Feat more rules (#21)

* More rules

* azurerm_key_vault_certificate_lifetime_action

* remove spellingyml

* azurerm_key_vault_key_rotation_policy

---------

docs/README.md

@@ -7,14 +7,23 @@
 |[azurerm_eventhub_namespace_public_network_access_enabled](./rules/azurerm_eventhub_namespace_public_network_access_enabled.md)|Notice|✔|
 |[azurerm_eventhub_namespace_unsecure_tls](./rules/azurerm_eventhub_namespace_unsecure_tls.md)|Warning|✔|
 |[azurerm_iothub_endpoint_eventhub_authentication_type](./rules/azurerm_iothub_endpoint_eventhub_authentication_type.md)|Notice|✔|
+|[azurerm_key_vault_certificate_lifetime_action](./rules/azurerm_key_vault_certificate_lifetime_action.md)|Warning|✔|
+|[azurerm_key_vault_enable_rbac_authorization](./rules/azurerm_key_vault_enable_rbac_authorization.md)|Warning||
+|[azurerm_key_vault_key_rotation_policy](./rules/azurerm_key_vault_key_rotation_policy.md)|Warning|✔|
 |[azurerm_key_vault_network_acls_default_deny](./rules/azurerm_key_vault_network_acls_default_deny.md)|Warning|✔|
 |[azurerm_key_vault_public_network_access_enabled](./rules/azurerm_key_vault_public_network_access_enabled.md)|Notice||
 |[azurerm_linux_function_app_ftps_state](./rules/azurerm_linux_function_app_ftps_state.md)|Warning|✔|
 |[azurerm_linux_function_app_https_only](./rules/azurerm_linux_function_app_https_only.md)|Warning|✔|
 |[azurerm_linux_function_app_minimum_tls_version](./rules/azurerm_linux_function_app_minimum_tls_version.md)|Warning|✔|
+|[azurerm_linux_function_app_slot_ftps_state](./rules/azurerm_linux_function_app_slot_ftps_state.md)|Warning|✔|
+|[azurerm_linux_function_app_slot_https_only](./rules/azurerm_linux_function_app_slot_https_only.md)|Warning|✔|
+|[azurerm_linux_function_app_slot_minimum_tls_version](./rules/azurerm_linux_function_app_slot_minimum_tls_version.md)|Warning|✔|
 |[azurerm_linux_web_app_ftps_state](./rules/azurerm_linux_web_app_ftps_state.md)|Warning|✔|
 |[azurerm_linux_web_app_https_only](./rules/azurerm_linux_web_app_https_only.md)|Warning|✔|
 |[azurerm_linux_web_app_minimum_tls_version](./rules/azurerm_linux_web_app_minimum_tls_version.md)|Warning|✔|
+|[azurerm_linux_web_app_slot_ftps_state](./rules/azurerm_linux_web_app_slot_ftps_state.md)|Warning|✔|
+|[azurerm_linux_web_app_slot_https_only](./rules/azurerm_linux_web_app_slot_https_only.md)|Warning|✔|
+|[azurerm_linux_web_app_slot_minimum_tls_version](./rules/azurerm_linux_web_app_slot_minimum_tls_version.md)|Warning|✔|
 |[azurerm_mssql_database_encryption](./rules/azurerm_mssql_database_encryption.md)|Warning|✔|
 |[azurerm_mssql_firewall_rule_all_allowed](./rules/azurerm_mssql_firewall_rule_all_allowed.md)|Error|✔|
 |[azurerm_mssql_server_azuread_authentication_only](./rules/azurerm_mssql_server_azuread_authentication_only.md)|Warning|✔|
@@ -26,9 +35,15 @@
 |[azurerm_windows_function_app_ftps_state](./rules/azurerm_windows_function_app_ftps_state.md)|Warning|✔|
 |[azurerm_windows_function_app_https_only](./rules/azurerm_windows_function_app_https_only.md)|Warning|✔|
 |[azurerm_windows_function_app_minimum_tls_version](./rules/azurerm_windows_function_app_minimum_tls_version.md)|Warning|✔|
+|[azurerm_windows_function_app_slot_ftps_state](./rules/azurerm_windows_function_app_slot_ftps_state.md)|Warning|✔|
+|[azurerm_windows_function_app_slot_https_only](./rules/azurerm_windows_function_app_slot_https_only.md)|Warning|✔|
+|[azurerm_windows_function_app_slot_minimum_tls_version](./rules/azurerm_windows_function_app_slot_minimum_tls_version.md)|Warning|✔|
 |[azurerm_windows_web_app_ftps_state](./rules/azurerm_windows_web_app_ftps_state.md)|Warning|✔|
 |[azurerm_windows_web_app_https_only](./rules/azurerm_windows_web_app_https_only.md)|Warning|✔|
 |[azurerm_windows_web_app_minimum_tls_version](./rules/azurerm_windows_web_app_minimum_tls_version.md)|Warning|✔|
+|[azurerm_windows_web_app_slot_ftps_state](./rules/azurerm_windows_web_app_slot_ftps_state.md)|Warning|✔|
+|[azurerm_windows_web_app_slot_https_only](./rules/azurerm_windows_web_app_slot_https_only.md)|Warning|✔|
+|[azurerm_windows_web_app_slot_minimum_tls_version](./rules/azurerm_windows_web_app_slot_minimum_tls_version.md)|Warning|✔|
 
