github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/synapse/virtual_network_enabled.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/synapse/virtual_network_enabled.go (about)

     1  package synapse
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/internal/rules"
     5  	"github.com/khulnasoft-lab/defsec/pkg/providers"
     6  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     7  	"github.com/khulnasoft-lab/defsec/pkg/severity"
     8  	"github.com/khulnasoft-lab/defsec/pkg/state"
     9  )
    10  
    11  var CheckVirtualNetworkEnabled = rules.Register(
    12  	scan.Rule{
    13  		AVDID:      "AVD-AZU-0034",
    14  		Provider:   providers.AzureProvider,
    15  		Service:    "synapse",
    16  		ShortCode:  "virtual-network-enabled",
    17  		Summary:    "Synapse Workspace should have managed virtual network enabled, the default is disabled.",
    18  		Impact:     "Your Synapse workspace is not using the private endpoints",
    19  		Resolution: "Set manage virtual network to enabled",
    20  		Explanation: `Synapse Workspace does not have managed virtual network enabled by default.
    21  
    22  When you create your Azure Synapse workspace, you can choose to associate it to a Microsoft Azure Virtual Network. The Virtual Network associated with your workspace is managed by Azure Synapse. This Virtual Network is called a Managed workspace Virtual Network.
    23  Managed private endpoints are private endpoints created in a Managed Virtual Network associated with your Azure Synapse workspace. Managed private endpoints establish a private link to Azure resources. You can only use private links in a workspace that has a Managed workspace Virtual Network.`,
    24  		Links: []string{
    25  			"https://docs.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-managed-private-endpoints",
    26  			"https://docs.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-managed-vnet",
    27  		},
    28  		Terraform: &scan.EngineMetadata{
    29  			GoodExamples:        terraformVirtualNetworkEnabledGoodExamples,
    30  			BadExamples:         terraformVirtualNetworkEnabledBadExamples,
    31  			Links:               terraformVirtualNetworkEnabledLinks,
    32  			RemediationMarkdown: terraformVirtualNetworkEnabledRemediationMarkdown,
    33  		},
    34  		Severity: severity.Medium,
    35  	},
    36  	func(s *state.State) (results scan.Results) {
    37  		for _, workspace := range s.Azure.Synapse.Workspaces {
    38  			if workspace.Metadata.IsUnmanaged() {
    39  				continue
    40  			}
    41  			if workspace.EnableManagedVirtualNetwork.IsFalse() {
    42  				results.Add(
    43  					"Workspace does not have a managed virtual network enabled.",
    44  					workspace.EnableManagedVirtualNetwork,
    45  				)
    46  			} else {
    47  				results.AddPassed(&workspace)
    48  			}
    49  		}
    50  		return
    51  	},
    52  )