Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(azure): add new policies for Azure Synapse (terraform and arm) #6553

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat(azure): add new policies for Azure Synapse (terraform and arm) #6553

wants to merge 6 commits into from

Conversation

taviassaf
Copy link
Contributor

@taviassaf taviassaf commented Jul 8, 2024
edited by baz-review bot
Loading

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

New/Edited policies (Delete if not relevant)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

Generated description

Dear maintainer, below is a concise technical summary of the changes proposed in this PR:

Introduce new security and logging policies for Azure Synapse SQL Pools and Workspaces. The changes include adding checks to ensure log monitoring, security alert policies, and vulnerability assessments are enabled for Synapse SQL Pools. Additionally, extended audit logs are enforced for Synapse Workspaces. These policies are defined in YAML files and are accompanied by corresponding test cases to validate their effectiveness.

TopicDetails
Test Cases Add test cases to validate the new policies for Synapse SQL Pools and Workspaces.
Modified files (1)
  • tests/arm/graph_builder/checks/test_yaml_policies.py
Latest Contributors(2)
EmailCommitDate
62605534+SteveVaknin@u...feat-azure-Add-policy-...June 02, 2024
49649760+lirshindalman...feat-general-Add-image...September 28, 2023
Security Alerts Introduce security alert policies for Synapse SQL Pools to ensure security measures are in place.
Modified files (5)
  • tests/arm/graph_builder/checks/resources/SynapseSQLPoolHasSecurityAlertPolicy/fail1.json
  • tests/arm/graph_builder/checks/resources/SynapseSQLPoolHasSecurityAlertPolicy/fail2.json
  • tests/arm/graph_builder/checks/resources/SynapseSQLPoolHasSecurityAlertPolicy/expected.yaml
  • tests/arm/graph_builder/checks/resources/SynapseSQLPoolHasSecurityAlertPolicy/pass.json
  • checkov/arm/checks/graph_checks/SynapseSQLPoolHasSecurityAlertPolicy.yaml
Latest Contributors(0)
EmailCommitDate
Vulnerability Assessment Ensure vulnerability assessments are attached to Synapse SQL Pools to identify potential security risks.
Modified files (5)
  • checkov/arm/checks/graph_checks/SynapseSQLPoolHasVulnerabilityAssessment.yaml
  • tests/arm/graph_builder/checks/resources/SynapseSQLPoolHasVulnerabilityAssessment/fail.json
  • tests/arm/graph_builder/checks/resources/SynapseSQLPoolHasVulnerabilityAssessment/fail2.json
  • tests/arm/graph_builder/checks/resources/SynapseSQLPoolHasVulnerabilityAssessment/pass.json
  • tests/arm/graph_builder/checks/resources/SynapseSQLPoolHasVulnerabilityAssessment/expected.yaml
Latest Contributors(0)
EmailCommitDate
Extended Audit Logs Implement extended audit logs for Synapse Workspaces to enhance logging and auditing capabilities.
Modified files (5)
  • tests/arm/graph_builder/checks/resources/SynapseWorkspaceHasExtendedAuditLogs/pass.json
  • tests/arm/graph_builder/checks/resources/SynapseWorkspaceHasExtendedAuditLogs/fail1.json
  • tests/arm/graph_builder/checks/resources/SynapseWorkspaceHasExtendedAuditLogs/expected.yaml
  • tests/arm/graph_builder/checks/resources/SynapseWorkspaceHasExtendedAuditLogs/fail2.json
  • checkov/arm/checks/graph_checks/SynapseWorkspaceHasExtendedAuditLogs.yaml
Latest Contributors(0)
EmailCommitDate
Log Monitoring Add policies to ensure log monitoring is enabled for Synapse SQL Pools, enhancing logging capabilities.
Modified files (4)
  • tests/arm/graph_builder/checks/resources/SynapseLogMonitoringEnabledForSQLPool/pass.json
  • tests/arm/graph_builder/checks/resources/SynapseLogMonitoringEnabledForSQLPool/fail.json
  • tests/arm/graph_builder/checks/resources/SynapseLogMonitoringEnabledForSQLPool/expected.yaml
  • checkov/arm/checks/graph_checks/SynapseLogMonitoringEnabledForSQLPool.yaml
Latest Contributors(0)
EmailCommitDate
This pull request is reviewed by Baz. Join @taviassaf and the rest of your team on (Baz).

@taviassaf taviassaf self-assigned this Jul 8, 2024
@itai1357
Copy link
Contributor

Hi @taviassaf.
Thanks for contributing!

there are several conflict, please resolve them. if the pull-request is not relevant any more, please close it (-:

@lirshindalman
Copy link
Contributor

hi, @taviassaf after we added support to ARM graph this week, I will resolve the conflicts, send your PR for review, and merge it.
Thank you so much for your contributing!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@taviassaf taviassaf

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@taviassaf @itai1357 @lirshindalman