From bf1a7f7488b561f6dd4c65cdf2d38367c8c0dcc9 Mon Sep 17 00:00:00 2001 From: Zijie He Date: Thu, 6 Mar 2025 09:58:41 +0800 Subject: [PATCH] new rule for CKV_AZURE_138 --- .../ACRAdminAccountDisabled.azapi.mock.json | 0 .../ACRAdminAccountDisabled.azapi.rego | 0 .../ACRAdminAccountDisabled.mock.json | 0 .../{azurerm => }/ACRAdminAccountDisabled.py | 0 .../ACRAdminAccountDisabled.rego | 0 .../{azurerm => }/ACRAdminAccountDisabled.tf | 0 .../ACRAnonymousPullDisabled.azapi.mock.json | 119 ++++++++++++++++++ ...ak => ACRAnonymousPullDisabled.azapi.rego} | 4 +- .../ACRAnonymousPullDisabled.mock.json | 92 ++++++++++++++ ...led.py.bak => ACRAnonymousPullDisabled.py} | 0 ...rego.bak => ACRAnonymousPullDisabled.rego} | 0 ...led.tf.bak => ACRAnonymousPullDisabled.tf} | 0 ...RAnonymousPullDisabled.azapi.mock.json.bak | 27 ---- .../ACRAnonymousPullDisabled.mock.json.bak | 32 ----- ...cNetworkAccessDisabled.azapi.mock.json.bak | 24 ---- ...rverAuthorizedIpRanges.azapi.mock.json.bak | 29 ----- .../AKSDashboardDisabled.azapi.mock.json.bak | 24 ---- ...EnablesPrivateClusters.azapi.mock.json.bak | 24 ---- .../AKSLocalAdminDisabled.azapi.mock.json.bak | 24 ---- .../AKSLoggingEnabled.azapi.mock.json.bak | 1 - .../AKSNetworkPolicy.azapi.mock.json.bak | 26 ---- ...UsesAzurePoliciesAddon.azapi.mock.json.bak | 30 ----- ...anagementCertsEnforced.azapi.mock.json.bak | 29 ----- ...vicesUseVirtualNetwork.azapi.mock.json.bak | 19 --- ...nticationServiceFabric.azapi.mock.json.bak | 28 ----- .../AppGWUseWAFMode.azapi.mock.json.bak | 27 ---- ...ewayWAFACLCVE202144228.azapi.mock.json.bak | 48 ------- ...UsesKeyVaultEncryption.azapi.mock.json.bak | 26 ---- ...oyedIntoVirtualNetwork.azapi.mock.json.bak | 19 --- ...oubleEncryptionEnabled.azapi.mock.json.bak | 24 ---- ...eDefenderOnAppServices.azapi.mock.json.bak | 24 ---- ...reDefenderOnKubernetes.azapi.mock.json.bak | 17 --- ...AzureDefenderOnServers.azapi.mock.json.bak | 24 ---- ...DefenderOnSqlServerVMS.azapi.mock.json.bak | 19 --- ...reDefenderOnSqlServers.azapi.mock.json.bak | 19 --- ...AzureDefenderOnStorage.azapi.mock.json.bak | 24 ---- .../AzureScaleSetPassword.azapi.mock.json.bak | 31 ----- ...cNetworkAccessDisabled.azapi.mock.json.bak | 24 ---- ...ClusterProtectionLevel.azapi.mock.json.bak | 30 ----- ...countsRestrictedAccess.azapi.mock.json.bak | 38 ------ ...BDisableAccessKeyWrite.azapi.mock.json.bak | 24 ---- ...BDisablesPublicNetwork.azapi.mock.json.bak | 26 ---- .../CosmosDBHaveCMK.azapi.mock.json.bak | 22 ---- ...itionSubscriptionOwner.azapi.mock.json.bak | 29 ----- ...orerUsesDiskEncryption.azapi.mock.json.bak | 26 ---- ...yNoPublicNetworkAccess.azapi.mock.json.bak | 22 ---- ...ctoryUsesGitRepository.azapi.mock.json.bak | 6 - ...ksWorkspaceIsNotPublic.azapi.mock.json.bak | 24 ---- ...ridDomainNetworkAccess.azapi.mock.json.bak | 24 ---- ...DoorWAFACLCVE202144228.azapi.mock.json.bak | 36 ------ ...sFirewallRulesSettings.azapi.mock.json.bak | 26 ---- ...EnablesPurgeProtection.azapi.mock.json.bak | 26 ---- ...VaultEnablesSoftDelete.azapi.mock.json.bak | 26 ---- ...rAuditPolicyLogMonitor.azapi.mock.json.bak | 24 ---- ...ariaDBGeoBackupEnabled.azapi.mock.json.bak | 19 --- .../MySQLEncryptionEnaled.azapi.mock.json.bak | 26 ---- ...SQLServerMinTLSVersion.azapi.mock.json.bak | 26 ---- ...leHTTPAccessRestricted.azapi.mock.json.bak | 23 ---- ...lePortAccessRestricted.azapi.mock.json.bak | 57 --------- ...uleRDPAccessRestricted.azapi.mock.json.bak | 26 ---- ...uleSSHAccessRestricted.azapi.mock.json.bak | 29 ----- ...uleUDPAccessRestricted.azapi.mock.json.bak | 40 ------ ...reSQLEncryptionEnabled.azapi.mock.json.bak | 24 ---- ...ServerGeoBackupEnabled.azapi.mock.json.bak | 28 ----- ...ostgreSQLMinTLSVersion.azapi.mock.json.bak | 24 ---- ...ctionThrottlingEnabled.azapi.mock.json.bak | 19 --- ...rLogCheckpointsEnabled.azapi.mock.json.bak | 19 --- ...rLogConnectionsEnabled.azapi.mock.json.bak | 19 --- ...erPublicAccessDisabled.azapi.mock.json.bak | 24 ---- ...rSSLEnforcementEnabled.azapi.mock.json.bak | 24 ---- ...LTreatDetectionEnabled.azapi.mock.json.bak | 19 --- ...essSQLGeoBackupEnabled.azapi.mock.json.bak | 26 ---- ...sCacheEnableNonSSLPort.azapi.mock.json.bak | 24 ---- ...edisCacheMinTLSVersion.azapi.mock.json.bak | 24 ---- ...icNetworkAccessEnabled.azapi.mock.json.bak | 24 ---- ...rverEmailAlertsEnabled.azapi.mock.json.bak | 27 ---- ...lAlertsToAdminsEnabled.azapi.mock.json.bak | 24 ---- ...erThreatDetectionTypes.azapi.mock.json.bak | 27 ---- ...enterContactEmailAlert.azapi.mock.json.bak | 22 ---- ...ontactEmailAlertAdmins.azapi.mock.json.bak | 22 ---- ...ityCenterContactEmails.azapi.mock.json.bak | 22 ---- ...rityCenterContactPhone.azapi.mock.json.bak | 21 ---- ...yCenterStandardPricing.azapi.mock.json.bak | 21 ---- ...untDisablePublicAccess.azapi.mock.json.bak | 26 ---- ...tEnablesSecureTransfer.azapi.mock.json.bak | 24 ---- ...ingQueueServiceEnabled.azapi.mock.json.bak | 34 ----- ...countMinimumTlsVersion.azapi.mock.json.bak | 24 ---- .../StorageAccountName.azapi.mock.json.bak | 19 --- ...ntsTransportEncryption.azapi.mock.json.bak | 24 ---- ...ContainerPrivateAccess.azapi.mock.json.bak | 24 ---- ...ncPublicAccessDisabled.azapi.mock.json.bak | 24 ---- ...lesDataExfilProtection.azapi.mock.json.bak | 26 ---- ...ManagedVirtualNetworks.azapi.mock.json.bak | 24 ---- ...PasswordAuthentication.azapi.mock.json.bak | 47 ------- 94 files changed, 213 insertions(+), 2080 deletions(-) rename policy/checkov/{azurerm => }/ACRAdminAccountDisabled.azapi.mock.json (100%) rename policy/checkov/{azurerm => }/ACRAdminAccountDisabled.azapi.rego (100%) rename policy/checkov/{azurerm => }/ACRAdminAccountDisabled.mock.json (100%) rename policy/checkov/{azurerm => }/ACRAdminAccountDisabled.py (100%) rename policy/checkov/{azurerm => }/ACRAdminAccountDisabled.rego (100%) rename policy/checkov/{azurerm => }/ACRAdminAccountDisabled.tf (100%) create mode 100644 policy/checkov/ACRAnonymousPullDisabled.azapi.mock.json rename policy/checkov/{azurerm/ACRAnonymousPullDisabled.azapi.rego.bak => ACRAnonymousPullDisabled.azapi.rego} (86%) create mode 100644 policy/checkov/ACRAnonymousPullDisabled.mock.json rename policy/checkov/{azurerm/ACRAnonymousPullDisabled.py.bak => ACRAnonymousPullDisabled.py} (100%) rename policy/checkov/{azurerm/ACRAnonymousPullDisabled.rego.bak => ACRAnonymousPullDisabled.rego} (100%) rename policy/checkov/{azurerm/ACRAnonymousPullDisabled.tf.bak => ACRAnonymousPullDisabled.tf} (100%) delete mode 100644 policy/checkov/azurerm/ACRAnonymousPullDisabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/ACRAnonymousPullDisabled.mock.json.bak delete mode 100644 policy/checkov/azurerm/ACRPublicNetworkAccessDisabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AKSApiServerAuthorizedIpRanges.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AKSDashboardDisabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AKSEnablesPrivateClusters.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AKSLocalAdminDisabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AKSLoggingEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AKSNetworkPolicy.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AKSUsesAzurePoliciesAddon.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/APIManagementCertsEnforced.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/APIServicesUseVirtualNetwork.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/ActiveDirectoryUsedAuthenticationServiceFabric.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AppGWUseWAFMode.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AppGatewayWAFACLCVE202144228.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureBatchAccountUsesKeyVaultEncryption.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureContainerGroupDeployedIntoVirtualNetwork.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureDataExplorerDoubleEncryptionEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureDefenderOnAppServices.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureDefenderOnKubernetes.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureDefenderOnServers.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureDefenderOnSqlServerVMS.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureDefenderOnSqlServers.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureDefenderOnStorage.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureScaleSetPassword.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureSearchPublicNetworkAccessDisabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/AzureServiceFabricClusterProtectionLevel.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/CosmosDBAccountsRestrictedAccess.