Skip to content

Commit

Permalink
disk encryption set
Browse files Browse the repository at this point in the history
  • Loading branch information
@JamesWoolfenden
JamesWoolfenden committed Dec 16, 2022
1 parent 81a8d3d commit 2a84301
Show file tree
Hide file tree
Showing 6 changed files with 49 additions and 19 deletions.
1 change: 1 addition & 0 deletions src/azure.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ func GetAZUREResourcePermissions(result ResourceV2) ([]string, error) {
"azurerm_security_center_workspace": azurermSecurityCenterWorkspace,
"azurerm_log_analytics_solution": azurermLogAnalyticsSolution,
"azurerm_role_assignment": azurermRoleAssignment,
"azurerm_disk_encryption_set": azurermDiskEncryptionSet,
}

var Permissions []string
Expand Down
3 changes: 3 additions & 0 deletions src/files_azure.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,3 +132,6 @@ var azurermLogAnalyticsSolution []byte

//go:embed mapping/azurerm/resource/authorization/azurerm_role_assignment.json
var azurermRoleAssignment []byte

//go:embed mapping/azurerm/resource/compute/azurerm_disk_encryption_set.json
var azurermDiskEncryptionSet []byte
18 changes: 18 additions & 0 deletions src/mapping/azurerm/resource/compute/azurerm_disk_encryption_set.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
[
{
"apply": [
"Microsoft.Compute/diskEncryptionSets/write",
"Microsoft.Compute/diskEncryptionSets/delete",
"Microsoft.Compute/diskEncryptionSets/read",
"Microsoft.KeyVault/vaults/read"
],
"attributes": {
"tags": []
},
"destroy": [
"Microsoft.Compute/diskEncryptionSets/delete"
],
"modify": [],
"plan": []
}
]
16 changes: 16 additions & 0 deletions terraform/azurerm/backup/azurerm_disk_encryption_set.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
resource "azurerm_disk_encryption_set" "pike" {
name = "pike"
resource_group_name = "pike"
location = "uksouth"
key_vault_key_id = data.azurerm_key_vault_key.pike.id

identity {
type = "SystemAssigned"
}
}

data "azurerm_key_vault_key" "pike" {

key_vault_id = "/subscriptions/037ce662-dfc1-4b8b-a8a7-6c414b540ed6/resourceGroups/pike/providers/Microsoft.KeyVault/vaults/pike"
name = "pike"
}
15 changes: 4 additions & 11 deletions terraform/azurerm/role/azurerm_role_definition.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,10 @@ resource "azurerm_role_definition" "example" {

permissions {
actions = [
#analytics
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationsManagement/solutions/write",
"Microsoft.OperationsManagement/solutions/delete",

"Microsoft.Resources/subscriptions/providers/read",

#role
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete"
"Microsoft.Compute/diskEncryptionSets/write",
"Microsoft.Compute/diskEncryptionSets/delete",
"Microsoft.Compute/diskEncryptionSets/read",
"Microsoft.KeyVault/vaults/read"
]
not_actions = []
}
Expand Down
15 changes: 7 additions & 8 deletions todo_azure.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# todo

./resource.ps1 azurerm_kubernetes_cluster
./resource.ps1 azurerm_kusto_server
./resource.ps1 azurerm_mssql_database
./resource.ps1 azurerm_mssql_database_extended_auditing_policy
./resource.ps1 azurerm_mssql_database_vulnerability_assessment_rule_baseline
Expand All @@ -16,26 +18,23 @@
./resource.ps1 azurerm_mssql_managed_instance_transparent_data_encryption
./resource.ps1 azurerm_mssql_managed_instance_vulnerability_assessment
./resource.ps1 azurerm_mssql_outbound_firewall_rule
./resource.ps1 azurerm_mssql_server_dns_alias
./resource.ps1 azurerm_mssql_server
./resource.ps1 azurerm_mssql_server_dns_alias
./resource.ps1 azurerm_mssql_server_microsoft_support_auditing_policy
./resource.ps1 azurerm_mssql_server_security_alert_policy
./resource.ps1 azurerm_mssql_server_transparent_data_encryption
./resource.ps1 azurerm_mssql_server_vulnerability_assessment
./resource.ps1 azurerm_mssql_virtual_machine
./resource.ps1 azurerm_mssql_virtual_network_rule
./resource.ps1 azurerm_mysql_database
./resource.ps1 azurerm_mysql_server
./resource.ps1 azurerm_mysql_flexible_server
./resource.ps1 azurerm_mysql_server
./resource.ps1 azurerm_postgresql_database
./resource.ps1 azurerm_postgresql_server
./resource.ps1 azurerm_sql_active_directory_administrator
./resource.ps1 azurerm_sql_database
./resource.ps1 azurerm_sql_server
./resource.ps1 azurerm_kusto_server
azurerm_disk_encryption_set
azurerm_kubernetes_cluster
./resource.ps1 azurerm_security_center_auto_provisioning
./resource.ps1 azurerm_security_center_automation
./resource.ps1 azurerm_security_center_subscription_pricing
./resource.ps1 azurerm_sql_active_directory_administrator
./resource.ps1 azurerm_sql_database
./resource.ps1 azurerm_sql_server
./resource.ps1 azurerm_subscription_policy_assignment

0 comments on commit 2a84301

Please sign in to comment.