Modify rule S6388: Add language AzureResourceManager (Bicep) (#1925)

Specification ticket: https://sonarsource.atlassian.net/browse/SONARIAC-759
SonarSource · Sep 13, 2023 · d2c8e2f · d2c8e2f
1 parent bc5795a
commit d2c8e2f
Show file tree

Hide file tree

Showing 31 changed files with 793 additions and 2 deletions.
diff --git a/...ger/examples/Microsoft.AzureArcData_sqlServerInstances_databases.compliant.adoc b/...ger/examples/Microsoft.AzureArcData_sqlServerInstances_databases.compliant.adoc
@@ -19,3 +19,14 @@ Enabled encryption on SQL service instance database:
   ]
 }
 ----
+
+[source,bicep,diff-id=1211,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.AzureArcData/sqlServerInstances/databases@2023-03-15-preview' = {
+  properties: {
+    databaseOptions: {
+      isEncrypted: true
+    }
+  }
+}
+----
diff --git a/.../examples/Microsoft.AzureArcData_sqlServerInstances_databases.noncompliant.adoc b/.../examples/Microsoft.AzureArcData_sqlServerInstances_databases.noncompliant.adoc
@@ -19,3 +19,14 @@ Disabled encryption on SQL service instance database:
   ]
 }
 ----
+
+[source,bicep,diff-id=1211,diff-type=noncompliant]
+----
+resource symbolicname 'Microsoft.AzureArcData/sqlServerInstances/databases@2023-03-15-preview' = {
+  properties: {
+    databaseOptions: {
+      isEncrypted: false
+    }
+  }
+}
+----
diff --git a/rules/S6388/azureresourcemanager/examples/Microsoft.Compute_disks.compliant.adoc b/rules/S6388/azureresourcemanager/examples/Microsoft.Compute_disks.compliant.adoc
@@ -21,6 +21,18 @@ Enabled encryption for managed disk:
 }
 ----
 
+[source,bicep,diff-id=311,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/disks@2022-07-02' = {
+  properties: {
+    encryption: {
+      diskEncryptionSetId: 'string'
+      type: 'string'
+    }
+  }
+}
+----
+
 Enabled encryption through setting https://learn.microsoft.com/en-us/azure/templates/microsoft.compute/disks?pivots=deployment-language-arm-template#encryptionsettingscollection-1[encryptionSettingsCollection]:
 [source,json]
 ----
@@ -51,6 +63,27 @@ Enabled encryption through setting https://learn.microsoft.com/en-us/azure/templ
 }
 ----
 
+[source,bicep,diff-id=312,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/disks@2022-07-02' = {
+  properties: {
+    encryptionSettingsCollection: {
+      enabled: true
+      encryptionSettings: [
+        {
+          diskEncryptionKey: {
+            secretUrl: 'string'
+            sourceVault: {
+              id: 'string'
+            }
+          }
+        }
+      ]
+    }
+  }
+}
+----
+
 Enabled encryption through a security profile for an OS disk:
 [source,json]
 ----
@@ -71,3 +104,15 @@ Enabled encryption through a security profile for an OS disk:
   ]
 }
 ----
+
+[source,bicep,diff-id=313,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/disks@2022-07-02' = {
+  properties: {
+    securityProfile: {
+      secureVMDiskEncryptionSetId: 'string'
+      securityType: '{ConfidentialVM_DiskEncryptedWithCustomerKey | ConfidentialVM_DiskEncryptedWithPlatformKey | ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey | TrustedLaunch}'
+    }
+  }
+}
+----
diff --git a/.../S6388/azureresourcemanager/examples/Microsoft.Compute_snapshots.compliant.adoc b/.../S6388/azureresourcemanager/examples/Microsoft.Compute_snapshots.compliant.adoc
@@ -21,6 +21,18 @@ Enabled disk encryption for snapshot:
 }
 ----
 
+[source,bicep,diff-id=411,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/snapshots@2022-07-02' = {
+  properties: {
+    encryption: {
+      diskEncryptionSetId: 'string'
+      type: '{EncryptionAtRestWithCustomerKey | EncryptionAtRestWithPlatformAndCustomerKeys | EncryptionAtRestWithPlatformKey}'
+    }
+  }
+}
+----
+
 Enabled disk encryption with settings collection:
 [source,json,diff-id=402,diff-type=compliant]
 ----
@@ -52,6 +64,28 @@ Enabled disk encryption with settings collection:
 }
 ----
 
