ServiceNow CMDB CI relationship sync: faster, more complete →
Policy Packs
Azure CIS v2.0.0 - Section 9 - App Service

Policy Setting: Azure > App Service > Web App > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

Source

resource "turbot_policy_setting" "azure_appservice_webapp_approved_custom" {
resource = turbot_policy_pack.main.id
type = "tmod:@turbot/azure-appservice#/policy/types/webAppApprovedCustom"
note = "Azure CIS v2.0.0 - Control: 9.1, 9.6, 9.7 and 9.8"
template_input = <<-EOT
{
outdatedJavaVersions: constant(value: "['8', '11']")
outdatedPhpVersions: constant(value: "['5.6', '7.0', '7.1', '7.2', '7.3']")
outdatedPythonVersions: constant(value: "['2.7', '3.4', '3.5', '3.6']")
webApp {
appServiceAuth: get(path:"authSettings.enabled"),
javaVersion: get(path:"configuration.javaVersion"),
phpVersion: get(path:"configuration.phpVersion"),
pythonVersion: get(path:"configuration.pythonVersion")
}
}
EOT
template = <<-EOT
{% set results = [] -%}
{%- if $.webApp.appServiceAuth == false -%}
{%- set data = {
"title": "App Service authentication",
"result": "Not approved",
"message": "App Service authentication is disabled"
} -%}
{%- elif $.webApp.appServiceAuth == true -%}
{%- set data = {
"title": "App Service Authentication",
"result": "Approved",
"message": "App Service authentication is enabled"
} -%}
{%- else -%}
{%- set data = {
"title": "App Service Authentication",
"result": "Skip",
"message": "No data for authentication yet"
} -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{%- if $.webApp.javaVersion in $.outdatedJavaVersions -%}
{%- set data = {
"title": "Java Version",
"result": "Not approved",
"message": "Web App is running with outdated Java version"
} -%}
{%- elif $.webApp.javaVersion -%}
{%- set data = {
"title": "Java Version",
"result": "Approved",
"message": "Web App is running on a latest Java version"
} -%}
{%- else -%}
{%- set data = {
"title": "Java Version",
"result": "Skip",
"message": "No data for web app yet"
} -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{%- if $.webApp.phpVersion in $.outdatedPhpVersions -%}
{%- set data = {
"title": "PHP Version",
"result": "Not approved",
"message": "Web App is running with outdated PHP version"
} -%}
{%- elif $.webApp.phpVersion -%}
{%- set data = {
"title": "PHP Version",
"result": "Approved",
"message": "Web App is running on a latest PHP version"
} -%}
{%- else -%}
{%- set data = {
"title": "PHP Version",
"result": "Skip",
"message": "No data for web app yet"
} -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{%- if $.webApp.pythonVersion in $.outdatedPythonVersions -%}
{%- set data = {
"title": "Python Version",
"result": "Not approved",
"message": "Web App is running with outdated Python version"
} -%}
{%- elif $.webApp.pythonVersion -%}
{%- set data = {
"title": "Python Version",
"result": "Approved",
"message": "Web App is running on a latest Python version"
} -%}
{%- else -%}
{%- set data = {
"title": "Python Version",
"result": "Skip",
"message": "No data for web app yet"
} -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{{ results | json }}
EOT
}