastic/cloudbeat#1405
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orestisfl orestisfl orestisfl approved these changes

Assignees

@jeniawhite jeniawhite

Labels
8.11 candidate backport-v8.11.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jeniawhite @orestisfl