Azure · cmendible · Apr 23, 2024 · Apr 23, 2024 · Apr 23, 2024 · Apr 23, 2024
@@ -49,7 +49,7 @@ Azure Quick Review checks the following recommendations for Azure resources. The
 39 | Governance | Low | AKS Name should comply with naming conventions | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
 40 | Security | Medium | AKS should integrate authentication with AAD (Managed) | [Learn](https://learn.microsoft.com/en-us/azure/aks/managed-azure-ad)
 41 | Security | Medium | AKS should be RBAC enabled. | [Learn](https://learn.microsoft.com/azure/aks/manage-azure-rbac)
-42 | Security | Medium | AKS should have local accounts disabled | [Learn](https://learn.microsoft.com/azure/aks/managed-aad#disable-local-accounts)
+42 | Security | Medium | AKS should have local accounts disabled | [Learn](https://learn.microsoft.com/en-us/azure/aks/manage-local-accounts-managed-azure-ad#disable-local-accounts)
 43 | Security | Medium | AKS should have httpApplicationRouting disabled | [Learn](https://learn.microsoft.com/azure/aks/http-application-routing)
 44 | Monitoring and Alerting | High | AKS should have Container Insights enabled | [Learn](https://learn.microsoft.com/azure/azure-monitor/insights/container-insights-overview)
 45 | Security | High | AKS should have outbound type set to user defined routing | [Learn](https://learn.microsoft.com/azure/aks/limit-egress-traffic)

@@ -151,7 +151,7 @@ func (a *AKSScanner) GetRules() map[string]scanners.AzureRule {
 				}
 				return true, ""
 			},
-			Url: "https://learn.microsoft.com/azure/aks/managed-aad#disable-local-accounts",
+			Url: "https://learn.microsoft.com/en-us/azure/aks/manage-local-accounts-managed-azure-ad#disable-local-accounts",
 		},
 		"aks-010": {
 			Id:             "aks-010",

@@ -32,9 +32,9 @@ func (a *AppConfigurationScanner) GetRules() map[string]scanners.AzureRule {
 			Impact:         scanners.ImpactHigh,
 			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
 				a := target.(*armappconfiguration.ConfigurationStore)
-				sku := *a.SKU.Name
+				sku := strings.ToLower(*a.SKU.Name)
 				sla := "None"
-				if sku == "Standard" {
+				if sku == "standard" {
 					sla = "99.9%"
 				}
 

@@ -51,7 +51,7 @@ func TestAppConfigurationScanner_Rules(t *testing.T) {
 				rule: "appcs-003",
 				target: &armappconfiguration.ConfigurationStore{
 					SKU: &armappconfiguration.SKU{
-						Name: to.Ptr("Free"),
+						Name: to.Ptr("free"),
 					},
 				},
 				scanContext: &scanners.ScanContext{},

@@ -82,17 +82,6 @@ func (a *SQLScanner) getServerRules() map[string]scanners.AzureRule {
 
 func (a *SQLScanner) getDatabaseRules() map[string]scanners.AzureRule {
 	return map[string]scanners.AzureRule{
-		"sqldb-001": {
-			Id:             "sqldb-001",
-			Category:       scanners.RulesCategoryMonitoringAndAlerting,
-			Recommendation: "SQL Database should have diagnostic settings enabled",
-			Impact:         scanners.ImpactLow,
-			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
-				service := target.(*armsql.Database)
-				_, ok := scanContext.DiagnosticsSettings[strings.ToLower(*service.ID)]
-				return !ok, ""
-			},
-		},
 		"sqldb-002": {
 			Id:             "sqldb-002",
 			Category:       scanners.RulesCategoryHighAvailability,

@@ -127,24 +127,6 @@ func TestSQLScanner_DatabaseRules(t *testing.T) {
 		fields fields
 		want   want
 	}{
-		{
-			name: "SQLScanner DiagnosticSettings",
-			fields: fields{
-				rule: "sqldb-001",
-				target: &armsql.Database{
-					ID: to.Ptr("test"),
-				},
-				scanContext: &scanners.ScanContext{
-					DiagnosticsSettings: map[string]bool{
-						"test": true,
-					},
-				},
-			},
-			want: want{
-				broken: false,
-				result: "",
-			},
-		},
 		{
 			name: "SQLScanner Availability Zones",
 			fields: fields{