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/CosmosDBDisableAccessKeyWrite.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/CosmosDBDisablesPublicNetwork.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/CosmosDBHaveCMK.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/CutsomRoleDefinitionSubscriptionOwner.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/DataExplorerUsesDiskEncryption.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/DataFactoryNoPublicNetworkAccess.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/DataFactoryUsesGitRepository.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/DatabricksWorkspaceIsNotPublic.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/EventgridDomainNetworkAccess.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/FrontDoorWAFACLCVE202144228.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/KeyVaultEnablesFirewallRulesSettings.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/KeyVaultEnablesPurgeProtection.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/KeyVaultEnablesSoftDelete.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/MSSQLServerAuditPolicyLogMonitor.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/MariaDBGeoBackupEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/MySQLEncryptionEnaled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/MySQLServerMinTLSVersion.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/NSGRuleHTTPAccessRestricted.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/NSGRulePortAccessRestricted.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/NSGRuleRDPAccessRestricted.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/NSGRuleSSHAccessRestricted.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/NSGRuleUDPAccessRestricted.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgreSQLEncryptionEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgreSQLFlexiServerGeoBackupEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgreSQLMinTLSVersion.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgreSQLServerConnectionThrottlingEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgreSQLServerLogCheckpointsEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgreSQLServerLogConnectionsEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgreSQLServerPublicAccessDisabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgreSQLServerSSLEnforcementEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgresSQLTreatDetectionEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/PostgressSQLGeoBackupEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/RedisCacheEnableNonSSLPort.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/RedisCacheMinTLSVersion.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/RedisCachePublicNetworkAccessEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SQLServerEmailAlertsEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SQLServerEmailAlertsToAdminsEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SQLServerThreatDetectionTypes.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SecurityCenterContactEmailAlert.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SecurityCenterContactEmailAlertAdmins.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SecurityCenterContactEmails.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SecurityCenterContactPhone.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SecurityCenterStandardPricing.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/StorageAccountDisablePublicAccess.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/StorageAccountEnablesSecureTransfer.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/StorageAccountLoggingQueueServiceEnabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/StorageAccountMinimumTlsVersion.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/StorageAccountName.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/StorageAccountsTransportEncryption.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/StorageBlobServiceContainerPrivateAccess.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/StorageSyncPublicAccessDisabled.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SynapseWorkspaceEnablesDataExfilProtection.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/SynapseWorkspaceEnablesManagedVirtualNetworks.azapi.mock.json.bak delete mode 100644 policy/checkov/azurerm/VMDisablePasswordAuthentication.azapi.mock.json.bak diff --git a/policy/checkov/azurerm/ACRAdminAccountDisabled.azapi.mock.json b/policy/checkov/ACRAdminAccountDisabled.azapi.mock.json similarity index 100% rename from policy/checkov/azurerm/ACRAdminAccountDisabled.azapi.mock.json rename to policy/checkov/ACRAdminAccountDisabled.azapi.mock.json diff --git a/policy/checkov/azurerm/ACRAdminAccountDisabled.azapi.rego b/policy/checkov/ACRAdminAccountDisabled.azapi.rego similarity index 100% rename from policy/checkov/azurerm/ACRAdminAccountDisabled.azapi.rego rename to policy/checkov/ACRAdminAccountDisabled.azapi.rego diff --git a/policy/checkov/azurerm/ACRAdminAccountDisabled.mock.json b/policy/checkov/ACRAdminAccountDisabled.mock.json similarity index 100% rename from policy/checkov/azurerm/ACRAdminAccountDisabled.mock.json rename to policy/checkov/ACRAdminAccountDisabled.mock.json diff --git a/policy/checkov/azurerm/ACRAdminAccountDisabled.py b/policy/checkov/ACRAdminAccountDisabled.py similarity index 100% rename from policy/checkov/azurerm/ACRAdminAccountDisabled.py rename to policy/checkov/ACRAdminAccountDisabled.py diff --git a/policy/checkov/azurerm/ACRAdminAccountDisabled.rego b/policy/checkov/ACRAdminAccountDisabled.rego similarity index 100% rename from policy/checkov/azurerm/ACRAdminAccountDisabled.rego rename to policy/checkov/ACRAdminAccountDisabled.rego diff --git a/policy/checkov/azurerm/ACRAdminAccountDisabled.tf b/policy/checkov/ACRAdminAccountDisabled.tf similarity index 100% rename from policy/checkov/azurerm/ACRAdminAccountDisabled.tf rename to policy/checkov/ACRAdminAccountDisabled.tf diff --git a/policy/checkov/ACRAnonymousPullDisabled.azapi.mock.json b/policy/checkov/ACRAnonymousPullDisabled.azapi.mock.json new file mode 100644 index 0000000..d92765d --- /dev/null +++ b/policy/checkov/ACRAnonymousPullDisabled.azapi.mock.json @@ -0,0 +1,119 @@ +{ + "mock": { + "basic": { + "resource_changes": [{ + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azapi_resource", + "change": { + "actions": [ + "create" + ], + "after": { + "type": "Microsoft.ContainerRegistry/registries@2023-11-01-preview", + "body": { + "properties": { + "anonymousPullEnabled": false + }, + "sku": { + "name": "Basic" + } + } + } + } + }] + }, + "standard_without_anonymous_pull_enabled": { + "resource_changes": [{ + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azapi_resource", + "change": { + "actions": [ + "create" + ], + "after": { + "type": "Microsoft.ContainerRegistry/registries@2023-11-01-preview", + "body": { + "properties": { + "anonymousPullEnabled": false + }, + "sku": { + "name": "Standard" + } + } + } + } + }] + }, + "premium_without_anonymous_pull_enabled_false": { + "resource_changes": [{ + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azapi_resource", + "change": { + "actions": [ + "create" + ], + "after": { + "type": "Microsoft.ContainerRegistry/registries@2023-11-01-preview", + "body": { + "properties": { + "anonymousPullEnabled": false + }, + "sku": { + "name": "Premium" + } + } + } + } + }] + }, + "invalid_standard": { + "resource_changes": [{ + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azapi_resource", + "change": { + "actions": [ + "create" + ], + "after": { + "type": "Microsoft.ContainerRegistry/registries@2023-11-01-preview", + "body": { + "properties": { + "anonymousPullEnabled": true + }, + "sku": { + "name": "Standard" + } + } + } + } + }] + }, + "invalid_premium": { + "resource_changes": [{ + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azapi_resource", + "change": { + "actions": [ + "create" + ], + "after": { + "type": "Microsoft.ContainerRegistry/registries@2023-11-01-preview", + "body": { + "properties": { + "anonymousPullEnabled": true + }, + "sku": { + "name": "Premium" + } + } + } + } + }] + } + } +} \ No newline at end of file diff --git a/policy/checkov/azurerm/ACRAnonymousPullDisabled.azapi.rego.bak b/policy/checkov/ACRAnonymousPullDisabled.azapi.rego similarity index 86% rename from policy/checkov/azurerm/ACRAnonymousPullDisabled.azapi.rego.bak rename to policy/checkov/ACRAnonymousPullDisabled.azapi.rego index d0154ed..3d5f63b 100644 --- a/policy/checkov/azurerm/ACRAnonymousPullDisabled.azapi.rego.bak +++ b/policy/checkov/ACRAnonymousPullDisabled.azapi.rego @@ -16,9 +16,9 @@ valid_azapi_container_registry_anonymous_pull_disabled(resource) if { resource.body.properties.anonymousPullEnabled == false } -deny_CKV_AZURE_138_azapi contains reason if { +deny_CKV_AZURE_138 contains reason if { resource := data.utils.resource(input, "azapi_resource")[_] - resource.type == "Microsoft.ContainerRegistry/registries" + data.utils.is_azure_type(resource.values, "Microsoft.ContainerRegistry/registries") not valid_azapi_container_registry_anonymous_pull_disabled(resource) reason := sprintf("checkov/CKV_AZURE_138: Ensures that ACR disables anonymous pulling of images. https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/azure/ACRAnonymousPullDisabled.py") } diff --git a/policy/checkov/ACRAnonymousPullDisabled.mock.json b/policy/checkov/ACRAnonymousPullDisabled.mock.json new file mode 100644 index 0000000..9d5c530 --- /dev/null +++ b/policy/checkov/ACRAnonymousPullDisabled.mock.json @@ -0,0 +1,92 @@ +{ + "mock" : { + "basic": { + "resource_changes": [ + { + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azurerm_container_registry", + "change": { + "actions": [ + "create" + ], + "after": { + "sku": "Basic" + } + } + } + ] + }, + "standard_without_anonymous_pull_enabled": { + "resource_changes": [ + { + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azurerm_container_registry", + "change": { + "actions": [ + "create" + ], + "after": { + "sku": "Standard" + } + } + } + ] + }, + "premium_without_anonymous_pull_enabled_false": { + "resource_changes": [ + { + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azurerm_container_registry", + "change": { + "actions": [ + "create" + ], + "after": { + "anonymous_pull_enabled": false, + "sku": "Premium" + } + } + } + ] + }, + "invalid_standard": { + "resource_changes": [ + { + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azurerm_container_registry", + "change": { + "actions": [ + "create" + ], + "after": { + "anonymous_pull_enabled": true, + "sku": "Standard" + } + } + } + ] + }, + "invalid_premium": { + "resource_changes": [ + { + "address": "azurerm_container_registry.example", + "mode": "managed", + "type": "azurerm_container_registry", + "change": { + "actions": [ + "create" + ], + "after": { + "anonymous_pull_enabled": true, + "sku": "Premium" + } + } + } + ] + } + } +} \ No newline at end of file diff --git a/policy/checkov/azurerm/ACRAnonymousPullDisabled.py.bak b/policy/checkov/ACRAnonymousPullDisabled.py similarity index 100% rename from policy/checkov/azurerm/ACRAnonymousPullDisabled.py.bak rename to policy/checkov/ACRAnonymousPullDisabled.py diff --git a/policy/checkov/azurerm/ACRAnonymousPullDisabled.rego.bak b/policy/checkov/ACRAnonymousPullDisabled.rego similarity index 100% rename from policy/checkov/azurerm/ACRAnonymousPullDisabled.rego.bak rename to policy/checkov/ACRAnonymousPullDisabled.rego diff --git a/policy/checkov/azurerm/ACRAnonymousPullDisabled.tf.bak b/policy/checkov/ACRAnonymousPullDisabled.tf similarity index 100% rename from policy/checkov/azurerm/ACRAnonymousPullDisabled.tf.bak rename to policy/checkov/ACRAnonymousPullDisabled.tf diff --git a/policy/checkov/azurerm/ACRAnonymousPullDisabled.azapi.mock.json.bak b/policy/checkov/azurerm/ACRAnonymousPullDisabled.azapi.mock.json.bak deleted file mode 100644 index 4282af4..0000000 --- a/policy/checkov/azurerm/ACRAnonymousPullDisabled.azapi.mock.json.bak +++ /dev/null @@ -1,27 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_container_registry.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ContainerRegistry/registries/2023-11-01-preview", - "body": { - "properties": { - "anonymousPullEnabled": false - }, - "sku": { - "name": "Basic" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/ACRAnonymousPullDisabled.mock.json.bak b/policy/checkov/azurerm/ACRAnonymousPullDisabled.mock.json.bak deleted file mode 100644 index 5499ca8..0000000 --- a/policy/checkov/azurerm/ACRAnonymousPullDisabled.mock.json.bak +++ /dev/null @@ -1,32 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [ - { - "address": "azurerm_container_registry.example", - "mode": "managed", - "type": "azurerm_container_registry", - "change": { - "actions": [ - "create" - ], - "after": { - "anonymous_pull_enabled": false, - "sku": "Basic" - } - } - }, - { - "address": "azurerm_resource_group.example", - "mode": "managed", - "type": "azurerm_resource_group", - "change": { - "actions": [ - "create" - ] - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/ACRPublicNetworkAccessDisabled.azapi.mock.json.bak b/policy/checkov/azurerm/ACRPublicNetworkAccessDisabled.azapi.mock.json.bak deleted file mode 100644 index 103beeb..0000000 --- a/policy/checkov/azurerm/ACRPublicNetworkAccessDisabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_container_registry.acr", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ContainerRegistry/registries/2023-11-01-preview", - "body": { - "properties": { - "publicNetworkAccess": "Disabled" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AKSApiServerAuthorizedIpRanges.azapi.mock.json.bak b/policy/checkov/azurerm/AKSApiServerAuthorizedIpRanges.azapi.mock.json.bak deleted file mode 100644 index 7d7470b..0000000 --- a/policy/checkov/azurerm/AKSApiServerAuthorizedIpRanges.azapi.mock.json.bak +++ /dev/null @@ -1,29 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_kubernetes_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ContainerService/managedClusters/2024-05-01", - "body": { - "properties": { - "apiServerAccessProfile": { - "authorizedIPRanges": [ - "10.0.0.0/24" - ], - "enablePrivateCluster": true - } - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AKSDashboardDisabled.azapi.mock.json.bak b/policy/checkov/azurerm/AKSDashboardDisabled.azapi.mock.json.bak deleted file mode 100644 index 45b342c..0000000 --- a/policy/checkov/azurerm/AKSDashboardDisabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_kubernetes_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ContainerService/managedClusters/2024-05-01", - "body": { - "properties": { - "addonProfiles": {} - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AKSEnablesPrivateClusters.azapi.mock.json.bak b/policy/checkov/azurerm/AKSEnablesPrivateClusters.azapi.mock.json.bak deleted file mode 100644 index 70f1bb6..0000000 --- a/policy/checkov/azurerm/AKSEnablesPrivateClusters.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_kubernetes_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": ["create"], - "after": { - "type": "Microsoft.ContainerService/managedClusters/2024-05-01", - "body": { - "properties": { - "apiServerAccessProfile": { - "enablePrivateCluster": true - } - } - } - } - } - }] - } - } -} diff --git a/policy/checkov/azurerm/AKSLocalAdminDisabled.azapi.mock.json.bak b/policy/checkov/azurerm/AKSLocalAdminDisabled.azapi.mock.json.bak deleted file mode 100644 index 6501ac1..0000000 --- a/policy/checkov/azurerm/AKSLocalAdminDisabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_kubernetes_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ContainerService/managedClusters/2024-05-01", - "body": { - "properties": { - "disableLocalAccounts": true - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AKSLoggingEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/AKSLoggingEnabled.azapi.mock.json.bak deleted file mode 100644 index fda413c..0000000 --- a/policy/checkov/azurerm/AKSLoggingEnabled.azapi.mock.json.bak +++ /dev/null @@ -1 +0,0 @@ -{"mock": {"default": {"resource_changes": [{"address": "azurerm_kubernetes_cluster.example", "mode": "managed", "type": "azapi_resource", "changes": {"actions": ["create"], "after": {"type": "Microsoft.ContainerService/managedClusters/2024-05-01", "body": {"properties": {"addonProfiles": {}}}}}}]}}} \ No newline at end of file diff --git a/policy/checkov/azurerm/AKSNetworkPolicy.azapi.mock.json.bak b/policy/checkov/azurerm/AKSNetworkPolicy.azapi.mock.json.bak deleted file mode 100644 index 371e6bf..0000000 --- a/policy/checkov/azurerm/AKSNetworkPolicy.