AKS RBAC Disabled
- Query id: b2418936-cd47-4ea2-8346-623c0bdb87bd
- Query name: AKS RBAC Disabled
- Platform: Crossplane
- Severity: Medium
- Category: Access Control
- CWE: 311
- URL: Github
Description¶
Azure Container Service (AKS) instance should have role-based access control (RBAC) enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: compute.azure.crossplane.io/v1alpha3
kind: AKSCluster
metadata:
name: anais-crossplane-demo
spec:
location: eastus
version: "1.19.7"
nodeVMSize: Standard_D2_v2
resourceGroupNameRef:
name: anais-resource
dnsNamePrefix: dt
nodeCount: 2
disableRBAC: true
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: aks.multik8s.platformref.crossplane.io
labels:
provider: AZURE
spec:
compositeTypeRef:
apiVersion: multik8s.platformref.crossplane.io/v1alpha1
kind: AKS
resources:
- name: sample-ec2
base:
apiVersion: compute.azure.crossplane.io/v1alpha3
kind: AKSCluster
metadata:
name: anais-crossplane-demo
spec:
location: eastus
version: "1.19.7"
nodeVMSize: Standard_D2_v2
resourceGroupNameRef:
name: anais-resource
dnsNamePrefix: dt
nodeCount: 2
disableRBAC: true
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
apiVersion: compute.azure.crossplane.io/v1alpha3
kind: AKSCluster
metadata:
name: anais-crossplane-demo
spec:
location: eastus
version: "1.19.7"
nodeVMSize: Standard_D2_v2
resourceGroupNameRef:
name: anais-resource
dnsNamePrefix: dt
nodeCount: 2
disableRBAC: false
---
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: aks.multik8s.platformref.crossplane.io
labels:
provider: AZURE
spec:
compositeTypeRef:
apiVersion: multik8s.platformref.crossplane.io/v1alpha1
kind: AKS
resources:
- name: sample-ec2
base:
apiVersion: compute.azure.crossplane.io/v1alpha3
kind: AKSCluster
metadata:
name: anais-crossplane-demo
spec:
location: eastus
version: "1.19.7"
nodeVMSize: Standard_D2_v2
resourceGroupNameRef:
name: anais-resource
dnsNamePrefix: dt
nodeCount: 2