Admin User Enabled For Container Registry

  • Query id: 29f35127-98e6-43af-8ec1-201b79f99604
  • Query name: Admin User Enabled For Container Registry
  • Platform: Ansible
  • Severity: High
  • Category: Access Control
  • URL: Github

Description

Admin user is enabled for Container Registry
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: Create an azure container registry
  azure.azcollection.azure_rm_containerregistry:
    name: myRegistry
    location: eastus
    resource_group: myResourceGroup
    admin_user_enabled: true
    sku: Premium
    tags:
      Release: beta1
      Environment: Production
- name: Create an azure container registry2
  azure.azcollection.azure_rm_containerregistry:
    name: myRegistry
    location: eastus
    resource_group: myResourceGroup
    admin_user_enabled: "true"
    sku: Premium
    tags:
      Release: beta1
      Environment: Production

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create an azure container registry
  azure.azcollection.azure_rm_containerregistry:
    name: myRegistry
    location: eastus
    resource_group: myResourceGroup
    admin_user_enabled: false
    sku: Premium
    tags:
      Release: beta1
      Environment: Production
- name: Create an azure container registry2
  azure.azcollection.azure_rm_containerregistry:
    name: myRegistry
    location: eastus
    resource_group: myResourceGroup
    admin_user_enabled: false
    sku: Premium
    tags:
      Release: beta1
      Environment: Production