ServiceNow CMDB CI relationship sync: faster, more complete →
Turbot Guardrails Hub 
Hub
Policy Packs
Azure CIS v2.0.0 - Section 1 - IAM
Overview
4
Policy Settings
0
Variables
DevelopersGithub

Policy Setting: Azure > Active Directory > User > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "azure_activedirectory_user_approved_custom" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/azure-activedirectory#/policy/types/userApprovedCustom"
  note           = "Azure CIS v2.0.0 - Control: 1.5"
  template_input = <<-EOT
    {
      user {
        userType: get(path: "userType")
        accountEnabled: get(path: "accountEnabled")
      }
    }
  EOT
  template       = <<-EOT
    {%- if $.user.userType == "Guest" and $.user.accountEnabled -%}


      {%- set data = {
          "title": "Guest User",
          "result": "Approved",
          "message": "Guest user is reviewed on a regular basis"
      } -%}


    {%- elif $.user.userType == "Guest" and not $.user.accountEnabled -%}


      {%- set data = {
          "title": "Guest User",
          "result": "Not approved",
          "message": "Guest user is not reviewed on a regular basis"
      } -%}


    {%- else -%}


      {%- set data = {
          "title": "Guest User",
          "result": "Skip",
          "message": "No data for guest user yet"
      } -%}


    {%- endif -%}
    {{ data | json }}
  EOT
}