add rule for azurerm_managed_disk

Azure · Feb 13, 2025 · 6f73c01 · 6f73c01
1 parent 5f2b999
commit 6f73c01
Show file tree

Hide file tree

Showing 7 changed files with 183 additions and 9 deletions.
diff --git a/...-Proactive-Resiliency-Library-v2/azapi/compute/microsoft_compute_disks_sku_name.mock.json b/...-Proactive-Resiliency-Library-v2/azapi/compute/microsoft_compute_disks_sku_name.mock.json
@@ -0,0 +1,76 @@
+{
+  "mock": {
+    "invalid_Standard_LRS": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "body": {
+                "sku": {
+                  "name": "Standard_LRS"
+                }
+              },
+              "type": "Microsoft.Compute/disks@2024-03-02"
+            }
+          }
+        }
+      ]
+    },
+    "premium_lrs": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "body": {
+                "sku": {
+                  "name": "Premium_LRS"
+                }
+              },
+              "type": "Microsoft.Compute/disks@2024-03-02"
+            }
+          }
+        }
+      ]
+    },
+    "ultrassd_lrs": {
+      "resource_changes": [
+        {
+          "address": "azapi_resource.res",
+          "mode": "managed",
+          "type": "azapi_resource",
+          "name": "res",
+          "provider_name": "registry.terraform.io/azure/azapi",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "body": {
+                "sku": {
+                  "name": "UltraSSD_LRS"
+                }
+              },
+              "type": "Microsoft.Compute/disks@2024-03-02"
+            }
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/...Azure-Proactive-Resiliency-Library-v2/azapi/compute/microsoft_compute_disks_sku_name.rego b/...Azure-Proactive-Resiliency-Library-v2/azapi/compute/microsoft_compute_disks_sku_name.rego
@@ -0,0 +1,19 @@
+package Azure_Proactive_Resiliency_Library_v2.mission_critical_virtual_machine_should_use_premium_or_ultra_disks
+
+import rego.v1
+
+valid_azapi_disk_sku_name(resource) if {
+    startswith(resource.values.body.sku.name, "Premium")
+}
+
+valid_azapi_disk_sku_name(resource) if {
+    startswith(resource.values.body.sku.name, "Ultra")
+}
+
+deny_mission_critical_virtual_machine_should_use_premium_or_ultra_disks contains reason if {
+    resource := data.utils.resource(input, "azapi_resource")[_]
+    data.utils.is_azure_type(resource.values, "Microsoft.Compute/disks")
+    not valid_azapi_disk_sku_name(resource)
+
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have configured `sku.name` to use Premium or Ultra type: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks", [resource.address])
+}
diff --git a/...crosoft_compute_virtualMachines_storageProfile_osDisk_managedDisk_storageAccountType.rego b/...crosoft_compute_virtualMachines_storageProfile_osDisk_managedDisk_storageAccountType.rego
@@ -2,18 +2,18 @@ package Azure_Proactive_Resiliency_Library_v2.mission_critical_virtual_machine_s
 
 import rego.v1
 
-valid_azapi_properties_storageProfile_osDisk_storageAccountType(resource) if {
+valid_azapi_virtual_machine_properties_storageProfile_osDisk_storageAccountType(resource) if {
     startswith(resource.values.body.properties.storageProfile.osDisk.managedDisk.storageAccountType, "Premium")
 }
 
-valid_azapi_properties_storageProfile_osDisk_storageAccountType(resource) if {
+valid_azapi_virtual_machine_properties_storageProfile_osDisk_storageAccountType(resource) if {
     startswith(resource.values.body.properties.storageProfile.osDisk.managedDisk.storageAccountType, "Ultra")
 }
 
 deny_mission_critical_virtual_machine_should_use_premium_or_ultra_disks contains reason if {
     resource := data.utils.resource(input, "azapi_resource")[_]
     data.utils.is_azure_type(resource.values, "Microsoft.Compute/virtualMachines")
-    not valid_azapi_properties_storageProfile_osDisk_storageAccountType(resource)
+    not valid_azapi_virtual_machine_properties_storageProfile_osDisk_storageAccountType(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azapi_resource` must have configured `storageProfile.osDisk.managedDisk.storageAccountType` to use Premium or Ultra type: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks", [resource.address])
 }
diff --git a/...ibrary-v2/azurerm/compute/azurerm_linux_virtual_machine_os_disk_storage_account_type.rego b/...ibrary-v2/azurerm/compute/azurerm_linux_virtual_machine_os_disk_storage_account_type.rego
@@ -2,17 +2,17 @@ package Azure_Proactive_Resiliency_Library_v2.mission_critical_virtual_machine_s
 
 import rego.v1
 
-valid_azurerm_os_disk_storage_account_type(resource) if {
+valid_azurerm_virtual_machine_os_disk_storage_account_type(resource) if {
     startswith(resource.values.os_disk[_].storage_account_type, "Premium")
 }
 