 ## Rules by Resource
 
@@ -43,21 +58,42 @@
 
 ### azurerm_key_vault
 
+- [azurerm_key_vault_enable_rbac_authorization](./rules/azurerm_key_vault_enable_rbac_authorization.md)
 - [azurerm_key_vault_network_acls_default_deny](./rules/azurerm_key_vault_network_acls_default_deny.md)
 - [azurerm_key_vault_public_network_access_enabled](./rules/azurerm_key_vault_public_network_access_enabled.md)
 
+### azurerm_key_vault_certificate
+
+- [azurerm_key_vault_certificate_lifetime_action](./rules/azurerm_key_vault_certificate_lifetime_action.md)
+
+### azurerm_key_vault_key
+
+- [azurerm_key_vault_key_rotation_policy](./rules/azurerm_key_vault_key_rotation_policy.md)
+
 ### azurerm_linux_function_app
 
 - [azurerm_linux_function_app_ftps_state](./rules/azurerm_linux_function_app_ftps_state.md)
 - [azurerm_linux_function_app_https_only](./rules/azurerm_linux_function_app_https_only.md)
 - [azurerm_linux_function_app_minimum_tls_version](./rules/azurerm_linux_function_app_minimum_tls_version.md)
 
+### azurerm_linux_function_app_slot
+
+- [azurerm_linux_function_app_slot_ftps_state](./rules/azurerm_linux_function_app_slot_ftps_state.md)
+- [azurerm_linux_function_app_slot_https_only](./rules/azurerm_linux_function_app_slot_https_only.md)
+- [azurerm_linux_function_app_slot_minimum_tls_version](./rules/azurerm_linux_function_app_slot_minimum_tls_version.md)
+
 ### azurerm_linux_web_app
 
 - [azurerm_linux_web_app_ftps_state](./rules/azurerm_linux_web_app_ftps_state.md)
 - [azurerm_linux_web_app_https_only](./rules/azurerm_linux_web_app_https_only.md)
 - [azurerm_linux_web_app_minimum_tls_version](./rules/azurerm_linux_web_app_minimum_tls_version.md)
 
+### azurerm_linux_web_app_slot
+
+- [azurerm_linux_web_app_slot_ftps_state](./rules/azurerm_linux_web_app_slot_ftps_state.md)
+- [azurerm_linux_web_app_slot_https_only](./rules/azurerm_linux_web_app_slot_https_only.md)
+- [azurerm_linux_web_app_slot_minimum_tls_version](./rules/azurerm_linux_web_app_slot_minimum_tls_version.md)
+
 ### azurerm_mssql_database
 
