I am trying to find a way to make sure all of my azurerm_app_service_environment_v3 resources are using cipher value of TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 or TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
the value is in the mock files as
after": {
"cluster_setting": [
{
"name": "InternalEncryption",
"value": "true",
},
{
"name": "FrontEndSSLCipherSuiteOrder",
"value": "asdfasdf",
},
{
"name": "DisableTls1.0",
"value": "1",
},
],
}
here is the link to the playground not sure where I am making my mistake
https://play.sentinelproject.io/p/snQ_KDkjB6h
It looks like you are trying to use the tfplan-functions helpers, but have not made them available to the playground for your testing.
I’ve copied over the tfplan-functions file as another mock and your code is working!
https://play.sentinelproject.io/p/rqR7UvsqStR
Thank you for correcting that error,
When I test with the pass values the policy shows as failed
I have updated the mock test case with the string value on the playground.
https://play.sentinelproject.io/p/PW8kR38DvMS
Hi @frank.lugo,
I’ve spent some time refactoring your policy to avoid the use of tfplan-functions. This allows a clearer picture of what is required to successfully evaluate the result.
The trick is that the ciphers are a string, and using a prefix check may not guarantee the correct result.
https://play.sentinelproject.io/p/8NpNWZZEcow
Thanks!
@cam-stitt, I am not exactly sure what you mean by “avoid the use of tfplan-functions”. I was under the impression that reference still goes back to tfplan-functions.sentinel file in the common functions folder.
The example I most recently shared does not make any use of the tfplan functions. It is using only using the tfplan/v2 import and the strings import.