From 05337708dbc7a2b307e84feb5e3f9343b4210bfe Mon Sep 17 00:00:00 2001
From: "T.J. Corrigan" <tjcorr@github.com>
Date: Tue, 1 Nov 2022 10:51:53 -0500
Subject: [PATCH] Introduce insecure NSG

---
 main.tf | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/main.tf b/main.tf
index 22ae8df..5204f61 100644
--- a/main.tf
+++ b/main.tf
@@ -26,3 +26,22 @@ resource "azurerm_resource_group" "rg-aks" {
   name     = var.resource_group_name
   location = var.location
 }
+
+# Sample NSG designed to raise a security alert. Delete for any real deployment.
+resource "azurerm_network_security_group" "nsg-fail" {
+  name                = "insecureNSG"
+  location            = azurerm_resource_group.rg-aks.location
+  resource_group_name = azurerm_resource_group.rg-aks.name
+
+  security_rule {
+    name                       = "badrule"
+    priority                   = 100
+    direction                  = "Inbound"
+    access                     = "Allow"
+    protocol                   = "*"
+    source_port_range          = "*"
+    destination_port_range     = "*"
+    source_address_prefix      = "*"
+    destination_address_prefix = "*"
+  }
+}