Azure Active Directory Authentication
- Query id: a21c8da9-41bf-40cf-941d-330cf0d11fc7
- Query name: Azure Active Directory Authentication
- Platform: Terraform
- Severity: Low
- Category: Access Control
- URL: Github
Description¶
Azure Active Directory must be used for authentication for Service Fabric
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_service_fabric_cluster" "positive1" {
name = "example-servicefabric"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
reliability_level = "Bronze"
upgrade_mode = "Manual"
cluster_code_version = "7.1.456.959"
vm_image = "Windows"
management_endpoint = "https://example:80"
node_type {
name = "first"
instance_count = 3
is_primary = true
client_endpoint_port = 2020
http_endpoint_port = 80
}
azure_active_directory {
cluster_application_id = "id"
client_application_id = "id"
}
}
Positive test num. 2 - tf file
resource "azurerm_service_fabric_cluster" "positive2" {
name = "example-servicefabric"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
reliability_level = "Bronze"
upgrade_mode = "Manual"
cluster_code_version = "7.1.456.959"
vm_image = "Windows"
management_endpoint = "https://example:80"
node_type {
name = "first"
instance_count = 3
is_primary = true
client_endpoint_port = 2020
http_endpoint_port = 80
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_service_fabric_cluster" "negative" {
name = "example-servicefabric"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
reliability_level = "Bronze"
upgrade_mode = "Manual"
cluster_code_version = "7.1.456.959"
vm_image = "Windows"
management_endpoint = "https://example:80"
node_type {
name = "first"
instance_count = 3
is_primary = true
client_endpoint_port = 2020
http_endpoint_port = 80
}
azure_active_directory {
tenant_id = "id"
cluster_application_id = "id"
client_application_id = "id"
}
}