missing rules

cmd/azqr/ng.go

@@ -20,7 +20,7 @@ var ngCmd = &cobra.Command{
 	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
 		serviceScanners := []azqr.IAzureScanner{
-			&ng.NatGatewwayScanner{},
+			&ng.NatGatewayScanner{},
 		}
 
 		scan(cmd, serviceScanners)

go.mod

@@ -33,6 +33,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysql v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysqlflexibleservers v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights/v2 v2.0.0-beta.4
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresql v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresqlflexibleservers v1.1.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/redis/armredis v1.0.0
@@ -46,6 +47,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/synapse/armsynapse v0.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/virtualmachineimagebuilder/armvirtualmachineimagebuilder/v2 v2.3.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/webpubsub/armwebpubsub v1.3.0
 	github.com/google/uuid v1.6.0
 	github.com/rs/zerolog v1.33.0

go.sum

@@ -70,6 +70,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.0.0
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.0.0/go.mod h1:243D9iHbcQXoFUtgHJwL7gl2zx1aDuDMjvBZVGr2uW0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0 h1:Fd+iaEa+JBwzYo6OTWYSNqyvlPSLciMGsmsnYCKcXM0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0/go.mod h1:ulHyBFJOI0ONiRL4vcJTmS7rx18jQQlEPmAgo80cRdM=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights/v2 v2.0.0-beta.4 h1:VwalLmc4ugRHT4DFpNw2un/atApgAk90LJeuLUcSZn4=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights/v2 v2.0.0-beta.4/go.mod h1:66Yvwp7y+reikAA12FlUZI5faaIl3cUr/mLg9X5A9RM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresql v1.2.0 h1:0hXKrsbh2M6CQyW0TDC9Bsyd99vQmrOxiBTUfQHZjPA=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresql v1.2.0/go.mod h1:bvZZor36Jg9q9kouuMyfJ+ay77+qK+YUfThXH1FdXjU=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresqlflexibleservers v1.1.0 h1:HzqcSJWx32XQdr8KtxAu/SZJj0PqDo9tKf2YGPdynV0=
@@ -96,6 +98,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/synapse/armsynapse v0.8.0
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/synapse/armsynapse v0.8.0/go.mod h1:IzuvA34YNVnlifc1+KhCouAKEf1VYzV439FOpyfTHzA=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0 h1:e3kTG23M5ps+DjvPolK4dcgohDY8sHsXU7zrdHj1WzY=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/trafficmanager/armtrafficmanager v1.3.0/go.mod h1:Os5dq8Cvvz97rJauZhZJAfKHN+OEvF/0nVmHzF4aVys=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/virtualmachineimagebuilder/armvirtualmachineimagebuilder/v2 v2.3.0 h1:oMC000T4/6AQREdUeR7pL/e1qcrKfznthEaj2DGKOo4=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/virtualmachineimagebuilder/armvirtualmachineimagebuilder/v2 v2.3.0/go.mod h1:+iH0q9O/v2R4DlcvTrdXKcKUhxazcu4gTBb/QCfkDP4=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/webpubsub/armwebpubsub v1.3.0 h1:NyzzELDBMwCl+jHnUAEzv/4t9tp0vVn78vUou/7yqvM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/webpubsub/armwebpubsub v1.3.0/go.mod h1:3cqAZX7JxhdbywHK3b1iaO/VcP9Kv+yvZ/s44EO2+LI=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=

internal/renderers/excel/impacted.go

@@ -22,7 +22,7 @@ func renderImpactedResources(f *excelize.File, data *renderers.ReportData) {
 	headers := records[0]
 	createFirstRow(f, sheetName, headers)
 
-	if len(data.AprlData) > 0 {
+	if len(records) > 0 {
 		records = records[1:]
 		currentRow := 4
 		for _, row := range records {

internal/renderers/report_data.go

@@ -70,7 +70,7 @@ func (rd *ReportData) ResourcesTable() [][]string {
 	rows := [][]string{}
 	for _, r := range rd.Resources {
 		sla := ""
-		
+
 		for _, a := range rd.AzqrData {
 			if strings.EqualFold(strings.ToLower(a.ResourceID()), strings.ToLower(r.ID)) {
 				for _, rc := range a.Recommendations {
@@ -334,6 +334,10 @@ func NewReportData(outputFile string, mask bool) ReportData {
 }
 
 func MaskSubscriptionID(subscriptionID string, mask bool) string {
+	if len(subscriptionID) < 36 {
+		return ""
+	}
+
 	if !mask {
 		return subscriptionID
 	}
@@ -343,6 +347,10 @@ func MaskSubscriptionID(subscriptionID string, mask bool) string {
 }
 
 func MaskSubscriptionIDInResourceID(resourceID string, mask bool) string {
+	if !strings.HasPrefix(resourceID, "/subscriptions/") {
+		return ""
+	}
+
 	if !mask {
 		return resourceID
 	}

internal/scanners/it/it.go

@@ -5,29 +5,64 @@ package it
 
 import (
 	"github.com/Azure/azqr/internal/azqr"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/virtualmachineimagebuilder/armvirtualmachineimagebuilder/v2"
 )
 
