Policy Setting: Azure > App Service > Web App > Approved > Custom
Policies
This policy setting is dependent on the following policy types:
Source
resource "turbot_policy_setting" "azure_appservice_webapp_approved_custom" { resource = turbot_policy_pack.main.id type = "tmod:@turbot/azure-appservice#/policy/types/webAppApprovedCustom" note = "Azure CIS v2.0.0 - Control: 9.1, 9.6, 9.7 and 9.8" template_input = <<-EOT { outdatedJavaVersions: constant(value: "['8', '11']") outdatedPhpVersions: constant(value: "['5.6', '7.0', '7.1', '7.2', '7.3']") outdatedPythonVersions: constant(value: "['2.7', '3.4', '3.5', '3.6']") webApp { appServiceAuth: get(path:"authSettings.enabled"), javaVersion: get(path:"configuration.javaVersion"), phpVersion: get(path:"configuration.phpVersion"), pythonVersion: get(path:"configuration.pythonVersion") } } EOT template = <<-EOT {% set results = [] -%}
{%- if $.webApp.appServiceAuth == false -%}
{%- set data = { "title": "App Service authentication", "result": "Not approved", "message": "App Service authentication is disabled" } -%}
{%- elif $.webApp.appServiceAuth == true -%}
{%- set data = { "title": "App Service Authentication", "result": "Approved", "message": "App Service authentication is enabled" } -%}
{%- else -%}
{%- set data = { "title": "App Service Authentication", "result": "Skip", "message": "No data for authentication yet" } -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{%- if $.webApp.javaVersion in $.outdatedJavaVersions -%}
{%- set data = { "title": "Java Version", "result": "Not approved", "message": "Web App is running with outdated Java version" } -%}
{%- elif $.webApp.javaVersion -%}
{%- set data = { "title": "Java Version", "result": "Approved", "message": "Web App is running on a latest Java version" } -%}
{%- else -%}
{%- set data = { "title": "Java Version", "result": "Skip", "message": "No data for web app yet" } -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{%- if $.webApp.phpVersion in $.outdatedPhpVersions -%}
{%- set data = { "title": "PHP Version", "result": "Not approved", "message": "Web App is running with outdated PHP version" } -%}
{%- elif $.webApp.phpVersion -%}
{%- set data = { "title": "PHP Version", "result": "Approved", "message": "Web App is running on a latest PHP version" } -%}
{%- else -%}
{%- set data = { "title": "PHP Version", "result": "Skip", "message": "No data for web app yet" } -%}
{%- endif -%}
{% set results = results.concat(data) -%}
{%- if $.webApp.pythonVersion in $.outdatedPythonVersions -%}
{%- set data = { "title": "Python Version", "result": "Not approved", "message": "Web App is running with outdated Python version" } -%}
{%- elif $.webApp.pythonVersion -%}
{%- set data = { "title": "Python Version", "result": "Approved", "message": "Web App is running on a latest Python version" } -%}
{%- else -%}
{%- set data = { "title": "Python Version", "result": "Skip", "message": "No data for web app yet" } -%}
{%- endif -%}
{% set results = results.concat(data) -%} {{ results | json }} EOT}