Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update main.tf #14

Open
wants to merge 3 commits into
base: azure-template
Choose a base branch
from
Open

Update main.tf #14

wants to merge 3 commits into from
+28 −0

Conversation

omry-hay
Copy link
Owner

No description provided.

@env0-dev
Copy link

env0-dev bot commented Apr 10, 2022
edited
Loading

🚀  env0 had composed a PR Plan for environment My First Project / Azure Tempalte-25130:

Plan: 1 to add, 0 to change, 0 to destroy.
Plan Details 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:


  # azurerm_app_service.dockerapp2 will be created
  + resource "azurerm_app_service" "dockerapp2" {
      + app_service_plan_id            = "/subscriptions/b48787a1-7145-425f-99af-62cde6c50e31/resourceGroups/env0v1v5-Socks-group/providers/Microsoft.Web/serverfarms/env0v1v5-Socks-group-plan"
      + app_settings                   = {
          + "CLIENT_LOGO_URL"                     = "https://www.jojomamanbebe.com/media/catalog/product/cache/1/image/1000x/cc44d3b39965d3efd15a8158cb2fdfb4/d/2/d2617redc4.jpg"
          + "CLIENT_NAME"                         = "Socks"
          + "WEBSITES_ENABLE_APP_SERVICE_STORAGE" = "false"
        }
      + client_affinity_enabled        = (known after apply)
      + default_site_hostname          = (known after apply)
      + enabled                        = true
      + https_only                     = false
      + id                             = (known after apply)
      + location                       = "northeurope"
      + name                           = "env0v1v5-Socks-group-app-2"
      + outbound_ip_addresses          = (known after apply)
      + possible_outbound_ip_addresses = (known after apply)
      + resource_group_name            = "env0v1v5-Socks-group"
      + site_credential                = (known after apply)
      + source_control                 = (known after apply)
      + tags                           = (known after apply)

      + auth_settings {
          + additional_login_params        = (known after apply)
          + allowed_external_redirect_urls = (known after apply)
          + default_provider               = (known after apply)
          + enabled                        = (known after apply)
          + issuer                         = (known after apply)
          + runtime_version                = (known after apply)
          + token_refresh_extension_hours  = (known after apply)
          + token_store_enabled            = (known after apply)
          + unauthenticated_client_action  = (known after apply)

          + active_directory {
              + allowed_audiences = (known after apply)
              + client_id         = (known after apply)
              + client_secret     = (sensitive value)
            }

          + facebook {
              + app_id       = (known after apply)
              + app_secret   = (sensitive value)
              + oauth_scopes = (known after apply)
            }

          + google {
              + client_id     = (known after apply)
              + client_secret = (sensitive value)
              + oauth_scopes  = (known after apply)
            }

          + microsoft {
              + client_id     = (known after apply)
              + client_secret = (sensitive value)
              + oauth_scopes  = (known after apply)
            }

          + twitter {
              + consumer_key    = (known after apply)
              + consumer_secret = (sensitive value)
            }
        }

      + connection_string {
          + name  = (known after apply)
          + type  = (known after apply)
          + value = (sensitive value)
        }

      + identity {
          + principal_id = (known after apply)
          + tenant_id    = (known after apply)
          + type         = "SystemAssigned"
        }

      + logs {
          + application_logs {
              + azure_blob_storage {
                  + level             = (known after apply)
                  + retention_in_days = (known after apply)
                  + sas_url           = (sensitive value)
                }
            }

          + http_logs {
              + azure_blob_storage {
                  + retention_in_days = (known after apply)
                  + sas_url           = (sensitive value)
                }

              + file_system {
                  + retention_in_days = (known after apply)
                  + retention_in_mb   = (known after apply)
                }
            }
        }

      + site_config {
          + always_on                = true
          + dotnet_framework_version = "v4.0"
          + ftps_state               = (known after apply)
          + http2_enabled            = false
          + ip_restriction           = (known after apply)
          + linux_fx_version         = "DOCKER|env0/demo-container:latest"
          + local_mysql_enabled      = (known after apply)
          + managed_pipeline_mode    = (known after apply)
          + min_tls_version          = (known after apply)
          + remote_debugging_enabled = false
          + remote_debugging_version = (known after apply)
          + scm_type                 = "None"
          + websockets_enabled       = (known after apply)
          + windows_fx_version       = (known after apply)

          + cors {
              + allowed_origins     = (known after apply)
              + support_credentials = (known after apply)
            }
        }

      + storage_account {
          + access_key   = (sensitive value)
          + account_name = (known after apply)
          + mount_path   = (known after apply)
          + name         = (known after apply)
          + share_name   = (known after apply)
          + type         = (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + default_site_hostname2 = (known after apply)

Failed to calculate cost estimation

Full PR Plan logs on env0

@omry-hay
Update main.tf

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
5742df8
jit-ci[bot]
jit-ci bot reviewed Apr 10, 2022
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Jit has detected 2 important findings in this PR that you should review.
The findings are detailed below as separate comments.
It’s highly recommended that you fix these security issues before merge.

azure/main.tf
@@ -62,8 +62,36 @@ resource "azurerm_app_service" "dockerapp" {
}
}


resource "azurerm_app_service" "dockerapp2" {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Cloud Infrastructure Misconfiguration

Type: Azure App Service Client Certificate Disabled

Description: Azure App Service client certificate should be enabled

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_finding Ignore this specific single instance of finding
  • #jit_ignore_type_this_repo Ignore any finding of this type in this repo
  • #jit_undo_ignore Undo ignore command

azure/main.tf
@@ -62,8 +62,36 @@ resource "azurerm_app_service" "dockerapp" {
}
}


resource "azurerm_app_service" "dockerapp2" {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Cloud Infrastructure Misconfiguration

Type: Web App Accepting Traffic Other Than Https

Description: Web app should only accept HTTPS traffic in Azure Web App Service.

Severity: HIGH

Learn more about this issue

Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_finding Ignore this specific single instance of finding
  • #jit_ignore_type_this_repo Ignore any finding of this type in this repo
  • #jit_undo_ignore Undo ignore command

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jit-ci jit-ci[bot]

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@omry-hay