Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add metadata tags for each pillar #1772

Closed
BernieWhite opened this issue Oct 9, 2022 · 0 comments · Fixed by #2707
Closed

Add metadata tags for each pillar #1772

BernieWhite opened this issue Oct 9, 2022 · 0 comments · Fixed by #2707
Assignees
@BernieWhite
Labels
enhancement New feature or request long-term Long term milestones that will be released over multiple releases.
Milestone
v1.34.0

Comments

@BernieWhite
Copy link
Collaborator

BernieWhite commented Oct 9, 2022
edited

This update adds a new tag Azure.WAF/pillar to each rule which is set to the WAF pillar.

Why are we doing this:

  • This will allow customers to create WAF pillar specific baselines.
  • PSRule for Azure intends to ship a managed quarterly baseline containing only security rules. Add baseline for Security pillar rules #1633
  • Improve the ability to provide PSRule for Azure recommendations in other languages.

To make this happen we will be updating all rules with this tag starting with the Security pillar.

Longer term we expect to remove the existing annotation for pillar. However in the short term both tag and annotation will exist.

Syntax:

Azure.WAF/pillar: 'Security'

For example, in YAML:

---
# Synopsis: Internet accessible Application Gateways should use protect endpoints with WAF.
apiVersion: github.com/microsoft/PSRule/v1
kind: Rule
metadata:
  name: Azure.AppGw.UseWAF
  ref: AZR-000063
  tags:
    release: 'GA'
    ruleSet: '2020_06'
    Azure.WAF/pillar: 'Security'
  labels:
    Azure.ASB.v3/control: 'NS-6'
spec:
  with:
  - Azure.IsAppGwPublic
  condition:
    field: properties.sku.tier
    in:
    - WAF
    - WAF_v2

For example in PowerShell:

# Synopsis: App Service should reject TLS versions older then 1.2.
Rule 'Azure.AppService.MinTLS' -Ref 'AZR-000073' -Type 'Microsoft.Web/sites', 'Microsoft.Web/sites/slots' -Tag @{ release = 'GA'; ruleSet = '2020_06'; 'Azure.WAF/pillar' = 'Security'; } -Labels @{ 'Azure.ASB.v3/control' = 'DP-3' } {
    $siteConfigs = @(GetWebSiteConfig);
    if ($siteConfigs.Length -eq 0) {
        return $Assert.
            HasFieldValue($TargetObject, 'properties.siteConfig.minTlsVersion', '1.2').
            ReasonFrom('properties.siteConfig.minTlsVersion', $LocalizedData.MinTLSVersion, $TargetObject.properties.siteConfig.minTlsVersion);
    }
    foreach ($siteConfig in $siteConfigs) {
        $path = $siteConfig._PSRule.path;
        $Assert.
            HasFieldValue($siteConfig, 'properties.minTlsVersion', '1.2').
            ReasonFrom('properties.minTlsVersion', $LocalizedData.MinTLSVersion, $siteConfig.properties.minTlsVersion).PathPrefix($path);
    }
}

Some of this work is already complete related to #1610
@BernieWhite BernieWhite added the enhancement New feature or request label Oct 9, 2022
@BernieWhite BernieWhite self-assigned this Oct 9, 2022
@BernieWhite BernieWhite pinned this issue Oct 9, 2022
BernieWhite added a commit to BernieWhite/PSRule.Rules.Azure that referenced this issue Dec 5, 2023
@BernieWhite
Quality documentation updates Azure#2570 Azure#1772
9149bdd
@BernieWhite BernieWhite mentioned this issue Dec 5, 2023
Merged
4 tasks
BernieWhite added a commit that referenced this issue Dec 5, 2023
@BernieWhite
Quality documentation updates #2570 #1772 (#2571)
a0bba0d 
* Quality documentation updates #2570 #1772

* Bump change log
@BernieWhite BernieWhite mentioned this issue Dec 8, 2023
Merged
4 tasks
@BernieWhite BernieWhite modified the milestones: v1.34.0, v1.32.0, v1.33.0 Dec 10, 2023
@BernieWhite BernieWhite mentioned this issue Dec 16, 2023
Merged
4 tasks
BernieWhite added a commit to BernieWhite/PSRule.Rules.Azure that referenced this issue Jan 2, 2024
@BernieWhite
Quality updates to rule Azure#1772
641437c
@BernieWhite BernieWhite mentioned this issue Jan 2, 2024
Merged
8 tasks
BernieWhite added a commit that referenced this issue Jan 2, 2024
@BernieWhite
Quality updates to rule #1772 (#2623)
84e8c48 
* Quality updates to rule #1772

* Fix
@BernieWhite BernieWhite mentioned this issue Jan 11, 2024
Merged
4 tasks
@BernieWhite BernieWhite added the long-term Long term milestones that will be released over multiple releases. label Jan 17, 2024
@BernieWhite BernieWhite modified the milestones: v1.33.0, v1.34.0 Jan 17, 2024
@BernieWhite BernieWhite mentioned this issue Feb 5, 2024
Merged
4 tasks
BernieWhite added a commit to BernieWhite/PSRule.Rules.Azure that referenced this issue Feb 24, 2024
@BernieWhite
Azure Front Door updates to logging and docs Azure#2704 Azure#1772 Az…
3082734 
…ure#2570
@BernieWhite BernieWhite mentioned this issue Feb 24, 2024
Merged
8 tasks
BernieWhite added a commit that referenced this issue Feb 24, 2024
@BernieWhite
Azure Front Door updates to logging and docs #2704 #1772 #2570 (#2705)
ffabce1
@BernieWhite BernieWhite mentioned this issue Feb 25, 2024
Merged
4 tasks
@BernieWhite BernieWhite unpinned this issue Feb 25, 2024
This was referenced Feb 27, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BernieWhite BernieWhite

Labels
enhancement New feature or request long-term Long term milestones that will be released over multiple releases.
Projects
None yet
Milestone
v1.34.0
Development

Successfully merging a pull request may close this issue.

Complete pillar metadata BernieWhite/PSRule.Rules.Azure
1 participant
@BernieWhite