-valid_azurerm_os_disk_storage_account_type(resource) if {
+valid_azurerm_virtual_machine_os_disk_storage_account_type(resource) if {
     startswith(resource.values.os_disk[_].storage_account_type, "Ultra")
 }
 
 deny_mission_critical_virtual_machine_should_use_premium_or_ultra_disks contains reason if {
     resource := data.utils.resource(input, "azurerm_linux_virtual_machine")[_]
-    not valid_azurerm_os_disk_storage_account_type(resource)
+    not valid_azurerm_virtual_machine_os_disk_storage_account_type(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azurerm_linux_virtual_machine` must have configured `os_disk.storage_account_type` to use Premium or Ultra type: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks", [resource.address])
 }
diff --git a/...Resiliency-Library-v2/azurerm/compute/azurerm_managed_disk_storage_account_type.mock.json b/...Resiliency-Library-v2/azurerm/compute/azurerm_managed_disk_storage_account_type.mock.json
@@ -0,0 +1,61 @@
+{
+  "mock": {
+    "invalid_Standard_LRS": {
+      "resource_changes": [
+        {
+          "address": "azurerm_managed_disk.example",
+          "mode": "managed",
+          "type": "azurerm_managed_disk",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "storage_account_type": "Standard_LRS"
+            }
+          }
+        }
+      ]
+    },
+    "premium_lrs": {
+      "resource_changes": [
+        {
+          "address": "azurerm_managed_disk.example",
+          "mode": "managed",
+          "type": "azurerm_managed_disk",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "storage_account_type": "Premium_LRS"
+            }
+          }
+        }
+      ]
+    },
+    "ultrassd_lrs": {
+      "resource_changes": [
+        {
+          "address": "azurerm_managed_disk.example",
+          "mode": "managed",
+          "type": "azurerm_managed_disk",
+          "name": "example",
+          "provider_name": "registry.terraform.io/hashicorp/azurerm",
+          "change": {
+            "actions": [
+              "create"
+            ],
+            "after": {
+              "storage_account_type": "UltraSSD_LRS"
+            }
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/...tive-Resiliency-Library-v2/azurerm/compute/azurerm_managed_disk_storage_account_type.rego b/...tive-Resiliency-Library-v2/azurerm/compute/azurerm_managed_disk_storage_account_type.rego
@@ -0,0 +1,18 @@
+package Azure_Proactive_Resiliency_Library_v2.mission_critical_virtual_machine_should_use_premium_or_ultra_disks
+
+import rego.v1
+
+valid_azurerm_managed_disk_storage_account_type(resource) if {
+    startswith(resource.values.storage_account_type, "Premium")
+}
+
+valid_azurerm_managed_disk_storage_account_type(resource) if {
+    startswith(resource.values.storage_account_type, "Ultra")
+}
+
+deny_mission_critical_virtual_machine_should_use_premium_or_ultra_disks contains reason if {
+    resource := data.utils.resource(input, "azurerm_managed_disk")[_]
+    not valid_azurerm_managed_disk_storage_account_type(resource)
+
+    reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azurerm_managed_disk` must have configured `storage_account_type` to use Premium or Ultra type: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks", [resource.address])
+}
diff --git a/...rary-v2/azurerm/compute/azurerm_windows_virtual_machine_os_disk_storage_account_type.rego b/...rary-v2/azurerm/compute/azurerm_windows_virtual_machine_os_disk_storage_account_type.rego
@@ -2,17 +2,17 @@ package Azure_Proactive_Resiliency_Library_v2.mission_critical_virtual_machine_s
 
 import rego.v1
 
-valid_azurerm_os_disk_storage_account_type(resource) if {
+valid_azurerm_virtual_machine_os_disk_storage_account_type(resource) if {
     startswith(resource.values.os_disk[_].storage_account_type, "Premium")
 }
 
-valid_azurerm_os_disk_storage_account_type(resource) if {
+valid_azurerm_virtual_machine_os_disk_storage_account_type(resource) if {
     startswith(resource.values.os_disk[_].storage_account_type, "Ultra")
 }
 
 deny_mission_critical_virtual_machine_should_use_premium_or_ultra_disks contains reason if {
     resource := data.utils.resource(input, "azurerm_windows_virtual_machine")[_]
-    not valid_azurerm_os_disk_storage_account_type(resource)
+    not valid_azurerm_virtual_machine_os_disk_storage_account_type(resource)
 
     reason := sprintf("Azure-Proactive-Resiliency-Library-v2: '%s' `azurerm_windows_virtual_machine` must have configured `os_disk.storage_account_type` to use Premium or Ultra type: https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#mission-critical-workloads-should-consider-using-premium-or-ultra-disks", [resource.address])
 }