Set Azure Storage Account default network access to deny org.openrewrite.terraform.azure.SetAzureStorageAccountDefaultNetworkAccessToDeny
Ensure Azure Storage Account default network access is set to Deny.
Tags
Recipe source
GitHub , Issue Tracker , Maven Central
groupId: org.openrewrite.recipe
artifactId: rewrite-terraform
This recipe is composed of more than one recipe. If you want to customize the set of recipes this is composed of, you can find and copy the GitHub source for the recipe from the link above.
Usage
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-terraform:2.1.7
in your build file or by running a shell command (in which case no build changes are needed):
Gradle Gradle init script Maven POM Maven Command Line Moderne CLI
Add the following to your build.gradle
file:
Copy plugins {
id( "org.openrewrite.rewrite" ) version( "6.10.0" )
}
rewrite {
activeRecipe( "org.openrewrite.terraform.azure.SetAzureStorageAccountDefaultNetworkAccessToDeny" )
}
repositories {
mavenCentral()
}
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-terraform:2.1.7" )
}
Run gradle rewriteRun
to run the recipe.
Create a file named init.gradle
in the root of your project.
Copy initscript {
repositories {
maven { url "https://plugins.gradle.org/m2" }
}
dependencies { classpath( "org.openrewrite:plugin:6.10.0" ) }
}
rootProject {
plugins . apply( org.openrewrite.gradle.RewritePlugin )
dependencies {
rewrite( "org.openrewrite.recipe:rewrite-terraform:2.1.7" )
}
rewrite {
activeRecipe( "org.openrewrite.terraform.azure.SetAzureStorageAccountDefaultNetworkAccessToDeny" )
}
afterEvaluate {
if (repositories . isEmpty()) {
repositories {
mavenCentral()
}
}
}
}
Run gradle --init-script init.gradle rewriteRun
to run the recipe.
Add the following to your pom.xml
file:
Copy < project >
< build >
< plugins >
< plugin >
< groupId >org.openrewrite.maven</ groupId >
< artifactId >rewrite-maven-plugin</ artifactId >
< version >5.25.0</ version >
< configuration >
< activeRecipes >
< recipe >org.openrewrite.terraform.azure.SetAzureStorageAccountDefaultNetworkAccessToDeny</ recipe >
</ activeRecipes >
</ configuration >
< dependencies >
< dependency >
< groupId >org.openrewrite.recipe</ groupId >
< artifactId >rewrite-terraform</ artifactId >
< version >2.1.7</ version >
</ dependency >
</ dependencies >
</ plugin >
</ plugins >
</ build >
</ project >
Run mvn rewrite:run
to run the recipe.
Copy mvn -U org.openrewrite.maven:rewrite-maven-plugin:run -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-terraform:RELEASE -Drewrite.activeRecipes=org.openrewrite.terraform.azure.SetAzureStorageAccountDefaultNetworkAccessToDeny
You will need to have configured the Moderne CLI on your machine before you can run the following command.
Copy mod run . --recipe SetAzureStorageAccountDefaultNetworkAccessToDeny
Definition
Recipe List Yaml Recipe List
Copy ---
type : specs.openrewrite.org/v1beta/recipe
name : org.openrewrite.terraform.azure.SetAzureStorageAccountDefaultNetworkAccessToDeny
displayName : Set Azure Storage Account default network access to deny
description : Ensure Azure Storage Account default network access is set to Deny.
tags :
- Azure
- terraform
- CKV_AZURE_35
recipeList :
- org.openrewrite.terraform.AddConfiguration :
resourceName : azurerm_storage_account_network_rules
content : default_action = "Deny"
- org.openrewrite.terraform.AddConfiguration :
resourceName : azurerm_storage_account
content : network_rules {
default_action = "Deny"
}
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.
Contributors
Jonathan Schneider , Aaron Gershman , pocan101 , Kun Li , Knut Wannheden , Sam Snyder