+[source,bicep,diff-id=412,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/snapshots@2022-07-02' = {
+  properties: {
+    encryptionSettingsCollection: {
+      enabled: true
+      encryptionSettings: [
+        {
+          diskEncryptionKey: {
+            secretUrl: ''
+            sourceVault: {
+              id: 'string'
+            }
+          }
+        }
+      ]
+      encryptionSettingsVersion: '{1.0 | 1.1}'
+    }
+  }
+}
+----
+
 Enabled disk encryption through security profile:
 [source,json]
 ----
@@ -72,3 +106,15 @@ Enabled disk encryption through security profile:
   ]
 }
 ----
+
+[source,bicep,diff-id=413,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/snapshots@2022-07-02' = {
+  properties: {
+    securityProfile: {
+      secureVMDiskEncryptionSetId: 'string'
+      securityType: '{ConfidentialVM_DiskEncryptedWithCustomerKey | ConfidentialVM_DiskEncryptedWithPlatformKey | ConfidentialVM_VMGuestStateOnlyEncryptedWithPlatformKey | TrustedLaunch}'
+    }
+  }
+}
+----
diff --git a/...388/azureresourcemanager/examples/Microsoft.Compute_snapshots.noncompliant.adoc b/...388/azureresourcemanager/examples/Microsoft.Compute_snapshots.noncompliant.adoc
@@ -19,3 +19,14 @@ Disabled disk encryption with settings collection:
   ]
 }
 ----
+
+[source,bicep,diff-id=412,diff-type=noncompliant]
+----
+resource symbolicname 'Microsoft.Compute/snapshots@2022-07-02' = {
+  properties: {
+    encryptionSettingsCollection: {
+      enabled: false
+    }
+  }
+}
+----
diff --git a/...sourcemanager/examples/Microsoft.Compute_virtualMachineScaleSets.compliant.adoc b/...sourcemanager/examples/Microsoft.Compute_virtualMachineScaleSets.compliant.adoc
@@ -22,6 +22,19 @@ Enabled encryption at host level:
 }
 ----
 
+[source,bicep,diff-id=211,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
+  properties: {
+    virtualMachineProfile: {
+      securityProfile: {
+        encryptionAtHost: true
+      }
+    }
+  }
+}
+----
+
 Enabled encryption for data disk:
 [source,json,diff-id=202,diff-type=compliant]
 ----
@@ -53,6 +66,28 @@ Enabled encryption for data disk:
 }
 ----
 
+[source,bicep,diff-id=212,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
+  properties: {
+    virtualMachineProfile: {
+      storageProfile: {
+        dataDisks: [
+          {
+            name: 'myDataDisk'
+            managedDisk: {
+              diskEncryptionSet: {
+                id: 'string'
+              }
+            }
+          }
+        ]
+      }
+    }
+  }
+}
+----
+
 Enabled encryption for data disk through security profile:
 [source,json]
 ----
@@ -86,6 +121,30 @@ Enabled encryption for data disk through security profile:
 }
 ----
 
+[source,bicep,diff-id=213,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
+  properties: {
+    virtualMachineProfile: {
+      storageProfile: {
+        dataDisks: [
+          {
+            name: 'myDataDisk'
+            managedDisk: {
+              securityProfile: {
+                diskEncryptionSet: {
+                  id: 'string'
+                }
+              }
+            }
+          }
+        ]
+      }
+    }
+  }
+}
+----
+
 Enabled encryption for OS disk:
 [source,json,diff-id=204,diff-type=compliant]
 ----
@@ -115,6 +174,26 @@ Enabled encryption for OS disk:
 }
 ----
 
+[source,bicep,diff-id=214,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
+  properties: {
+    virtualMachineProfile: {
+      storageProfile: {
+        osDisk: {
+          name: 'myOsDisk'
+          managedDisk: {
+            diskEncryptionSet: {
+              id: 'string'
+            }
+          }
+        }
+      }
+    }
+  }
+}
+----
+
 Enabled encryption for OS disk through security profile:
 [source,json]
 ----
@@ -145,3 +224,25 @@ Enabled encryption for OS disk through security profile:
   ]
 }
 ----
+
+[source,bicep,diff-id=215,diff-type=compliant]
+----
+resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
+  properties: {
+    virtualMachineProfile: {
+      storageProfile: {
+        osDisk: {
+          name: 'myOsDisk'
+          managedDisk: {
+            securityProfile: {
+              diskEncryptionSet: {
+                id: 'string'
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+----
diff --git a/...rcemanager/examples/Microsoft.Compute_virtualMachineScaleSets.noncompliant.adoc b/...rcemanager/examples/Microsoft.Compute_virtualMachineScaleSets.noncompliant.adoc
@@ -22,6 +22,19 @@ Disabled encryption at host level:
 }
 ----
 
+[source,bicep,diff-id=211,diff-type=noncompliant]
+----
+resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
+  properties: {
+    virtualMachineProfile: {
+      securityProfile: {
+        encryptionAtHost: false
+      }
+    }
+  }
+}
+----
+
 Disabled encryption for data disk:
 [source,json,diff-id=202,diff-type=noncompliant]
 ----
@@ -48,6 +61,23 @@ Disabled encryption for data disk:
 }
 ----
 
+[source,bicep,diff-id=212,diff-type=noncompliant]
+----
+resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
+  properties: {
+    virtualMachineProfile: {
+      storageProfile: {
+        dataDisks: [
+          {
+            name: 'myDataDisk'
+          }
+        ]
+      }
+    }
+  }
+}
+----
+
 Disabled encryption for OS disk:
 [source,json,diff-id=204,diff-type=noncompliant]
 ----
@@ -71,3 +101,18 @@ Disabled encryption for OS disk:
   ]
 }
 ----
+
+[source,bicep,diff-id=214,diff-type=noncompliant]
+----
+resource symbolicname 'Microsoft.Compute/virtualMachineScaleSets@2022-11-01' = {
+  properties: {
+    virtualMachineProfile: {
+      storageProfile: {
+        osDisk: {
+          name: 'myOsDisk'
+        }
+      }
+    }
+  }
+}
+----