Skip to content

Commit

Permalink
feat(arm): ARM VnetSingleDNSServer (#6379)
Browse files Browse the repository at this point in the history 
* feat(arm) vnet_single_dns_server

* feat(arm) vnet_single_dns_server

* feat(arm) the right file

* revert changes on this file, not finished with it yet

* revert changes on this file

* feat(arm) fix file

* feat(arm) fix file

* add supported resources

---------

Co-authored-by: gruebel <[email protected]>
Co-authored-by: Rachel <[email protected]>
  • Loading branch information
@RachelBorzi @gruebel @MaliUser1
3 people authored Jul 22, 2024
1 parent 0cddb0f commit b762062
Show file tree
Hide file tree
Showing 9 changed files with 1,206 additions and 0 deletions.
37 changes: 37 additions & 0 deletions checkov/arm/checks/resource/VnetSingleDNSServer.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
from typing import Any, List, Dict

from checkov.arm.base_resource_check import BaseResourceCheck
from checkov.common.models.enums import CheckCategories, CheckResult


class VnetSingleDNSServer(BaseResourceCheck):

def __init__(self) -> None:
"""Using a single DNS server may indicate a single point of failure
where the DNS IP address is not load balanced."""
name = "Ensure that VNET has at least 2 connected DNS Endpoints"
id = "CKV_AZURE_182"
supported_resources = ("Microsoft.Network/networkInterfaces", "Microsoft.Network/virtualNetworks")
categories = (CheckCategories.NETWORKING,)
super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)

def scan_resource_conf(self, conf: Dict[str, Dict[str, Dict[str, List[Any]]]]) -> CheckResult:
if "properties" in conf and "dnsSettings" in conf["properties"]:
if "dnsServers" in conf["properties"]["dnsSettings"] and isinstance(
conf["properties"]["dnsSettings"]["dnsServers"], list):
dns_servers = conf["properties"]["dnsSettings"]["dnsServers"]
if dns_servers and len(dns_servers) == 1:
self.evaluated_keys = ["dnsServers"]
return CheckResult.FAILED
else:
if "properties" in conf and "dhcpOptions" in conf["properties"]:
if "dnsServers" in conf["properties"]["dhcpOptions"] and isinstance(
conf["properties"]["dhcpOptions"]["dnsServers"], list):
dns_servers = conf["properties"]["dhcpOptions"]["dnsServers"]
if dns_servers and len(dns_servers) == 1:
self.evaluated_keys = ["dnsServers"]
return CheckResult.FAILED
return CheckResult.PASSED


check = VnetSingleDNSServer()
96 changes: 96 additions & 0 deletions tests/arm/checks/resource/example_VnetSingleDNSServer/fail.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"osDiskType": {
"type": "string"
},
"addressPrefixes": {
"type": "array"
},
"subnets": {
"type": "array"
},
"virtualNetworkId": {
"type": "string"
},
"virtualNetworkName": {
"type": "string"
},
"networkSecurityGroups": {
"type": "array"
},
"networkInterfaceConfigurations": {
"type": "array"
},
"vmName": {
"type": "string"
},
"virtualMachineScaleSetName": {
"type": "string"
},
"instanceCount": {
"type": "string"
},
"instanceSize": {
"type": "string"
},
"adminUsername": {
"type": "string"
},
"securityType": {
"type": "string"
},
"secureBoot": {
"type": "bool"
},
"vTPM": {
"type": "bool"
},
"platformFaultDomainCount": {
"type": "string"
}
},
"variables": {
"storageApiVersion": "2021-01-01",
"networkApiVersion": "2020-11-01",
"virtualMachineScaleSetApiVersion": "2023-03-01",
"namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]"
},
"resources": [
{
"name": "fail",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2022-11-01",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAllocationMethod": "Dynamic"
}
}
],
"dnsSettings": {
"dnsServers": [
"10.0.0.4"
]
}
}
}
],
"outputs": {
"adminUsername": {
"type": "string",
"value": "[parameters('adminUsername')]"
}
}
}
96 changes: 96 additions & 0 deletions tests/arm/checks/resource/example_VnetSingleDNSServer/fail2.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"osDiskType": {
"type": "string"
},
"addressPrefixes": {
"type": "array"
},
"subnets": {
"type": "array"
},
"virtualNetworkId": {
"type": "string"
},
"virtualNetworkName": {
"type": "string"
},
"networkSecurityGroups": {
"type": "array"
},
"networkInterfaceConfigurations": {
"type": "array"
},
"vmName": {
"type": "string"
},
"virtualMachineScaleSetName": {
"type": "string"
},
"instanceCount": {
"type": "string"
},
"instanceSize": {
"type": "string"
},
"adminUsername": {
"type": "string"
},
"securityType": {
"type": "string"
},
"secureBoot": {
"type": "bool"
},
"vTPM": {
"type": "bool"
},
"platformFaultDomainCount": {
"type": "string"
}
},
"variables": {
"storageApiVersion": "2021-01-01",
"networkApiVersion": "2020-11-01",
"virtualMachineScaleSetApiVersion": "2023-03-01",
"namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]"
},
"resources": [
{
"name": "fail2",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2022-11-01",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAllocationMethod": "Dynamic"
}
}
],
"dnsSettings": {
"dnsServers": [
"10.7.7.2"
]
}
}
}
],
"outputs": {
"adminUsername": {
"type": "string",
"value": "[parameters('adminUsername')]"
}
}
}
Loading

0 comments on commit b762062

Please sign in to comment.