 // ImageTemplateScanner - Scanner for Image Template
 type ImageTemplateScanner struct {
 	config *azqr.ScannerConfig
+	client *armvirtualmachineimagebuilder.VirtualMachineImageTemplatesClient
 }
 
 // Init - Initializes the Image Template Scanner
 func (a *ImageTemplateScanner) Init(config *azqr.ScannerConfig) error {
 	a.config = config
-	return nil
+	var err error
+	a.client, err = armvirtualmachineimagebuilder.NewVirtualMachineImageTemplatesClient(config.SubscriptionID, config.Cred, config.ClientOptions)
+	return err
 }
 
 // Scan - Scans all Image Template in a Resource Group
-func (a *ImageTemplateScanner) Scan(scanContext *azqr.ScanContext) ([]azqr.AzqrServiceResult, error) {
-	azqr.LogSubscriptionScan(a.config.SubscriptionID, a.ResourceTypes()[0])
-	return []azqr.AzqrServiceResult{}, nil
+func (c *ImageTemplateScanner) Scan(scanContext *azqr.ScanContext) ([]azqr.AzqrServiceResult, error) {
+	azqr.LogSubscriptionScan(c.config.SubscriptionID, c.ResourceTypes()[0])
+
+	svcs, err := c.list()
+	if err != nil {
+		return nil, err
+	}
+	engine := azqr.RecommendationEngine{}
+	rules := c.GetRecommendations()
+	results := []azqr.AzqrServiceResult{}
+
+	for _, w := range svcs {
+		rr := engine.EvaluateRecommendations(rules, w, scanContext)
+
+		results = append(results, azqr.AzqrServiceResult{
+			SubscriptionID:   c.config.SubscriptionID,
+			SubscriptionName: c.config.SubscriptionName,
+			ResourceGroup:    azqr.GetResourceGroupFromResourceID(*w.ID),
+			ServiceName:      *w.Name,
+			Type:             *w.Type,
+			Location:         *w.Location,
+			Recommendations:  rr,
+		})
+	}
+	return results, nil
 }
 
+func (c *ImageTemplateScanner) list() ([]*armvirtualmachineimagebuilder.ImageTemplate, error) {
+	pager := c.client.NewListPager(nil)
+
+	svcs := make([]*armvirtualmachineimagebuilder.ImageTemplate, 0)
+	for pager.More() {
+		resp, err := pager.NextPage(c.config.Ctx)
+		if err != nil {
+			return nil, err
+		}
+		svcs = append(svcs, resp.Value...)
+	}
+	return svcs, nil
+}
 func (a *ImageTemplateScanner) ResourceTypes() []string {
 	return []string{"Microsoft.VirtualMachineImages/imageTemplates"}
 }
-
-func (a *ImageTemplateScanner) GetRecommendations() map[string]azqr.AzqrRecommendation {
-	return map[string]azqr.AzqrRecommendation{}
-}

internal/scanners/it/rules.go

@@ -0,0 +1,42 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package it
+
+import (
+	"strings"
+
+	"github.com/Azure/azqr/internal/azqr"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/virtualmachineimagebuilder/armvirtualmachineimagebuilder/v2"
+)
+
+// GetRules - Returns the rules for the ImageTemplateScanner
+func (a *ImageTemplateScanner) GetRecommendations() map[string]azqr.AzqrRecommendation {
+	return map[string]azqr.AzqrRecommendation{
+		"it-006": {
+			RecommendationID: "it-006",
+			ResourceType:     "Microsoft.VirtualMachineImages/imageTemplates",
+			Category:         azqr.CategoryGovernance,
+			Recommendation:   "Image Template Name should comply with naming conventions",
+			Impact:           azqr.ImpactLow,
+			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
+				c := target.(*armvirtualmachineimagebuilder.ImageTemplate)
+				caf := strings.HasPrefix(*c.Name, "it")
+				return !caf, ""
+			},
+			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations",
+		},
+		"it-007": {
+			RecommendationID: "it-007",
+			ResourceType:     "Microsoft.VirtualMachineImages/imageTemplates",
+			Category:         azqr.CategoryGovernance,
+			Recommendation:   "Image Template should have tags",
+			Impact:           azqr.ImpactLow,
+			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
+				c := target.(*armvirtualmachineimagebuilder.ImageTemplate)
+				return len(c.Tags) == 0, ""
+			},
+			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json",
+		},
+	}
+}

internal/scanners/log/log.go

@@ -5,29 +5,65 @@ package log
 
 import (
 	"github.com/Azure/azqr/internal/azqr"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights/v2"
 )
 
