Policy Setting: Azure > Compute > Virtual Machine > Approved > Custom
Policies
This policy setting is dependent on the following policy types:
Source
resource "turbot_policy_setting" "azure_compute_virtual_machine_approved_custom" { resource = turbot_policy_pack.main.id type = "tmod:@turbot/azure-compute#/policy/types/virtualMachineApprovedCustom" note = "Azure CIS v2.0.0 - Control: 7.2, 7.5 and 7.6" template_input = <<-EOT { approvedExtensions: constant(value: "['MDE.Linux', 'extension2']") virtualMachine { name extensions: get(path: "resources") managedDiskId: get(path: "storageProfile.osDisk.managedDisk.id") } } EOT template = <<-EOT {% set results = [] -%}
{%- if $.virtualMachine.managedDiskId == "" or $.virtualMachine.managedDiskId == null -%}
{%- set data = { "title": "Managed Disk", "result": "Not approved", "message": $.virtualMachine.name + " is not using managed disks" } -%}
{%- elif $.virtualMachine.managedDiskId -%}
{%- set data = { "title": "Managed Disk", "result": "Approved", "message": $.virtualMachine.name + " is using managed disks" } -%}
{%- else -%}
{%- set data = { "title": "Managed Disk", "result": "Skip", "message": "No data for managed disks yet" } -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{%- if $.virtualMachine.extensions -%}
{%- for extension in $.virtualMachine.extensions -%}
{%- if extension.name in $.approvedExtensions -%}
{% set data = { "title": extension.name, "result": "Approved", "message": extension.name + " is installed" } -%}
{%- else -%}
{% set data = { "title": extension.name, "result": "Not approved", "message": extension.name + " is not installed" } -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{% endfor -%}
{%- else -%}
{%- set data = { "title": "Extensions", "result": "Skip", "message": "No data for extensions yet" } -%}
{% endif -%}
{% set results = results.concat(data) -%}
{{ results | json }} EOT}