Service Fabric does not use active directory authentication Affecting Service Fabric service in Azure
Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Containers/ Best Practices
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Controls
- Snyk IDSNYK-CC-00597
- creditSnyk Research Team
Description
Alternative certificate-based authentication introduces management overhead. Certificates are harder to revoke and rotate than active directory membership.
How to fix?
Set an azureActiveDirectory attribute.
Set an azure_active_directory block with the following attributes: tenant_id, cluster_application_id, client_application_id.
Example Configuration
resource "azurerm_service_fabric_cluster" "allowed" {
name = "example597-servicefabric"
resource_group_name = azurerm_resource_group.example597.name
location = azurerm_resource_group.example597.location
reliability_level = "Bronze"
upgrade_mode = "Manual"
cluster_code_version = "9.1.1390.9590"
vm_image = "Windows"
management_endpoint = "https://example597:80"
node_type {
name = "first"
instance_count = 3
is_primary = true
client_endpoint_port = 2020
http_endpoint_port = 80
}
certificate_common_names {
common_names {
certificate_common_name = "fabricam.com"
certificate_issuer_thumbprint = "8c2462bd8af801206f3284780e8f6327abcd1234"
}
x509_store_name = "My"
}
azure_active_directory {
tenant_id = "00000000-0000-0000-0000-000000000000"
cluster_application_id = "00000000-0000-0000-0000-000000000000"
client_application_id = "00000000-0000-0000-0000-000000000000"
}
}