Policy Setting: Azure > Key Vault > Vault > Approved > Custom
Policies
This policy setting is dependent on the following policy types:
Source
resource "turbot_policy_setting" "azure_keyvault_vault_approved_custom" { resource = turbot_policy_pack.main.id type = "tmod:@turbot/azure-keyvault#/policy/types/vaultApprovedCustom" note = "Azure CIS v2.0.0 - Control: 8.6 and 8.7" template_input = <<-EOT { vault { enableRbacAuthorization: get(path:"properties.enableRbacAuthorization"), privateEndpointConnections: get(path:"properties.privateEndpointConnections")
} } EOT template = <<-EOT {% set results = [] -%}
{%- if $.vault.enableRbacAuthorization == false -%}
{%- set data = { "title": "Role Based Access Control", "result": "Not approved", "message": "Role based access control is disabled" } -%}
{%- elif $.vault.enableRbacAuthorization == false -%}
{%- set data = { "title": "Role Based Access Control", "result": "Approved", "message": "Role based access control is enabled" } -%}
{%- else -%}
{%- set data = { "title": "Role Based Access Control", "result": "Skip", "message": "No data for role based access control yet" } -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{%- if $.vault.privateEndpointConnections == null -%}
{%- set data = { "title": "Private Endpoint Connections", "result": "Not approved", "message": "Private endpoint connections are not used" } -%}
{%- else -%}
{%- set data = { "title": "Private Endpoint Connections", "result": "Approved", "message": "Private endpoint connections are used" } -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{{ results | json }} EOT}