Skip to content


Sample rules

A few rules that use objects from this package:

from typing import List, Dict
from import AzureEnvironmentContext
from import AzureBaseRule
from cloudrail.knowledge.rules.base_rule import Issue
from cloudrail.knowledge.rules.rule_parameters.base_paramerter import ParameterType

class EnsureManagedDisksEncryptedRule(AzureBaseRule):

    def get_id(self) -> str:
        return 'non_car_unattached_managed_disks_encrypted'

    def execute(self, env_context: AzureEnvironmentContext, parameters: Dict[ParameterType, any]) -> List[Issue]:
        issues: List[Issue] = []
        for managed_disk in env_context.managed_disks:
            if not managed_disk.is_encrypted:
                        f'The {managed_disk.get_type()} `{managed_disk.get_friendly_name()}` does not have encryption enabled',
        return issues

    def should_run_rule(self, environment_context: AzureEnvironmentContext) -> bool:
        return bool(environment_context.managed_disks)

AzureManagedDisk (AzureResource)


Name Type Description
name str

The Managed Disk name

storage_account_type StorageAccountType

The type of storage used for the Managed Disk

create_option ManagedDiskCreateOption

The method used to create the Managed Disk

disk_encryption_set_id Optional[str]

The ID of the Disk Encryption Set which is being used to encrypt the Managed Disk if any

disk_encryption_enabled bool

Indication if the Managed Disk is encrypted using platform key.

custom_invalidation(self) inherited

A list of manual reasons why this resource should be invalidated

exclude_from_invalidation(self) inherited

A list of attributes that should be excluded from the invalidation process

ManagedDiskCreateOption (Enum)

An enumeration.

StorageAccountType (Enum)

An enumeration.