Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(arm): ARM VnetSingleDNSServer #6379

Merged
merged 12 commits into from
Jul 22, 2024
Merged

feat(arm): ARM VnetSingleDNSServer #6379

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
c4b0861
feat(arm) vnet_single_dns_server
gruebel May 2, 2024
4b3c253
feat(arm) vnet_single_dns_server
MaliUser1 Jun 3, 2024
076ae86
feat(arm) the right file
MaliUser1 Jun 3, 2024
dc019ec
revert changes on this file, not finished with it yet
MaliUser1 Jun 4, 2024
f39fb64
revert changes on this file
MaliUser1 Jun 4, 2024
5ca7e18
Merge branch 'main' into v_net_single_dns_server
MaliUser1 Jun 4, 2024
07d983c
Merge branch 'main' into v_net_single_dns_server
MaliUser1 Jun 4, 2024
bb1f37f
feat(arm) fix file
MaliUser1 Jun 9, 2024
b34915f
Merge branch 'main' into v_net_single_dns_server
RachelBorzi Jun 9, 2024
bbb7f69
feat(arm) fix file
MaliUser1 Jun 10, 2024
8922e77
Merge remote-tracking branch 'origin/v_net_single_dns_server' into v_…
MaliUser1 Jun 10, 2024
ac70366
add supported resources
MaliUser1 Jul 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions checkov/arm/checks/resource/VnetSingleDNSServer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
from typing import Any, List, Dict

from checkov.arm.base_resource_check import BaseResourceCheck
from checkov.common.models.enums import CheckCategories, CheckResult


class VnetSingleDNSServer(BaseResourceCheck):

def __init__(self) -> None:
"""Using a single DNS server may indicate a single point of failure
where the DNS IP address is not load balanced."""
name = "Ensure that VNET has at least 2 connected DNS Endpoints"
id = "CKV_AZURE_182"
supported_resources = ("Microsoft.Network/networkInterfaces", "Microsoft.Network/virtualNetworks")
categories = (CheckCategories.NETWORKING,)
super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)

def scan_resource_conf(self, conf: Dict[str, Dict[str, Dict[str, List[Any]]]]) -> CheckResult:
if "properties" in conf and "dnsSettings" in conf["properties"]:
if "dnsServers" in conf["properties"]["dnsSettings"] and isinstance(
conf["properties"]["dnsSettings"]["dnsServers"], list):
dns_servers = conf["properties"]["dnsSettings"]["dnsServers"]
if dns_servers and len(dns_servers) == 1:
self.evaluated_keys = ["dnsServers"]
return CheckResult.FAILED
else:
if "properties" in conf and "dhcpOptions" in conf["properties"]:
if "dnsServers" in conf["properties"]["dhcpOptions"] and isinstance(
conf["properties"]["dhcpOptions"]["dnsServers"], list):
dns_servers = conf["properties"]["dhcpOptions"]["dnsServers"]
if dns_servers and len(dns_servers) == 1:
self.evaluated_keys = ["dnsServers"]
return CheckResult.FAILED
return CheckResult.PASSED


check = VnetSingleDNSServer()
96 changes: 96 additions & 0 deletions tests/arm/checks/resource/example_VnetSingleDNSServer/fail.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"osDiskType": {
"type": "string"
},
"addressPrefixes": {
"type": "array"
},
"subnets": {
"type": "array"
},
"virtualNetworkId": {
"type": "string"
},
"virtualNetworkName": {
"type": "string"
},
"networkSecurityGroups": {
"type": "array"
},
"networkInterfaceConfigurations": {
"type": "array"
},
"vmName": {
"type": "string"
},
"virtualMachineScaleSetName": {
"type": "string"
},
"instanceCount": {
"type": "string"
},
"instanceSize": {
"type": "string"
},
"adminUsername": {
"type": "string"
},
"securityType": {
"type": "string"
},
"secureBoot": {
"type": "bool"
},
"vTPM": {
"type": "bool"
},
"platformFaultDomainCount": {
"type": "string"
}
},
"variables": {
"storageApiVersion": "2021-01-01",
"networkApiVersion": "2020-11-01",
"virtualMachineScaleSetApiVersion": "2023-03-01",
"namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]"
},
"resources": [
{
"name": "fail",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2022-11-01",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAllocationMethod": "Dynamic"
}
}
],
"dnsSettings": {
"dnsServers": [
"10.0.0.4"
]
}
}
}
],
"outputs": {
"adminUsername": {
"type": "string",
"value": "[parameters('adminUsername')]"
}
}
}
96 changes: 96 additions & 0 deletions tests/arm/checks/resource/example_VnetSingleDNSServer/fail2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"osDiskType": {
"type": "string"
},
"addressPrefixes": {
"type": "array"
},
"subnets": {
"type": "array"
},
"virtualNetworkId": {
"type": "string"
},
"virtualNetworkName": {
"type": "string"
},
"networkSecurityGroups": {
"type": "array"
},
"networkInterfaceConfigurations": {
"type": "array"
},
"vmName": {
"type": "string"
},
"virtualMachineScaleSetName": {
"type": "string"
},
"instanceCount": {
"type": "string"
},
"instanceSize": {
"type": "string"
},
"adminUsername": {
"type": "string"
},
"securityType": {
"type": "string"
},
"secureBoot": {
"type": "bool"
},
"vTPM": {
"type": "bool"
},
"platformFaultDomainCount": {
"type": "string"
}
},
"variables": {
"storageApiVersion": "2021-01-01",
"networkApiVersion": "2020-11-01",
"virtualMachineScaleSetApiVersion": "2023-03-01",
"namingInfix": "[toLower(substring(concat(parameters('virtualMachineScaleSetName'), uniqueString(resourceGroup().id)), 0, 9))]"
},
"resources": [
{
"name": "fail2",
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2022-11-01",
"location": "[parameters('location')]",
"dependsOn": [],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAllocationMethod": "Dynamic"
}
}
],
"dnsSettings": {
"dnsServers": [
"10.7.7.2"
]
}
}
}
],
"outputs": {
"adminUsername": {
"type": "string",
"value": "[parameters('adminUsername')]"
}
}
}
Loading
Loading