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_kubernetes_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ContainerService/managedClusters/2024-05-01", - "body": { - "properties": { - "networkProfile": { - "networkPolicy": "calico" - } - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AKSUsesAzurePoliciesAddon.azapi.mock.json.bak b/policy/checkov/azurerm/AKSUsesAzurePoliciesAddon.azapi.mock.json.bak deleted file mode 100644 index 8c99759..0000000 --- a/policy/checkov/azurerm/AKSUsesAzurePoliciesAddon.azapi.mock.json.bak +++ /dev/null @@ -1,30 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [ - { - "address": "azurerm_kubernetes_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ContainerService/managedClusters/2024-05-01", - "body": { - "properties": { - "addonProfiles": { - "azurepolicy": { - "enabled": true - } - } - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/APIManagementCertsEnforced.azapi.mock.json.bak b/policy/checkov/azurerm/APIManagementCertsEnforced.azapi.mock.json.bak deleted file mode 100644 index a435bdd..0000000 --- a/policy/checkov/azurerm/APIManagementCertsEnforced.azapi.mock.json.bak +++ /dev/null @@ -1,29 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [ - { - "address": "azurerm_api_management.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ApiManagement/service/2022-08-01", - "body": { - "sku": { - "name": "Consumption" - }, - "properties": { - "enableClientCertificate": true - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/APIServicesUseVirtualNetwork.azapi.mock.json.bak b/policy/checkov/azurerm/APIServicesUseVirtualNetwork.azapi.mock.json.bak deleted file mode 100644 index 4d3264f..0000000 --- a/policy/checkov/azurerm/APIServicesUseVirtualNetwork.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_api_management.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ApiManagement/service/2022-08-01" - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/ActiveDirectoryUsedAuthenticationServiceFabric.azapi.mock.json.bak b/policy/checkov/azurerm/ActiveDirectoryUsedAuthenticationServiceFabric.azapi.mock.json.bak deleted file mode 100644 index e44ea5f..0000000 --- a/policy/checkov/azurerm/ActiveDirectoryUsedAuthenticationServiceFabric.azapi.mock.json.bak +++ /dev/null @@ -1,28 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [ - { - "address": "azurerm_service_fabric_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ServiceFabric/clusters/2021-06-01", - "body": { - "properties": { - "azureActiveDirectory": { - "tenantId": "00000000-0000-0000-0000-000000000000" - } - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AppGWUseWAFMode.azapi.mock.json.bak b/policy/checkov/azurerm/AppGWUseWAFMode.azapi.mock.json.bak deleted file mode 100644 index f1f0153..0000000 --- a/policy/checkov/azurerm/AppGWUseWAFMode.azapi.mock.json.bak +++ /dev/null @@ -1,27 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_web_application_firewall_policy.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/2024-05-01", - "body": { - "properties": { - "policySettings": { - "mode": "Prevention", - "state": "Enabled" - } - } - } - } - } - }] - } - } -} diff --git a/policy/checkov/azurerm/AppGatewayWAFACLCVE202144228.azapi.mock.json.bak b/policy/checkov/azurerm/AppGatewayWAFACLCVE202144228.azapi.mock.json.bak deleted file mode 100644 index 789d527..0000000 --- a/policy/checkov/azurerm/AppGatewayWAFACLCVE202144228.azapi.mock.json.bak +++ /dev/null @@ -1,48 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [ - { - "address": "azurerm_web_application_firewall_policy.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies/2024-05-01", - "properties": { - "managedRules": { - "managedRuleSets": [ - { - "ruleSetType": "OWASP", - "ruleSetVersion": "3.2", - "ruleGroupOverrides": [ - { - "ruleGroupName": "REQUEST-920-PROTOCOL-ENFORCEMENT", - "rules": [ - { - "ruleId": "920300", - "action": "Log", - "state": "Enabled" - }, - { - "ruleId": "920440", - "action": "Block", - "state": "Enabled" - } - ] - } - ] - } - ] - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureBatchAccountUsesKeyVaultEncryption.azapi.mock.json.bak b/policy/checkov/azurerm/AzureBatchAccountUsesKeyVaultEncryption.azapi.mock.json.bak deleted file mode 100644 index b10d732..0000000 --- a/policy/checkov/azurerm/AzureBatchAccountUsesKeyVaultEncryption.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_batch_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Batch/batchAccounts/2024-07-01", - "body":{ - "properties":{ - "encryption":{ - "keySource":"Microsoft.Batch" - } - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureContainerGroupDeployedIntoVirtualNetwork.azapi.mock.json.bak b/policy/checkov/azurerm/AzureContainerGroupDeployedIntoVirtualNetwork.azapi.mock.json.bak deleted file mode 100644 index b1f0ff2..0000000 --- a/policy/checkov/azurerm/AzureContainerGroupDeployedIntoVirtualNetwork.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_container_group.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ContainerInstance/containerGroups/2023-05-01" - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureDataExplorerDoubleEncryptionEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/AzureDataExplorerDoubleEncryptionEnabled.azapi.mock.json.bak deleted file mode 100644 index 3bff688..0000000 --- a/policy/checkov/azurerm/AzureDataExplorerDoubleEncryptionEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_kusto_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Kusto/clusters/2023-08-15", - "body": { - "properties": { - "enableDoubleEncryption": true - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureDefenderOnAppServices.azapi.mock.json.bak b/policy/checkov/azurerm/AzureDefenderOnAppServices.azapi.mock.json.bak deleted file mode 100644 index 3ebd2cd..0000000 --- a/policy/checkov/azurerm/AzureDefenderOnAppServices.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_security_center_subscription_pricing.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Security/pricings/2023-01-01", - "body":{ - "properties":{ - "pricingTier":"Standard" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureDefenderOnKubernetes.azapi.mock.json.bak b/policy/checkov/azurerm/AzureDefenderOnKubernetes.azapi.mock.json.bak deleted file mode 100644 index 5d7f03f..0000000 --- a/policy/checkov/azurerm/AzureDefenderOnKubernetes.azapi.mock.json.bak +++ /dev/null @@ -1,17 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_security_center_subscription_pricing.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": ["create"], - "after": { - "type": "Microsoft.Security/pricings/2023-01-01" - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureDefenderOnServers.azapi.mock.json.bak b/policy/checkov/azurerm/AzureDefenderOnServers.azapi.mock.json.bak deleted file mode 100644 index abcdff4..0000000 --- a/policy/checkov/azurerm/AzureDefenderOnServers.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_security_center_subscription_pricing.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Security/pricings/2023-01-01", - "body": { - "properties": { - "pricingTier": "Standard" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureDefenderOnSqlServerVMS.azapi.mock.json.bak b/policy/checkov/azurerm/AzureDefenderOnSqlServerVMS.azapi.mock.json.bak deleted file mode 100644 index f585168..0000000 --- a/policy/checkov/azurerm/AzureDefenderOnSqlServerVMS.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_security_center_subscription_pricing.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Security/pricings/2023-01-01" - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureDefenderOnSqlServers.azapi.mock.json.bak b/policy/checkov/azurerm/AzureDefenderOnSqlServers.azapi.mock.json.bak deleted file mode 100644 index e8b9acd..0000000 --- a/policy/checkov/azurerm/AzureDefenderOnSqlServers.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock" : { - "default": { -"resource_changes": [{ -"address": "azurerm_security_center_subscription_pricing.example_sql_servers", -"mode": "managed", -"type": "azapi_resource", -"changes": { -"actions": [ -"create" -], -"after": { -"type": "Microsoft.Security/pricings/2023-01-01" -} -} -}] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureDefenderOnStorage.azapi.mock.json.bak b/policy/checkov/azurerm/AzureDefenderOnStorage.azapi.mock.json.bak deleted file mode 100644 index b6aa1cf..0000000 --- a/policy/checkov/azurerm/AzureDefenderOnStorage.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_security_center_subscription_pricing.example_storage", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Security/pricings/2023-01-01", - "body": { - "properties": { - "pricingTier": "Free" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureScaleSetPassword.azapi.mock.json.bak b/policy/checkov/azurerm/AzureScaleSetPassword.azapi.mock.json.bak deleted file mode 100644 index 7d61c9b..0000000 --- a/policy/checkov/azurerm/AzureScaleSetPassword.azapi.mock.json.bak +++ /dev/null @@ -1,31 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_linux_virtual_machine_scale_set.