However, the same policy in the "Azure Security Benchmark" policy set only contains 3 parameters:
effect
excludedImages
excludedNamespaces
This causes an issue when we want to put this policy in DENY effect for certain labels using the Azure Security Benchmark. We need to apply the labelSelector parameter but it is not present so we are forced to either create our own custom initiative or assign the single policy directly. We would prefer to have it all in one place inside the Azure Security Benchmark.
Is the missing parameters by design or is it a bug?
wendlandreas
commented
1 year ago
The policy "Kubernetes clusters should disable automounting API credentials" with ID "/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423" contains 5 parameters:
However, the same policy in the "Azure Security Benchmark" policy set only contains 3 parameters:
This causes an issue when we want to put this policy in DENY effect for certain labels using the Azure Security Benchmark. We need to apply the labelSelector parameter but it is not present so we are forced to either create our own custom initiative or assign the single policy directly. We would prefer to have it all in one place inside the Azure Security Benchmark.
Is the missing parameters by design or is it a bug?