diff --git a/checkov/arm/checks/resource/VnetSingleDNSServer.py b/checkov/arm/checks/resource/VnetSingleDNSServer.py new file mode 100644 index 00000000000..e449b388359 --- /dev/null +++ b/checkov/arm/checks/resource/VnetSingleDNSServer.py @@ -0,0 +1,37 @@ +from typing import Any, List, Dict + +from checkov.arm.base_resource_check import BaseResourceCheck +from checkov.common.models.enums import CheckCategories, CheckResult + + +class VnetSingleDNSServer(BaseResourceCheck): + + def __init__(self) -> None: + """Using a single DNS server may indicate a single point of failure + where the DNS IP address is not load balanced.""" + name = "Ensure that VNET has at least 2 connected DNS Endpoints" + id = "CKV_AZURE_182" + supported_resources = ("Microsoft.Network/networkInterfaces", "Microsoft.Network/virtualNetworks") + categories = (CheckCategories.NETWORKING,) + super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources) + + def scan_resource_conf(self, conf: Dict[str, Dict[str, Dict[str, List[Any]]]]) -> CheckResult: + if "properties" in conf and "dnsSettings" in conf["properties"]: + if "dnsServers" in conf["properties"]["dnsSettings"] and isinstance( + conf["properties"]["dnsSettings"]["dnsServers"], list): + dns_servers = conf["properties"]["dnsSettings"]["dnsServers"] + if dns_servers and len(dns_servers) == 1: + self.evaluated_keys = ["dnsServers"] + return CheckResult.FAILED + else: + if "properties" in conf and "dhcpOptions" in conf["properties"]: + if "dnsServers" in conf["properties"]["dhcpOptions"] and isinstance( + conf["properties"]["dhcpOptions"]["dnsServers"], list): + dns_servers = conf["properties"]["dhcpOptions"]["dnsServers"] + if dns_servers and len(dns_servers) == 1: + self.evaluated_keys = ["dnsServers"] + return CheckResult.FAILED + return CheckResult.PASSED + + +check = VnetSingleDNSServer() diff --git a/tests/arm/checks/resource/example_VnetSingleDNSServer/fail.json b/tests/arm/checks/resource/example_VnetSingleDNSServer/fail.json new file mode 100644 index 00000000000..3f849c137cb --- /dev/null +++ b/tests/arm/checks/resource/example_VnetSingleDNSServer/fail.json @@ -0,0 +1,96 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "osDiskType": { + "type": "string" + }, + "addressPrefixes": { + "type": "array" + }, + "subnets": { + "type": "array" + }, + "virtualNetworkId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "networkSecurityGroups": { + "type": "array" + }, + "networkInterfaceConfigurations": { + "type": "array" + }, + "vmName": { + "type": "string" + }, + "virtualMachineScaleSetName": { + "type": "string" + }, + "instanceCount": { + "type": "string" + }, + "instanceSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "securityType": { + "type": "string" + }, + "secureBoot": { + "type": "bool" + }, + "vTPM": { + "type": "bool" + }, + "platformFaultDomainCount": { + "type": "string" + } + }, + "variables": { + "storageApiVersion": "2021-01-01", + "networkApiVersion": "2020-11-01", + "virtualMachineScaleSetApiVersion": "2023-03-01", + "namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]" + }, + "resources": [ + { + "name": "fail", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-11-01", + "location": "[parameters('location')]", + "dependsOn": [], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ], + "dnsSettings": { + "dnsServers": [ + "10.0.0.4" + ] + } + } + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + } + } +} \ No newline at end of file diff --git a/tests/arm/checks/resource/example_VnetSingleDNSServer/fail2.json b/tests/arm/checks/resource/example_VnetSingleDNSServer/fail2.json new file mode 100644 index 00000000000..5b8d30f4719 --- /dev/null +++ b/tests/arm/checks/resource/example_VnetSingleDNSServer/fail2.json @@ -0,0 +1,96 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "osDiskType": { + "type": "string" + }, + "addressPrefixes": { + "type": "array" + }, + "subnets": { + "type": "array" + }, + "virtualNetworkId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "networkSecurityGroups": { + "type": "array" + }, + "networkInterfaceConfigurations": { + "type": "array" + }, + "vmName": { + "type": "string" + }, + "virtualMachineScaleSetName": { + "type": "string" + }, + "instanceCount": { + "type": "string" + }, + "instanceSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "securityType": { + "type": "string" + }, + "secureBoot": { + "type": "bool" + }, + "vTPM": { + "type": "bool" + }, + "platformFaultDomainCount": { + "type": "string" + } + }, + "variables": { + "storageApiVersion": "2021-01-01", + "networkApiVersion": "2020-11-01", + "virtualMachineScaleSetApiVersion": "2023-03-01", + "namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]" + }, + "resources": [ + { + "name": "fail2", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-11-01", + "location": "[parameters('location')]", + "dependsOn": [], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ], + "dnsSettings": { + "dnsServers": [ + "10.7.7.2" + ] + } + } + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + } + } +} \ No newline at end of file diff --git a/tests/arm/checks/resource/example_VnetSingleDNSServer/fail3.json b/tests/arm/checks/resource/example_VnetSingleDNSServer/fail3.json new file mode 100644 index 00000000000..934f9c8c88f --- /dev/null +++ b/tests/arm/checks/resource/example_VnetSingleDNSServer/fail3.json @@ -0,0 +1,321 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "osDiskType": { + "type": "string" + }, + "addressPrefixes": { + "type": "array" + }, + "subnets": { + "type": "array" + }, + "virtualNetworkId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "networkSecurityGroups": { + "type": "array" + }, + "networkInterfaceConfigurations": { + "type": "array" + }, + "vmName": { + "type": "string" + }, + "virtualMachineScaleSetName": { + "type": "string" + }, + "instanceCount": { + "type": "string" + }, + "instanceSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "securityType": { + "type": "string" + }, + "secureBoot": { + "type": "bool" + }, + "vTPM": { + "type": "bool" + }, + "platformFaultDomainCount": { + "type": "string" + } + }, + "variables": { + "storageApiVersion": "2021-01-01", + "networkApiVersion": "2020-11-01", + "virtualMachineScaleSetApiVersion": "2023-03-01", + "namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]" + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2023-11-01", + "name": "fail3", + "location": "string", + "tags": { + "tagName1": "tagValue1", + "tagName2": "tagValue2" + }, + "extendedLocation": { + "name": "string", + "type": "EdgeZone" + }, + "properties": { + "addressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "bgpCommunities": { + "virtualNetworkCommunity": "string" + }, + "ddosProtectionPlan": { + "id": "string" + }, + "dhcpOptions": { + "dnsServers": [ + "10.0.0.4" + ] + }, + "enableDdosProtection": "bool", + "enableVmProtection": "bool", + "encryption": { + "enabled": "bool", + "enforcement": "string" + }, + "flowTimeoutInMinutes": "int", + "ipAllocations": [ + { + "id": "string" + } + ], + "subnets": [ + { + "id": "string", + "name": "string", + "properties": { + "addressPrefix": "string", + "addressPrefixes": [ + "string" + ], + "applicationGatewayIPConfigurations": [ + { + "id": "string", + "name": "string", + "properties": { + "subnet": { + "id": "string" + } + } + } + ], + "defaultOutboundAccess": "bool", + "delegations": [ + { + "id": "string", + "name": "string", + "properties": { + "serviceName": "string" + }, + "type": "string" + } + ], + "ipAllocations": [ + { + "id": "string" + } + ], + "natGateway": { + "id": "string" + }, + "networkSecurityGroup": { + "id": "string", + "location": "string", + "properties": { + "flushConnection": "bool", + "securityRules": [ + { + "id": "string", + "name": "string", + "properties": { + "access": "string", + "description": "string", + "destinationAddressPrefix": "string", + "destinationAddressPrefixes": [ + "string" + ], + "destinationApplicationSecurityGroups": [ + { + "id": "string", + "location": "string", + "properties": {}, + "tags": {} + } + ], + "destinationPortRange": "string", + "destinationPortRanges": [ + "string" + ], + "direction": "string", + "priority": "int", + "protocol": "string", + "sourceAddressPrefix": "string", + "sourceAddressPrefixes": [ + "string" + ], + "sourceApplicationSecurityGroups": [ + { + "id": "string", + "location": "string", + "properties": {}, + "tags": {} + } + ], + "sourcePortRange": "string", + "sourcePortRanges": [ + "string" + ] + }, + "type": "string" + } + ] + }, + "tags": {} + }, + "privateEndpointNetworkPolicies": "string", + "privateLinkServiceNetworkPolicies": "string", + "routeTable": { + "id": "string", + "location": "string", + "properties": { + "disableBgpRoutePropagation": "bool", + "routes": [ + { + "id": "string", + "name": "string", + "properties": { + "addressPrefix": "string", + "hasBgpOverride": "bool", + "nextHopIpAddress": "string", + "nextHopType": "string" + }, + "type": "string" + } + ] + }, + "tags": {} + }, + "serviceEndpointPolicies": [ + { + "id": "string", + "location": "string", + "properties": { + "contextualServiceEndpointPolicies": [ + "string" + ], + "serviceAlias": "string", + "serviceEndpointPolicyDefinitions": [ + { + "id": "string", + "name": "string", + "properties": { + "description": "string", + "service": "string", + "serviceResources": [ + "string" + ] + }, + "type": "string" + } + ] + }, + "tags": {} + } + ], + "serviceEndpoints": [ + { + "locations": [ + "string" + ], + "service": "string" + } + ], + "sharingScope": "string" + }, + "type": "string" + } + ], + "virtualNetworkPeerings": [ + { + "id": "string", + "name": "string", + "properties": { + "allowForwardedTraffic": "bool", + "allowGatewayTransit": "bool", + "allowVirtualNetworkAccess": "bool", + "doNotVerifyRemoteGateways": "bool", + "enableOnlyIPv6Peering": "bool", + "localAddressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "localSubnetNames": [ + "string" + ], + "localVirtualNetworkAddressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "peerCompleteVnets": "bool", + "peeringState": "string", + "peeringSyncLevel": "string", + "remoteAddressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "remoteBgpCommunities": { + "virtualNetworkCommunity": "string" + }, + "remoteSubnetNames": [ + "string" + ], + "remoteVirtualNetwork": { + "id": "string" + }, + "remoteVirtualNetworkAddressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "useRemoteGateways": "bool" + }, + "type": "string" + } + ] + } + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + } + } +} \ No newline at end of file diff --git a/tests/arm/checks/resource/example_VnetSingleDNSServer/pass.json b/tests/arm/checks/resource/example_VnetSingleDNSServer/pass.json new file mode 100644 index 00000000000..02da6257116 --- /dev/null +++ b/tests/arm/checks/resource/example_VnetSingleDNSServer/pass.json @@ -0,0 +1,97 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "osDiskType": { + "type": "string" + }, + "addressPrefixes": { + "type": "array" + }, + "subnets": { + "type": "array" + }, + "virtualNetworkId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "networkSecurityGroups": { + "type": "array" + }, + "networkInterfaceConfigurations": { + "type": "array" + }, + "vmName": { + "type": "string" + }, + "virtualMachineScaleSetName": { + "type": "string" + }, + "instanceCount": { + "type": "string" + }, + "instanceSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "securityType": { + "type": "string" + }, + "secureBoot": { + "type": "bool" + }, + "vTPM": { + "type": "bool" + }, + "platformFaultDomainCount": { + "type": "string" + } + }, + "variables": { + "storageApiVersion": "2021-01-01", + "networkApiVersion": "2020-11-01", + "virtualMachineScaleSetApiVersion": "2023-03-01", + "namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]" + }, + "resources": [ + { + "name": "pass", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-11-01", + "location": "[parameters('location')]", + "dependsOn": [], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ], + "dnsSettings": { + "dnsServers": [ + "10.0.0.4", + "10.0.0.5" + ] + } + } + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + } + } +} \ No newline at end of file diff --git a/tests/arm/checks/resource/example_VnetSingleDNSServer/pass2.json b/tests/arm/checks/resource/example_VnetSingleDNSServer/pass2.json new file mode 100644 index 00000000000..b1ece817bf6 --- /dev/null +++ b/tests/arm/checks/resource/example_VnetSingleDNSServer/pass2.json @@ -0,0 +1,93 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "osDiskType": { + "type": "string" + }, + "addressPrefixes": { + "type": "array" + }, + "subnets": { + "type": "array" + }, + "virtualNetworkId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "networkSecurityGroups": { + "type": "array" + }, + "networkInterfaceConfigurations": { + "type": "array" + }, + "vmName": { + "type": "string" + }, + "virtualMachineScaleSetName": { + "type": "string" + }, + "instanceCount": { + "type": "string" + }, + "instanceSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "securityType": { + "type": "string" + }, + "secureBoot": { + "type": "bool" + }, + "vTPM": { + "type": "bool" + }, + "platformFaultDomainCount": { + "type": "string" + } + }, + "variables": { + "storageApiVersion": "2021-01-01", + "networkApiVersion": "2020-11-01", + "virtualMachineScaleSetApiVersion": "2023-03-01", + "namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]" + }, + "resources": [ + { + "name": "pass2", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-11-01", + "location": "[parameters('location')]", + "dependsOn": [], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ], + "dnsSettings": { + } + } + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + } + } +} \ No newline at end of file diff --git a/tests/arm/checks/resource/example_VnetSingleDNSServer/pass3.json b/tests/arm/checks/resource/example_VnetSingleDNSServer/pass3.json new file mode 100644 index 00000000000..bae54c1640b --- /dev/null +++ b/tests/arm/checks/resource/example_VnetSingleDNSServer/pass3.json @@ -0,0 +1,98 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "osDiskType": { + "type": "string" + }, + "addressPrefixes": { + "type": "array" + }, + "subnets": { + "type": "array" + }, + "virtualNetworkId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "networkSecurityGroups": { + "type": "array" + }, + "networkInterfaceConfigurations": { + "type": "array" + }, + "vmName": { + "type": "string" + }, + "virtualMachineScaleSetName": { + "type": "string" + }, + "instanceCount": { + "type": "string" + }, + "instanceSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "securityType": { + "type": "string" + }, + "secureBoot": { + "type": "bool" + }, + "vTPM": { + "type": "bool" + }, + "platformFaultDomainCount": { + "type": "string" + } + }, + "variables": { + "storageApiVersion": "2021-01-01", + "networkApiVersion": "2020-11-01", + "virtualMachineScaleSetApiVersion": "2023-03-01", + "namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]" + }, + "resources": [ + { + "name": "pass3", + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-11-01", + "location": "[parameters('location')]", + "dependsOn": [], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "[variables('subnetRef')]" + }, + "privateIPAllocationMethod": "Dynamic" + } + } + ], + "dnsSettings": { + "dnsServers": [ + "10.7.7.2", + "10.7.7.7", + "10.7.7.1" + ] + } + } + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + } + } +} \ No newline at end of file diff --git a/tests/arm/checks/resource/example_VnetSingleDNSServer/pass4.json b/tests/arm/checks/resource/example_VnetSingleDNSServer/pass4.json new file mode 100644 index 00000000000..d21bd4426bd --- /dev/null +++ b/tests/arm/checks/resource/example_VnetSingleDNSServer/pass4.json @@ -0,0 +1,323 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "location": { + "type": "string" + }, + "osDiskType": { + "type": "string" + }, + "addressPrefixes": { + "type": "array" + }, + "subnets": { + "type": "array" + }, + "virtualNetworkId": { + "type": "string" + }, + "virtualNetworkName": { + "type": "string" + }, + "networkSecurityGroups": { + "type": "array" + }, + "networkInterfaceConfigurations": { + "type": "array" + }, + "vmName": { + "type": "string" + }, + "virtualMachineScaleSetName": { + "type": "string" + }, + "instanceCount": { + "type": "string" + }, + "instanceSize": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "securityType": { + "type": "string" + }, + "secureBoot": { + "type": "bool" + }, + "vTPM": { + "type": "bool" + }, + "platformFaultDomainCount": { + "type": "string" + } + }, + "variables": { + "storageApiVersion": "2021-01-01", + "networkApiVersion": "2020-11-01", + "virtualMachineScaleSetApiVersion": "2023-03-01", + "namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]" + }, + "resources": [ + { + "type": "Microsoft.Network/virtualNetworks", + "apiVersion": "2023-11-01", + "name": "pass4", + "location": "string", + "tags": { + "tagName1": "tagValue1", + "tagName2": "tagValue2" + }, + "extendedLocation": { + "name": "string", + "type": "EdgeZone" + }, + "properties": { + "addressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "bgpCommunities": { + "virtualNetworkCommunity": "string" + }, + "ddosProtectionPlan": { + "id": "string" + }, + "dhcpOptions": { + "dnsServers": [ + "10.7.7.2", + "10.7.7.7", + "10.7.7.1" + ] + }, + "enableDdosProtection": "bool", + "enableVmProtection": "bool", + "encryption": { + "enabled": "bool", + "enforcement": "string" + }, + "flowTimeoutInMinutes": "int", + "ipAllocations": [ + { + "id": "string" + } + ], + "subnets": [ + { + "id": "string", + "name": "string", + "properties": { + "addressPrefix": "string", + "addressPrefixes": [ + "string" + ], + "applicationGatewayIPConfigurations": [ + { + "id": "string", + "name": "string", + "properties": { + "subnet": { + "id": "string" + } + } + } + ], + "defaultOutboundAccess": "bool", + "delegations": [ + { + "id": "string", + "name": "string", + "properties": { + "serviceName": "string" + }, + "type": "string" + } + ], + "ipAllocations": [ + { + "id": "string" + } + ], + "natGateway": { + "id": "string" + }, + "networkSecurityGroup": { + "id": "string", + "location": "string", + "properties": { + "flushConnection": "bool", + "securityRules": [ + { + "id": "string", + "name": "string", + "properties": { + "access": "string", + "description": "string", + "destinationAddressPrefix": "string", + "destinationAddressPrefixes": [ + "string" + ], + "destinationApplicationSecurityGroups": [ + { + "id": "string", + "location": "string", + "properties": {}, + "tags": {} + } + ], + "destinationPortRange": "string", + "destinationPortRanges": [ + "string" + ], + "direction": "string", + "priority": "int", + "protocol": "string", + "sourceAddressPrefix": "string", + "sourceAddressPrefixes": [ + "string" + ], + "sourceApplicationSecurityGroups": [ + { + "id": "string", + "location": "string", + "properties": {}, + "tags": {} + } + ], + "sourcePortRange": "string", + "sourcePortRanges": [ + "string" + ] + }, + "type": "string" + } + ] + }, + "tags": {} + }, + "privateEndpointNetworkPolicies": "string", + "privateLinkServiceNetworkPolicies": "string", + "routeTable": { + "id": "string", + "location": "string", + "properties": { + "disableBgpRoutePropagation": "bool", + "routes": [ + { + "id": "string", + "name": "string", + "properties": { + "addressPrefix": "string", + "hasBgpOverride": "bool", + "nextHopIpAddress": "string", + "nextHopType": "string" + }, + "type": "string" + } + ] + }, + "tags": {} + }, + "serviceEndpointPolicies": [ + { + "id": "string", + "location": "string", + "properties": { + "contextualServiceEndpointPolicies": [ + "string" + ], + "serviceAlias": "string", + "serviceEndpointPolicyDefinitions": [ + { + "id": "string", + "name": "string", + "properties": { + "description": "string", + "service": "string", + "serviceResources": [ + "string" + ] + }, + "type": "string" + } + ] + }, + "tags": {} + } + ], + "serviceEndpoints": [ + { + "locations": [ + "string" + ], + "service": "string" + } + ], + "sharingScope": "string" + }, + "type": "string" + } + ], + "virtualNetworkPeerings": [ + { + "id": "string", + "name": "string", + "properties": { + "allowForwardedTraffic": "bool", + "allowGatewayTransit": "bool", + "allowVirtualNetworkAccess": "bool", + "doNotVerifyRemoteGateways": "bool", + "enableOnlyIPv6Peering": "bool", + "localAddressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "localSubnetNames": [ + "string" + ], + "localVirtualNetworkAddressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "peerCompleteVnets": "bool", + "peeringState": "string", + "peeringSyncLevel": "string", + "remoteAddressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "remoteBgpCommunities": { + "virtualNetworkCommunity": "string" + }, + "remoteSubnetNames": [ + "string" + ], + "remoteVirtualNetwork": { + "id": "string" + }, + "remoteVirtualNetworkAddressSpace": { + "addressPrefixes": [ + "string" + ] + }, + "useRemoteGateways": "bool" + }, + "type": "string" + } + ] + } + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + } + } +} \ No newline at end of file diff --git a/tests/arm/checks/resource/test_VnetSingleDNSServer.py b/tests/arm/checks/resource/test_VnetSingleDNSServer.py new file mode 100644 index 00000000000..fc4c8684ee9 --- /dev/null +++ b/tests/arm/checks/resource/test_VnetSingleDNSServer.py @@ -0,0 +1,45 @@ +import unittest +from pathlib import Path + +from checkov.arm.checks.resource.VnetSingleDNSServer import check +from checkov.arm.runner import Runner +from checkov.runner_filter import RunnerFilter + + +class TestVnetSingleDNSServer(unittest.TestCase): + def test(self): + # given + test_files_dir = Path(__file__).parent / "example_VnetSingleDNSServer" + + # when + report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id])) + + # then + summary = report.get_summary() + + passing_resources = { + "Microsoft.Network/networkInterfaces.pass", + "Microsoft.Network/networkInterfaces.pass2", + "Microsoft.Network/networkInterfaces.pass3", + "Microsoft.Network/virtualNetworks.pass4" + } + failing_resources = { + "Microsoft.Network/networkInterfaces.fail", + "Microsoft.Network/networkInterfaces.fail2", + "Microsoft.Network/virtualNetworks.fail3" + } + + passed_check_resources = {c.resource for c in report.passed_checks} + failed_check_resources = {c.resource for c in report.failed_checks} + + self.assertEqual(summary["passed"], len(passing_resources)) + self.assertEqual(summary["failed"], len(failing_resources)) + self.assertEqual(summary["skipped"], 0) + self.assertEqual(summary["parsing_errors"], 0) + + self.assertEqual(passing_resources, passed_check_resources) + self.assertEqual(failing_resources, failed_check_resources) + + +if __name__ == "__main__": + unittest.main()