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Compute/virtualMachineScaleSets/2024-07-01", - "body": { - "location": "westeurope", - "properties": { - "virtualMachineProfile": { - "osProfile": { - "linuxConfiguration": { - "disablePasswordAuthentication": true - } - } - } - } - } - } - } - }] - } - } -} diff --git a/policy/checkov/azurerm/AzureSearchPublicNetworkAccessDisabled.azapi.mock.json.bak b/policy/checkov/azurerm/AzureSearchPublicNetworkAccessDisabled.azapi.mock.json.bak deleted file mode 100644 index b97a8bd..0000000 --- a/policy/checkov/azurerm/AzureSearchPublicNetworkAccessDisabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_search_service.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Search/searchServices/2024-06-01-preview", - "body": { - "properties": { - "publicNetworkAccess": "disabled" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/AzureServiceFabricClusterProtectionLevel.azapi.mock.json.bak b/policy/checkov/azurerm/AzureServiceFabricClusterProtectionLevel.azapi.mock.json.bak deleted file mode 100644 index e12cc3c..0000000 --- a/policy/checkov/azurerm/AzureServiceFabricClusterProtectionLevel.azapi.mock.json.bak +++ /dev/null @@ -1,30 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_service_fabric_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.ServiceFabric/clusters/2021-06-01", - "body":{ - "properties":{ - "fabricSettings": [{ - "name": "Security", - "parameters": [{ - "name": "ClusterProtectionLevel", - "value": "EncryptAndSign" - }] - }] - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/CosmosDBAccountsRestrictedAccess.azapi.mock.json.bak b/policy/checkov/azurerm/CosmosDBAccountsRestrictedAccess.azapi.mock.json.bak deleted file mode 100644 index 0814a6c..0000000 --- a/policy/checkov/azurerm/CosmosDBAccountsRestrictedAccess.azapi.mock.json.bak +++ /dev/null @@ -1,38 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [ - { - "address": "azurerm_cosmosdb_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DocumentDB/databaseAccounts/2024-08-15", - "body": { - "properties": { - "publicNetworkAccess": "Disabled", - "isVirtualNetworkFilterEnabled": true, - "virtualNetworkRules": [ - { - "id": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}", - "ignoreMissingVNetServiceEndpoint": false - } - ], - "ipRules": [ - { - "ipAddressOrRange": "10.0.0.0/24" - } - ] - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/CosmosDBDisableAccessKeyWrite.azapi.mock.json.bak b/policy/checkov/azurerm/CosmosDBDisableAccessKeyWrite.azapi.mock.json.bak deleted file mode 100644 index b9a04e4..0000000 --- a/policy/checkov/azurerm/CosmosDBDisableAccessKeyWrite.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_cosmosdb_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DocumentDB/databaseAccounts/2024-08-15", - "body": { - "properties": { - "disableKeyBasedMetadataWriteAccess": true - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/CosmosDBDisablesPublicNetwork.azapi.mock.json.bak b/policy/checkov/azurerm/CosmosDBDisablesPublicNetwork.azapi.mock.json.bak deleted file mode 100644 index c1b99e3..0000000 --- a/policy/checkov/azurerm/CosmosDBDisablesPublicNetwork.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [ - { - "address": "azurerm_cosmosdb_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DocumentDB/databaseAccounts/2024-08-15", - "body": { - "properties": { - "publicNetworkAccess": "Disabled" - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/CosmosDBHaveCMK.azapi.mock.json.bak b/policy/checkov/azurerm/CosmosDBHaveCMK.azapi.mock.json.bak deleted file mode 100644 index bf2dad5..0000000 --- a/policy/checkov/azurerm/CosmosDBHaveCMK.azapi.mock.json.bak +++ /dev/null @@ -1,22 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_cosmosdb_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": ["create"], - "after": { - "type": "Microsoft.DocumentDB/databaseAccounts/2024-08-15", - "body": { - "properties": { - "keyVaultKeyUri": "https://myKeyVault.vault.azure.net/keys/myKey/00000000000000000000000000000000" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/CutsomRoleDefinitionSubscriptionOwner.azapi.mock.json.bak b/policy/checkov/azurerm/CutsomRoleDefinitionSubscriptionOwner.azapi.mock.json.bak deleted file mode 100644 index 2695bde..0000000 --- a/policy/checkov/azurerm/CutsomRoleDefinitionSubscriptionOwner.azapi.mock.json.bak +++ /dev/null @@ -1,29 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_role_definition.custom_role", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Authorization/roleDefinitions/2022-05-01-preview", - "body": { - "properties": { - "permissions": [{ - "actions": [ - "Microsoft.Resources/subscriptions/resourceGroups/read", - "Microsoft.Resources/subscriptions/resourceGroups/write" - ] - }] - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/DataExplorerUsesDiskEncryption.azapi.mock.json.bak b/policy/checkov/azurerm/DataExplorerUsesDiskEncryption.azapi.mock.json.bak deleted file mode 100644 index 29eda4a..0000000 --- a/policy/checkov/azurerm/DataExplorerUsesDiskEncryption.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [ - { - "address": "azurerm_kusto_cluster.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Kusto/clusters/2023-08-15", - "body": { - "properties": { - "enableDiskEncryption": true - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/DataFactoryNoPublicNetworkAccess.azapi.mock.json.bak b/policy/checkov/azurerm/DataFactoryNoPublicNetworkAccess.azapi.mock.json.bak deleted file mode 100644 index 9173bef..0000000 --- a/policy/checkov/azurerm/DataFactoryNoPublicNetworkAccess.azapi.mock.json.bak +++ /dev/null @@ -1,22 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_data_factory.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": ["create"], - "after": { - "type": "Microsoft.DataFactory/factories/2018-06-01", - "body": { - "properties": { - "publicNetworkAccess": "Disabled" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/DataFactoryUsesGitRepository.azapi.mock.json.bak b/policy/checkov/azurerm/DataFactoryUsesGitRepository.azapi.mock.json.bak deleted file mode 100644 index 157ddd2..0000000 --- a/policy/checkov/azurerm/DataFactoryUsesGitRepository.azapi.mock.json.bak +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mock" : { - "default": { -"resource_changes":[{"address":"azurerm_data_factory.example","mode":"managed","type":"azapi_resource","changes":{"actions":["create"],"after":{"type":"Microsoft.DataFactory/factories/2018-06-01"}}}]} - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/DatabricksWorkspaceIsNotPublic.azapi.mock.json.bak b/policy/checkov/azurerm/DatabricksWorkspaceIsNotPublic.azapi.mock.json.bak deleted file mode 100644 index aa482a2..0000000 --- a/policy/checkov/azurerm/DatabricksWorkspaceIsNotPublic.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_databricks_workspace.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Databricks/workspaces/2024-05-01", - "body": { - "properties": { - "publicNetworkAccess": "Disabled" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/EventgridDomainNetworkAccess.azapi.mock.json.bak b/policy/checkov/azurerm/EventgridDomainNetworkAccess.azapi.mock.json.bak deleted file mode 100644 index 8217e0a..0000000 --- a/policy/checkov/azurerm/EventgridDomainNetworkAccess.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_eventgrid_domain.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.EventGrid/domains/2022-06-15", - "body": { - "properties": { - "publicNetworkAccess": "Disabled" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/FrontDoorWAFACLCVE202144228.azapi.mock.json.bak b/policy/checkov/azurerm/FrontDoorWAFACLCVE202144228.azapi.mock.json.bak deleted file mode 100644 index 3cdec81..0000000 --- a/policy/checkov/azurerm/FrontDoorWAFACLCVE202144228.azapi.mock.json.bak +++ /dev/null @@ -1,36 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_frontdoor_firewall_policy.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Network/frontDoorWebApplicationFirewallPolicies/2020-04-01", - "body": { - "properties": { - "managedRules": { - "managedRuleSets": [{ - "ruleGroupOverrides": [{ - "ruleGroupName": "JAVA", - "rules": [{ - "action": "Block", - "enabledState": "Enabled", - "ruleId": "944240" - }] - }], - "ruleSetType": "Microsoft_DefaultRuleSet" - }] - } - } - } - } - } - }] - } - } -} diff --git a/policy/checkov/azurerm/KeyVaultEnablesFirewallRulesSettings.azapi.mock.json.bak b/policy/checkov/azurerm/KeyVaultEnablesFirewallRulesSettings.azapi.mock.json.bak deleted file mode 100644 index b72bec6..0000000 --- a/policy/checkov/azurerm/KeyVaultEnablesFirewallRulesSettings.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_key_vault.