Azure core policies fail to compile #291

dadevel · 2023-11-02T11:04:59Z

Describe the bug

cnspec scan azure fails to compile the official Azure policies with a strange cannot find resource for identifier 'microsoft' error.

To Reproduce

download cnspec from GitHub releases
login to Azure CLI as Global Reader
run cnspec scan azure

Expected behavior

cnspec should test the mondoo-azure-security.mql.yaml policy against my Azure tenant.

Screenshots or CLI Output

❯ az login --use-device-code
❯ ./cnspec shell azure
→ no Mondoo configuration file provided, using defaults
→ selected asset asset="Azure subscription Pay per Use (XXXXXX)" selection=0
→ connected to Azure Subscription
...
cnspec> azure.subscription.name
azure.subscription.name: "Pay per Use (XXXXXX)"
cnspec> exit
❯ ./cnspec scan azure
→ no Mondoo configuration file provided, using defaults
! No credentials provided. Switching to --incognito mode.
→ discover related assets for 1 asset(s)
...
 0/3 scanned 3/3 errored                                   
...
error: failed to compile fetched bundle: failed to validate query '//registry.mondoo.com/namespace/mondoohq/queries/mondoo-azure-security-ensure-multifactor-authentication-is-enabled-for-all-users-in-administrative-roles': failed to compile query 'microsoft.security.latestSecureScores.controlScores.one( _['controlName'] == 'AdminMFAV2' && _['score'] == 10 )': cannot find resource for identifier 'microsoft'
failed to validate query '//registry.mondoo.com/namespace/mondoohq/queries/mondoo-azure-security-ensure-that-between-two-and-four-global-admins-are-designated': failed to compile query 'microsoft.rolemanagement.roleDefinitions.where(displayName == "Global Administrator").all(assignments.length > 1 && assignments.length <= 4)': cannot find resource for identifier 'microsoft'
failed to validate query '//registry.mondoo.com/namespace/mondoohq/queries/mondoo-azure-security-ensure-multifactor-authentication-is-enabled-for-all-users-in-all-roles': failed to compile query 'microsoft.security.latestSecureScores.controlScores.one( _['controlName'] == 'MFARegistrationV2' &&  _['score'] == 9)': cannot find resource for identifier 'microsoft'
failed to validate query '//registry.mondoo.com/namespace/mondoohq/queries/mondoo-azure-security-enable-azure-ad-identity-protection-user-risk-policies': failed to compile query 'microsoft.security.latestSecureScores.controlScores.one( _['controlName'] == 'UserRiskPolicy' && _['score'] == 7 )': cannot find resource for identifier 'microsoft'
failed to validate query '//registry.mondoo.com/namespace/mondoohq/queries/mondoo-azure-security-enable-azure-ad-identity-protection-sign-in-risk-policies': failed to compile query 'microsoft.security.latestSecureScores.controlScores.one( _['controlName'] == 'SigninRiskPolicy' && _['score'] == 7 )': cannot find resource for identifier 'microsoft'
failed to validate query '//registry.mondoo.com/namespace/mondoohq/queries/mondoo-azure-security-ensure-security-defaults-is-enabled-on-azure-active-directory': failed to compile query 'microsoft.policies.identitySecurityDefaultsEnforcementPolicy["isEnabled"] == true': failed to compile: cannot find resource for identifier 'microsoft'
...

Desktop (please complete the following information):

OS: Arch Linux
OS Version: na
Browser if applicable: na
Browser Version: na

Additional context

Tested with cnspec 9.4.0, 9.5.0 and 9.5.1.

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Azure core policies fail to compile #291

Azure core policies fail to compile #291

dadevel commented Nov 2, 2023

Azure core policies fail to compile #291

Azure core policies fail to compile #291

Comments

dadevel commented Nov 2, 2023