From 166979dd617f984172944dd23b50de5250ef0335 Mon Sep 17 00:00:00 2001
From: cmendible <266546+cmendible@users.noreply.github.com>
Date: Wed, 24 Apr 2024 08:55:49 +0200
Subject: [PATCH] bug: Remove vm-001 rule from VirtualMachineScanner #223

---
 .../content/en/docs/Recommendations/_index.md | 39 +++++++++----------
 internal/scanners/vm/rules.go                 | 12 ------
 internal/scanners/vm/rules_test.go            | 18 ---------
 3 files changed, 19 insertions(+), 50 deletions(-)

diff --git a/docs/content/en/docs/Recommendations/_index.md b/docs/content/en/docs/Recommendations/_index.md
index b7f280b2..25f6ee38 100644
--- a/docs/content/en/docs/Recommendations/_index.md
+++ b/docs/content/en/docs/Recommendations/_index.md
@@ -308,23 +308,22 @@ Azure Quick Review checks the following recommendations for Azure resources. The
 298 | Security | Low | Storage Account should enforce TLS >= 1.2 | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-minimum-version?tabs=portal)
 299 | Disaster Recovery | Low | Storage Account should have inmutable storage versioning enabled | [Learn](https://learn.microsoft.com/en-us/azure/well-architected/service-guides/storage-accounts/reliability)
 300 | Disaster Recovery | Medium | Storage Account should have soft delete enabled | [Learn](https://learn.microsoft.com/en-us/azure/well-architected/service-guides/storage-accounts/reliability)
-301 | Monitoring and Alerting | Low | Virtual Machine should have diagnostic settings enabled | [Learn](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-windows-install)
-302 | High Availability | High | Virtual Machine should have availability zones enabled | [Learn](https://learn.microsoft.com/en-us/azure/virtual-machines/availability#availability-zones)
-303 | High Availability | High | Virtual Machine should have a SLA | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
-304 | Governance | Low | Virtual Machine Name should comply with naming conventions | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-305 | Governance | Low | Virtual Machine should have tags | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-306 | High Availability | High | Virtual Machine should use managed disks | [Learn](https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#virtual-machines)
-307 | Scalability | Low | Virtual Machine should host application or database data on a data disk | [Learn](https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk)
-308 | Monitoring and Alerting | Low | Virtual Network should have diagnostic settings enabled | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network#collection-and-routing)
-309 | High Availability | High | Virtual Network should have availability zones enabled | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview#virtual-networks-and-availability-zones)
-310 | Governance | Low | Virtual Network Name should comply with naming conventions | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-311 | Governance | Low | Virtual Network should have tags | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-312 | Security | High | Virtual Network: All Subnets should have a Network Security Group associated | [Learn](https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices)
-313 | High Availability | High | Virtual Network should have at least two DNS servers assigned | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances?tabs=redhat#specify-dns-servers)
-314 | Monitoring and Alerting | Low | Web Pub Sub should have diagnostic settings enabled | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-troubleshoot-resource-logs)
-315 | High Availability | High | Web Pub Sub should have availability zones enabled | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-availability-zones)
-316 | High Availability | High | Web Pub Sub should have a SLA | [Learn](https://azure.microsoft.com/en-gb/support/legal/sla/web-pubsub/)
-317 | Security | High | Web Pub Sub should have private endpoints enabled | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-secure-private-endpoints)
-318 | High Availability | High | Web Pub Sub SKU | [Learn](https://azure.microsoft.com/en-us/pricing/details/web-pubsub/)
-319 | Governance | Low | Web Pub Sub Name should comply with naming conventions | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-320 | Governance | Low | Web Pub Sub should have tags | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+301 | High Availability | High | Virtual Machine should have availability zones enabled | [Learn](https://learn.microsoft.com/en-us/azure/virtual-machines/availability#availability-zones)
+302 | High Availability | High | Virtual Machine should have a SLA | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
+303 | Governance | Low | Virtual Machine Name should comply with naming conventions | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+304 | Governance | Low | Virtual Machine should have tags | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+305 | High Availability | High | Virtual Machine should use managed disks | [Learn](https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#virtual-machines)
+306 | Scalability | Low | Virtual Machine should host application or database data on a data disk | [Learn](https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk)
+307 | Monitoring and Alerting | Low | Virtual Network should have diagnostic settings enabled | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network#collection-and-routing)
+308 | High Availability | High | Virtual Network should have availability zones enabled | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview#virtual-networks-and-availability-zones)
+309 | Governance | Low | Virtual Network Name should comply with naming conventions | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+310 | Governance | Low | Virtual Network should have tags | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+311 | Security | High | Virtual Network: All Subnets should have a Network Security Group associated | [Learn](https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices)
+312 | High Availability | High | Virtual Network should have at least two DNS servers assigned | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances?tabs=redhat#specify-dns-servers)
+313 | Monitoring and Alerting | Low | Web Pub Sub should have diagnostic settings enabled | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-troubleshoot-resource-logs)
+314 | High Availability | High | Web Pub Sub should have availability zones enabled | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-availability-zones)
+315 | High Availability | High | Web Pub Sub should have a SLA | [Learn](https://azure.microsoft.com/en-gb/support/legal/sla/web-pubsub/)
+316 | Security | High | Web Pub Sub should have private endpoints enabled | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-secure-private-endpoints)
+317 | High Availability | High | Web Pub Sub SKU | [Learn](https://azure.microsoft.com/en-us/pricing/details/web-pubsub/)
+318 | Governance | Low | Web Pub Sub Name should comply with naming conventions | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+319 | Governance | Low | Web Pub Sub should have tags | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
diff --git a/internal/scanners/vm/rules.go b/internal/scanners/vm/rules.go
index e1190eb9..8dde435e 100644
--- a/internal/scanners/vm/rules.go
+++ b/internal/scanners/vm/rules.go
@@ -13,18 +13,6 @@ import (
 // GetRules - Returns the rules for the VirtualMachineScanner
 func (a *VirtualMachineScanner) GetRules() map[string]scanners.AzureRule {
 	return map[string]scanners.AzureRule{
-		"vm-001": {
-			Id:             "vm-001",
-			Category:       scanners.RulesCategoryMonitoringAndAlerting,
-			Recommendation: "Virtual Machine should have diagnostic settings enabled",
-			Impact:         scanners.ImpactLow,
-			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
-				service := target.(*armcompute.VirtualMachine)
-				_, ok := scanContext.DiagnosticsSettings[strings.ToLower(*service.ID)]
-				return !ok, ""
-			},
-			Url: "https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-windows-install",
-		},
 		"vm-002": {
 			Id:             "vm-002",
 			Category:       scanners.RulesCategoryHighAvailability,
diff --git a/internal/scanners/vm/rules_test.go b/internal/scanners/vm/rules_test.go
index 0d8ea0cc..c112c026 100644
--- a/internal/scanners/vm/rules_test.go
+++ b/internal/scanners/vm/rules_test.go
@@ -27,24 +27,6 @@ func TestVirtualMachineScanner_Rules(t *testing.T) {
 		fields fields
 		want   want
 	}{
-		{
-			name: "VirtualMachineScanner DiagnosticSettings",
-			fields: fields{
-				rule: "vm-001",
-				target: &armcompute.VirtualMachine{
-					ID: to.Ptr("test"),
-				},
-				scanContext: &scanners.ScanContext{
-					DiagnosticsSettings: map[string]bool{
-						"test": true,
-					},
-				},
-			},
-			want: want{
-				broken: false,
-				result: "",
-			},
-		},
 		{
 			name: "VirtualMachineScanner Availability Zones",
 			fields: fields{