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.KeyVault/vaults/2023-02-01", - "body": { - "properties": { - "networkAcls": { - "defaultAction": "Deny" - } - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/KeyVaultEnablesPurgeProtection.azapi.mock.json.bak b/policy/checkov/azurerm/KeyVaultEnablesPurgeProtection.azapi.mock.json.bak deleted file mode 100644 index e402c0f..0000000 --- a/policy/checkov/azurerm/KeyVaultEnablesPurgeProtection.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [ - { - "address": "azurerm_key_vault.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.KeyVault/vaults/2023-02-01", - "body":{ - "properties": { - "enablePurgeProtection": true - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/KeyVaultEnablesSoftDelete.azapi.mock.json.bak b/policy/checkov/azurerm/KeyVaultEnablesSoftDelete.azapi.mock.json.bak deleted file mode 100644 index 32708a5..0000000 --- a/policy/checkov/azurerm/KeyVaultEnablesSoftDelete.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [ - { - "address": "azurerm_key_vault.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.KeyVault/vaults/2023-02-01", - "body": { - "properties": { - "enableSoftDelete": true - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/MSSQLServerAuditPolicyLogMonitor.azapi.mock.json.bak b/policy/checkov/azurerm/MSSQLServerAuditPolicyLogMonitor.azapi.mock.json.bak deleted file mode 100644 index 9bd1395..0000000 --- a/policy/checkov/azurerm/MSSQLServerAuditPolicyLogMonitor.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_mssql_database_extended_auditing_policy.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Sql/servers/databases/extendedAuditingSettings/2023-08-01-preview", - "body": { - "properties": { - "isAzureMonitorTargetEnabled": true - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/MariaDBGeoBackupEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/MariaDBGeoBackupEnabled.azapi.mock.json.bak deleted file mode 100644 index aacafb8..0000000 --- a/policy/checkov/azurerm/MariaDBGeoBackupEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_resource_group.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Resources/resourceGroups/2020-06-01" - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/MySQLEncryptionEnaled.azapi.mock.json.bak b/policy/checkov/azurerm/MySQLEncryptionEnaled.azapi.mock.json.bak deleted file mode 100644 index 1a7e39e..0000000 --- a/policy/checkov/azurerm/MySQLEncryptionEnaled.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_mysql_flexible_server.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforMySQL/flexibleServers/2023-12-30", - "body": { - "properties": { - "dataEncryption": { - "type": "SystemManaged" - } - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/MySQLServerMinTLSVersion.azapi.mock.json.bak b/policy/checkov/azurerm/MySQLServerMinTLSVersion.azapi.mock.json.bak deleted file mode 100644 index 4ad64e0..0000000 --- a/policy/checkov/azurerm/MySQLServerMinTLSVersion.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_mysql_flexible_server.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforMySQL/flexibleServers/2023-12-30", - "body": { - "properties": { - "administratorLogin": "adminTerraform", - "administratorLoginPassword": "QAZwsx123", - "version": "8.0.21" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/NSGRuleHTTPAccessRestricted.azapi.mock.json.bak b/policy/checkov/azurerm/NSGRuleHTTPAccessRestricted.azapi.mock.json.bak deleted file mode 100644 index 187dfc3..0000000 --- a/policy/checkov/azurerm/NSGRuleHTTPAccessRestricted.azapi.mock.json.bak +++ /dev/null @@ -1,23 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_network_security_rule.restricted_http_access", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": ["create"], - "after": { - "type": "Microsoft.Network/networkSecurityGroups/securityRules/2024-05-01", - "body": { - "properties": { - "access": "Deny", - "destinationPortRange": "80" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/NSGRulePortAccessRestricted.azapi.mock.json.bak b/policy/checkov/azurerm/NSGRulePortAccessRestricted.azapi.mock.json.bak deleted file mode 100644 index ec5a877..0000000 --- a/policy/checkov/azurerm/NSGRulePortAccessRestricted.azapi.mock.json.bak +++ /dev/null @@ -1,57 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_network_security_group.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Network/networkSecurityGroups/2024-05-01", - "body": { - "properties": { - "securityRules": [{ - "name": "allow_https", - "properties": { - "access": "Allow", - "destinationAddressPrefix": "*", - "destinationPortRange": "443", - "direction": "Inbound", - "protocol": "Tcp", - "sourceAddressPrefix": "*", - "sourcePortRange": "*" - } - }, { - "name": "allow_ssh", - "properties": { - "access": "Deny", - "destinationAddressPrefix": "*", - "destinationPortRange": "22", - "direction": "Inbound", - "protocol": "Tcp", - "sourceAddressPrefix": "10.0.0.0/24", - "sourcePortRange": "*" - } - }, { - "name": "allow_http", - "properties": { - "access": "Allow", - "destinationAddressPrefix": "*", - "destinationPortRange": "80", - "direction": "Inbound", - "protocol": "Tcp", - "sourceAddressPrefix": "*", - "sourcePortRange": "*" - } - }] - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/NSGRuleRDPAccessRestricted.azapi.mock.json.bak b/policy/checkov/azurerm/NSGRuleRDPAccessRestricted.azapi.mock.json.bak deleted file mode 100644 index 8459c10..0000000 --- a/policy/checkov/azurerm/NSGRuleRDPAccessRestricted.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_network_security_rule.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Network/networkSecurityGroups/securityRules/2024-05-01", - "body": { - "properties": { - "access": "Allow", - "destinationPortRange": "80", - "direction": "Inbound" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/NSGRuleSSHAccessRestricted.azapi.mock.json.bak b/policy/checkov/azurerm/NSGRuleSSHAccessRestricted.azapi.mock.json.bak deleted file mode 100644 index 9bd3605..0000000 --- a/policy/checkov/azurerm/NSGRuleSSHAccessRestricted.azapi.mock.json.bak +++ /dev/null @@ -1,29 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_network_security_rule.deny_ssh", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Network/networkSecurityGroups/securityRules/2024-05-01", - "body": { - "properties": { - "access": "Deny", - "destinationAddressPrefix": "*", - "destinationPortRange": "*", - "direction": "Inbound", - "protocol": "Tcp", - "sourceAddressPrefix": "10.0.0.0/24" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/NSGRuleUDPAccessRestricted.azapi.mock.json.bak b/policy/checkov/azurerm/NSGRuleUDPAccessRestricted.azapi.mock.json.bak deleted file mode 100644 index b1f6380..0000000 --- a/policy/checkov/azurerm/NSGRuleUDPAccessRestricted.azapi.mock.json.bak +++ /dev/null @@ -1,40 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_network_security_group.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Network/networkSecurityGroups/2024-05-01", - "body": { - "properties": { - "securityRules": [{ - "name": "deny-udp-from-internet", - "properties": { - "access": "Deny", - "direction": "Inbound", - "protocol": "Udp", - "sourceAddressPrefix": "0.0.0.0/0" - } - }, { - "name": "allow-udp-from-vnet", - "properties": { - "access": "Allow", - "direction": "Inbound", - "protocol": "Udp", - "sourceAddressPrefix": "VirtualNetwork" - } - }] - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgreSQLEncryptionEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/PostgreSQLEncryptionEnabled.azapi.mock.json.bak deleted file mode 100644 index c5cf063..0000000 --- a/policy/checkov/azurerm/PostgreSQLEncryptionEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_postgresql_server.example", - "mode": "managed", - "type": "azapi_resource", - "change": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/servers/2017-12-01", - "body": { - "properties": { - "infrastructureEncryption": "Enabled" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgreSQLFlexiServerGeoBackupEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/PostgreSQLFlexiServerGeoBackupEnabled.azapi.mock.json.bak deleted file mode 100644 index f4131cf..0000000 --- a/policy/checkov/azurerm/PostgreSQLFlexiServerGeoBackupEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,28 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [ - { - "address": "azurerm_postgresql_flexible_server.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/flexibleServers/2023-06-01-preview", - "body": { - "properties": { - "backup": { - "geoRedundantBackup": "Enabled" - } - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgreSQLMinTLSVersion.azapi.mock.json.bak b/policy/checkov/azurerm/PostgreSQLMinTLSVersion.azapi.mock.json.bak deleted file mode 100644 index b9af0a8..0000000 --- a/policy/checkov/azurerm/PostgreSQLMinTLSVersion.