 - [azurerm_mssql_database_encryption](./rules/azurerm_mssql_database_encryption.md)
@@ -84,9 +120,21 @@
 - [azurerm_windows_function_app_https_only](./rules/azurerm_windows_function_app_https_only.md)
 - [azurerm_windows_function_app_minimum_tls_version](./rules/azurerm_windows_function_app_minimum_tls_version.md)
 
+### azurerm_windows_function_app_slot
+
+- [azurerm_windows_function_app_slot_ftps_state](./rules/azurerm_windows_function_app_slot_ftps_state.md)
+- [azurerm_windows_function_app_slot_https_only](./rules/azurerm_windows_function_app_slot_https_only.md)
+- [azurerm_windows_function_app_slot_minimum_tls_version](./rules/azurerm_windows_function_app_slot_minimum_tls_version.md)
+
 ### azurerm_windows_web_app
 
 - [azurerm_windows_web_app_ftps_state](./rules/azurerm_windows_web_app_ftps_state.md)
 - [azurerm_windows_web_app_https_only](./rules/azurerm_windows_web_app_https_only.md)
 - [azurerm_windows_web_app_minimum_tls_version](./rules/azurerm_windows_web_app_minimum_tls_version.md)
 
+### azurerm_windows_web_app_slot
+
+- [azurerm_windows_web_app_slot_ftps_state](./rules/azurerm_windows_web_app_slot_ftps_state.md)
+- [azurerm_windows_web_app_slot_https_only](./rules/azurerm_windows_web_app_slot_https_only.md)
+- [azurerm_windows_web_app_slot_minimum_tls_version](./rules/azurerm_windows_web_app_slot_minimum_tls_version.md)
+

docs/rules/azurerm_iothub_endpoint_eventhub_authentication_type.md

@@ -17,10 +17,11 @@ Using identityBased authentication with a managed identity enhances security by
 
 ## How to Fix
 
+```hcl
 resource "azurerm_iothub_endpoint_eventhub" "example" {
     authentication_type = "identityBased"
 }
-
+```
 
 ## How to disable
 

docs/rules/azurerm_key_vault_certificate_lifetime_action.md

@@ -0,0 +1,42 @@
+# azurerm_key_vault_certificate_lifetime_action
+
+**Severity:** Warning
+
+
+## Example
+
+```hcl
+resource "azurerm_key_vault_certificate" "example" {
+    certificate_policy {
+      # missing lifetime_policy 
+    }
+}
+```
+
+## Why
+
+Setting lifetime_action to AutoRenew or EmailContacts ensures proactive management of certificate expiration, reducing the risk of service interruptions or security vulnerabilities caused by expired certificates.
+
+## How to Fix
+
+```hcl
+resource "azurerm_key_vault_certificate" "example" {
+    certificate_policy {
+      lifetime_action {
+        action {
+          action_type = "AutoRenew"
+        }
+      }
+    }
+}
+```
+
+
+## How to disable
+
+```hcl
+rule "azurerm_key_vault_certificate_lifetime_action" {
+  enabled = false
+}
+```
+

docs/rules/azurerm_key_vault_enable_rbac_authorization.md

@@ -0,0 +1,34 @@
+# azurerm_key_vault_enable_rbac_authorization
+
+**Severity:** Warning
+
+
+## Example
+
+```hcl
+resource "azurerm_key_vault" "example" {
+    enable_rbac_authorization = false
+}
+```
+
+## Why
+
+Enabling enable_rbac_authorization allows access to the Key Vault to be managed through Azure Role-Based Access Control (RBAC), providing granular, centralized, and scalable permissions management. This is considered the current best practice.
+
+## How to Fix
+
+```hcl
+resource "azurerm_key_vault" "example" {
+    enable_rbac_authorization = true
+}
+```
+
+
+## How to disable
+
+```hcl
+rule "azurerm_key_vault_enable_rbac_authorization" {
+  enabled = false
+}
+```
+

