Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Built-in Rule] Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign
See original GitHub issue{
"name": "ServiceFabric_ClusterProtectionLevel_EncryptAndSign",
"description": "Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign",
"recommendation": "Set the protection level to ensure that all node-to-node messages are encrypted and digitally signed",
"helpUri": "https://github.com/Azure/template-analyzer/docs/built-in-bpa-rules.md/#service-fabric-clusters-should-have-the-clusterprotectionlevel-property-set-to-encryptandsign",
"evaluation": {
"resourceType": "Microsoft.ServiceFabric/clusters",
"allOf": [
{
"path": "properties.fabricSettings[*].name",
"equals": "Security"
},
{
"path": "properties.fabricSettings[*].parameters[*].name",
"equals": "ClusterProtectionLevel"
},
{
"path": "properties.fabricSettings[*].parameters[*].value",
"equals": "EncryptAndSign"
}
]
}
}
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (6 by maintainers)
Top Results From Across the Web
Service Fabric clusters should have the ...
Service Fabric provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node communication using a primary cluster certificate. Set ...
Read more >Built-in policy definitions for Azure Service Fabric
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign ; Service Fabric clusters should only use Azure ...
Read more >Azure security baseline for Service Fabric
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign, Service Fabric provides three levels of ...
Read more >ServiceFabric_AuditClusterProte...
{ "properties": { "displayName": "Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign", "policyType": "BuiltIn", ...
Read more >ServiceFabric.md - azsk/DevOpsKit-docs
The ClusterProtectionLevel property must be set to EncryptAndSign. With cluster protection level set to 'EncryptAndSign', all the node-to-node messages are ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I see. You might be right. The assertions may need to be split up even more. We’ll need to reevaluate once
notis ready.I understood that, I’m confused about this part: “return passed if for all the fabricSettings is true that the name is Security and -the rest of the property in the second element of the allOf-”. The documentation on the wildcard operator says that “If two or more are found, the operator evaluates each path individually and the results are logically 'and’ed together.”. I understand that we want to check only for the one setting that has Security as a name