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_postgresql_server.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/servers/2017-12-01", - "body": { - "properties": { - "minimalTlsVersion": "TLS1_2" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgreSQLServerConnectionThrottlingEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/PostgreSQLServerConnectionThrottlingEnabled.azapi.mock.json.bak deleted file mode 100644 index de59afa..0000000 --- a/policy/checkov/azurerm/PostgreSQLServerConnectionThrottlingEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_postgresql_configuration.connection_throttling", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/servers/configurations/2017-12-01" - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgreSQLServerLogCheckpointsEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/PostgreSQLServerLogCheckpointsEnabled.azapi.mock.json.bak deleted file mode 100644 index e7fdafe..0000000 --- a/policy/checkov/azurerm/PostgreSQLServerLogCheckpointsEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_postgresql_configuration.log_checkpoints", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/servers/configurations/2017-12-01" - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgreSQLServerLogConnectionsEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/PostgreSQLServerLogConnectionsEnabled.azapi.mock.json.bak deleted file mode 100644 index 6dd78bf..0000000 --- a/policy/checkov/azurerm/PostgreSQLServerLogConnectionsEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_postgresql_configuration.log_connections", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/servers/configurations/2017-12-01" - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgreSQLServerPublicAccessDisabled.azapi.mock.json.bak b/policy/checkov/azurerm/PostgreSQLServerPublicAccessDisabled.azapi.mock.json.bak deleted file mode 100644 index 2fe9b03..0000000 --- a/policy/checkov/azurerm/PostgreSQLServerPublicAccessDisabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_postgresql_server.example", - "mode": "managed", - "type": "azapi_resource", - "change": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/servers/2017-12-01", - "body": { - "properties": { - "publicNetworkAccess": "Disabled" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgreSQLServerSSLEnforcementEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/PostgreSQLServerSSLEnforcementEnabled.azapi.mock.json.bak deleted file mode 100644 index 0c5b9a3..0000000 --- a/policy/checkov/azurerm/PostgreSQLServerSSLEnforcementEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_postgresql_server.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/servers/2017-12-01", - "body": { - "properties": { - "sslEnforcement": "Enabled" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgresSQLTreatDetectionEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/PostgresSQLTreatDetectionEnabled.azapi.mock.json.bak deleted file mode 100644 index 0fcb34b..0000000 --- a/policy/checkov/azurerm/PostgresSQLTreatDetectionEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_postgresql_server.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/servers/2017-12-01", - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/PostgressSQLGeoBackupEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/PostgressSQLGeoBackupEnabled.azapi.mock.json.bak deleted file mode 100644 index e75be9b..0000000 --- a/policy/checkov/azurerm/PostgressSQLGeoBackupEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [ - { - "address": "azurerm_postgresql_server.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.DBforPostgreSQL/servers/2017-12-01", - "body": { - "properties": { - "geoRedundantBackup": "Enabled" - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/RedisCacheEnableNonSSLPort.azapi.mock.json.bak b/policy/checkov/azurerm/RedisCacheEnableNonSSLPort.azapi.mock.json.bak deleted file mode 100644 index d69ea06..0000000 --- a/policy/checkov/azurerm/RedisCacheEnableNonSSLPort.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_redis_cache.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Cache/redis/2024-03-01", - "body": { - "properties": { - "enableNonSslPort": false - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/RedisCacheMinTLSVersion.azapi.mock.json.bak b/policy/checkov/azurerm/RedisCacheMinTLSVersion.azapi.mock.json.bak deleted file mode 100644 index faf9f41..0000000 --- a/policy/checkov/azurerm/RedisCacheMinTLSVersion.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_redis_cache.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Cache/redis/2024-03-01", - "body": { - "properties": { - "minimumTlsVersion": "1.2" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/RedisCachePublicNetworkAccessEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/RedisCachePublicNetworkAccessEnabled.azapi.mock.json.bak deleted file mode 100644 index 57d71d2..0000000 --- a/policy/checkov/azurerm/RedisCachePublicNetworkAccessEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_redis_cache.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Cache/redis/2024-03-01", - "body": { - "properties": { - "publicNetworkAccess": "Disabled" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SQLServerEmailAlertsEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/SQLServerEmailAlertsEnabled.azapi.mock.json.bak deleted file mode 100644 index b889061..0000000 --- a/policy/checkov/azurerm/SQLServerEmailAlertsEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,27 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_mssql_server_security_alert_policy.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Sql/servers/securityAlertPolicies/2020-11-01-preview", - "body": { - "properties": { - "emailAddresses": [ - "admin@example.com", - "alerts@example.com" - ] - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SQLServerEmailAlertsToAdminsEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/SQLServerEmailAlertsToAdminsEnabled.azapi.mock.json.bak deleted file mode 100644 index e3718e1..0000000 --- a/policy/checkov/azurerm/SQLServerEmailAlertsToAdminsEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_mssql_server_security_alert_policy.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Sql/servers/securityAlertPolicies/2020-11-01-preview", - "body": { - "properties": { - "emailAccountAdmins": true - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SQLServerThreatDetectionTypes.azapi.mock.json.bak b/policy/checkov/azurerm/SQLServerThreatDetectionTypes.azapi.mock.json.bak deleted file mode 100644 index 966b222..0000000 --- a/policy/checkov/azurerm/SQLServerThreatDetectionTypes.azapi.mock.json.bak +++ /dev/null @@ -1,27 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_mssql_server_security_alert_policy.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Sql/servers/securityAlertPolicies/2020-11-01-preview", - "body": { - "properties": { - "retentionDays": 20, - "state": "Enabled", - "storageAccountAccessKey": "ZmFrZV9hY2Nlc3Nfa2V5", - "storageEndpoint": "https://myStorageAccount.blob.core.windows.net/" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SecurityCenterContactEmailAlert.azapi.mock.json.bak b/policy/checkov/azurerm/SecurityCenterContactEmailAlert.azapi.mock.json.bak deleted file mode 100644 index 2d8277a..0000000 --- a/policy/checkov/azurerm/SecurityCenterContactEmailAlert.azapi.mock.json.bak +++ /dev/null @@ -1,22 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_security_center_contact.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": ["create"], - "after": { - "type": "Microsoft.Security/securityContacts/2017-08-01-preview", - "body": { - "properties": { - "alertNotifications": "On" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SecurityCenterContactEmailAlertAdmins.azapi.mock.json.bak b/policy/checkov/azurerm/SecurityCenterContactEmailAlertAdmins.azapi.mock.json.bak deleted file mode 100644 index 48d40b9..0000000 --- a/policy/checkov/azurerm/SecurityCenterContactEmailAlertAdmins.azapi.mock.json.bak +++ /dev/null @@ -1,22 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_security_center_contact.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Security/securityContacts/2017-08-01-preview", - "properties": { - "alertsToAdmins": "On" - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SecurityCenterContactEmails.azapi.mock.json.bak b/policy/checkov/azurerm/SecurityCenterContactEmails.azapi.mock.json.bak deleted file mode 100644 index 86c2ac1..0000000 --- a/policy/checkov/azurerm/SecurityCenterContactEmails.azapi.mock.json.bak +++ /dev/null @@ -1,22 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_security_center_contact.