docs/rules/azurerm_key_vault_key_rotation_policy.md

@@ -0,0 +1,38 @@
+# azurerm_key_vault_key_rotation_policy
+
+**Severity:** Warning
+
+
+## Example
+
+```hcl
+resource "azurerm_key_vault_key" "example" {
+    rotation_policy {
+      # mising expire_after
+    }
+}
+```
+
+## Why
+
+Defining a rotation_policy with expire_after ensures that keys are rotated regularly, minimizing the risk of key compromise and maintaining compliance with security best practices.
+
+## How to Fix
+
+```hcl
+resource "azurerm_key_vault_key" "example" {
+    rotation_policy {
+        expire_after = "P90D"
+    }
+}
+```
+
+
+## How to disable
+
+```hcl
+rule "azurerm_key_vault_key_rotation_policy" {
+  enabled = false
+}
+```
+

docs/rules/azurerm_linux_function_app_slot_ftps_state.md

@@ -0,0 +1,38 @@
+# azurerm_linux_function_app_slot_ftps_state
+
+**Severity:** Warning
+
+
+## Example
+
+```hcl
+resource "azurerm_linux_function_app_slot" "example" {
+    site_config {
+        ftps_state = "FtpsOnly"
+    }
+}
+```
+
+## Why
+
+Disabling FTPS ensures that file transfer protocols are not used, reducing the risk of data interception and enhancing the overall security of the Linux Function App.
+
+## How to Fix
+
+```hcl
+resource "azurerm_linux_function_app_slot" "example" {
+    site_config {
+        ftps_state = "Disabled"
+    }
+}
+```
+
+
+## How to disable
+
+```hcl
+rule "azurerm_linux_function_app_slot_ftps_state" {
+  enabled = false
+}
+```
+

docs/rules/azurerm_linux_function_app_slot_https_only.md

@@ -0,0 +1,34 @@
+# azurerm_linux_function_app_slot_https_only
+
+**Severity:** Warning
+
+
+## Example
+
+```hcl
+resource "azurerm_linux_function_app_slot" "example" {
+    https_only = false
+}
+```
+
+## Why
+
+Enforcing https_only ensures all communications with the resource are encrypted, protecting sensitive data in transit and mitigating the risk of man-in-the-middle attacks.
+
+## How to Fix
+
+```hcl
+resource "azurerm_linux_function_app_slot" "example" {
+    https_only = true
+}
+```
+
+
+## How to disable
+
+```hcl
+rule "azurerm_linux_function_app_slot_https_only" {
+  enabled = false
+}
+```
+

docs/rules/azurerm_linux_function_app_slot_minimum_tls_version.md

@@ -0,0 +1,38 @@
+# azurerm_linux_function_app_slot_minimum_tls_version
+
+**Severity:** Warning
+
+
+## Example
+
+```hcl
+resource "azurerm_linux_function_app_slot" "example" {
+    site_config {
+        minimum_tls_version = "1.0"
+    }
+}
+```
+
+## Why
+
+Enforcing a minimum TLS version of 1.2 ensures secure communication by adhering to modern encryption standards, protecting data in transit from vulnerabilities in older TLS versions, as versions 1.0 and 1.1 are insecure.
+
+## How to Fix
+
+```hcl
+resource "azurerm_linux_function_app_slot" "example" {
+    site_config {
+        minimum_tls_version = "1.2"
+    }
+}
+```
+
+
+## How to disable
+
+```hcl
+rule "azurerm_linux_function_app_slot_minimum_tls_version" {
+  enabled = false
+}
+```
+

docs/rules/azurerm_linux_web_app_slot_ftps_state.md

@@ -0,0 +1,38 @@
+# azurerm_linux_web_app_slot_ftps_state
+
+**Severity:** Warning
+
+
+## Example
+
+```hcl
+resource "azurerm_linux_web_app_slot" "example" {
+    site_config {
+        ftps_state = "FtpsOnly"
+    }
+}
+```
+
+## Why
+
+Disabling FTPS ensures that file transfer protocols are not used, reducing the risk of data interception and enhancing the overall security of the Linux web app.
+
+## How to Fix
+
+```hcl
+resource "azurerm_linux_web_app_slot" "example" {
+    site_config {
+        ftps_state = "Disabled"
+    }
+}
+```
+
+
+## How to disable
+
+```hcl
+rule "azurerm_linux_web_app_slot_ftps_state" {
+  enabled = false
+}
+```
+