 // LogAnalyticsScanner - Scanner for Log Analytics workspace
 type LogAnalyticsScanner struct {
 	config *azqr.ScannerConfig
+	client *armoperationalinsights.WorkspacesClient
 }
 
 // Init - Initializes the Log Analytics workspace Scanner
 func (a *LogAnalyticsScanner) Init(config *azqr.ScannerConfig) error {
 	a.config = config
-	return nil
+	var err error
+	a.client, err = armoperationalinsights.NewWorkspacesClient(config.SubscriptionID, config.Cred, config.ClientOptions)
+	return err
 }
 
 // Scan - Scans all Log Analytics workspace in a Resource Group
-func (a *LogAnalyticsScanner) Scan(scanContext *azqr.ScanContext) ([]azqr.AzqrServiceResult, error) {
-	azqr.LogSubscriptionScan(a.config.SubscriptionID, a.ResourceTypes()[0])
-	return []azqr.AzqrServiceResult{}, nil
+func (c *LogAnalyticsScanner) Scan(scanContext *azqr.ScanContext) ([]azqr.AzqrServiceResult, error) {
+	azqr.LogSubscriptionScan(c.config.SubscriptionID, c.ResourceTypes()[0])
+
+	svcs, err := c.list()
+	if err != nil {
+		return nil, err
+	}
+	engine := azqr.RecommendationEngine{}
+	rules := c.GetRecommendations()
+	results := []azqr.AzqrServiceResult{}
+
+	for _, w := range svcs {
+		rr := engine.EvaluateRecommendations(rules, w, scanContext)
+
+		results = append(results, azqr.AzqrServiceResult{
+			SubscriptionID:   c.config.SubscriptionID,
+			SubscriptionName: c.config.SubscriptionName,
+			ResourceGroup:    azqr.GetResourceGroupFromResourceID(*w.ID),
+			ServiceName:      *w.Name,
+			Type:             *w.Type,
+			Location:         *w.Location,
+			Recommendations:  rr,
+		})
+	}
+	return results, nil
 }
 
-func (a *LogAnalyticsScanner) ResourceTypes() []string {
-	return []string{"Microsoft.OperationalInsights/workspaces"}
+func (c *LogAnalyticsScanner) list() ([]*armoperationalinsights.Workspace, error) {
+	pager := c.client.NewListPager(nil)
+
+	svcs := make([]*armoperationalinsights.Workspace, 0)
+	for pager.More() {
+		resp, err := pager.NextPage(c.config.Ctx)
+		if err != nil {
+			return nil, err
+		}
+		svcs = append(svcs, resp.Value...)
+	}
+	return svcs, nil
 }
 
-func (a *LogAnalyticsScanner) GetRecommendations() map[string]azqr.AzqrRecommendation {
-	return map[string]azqr.AzqrRecommendation{}
+func (a *LogAnalyticsScanner) ResourceTypes() []string {
+	return []string{"Microsoft.OperationalInsights/workspaces"}
 }

internal/scanners/log/rules.go

@@ -0,0 +1,54 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package log
+
+import (
+	"strings"
+
+	"github.com/Azure/azqr/internal/azqr"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights/v2"
+)
+
+// GetRules - Returns the rules for the LogAnalyticsScanner
+func (a *LogAnalyticsScanner) GetRecommendations() map[string]azqr.AzqrRecommendation {
+	return map[string]azqr.AzqrRecommendation{
+		"log-003": {
+			RecommendationID:   "log-003",
+			ResourceType:       "Microsoft.OperationalInsights/workspaces",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Log Analytics Workspace SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
+			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
+				return false, "99.9%"
+			},
+			LearnMoreUrl: "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services",
+		},
+		"log-006": {
+			RecommendationID: "log-006",
+			ResourceType:     "Microsoft.OperationalInsights/workspaces",
+			Category:         azqr.CategoryGovernance,
+			Recommendation:   "Log Analytics Workspace Name should comply with naming conventions",
+			Impact:           azqr.ImpactLow,
+			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
+				c := target.(*armoperationalinsights.Workspace)
+				caf := strings.HasPrefix(*c.Name, "log")
+				return !caf, ""
+			},
+			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations",
+		},
+		"log-007": {
+			RecommendationID: "log-007",
+			ResourceType:     "Microsoft.OperationalInsights/workspaces",
+			Category:         azqr.CategoryGovernance,
+			Recommendation:   "Log Analytics Workspace should have tags",
+			Impact:           azqr.ImpactLow,
+			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
+				c := target.(*armoperationalinsights.Workspace)
+				return len(c.Tags) == 0, ""
+			},
+			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json",
+		},
+	}
+}