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": ["create"], - "after": { - "type": "Microsoft.Security/securityContacts/2017-08-01-preview", - "body": { - "properties": { - "email": "contact@example.com" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SecurityCenterContactPhone.azapi.mock.json.bak b/policy/checkov/azurerm/SecurityCenterContactPhone.azapi.mock.json.bak deleted file mode 100644 index c120c06..0000000 --- a/policy/checkov/azurerm/SecurityCenterContactPhone.azapi.mock.json.bak +++ /dev/null @@ -1,21 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [ - { - "address": "azurerm_security_center_contact.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Security/securityContacts/2017-08-01-preview" - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SecurityCenterStandardPricing.azapi.mock.json.bak b/policy/checkov/azurerm/SecurityCenterStandardPricing.azapi.mock.json.bak deleted file mode 100644 index 1b80baa..0000000 --- a/policy/checkov/azurerm/SecurityCenterStandardPricing.azapi.mock.json.bak +++ /dev/null @@ -1,21 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [ - { - "address": "azurerm_security_center_subscription_pricing.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Security/pricings/2023-01-01" - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/StorageAccountDisablePublicAccess.azapi.mock.json.bak b/policy/checkov/azurerm/StorageAccountDisablePublicAccess.azapi.mock.json.bak deleted file mode 100644 index 22ec6f0..0000000 --- a/policy/checkov/azurerm/StorageAccountDisablePublicAccess.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [ - { - "address": "azurerm_storage_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Storage/storageAccounts/2023-05-01", - "body": { - "properties": { - "allowBlobPublicAccess": true - } - } - } - } - } - ] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/StorageAccountEnablesSecureTransfer.azapi.mock.json.bak b/policy/checkov/azurerm/StorageAccountEnablesSecureTransfer.azapi.mock.json.bak deleted file mode 100644 index f693dbb..0000000 --- a/policy/checkov/azurerm/StorageAccountEnablesSecureTransfer.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_storage_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Storage/storageAccounts/2023-05-01", - "body": { - "properties": { - "supportsHttpsTrafficOnly": true - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/StorageAccountLoggingQueueServiceEnabled.azapi.mock.json.bak b/policy/checkov/azurerm/StorageAccountLoggingQueueServiceEnabled.azapi.mock.json.bak deleted file mode 100644 index 3cc068c..0000000 --- a/policy/checkov/azurerm/StorageAccountLoggingQueueServiceEnabled.azapi.mock.json.bak +++ /dev/null @@ -1,34 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_storage_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Storage/storageAccounts/2023-05-01", - "body": { - "kind": "StorageV2", - "properties": { - "encryption": { - "services": { - "queue": { - "keyType": "Service" - }, - "table": { - "keyType": "Service" - } - } - } - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/StorageAccountMinimumTlsVersion.azapi.mock.json.bak b/policy/checkov/azurerm/StorageAccountMinimumTlsVersion.azapi.mock.json.bak deleted file mode 100644 index eb3624c..0000000 --- a/policy/checkov/azurerm/StorageAccountMinimumTlsVersion.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_storage_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Storage/storageAccounts/2023-05-01", - "body": { - "properties": { - "minimumTlsVersion": "TLS1_2" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/StorageAccountName.azapi.mock.json.bak b/policy/checkov/azurerm/StorageAccountName.azapi.mock.json.bak deleted file mode 100644 index 4294405..0000000 --- a/policy/checkov/azurerm/StorageAccountName.azapi.mock.json.bak +++ /dev/null @@ -1,19 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_storage_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Storage/storageAccounts/2023-05-01" - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/StorageAccountsTransportEncryption.azapi.mock.json.bak b/policy/checkov/azurerm/StorageAccountsTransportEncryption.azapi.mock.json.bak deleted file mode 100644 index 18dafc1..0000000 --- a/policy/checkov/azurerm/StorageAccountsTransportEncryption.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_storage_account.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Storage/storageAccounts/2023-05-01", - "body": { - "properties": { - "supportsHttpsTrafficOnly": true - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/StorageBlobServiceContainerPrivateAccess.azapi.mock.json.bak b/policy/checkov/azurerm/StorageBlobServiceContainerPrivateAccess.azapi.mock.json.bak deleted file mode 100644 index 56fafad..0000000 --- a/policy/checkov/azurerm/StorageBlobServiceContainerPrivateAccess.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [{ - "address": "azurerm_storage_container.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Storage/storageAccounts/blobServices/containers/2023-05-01", - "body": { - "properties": { - "publicAccess": "None" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/StorageSyncPublicAccessDisabled.azapi.mock.json.bak b/policy/checkov/azurerm/StorageSyncPublicAccessDisabled.azapi.mock.json.bak deleted file mode 100644 index 13595c1..0000000 --- a/policy/checkov/azurerm/StorageSyncPublicAccessDisabled.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_storage_sync.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.StorageSync/storageSyncServices/2020-03-01", - "body": { - "properties": { - "incomingTrafficPolicy": "AllowVirtualNetworksOnly" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SynapseWorkspaceEnablesDataExfilProtection.azapi.mock.json.bak b/policy/checkov/azurerm/SynapseWorkspaceEnablesDataExfilProtection.azapi.mock.json.bak deleted file mode 100644 index cce34d0..0000000 --- a/policy/checkov/azurerm/SynapseWorkspaceEnablesDataExfilProtection.azapi.mock.json.bak +++ /dev/null @@ -1,26 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_synapse_workspace.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Synapse/workspaces/2021-06-01", - "body": { - "properties": { - "managedVirtualNetworkSettings": { - "preventDataExfiltration": true - } - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/SynapseWorkspaceEnablesManagedVirtualNetworks.azapi.mock.json.bak b/policy/checkov/azurerm/SynapseWorkspaceEnablesManagedVirtualNetworks.azapi.mock.json.bak deleted file mode 100644 index c889f25..0000000 --- a/policy/checkov/azurerm/SynapseWorkspaceEnablesManagedVirtualNetworks.azapi.mock.json.bak +++ /dev/null @@ -1,24 +0,0 @@ -{ - "mock" : { - "default": { - "resource_changes": [{ - "address": "azurerm_synapse_workspace.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Synapse/workspaces/2021-06-01", - "body": { - "properties": { - "managedVirtualNetwork": "default" - } - } - } - } - }] - } - } -} \ No newline at end of file diff --git a/policy/checkov/azurerm/VMDisablePasswordAuthentication.azapi.mock.json.bak b/policy/checkov/azurerm/VMDisablePasswordAuthentication.azapi.mock.json.bak deleted file mode 100644 index ad9d205..0000000 --- a/policy/checkov/azurerm/VMDisablePasswordAuthentication.azapi.mock.json.bak +++ /dev/null @@ -1,47 +0,0 @@ -{ - "mock": { - "default": { - "resource_changes": [ - { - "address": "azurerm_linux_virtual_machine_scale_set.example", - "mode": "managed", - "type": "azapi_resource", - "changes": { - "actions": [ - "create" - ], - "after": { - "type": "Microsoft.Compute/virtualMachineScaleSets/2024-07-01", - "body": { - "location": "westeurope", - "properties": { - "virtualMachineProfile": { - "osProfile": { - "adminUsername": "adminuser", - "linuxConfiguration": { - "disablePasswordAuthentication": true, - "ssh": { - "publicKeys": [ - { - "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+wWK73dCr+jgQOAxNsHAnNNNMEMWOHYEccp6wJm2gotpr9katuF/ZAdou5AaW1C61slRkHRkpRRX9FA9CYBiitZgvCCz+3nWNN7l/Up54Zps/pHWGZLHNJZRYyAB6j5yVLMVHIHriY49d/GZTZVNB8GoJv9Gakwc/fuEZYYl4YDFiGMBP///TzlI4jhiJzjKnEvqPFki5p2ZRJqcbCiF4pJrxUQR/RXqVFQdbRLZgYfJ8xGB878RENq3yQ39d8dVOkq4edbkzwcUmwwwkYVPIoDGsYLaRHnG+To7FvMeyO7xDVQkMKzopTQV8AuKpyvpqu0a9pWOMaiCyDytO7GGN you@me.com", - "path": "/home/adminuser/.ssh/authorized_keys" - } - ] - } - } - }, - }, - }, - "sku": { - "capacity": 1, - "name": "Standard_F2", - "tier": "Standard" - } - } - } - } - } - ] - } - } -} \ No newline at end of file