Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: lacework-global-534 #100

Merged
merged 5 commits into from
Feb 12, 2024
Merged

fix: lacework-global-534 #100

merged 5 commits into from
Feb 12, 2024

Conversation

dmurray-lacework
Copy link
Collaborator

@dmurray-lacework dmurray-lacework commented Jan 31, 2024
edited
Loading

Summary

Ensure the default configuration complies with lacework-global-534
https://docs.lacework.net/catalog/policies/lacework-global-534

How did you test this change?

  • terraform apply is successful
  • lacework-global-534 is compliant

Issue

https://lacework.atlassian.net/browse/GROW-2719

@dmurray-lacework
fix: lacework-global-534
f7e8c10 
Signed-off-by: Darren Murray <darren.murray@lacework.net>
@dmurray-lacework
fix: lacework-global-534
378b5a5 
Signed-off-by: Darren Murray <darren.murray@lacework.net>
@dmurray-lacework
fix: lacework-global-534
b44ee79 
Signed-off-by: Darren Murray <darren.murray@lacework.net>
@dmurray-lacework
docs: run make terraform-docs
97fc799 
Signed-off-by: Darren Murray <darren.murray@lacework.net>
@dmurray-lacework dmurray-lacework marked this pull request as ready for review February 2, 2024 11:27
@afiune afiune marked this pull request as draft February 2, 2024 18:43
@dmurray-lacework dmurray-lacework marked this pull request as ready for review February 6, 2024 16:29
afiune
afiune approved these changes Feb 12, 2024
View reviewed changes
Copy link
Contributor

@afiune afiune left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fabnord
Copy link

fabnord commented Feb 12, 2024

LGTM to be good with lacework-global-534.

I'd suggest to set use_storage_account_network_rules to true per default, especially for newly created storage accounts.

Doing this results in an issue though Message="Validation of network acls failure: SubnetsHaveNoServiceEndpointsConfigured:Subnets lacework-subnet of virtual network /subscriptions/xxx/resourceGroups/lacework-group-xxx/providers/Microsoft.Network/virtualNetworks/lacework-vnet do not have ServiceEndpoints for Microsoft.Storage resources configured. Add Microsoft.Storage to subnet's ServiceEndpoints collection before trying to ACL Microsoft.Storage resources to these subnets.."

@dmurray-lacework
fix: lacework-global-534
3535961 
Signed-off-by: Darren Murray <darren.murray@lacework.net>
@dmurray-lacework dmurray-lacework merged commit ef88784 into main Feb 12, 2024
2 checks passed
@dmurray-lacework dmurray-lacework deleted the GROW-2719 branch February 12, 2024 20:28
@lacework-releng lacework-releng mentioned this pull request Feb 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@afiune afiune afiune approved these changes

@fabnord fabnord fabnord approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dmurray-lacework @fabnord @afiune