feat(arm): implement CKV_AZURE_107 for arm (#5514)

checkov/arm/checks/resource/APIServicesUseVirtualNetwork.py

@@ -0,0 +1,22 @@
+from checkov.common.models.consts import ANY_VALUE
+from checkov.common.models.enums import CheckCategories, CheckResult
+from checkov.arm.base_resource_value_check import BaseResourceValueCheck
+
+
+class APIServicesUseVirtualNetwork(BaseResourceValueCheck):
+    def __init__(self):
+        name = "Ensure that API management services use virtual networks"
+        id = "CKV_AZURE_107"
+        supported_resources = ['Microsoft.ApiManagement/service']
+        categories = [CheckCategories.NETWORKING]
+        super().__init__(name=name, id=id, categories=categories,
+                         supported_resources=supported_resources, missing_block_result=CheckResult.FAILED)
+
+    def get_inspected_key(self):
+        return "properties/virtualNetworkConfiguration"
+
+    def get_expected_value(self):
+        return ANY_VALUE
+
+
+check = APIServicesUseVirtualNetwork()

tests/arm/checks/resource/example_APIServicesUseVirtualNetwork/fail.json

@@ -0,0 +1,75 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "apimName": {
+            "type": "string"
+        },
+        "location": {
+            "type": "string"
+        },
+        "tier": {
+            "type": "string"
+        },
+        "capacity": {
+            "type": "string"
+        },
+        "adminEmail": {
+            "type": "string"
+        },
+        "organizationName": {
+            "type": "string"
+        },
+        "virtualNetworkType": {
+            "type": "string"
+        },
+        "tagsByResource": {
+            "type": "object"
+        },
+        "vnet": {
+            "type": "object"
+        },
+        "customProperties": {
+            "type": "object"
+        },
+        "identity": {
+            "type": "object"
+        },
+        "appInsightsObject": {
+            "type": "object"
+        },
+        "privateEndpoint": {
+            "type": "object"
+        },
+        "privateDnsDeploymentName": {
+            "type": "string"
+        },
+        "subnetDeploymentName": {
+            "type": "string"
+        }
+    },
+    "variables": {
+        "apimNsgName": "[concat('apimnsg', uniqueString(resourceGroup().id))]"
+    },
+    "resources": [
+        {
+            "type": "Microsoft.ApiManagement/service",
+            "apiVersion": "2021-01-01-preview",
+            "name": "fail",
+            "location": "[parameters('location')]",
+            "sku": {
+                "name": "[parameters('tier')]",
+                "capacity": "[parameters('capacity')]"
+            },
+            "identity": "[parameters('identity')]",
+            "tags": "[parameters('tagsByResource')]",
+            "properties": {
+                "publisherEmail": "[parameters('adminEmail')]",
+                "publisherName": "[parameters('organizationName')]",
+                "customProperties": "[parameters('customProperties')]"
+            },
+            "resources": [],
+            "dependsOn": []
+        }
+    ]
+}