feat(arm): add CKV_AZURE_75 data explorer double encryption enabled convert policy to arm

checkov/arm/checks/resource/AzureDataExplorerDoubleEncryptionEnabled.py

@@ -0,0 +1,21 @@
+from typing import Any
+from checkov.common.models.enums import CheckCategories
+from checkov.arm.base_resource_value_check import BaseResourceValueCheck
+
+
+class AzureDataExplorerDoubleEncryptionEnabled(BaseResourceValueCheck):
+    def __init__(self) -> None:
+        name: str = "Ensure that Azure Data Explorer uses double encryption"
+        id: str = "CKV_AZURE_75"
+        supported_resources = ("Microsoft.Kusto/clusters",)
+        categories = (CheckCategories.ENCRYPTION,)
+        super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
+
+    def get_inspected_key(self) -> str:
+        return "properties/enableDoubleEncryption"
+
+    def get_expected_value(self) -> Any:
+        return True
+
+
+check: Any = AzureDataExplorerDoubleEncryptionEnabled()

tests/arm/checks/resource/example_AzureDataExplorerDoubleEncryptionEnabled/fail.json

@@ -0,0 +1,25 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "resources": [
+    {
+      "apiVersion": "2018-06-01",
+      "type": "Microsoft.Compute/disks",
+      "location": "West Europe",
+      "name": "fail",
+      "sku": {
+        "name": "B_Gen5_2",
+        "size": "5120"
+      },
+      "properties": {
+        "version": "10.3",
+        "administratorLogin": "admin",
+        "administratorLoginPassword": "admin123",
+        "enableDoubleEncryption": false,
+        "storageProfile": {
+          "storageMB": "5120"
+        }
+      }
+    }
+  ]
+}

tests/arm/checks/resource/example_AzureDataExplorerDoubleEncryptionEnabled/pass.json

@@ -0,0 +1,25 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "resources": [
+    {
+      "apiVersion": "2018-06-01",
+      "type": "Microsoft.Compute/disks",
+      "location": "West Europe",
+      "name": "pass",
+      "sku": {
+        "name": "B_Gen5_2",
+        "size": "5120"
+      },
+      "properties": {
+        "version": "10.3",
+        "administratorLogin": "admin",
+        "administratorLoginPassword": "admin123",
+        "enableDoubleEncryption": true,
+        "storageProfile": {
+          "storageMB": "5120"
+        }
+      }
+    }
+  ]
+}

tests/arm/checks/resource/test_AzureDataExplorerDoubleEncryptionEnabled.py

@@ -0,0 +1,33 @@
+import unittest
+from pathlib import Path
+from checkov.arm.checks.resource.AzureDataExplorerDoubleEncryptionEnabled import check
+from checkov.arm.runner import Runner
+from checkov.runner_filter import RunnerFilter
+
+
+class TestAzureDataExplorerDoubleEncryptionEnabled(unittest.TestCase):
+    def test_summary(self):
+        test_files_dir = Path(__file__).parent / "example_AzureDataExplorerDoubleEncryptionEnabled"
+        report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
+        summary = report.get_summary()
+        passing_resources = {
+            "Microsoft.Compute/disks.pass"
+        }
+        failing_resources = {
+            "Microsoft.Compute/disks.fail"
+        }
+
+        passed_check_resources = {c.resource for c in report.passed_checks}
+        failed_check_resources = {c.resource for c in report.failed_checks}
+
+        assert summary["passed"] == len(passing_resources)
+        assert summary["failed"] == len(failing_resources)
+        assert summary["skipped"] == 0
+        assert summary["parsing_errors"] == 0
+
+        assert passed_check_resources == passing_resources
+        assert failed_check_resources == failing_resources
+
+
+if __name__ == "__main__":
+    unittest.main()