feat(file-shares): Add rule to disable public network access#3736
feat(file-shares): Add rule to disable public network access#3736mathieusouflis wants to merge 1 commit intoAzure:mainfrom
Conversation
|
@microsoft-github-policy-service agree |
BernieWhite
left a comment
BernieWhite
left a comment
There was a problem hiding this comment.
Thanks for your PR. Great start, see the comments below. Let me know if you need any further information.
| For example: | ||
|
|
||
| ```json | ||
| { |
There was a problem hiding this comment.
Update examples for Arm JSON and Bicep. For the resource that is being tested. You can create an example in docs/examples/.
|
|
||
| - [SE:06 Network controls](https://learn.microsoft.com/azure/well-architected/security/networking) | ||
| - [Security: Level 4](https://learn.microsoft.com/azure/well-architected/security/maturity-model?tabs=level4) | ||
| - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.kusto/clusters) |
There was a problem hiding this comment.
Link to the resource being tested.
| @@ -0,0 +1,85 @@ | |||
| --- | |||
| reviewed: 2025-11-04 | |||
There was a problem hiding this comment.
Clear or update the date.
| pillar: Security | ||
| category: SE:06 Network controls | ||
| resource: File Shares | ||
| resourceType: Microsoft.Kusto/clusters |
There was a problem hiding this comment.
Update resource type.
| kind: Rule | ||
| metadata: | ||
| name: Azure.Share.PublicAccess | ||
| ref: AZR-000538 |
There was a problem hiding this comment.
Use 542 as other ids have open PRs.
| ref: AZR-000538 | ||
| tags: | ||
| release: preview | ||
| ruleSet: 2026_03 |
|
|
||
| spec: | ||
| type: | ||
| - Microsoft.Kusto/clusters |
There was a problem hiding this comment.
Update resource type.
| @@ -0,0 +1,227 @@ | |||
| [ | |||
There was a problem hiding this comment.
Tests need an example share resource defined.
| $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Fail' }); | ||
| $ruleResult | Should -Not -BeNullOrEmpty; | ||
| $ruleResult.Length | Should -Be 2; | ||
| $ruleResult.TargetName | Should -Be 'cluster-A', 'cluster-B'; |
There was a problem hiding this comment.
Update to match the names of the file shares you create in the rest resources JSON file.
| $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); | ||
| $ruleResult | Should -Not -BeNullOrEmpty; | ||
| $ruleResult.Length | Should -Be 1; | ||
| $ruleResult.TargetName | Should -BeIn 'cluster-C'; |
2 participants
PR Summary
ISSUE : #3735
Add rule to disable public network access for File Shares
PR Checklist