Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Azure ARM Template: missing resources #2347

Merged
merged 4 commits into from
Jul 23, 2024

Conversation

moukoublen
Copy link
Member

@moukoublen moukoublen commented Jul 22, 2024

Summary of your changes

By setting resourceGroup to role assignment, the role assignment has a specific (reduced) scope for the specified resource group.

Role assignment with resourceGroup (scope to this specific resource group):

{
    "properties": {
        "roleDefinitionId": "/subscriptions/<sub id>/providers/Microsoft.Authorization/roleDefinitions/<definition id>",
        "principalId": "<pid>",
        "principalType": "ServicePrincipal",
        "scope": "/subscriptions/<sub id>/resourcegroups/evgb-815bclong"
    },
    "id": "/subscriptions/<sub id>/resourcegroups/evgb-815bclong/providers/Microsoft.Authorization/roleAssignments/<id>",
    "type": "Microsoft.Authorization/roleAssignments",
    "name": "<id>"
}

Role assignment without resourceGroup (scope to the subscription):

{
    "properties": {
        "roleDefinitionId": "/subscriptions/<sub id>/providers/Microsoft.Authorization/roleDefinitions/<definition id>",
        "principalId": "<pid>",
        "principalType": "ServicePrincipal",
        "scope": "/subscriptions/<sub id>"
    },
    "id": "/subscriptions/<sub id>/providers/Microsoft.Authorization/roleAssignments/<id>",
    "type": "Microsoft.Authorization/roleAssignments",
    "name": "<id>"
}

Screenshot/Data

Related Issues

Fixes: #2346

Checklist

  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary README/documentation (if appropriate)

Introducing a new rule?

@moukoublen moukoublen self-assigned this Jul 22, 2024
@moukoublen moukoublen changed the title Fix Azure ARM Template: missing resources Fix Azure ARM Template: missing resources Jul 22, 2024
@moukoublen moukoublen force-pushed the fix_bug_2346 branch 2 times, most recently from 8009fed to e794871 Compare July 22, 2024 15:09
Copy link

github-actions bot commented Jul 22, 2024

📊 Allure Report - 💚 No failures were reported.

Result Count
🟥 Failed 0
🟩 Passed 359
⬜ Skipped 33

@moukoublen moukoublen marked this pull request as ready for review July 23, 2024 11:47
@moukoublen moukoublen requested a review from a team as a code owner July 23, 2024 11:47
@moukoublen moukoublen merged commit a6eca90 into elastic:main Jul 23, 2024
26 checks passed
@moukoublen moukoublen deleted the fix_bug_2346 branch July 23, 2024 12:53
mergify bot pushed a commit that referenced this pull request Jul 23, 2024
* Fix Azure ARM Template: missing resources

* fix dev

* lint fix

* revert and skip linter

(cherry picked from commit a6eca90)
moukoublen added a commit that referenced this pull request Jul 23, 2024
Fix Azure ARM Template: missing resources (#2347)

* Fix Azure ARM Template: missing resources

* fix dev

* lint fix

* revert and skip linter

(cherry picked from commit a6eca90)

Co-authored-by: Kostas Stamatakis <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug] Missing Azure findings for resource types: cloud-storage, cloud-database, key-management
2 participants