From bd555227f0c56015d7f6050ae5e666b66f2f500e Mon Sep 17 00:00:00 2001 From: Orestis Floros Date: Tue, 3 Oct 2023 16:11:08 +0200 Subject: [PATCH 1/2] activity_log_alerts: Rename to "assets" --- bundle/compliance/cis_azure/test_data.rego | 4 ++-- bundle/compliance/policy/azure/data_adapter.rego | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bundle/compliance/cis_azure/test_data.rego b/bundle/compliance/cis_azure/test_data.rego index 4b009500..2a19bc9b 100644 --- a/bundle/compliance/cis_azure/test_data.rego +++ b/bundle/compliance/cis_azure/test_data.rego @@ -45,13 +45,13 @@ generate_mysql_server_with_ssl_enforcement(enabled) = { generate_activity_log_alerts_no_alerts = { "type": "azure-activity-log-alert", "subType": "", - "resource": {"activity_log_alerts": []}, + "resource": {"assets": []}, } generate_activity_log_alerts(rules) = { "type": "azure-activity-log-alert", "subType": "", - "resource": {"activity_log_alerts": rules}, + "resource": {"assets": rules}, } generate_activity_log_alert(operation_name, category) = { diff --git a/bundle/compliance/policy/azure/data_adapter.rego b/bundle/compliance/policy/azure/data_adapter.rego index 9ffdfbac..bb3a5058 100644 --- a/bundle/compliance/policy/azure/data_adapter.rego +++ b/bundle/compliance/policy/azure/data_adapter.rego @@ -17,7 +17,7 @@ private_endpoint_connections = properties.privateEndpointConnections network_acls = properties.networkAcls -activity_log_alerts = resource.activity_log_alerts +activity_log_alerts = resource.assets is_storage_account { input.type == "azure-storage-account" From 10b861ce499ec05567d720b156bb6d85c181661d Mon Sep 17 00:00:00 2001 From: Orestis Floros Date: Tue, 3 Oct 2023 16:46:20 +0200 Subject: [PATCH 2/2] no assets field --- bundle/compliance/cis_azure/test_data.rego | 4 ++-- bundle/compliance/policy/azure/data_adapter.rego | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bundle/compliance/cis_azure/test_data.rego b/bundle/compliance/cis_azure/test_data.rego index 2a19bc9b..aae3d950 100644 --- a/bundle/compliance/cis_azure/test_data.rego +++ b/bundle/compliance/cis_azure/test_data.rego @@ -45,13 +45,13 @@ generate_mysql_server_with_ssl_enforcement(enabled) = { generate_activity_log_alerts_no_alerts = { "type": "azure-activity-log-alert", "subType": "", - "resource": {"assets": []}, + "resource": [], } generate_activity_log_alerts(rules) = { "type": "azure-activity-log-alert", "subType": "", - "resource": {"assets": rules}, + "resource": rules, } generate_activity_log_alert(operation_name, category) = { diff --git a/bundle/compliance/policy/azure/data_adapter.rego b/bundle/compliance/policy/azure/data_adapter.rego index bb3a5058..e01e0db7 100644 --- a/bundle/compliance/policy/azure/data_adapter.rego +++ b/bundle/compliance/policy/azure/data_adapter.rego @@ -17,7 +17,7 @@ private_endpoint_connections = properties.privateEndpointConnections network_acls = properties.networkAcls -activity_log_alerts = resource.assets +activity_log_alerts = resource is_storage_account { input.type == "azure-storage-account"