Merge pull request #172 from Azure/issue-171

Fixing 171

cmd/azqr/plan.go

@@ -5,7 +5,7 @@ package azqr
 
 import (
 	"github.com/Azure/azqr/internal/scanners"
-	"github.com/Azure/azqr/internal/scanners/plan"
+	"github.com/Azure/azqr/internal/scanners/asp"
 	"github.com/spf13/cobra"
 )
 
@@ -20,7 +20,7 @@ var planCmd = &cobra.Command{
 	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
 		serviceScanners := []scanners.IAzureScanner{
-			&plan.AppServiceScanner{},
+			&asp.AppServiceScanner{},
 		}
 
 		scan(cmd, serviceScanners)

cmd/azqr/scan.go

@@ -47,7 +47,7 @@ import (
 	"github.com/Azure/azqr/internal/scanners/logic"
 	"github.com/Azure/azqr/internal/scanners/maria"
 	"github.com/Azure/azqr/internal/scanners/mysql"
-	"github.com/Azure/azqr/internal/scanners/plan"
+	"github.com/Azure/azqr/internal/scanners/asp"
 	"github.com/Azure/azqr/internal/scanners/psql"
 	"github.com/Azure/azqr/internal/scanners/redis"
 	"github.com/Azure/azqr/internal/scanners/sb"
@@ -459,7 +459,7 @@ func GetScanners() []scanners.IAzureScanner {
 		&maria.MariaScanner{},
 		&mysql.MySQLFlexibleScanner{},
 		&mysql.MySQLScanner{},
-		&plan.AppServiceScanner{},
+		&asp.AppServiceScanner{},
 		&psql.PostgreFlexibleScanner{},
 		&psql.PostgreScanner{},
 		&redis.RedisScanner{},

internal/scanners/aks/rules.go

@@ -265,7 +265,7 @@ func (a *AKSScanner) GetRules() map[string]scanners.AzureRule {
 				c := target.(*armcontainerservice.ManagedCluster)
 				defaultMaxSurge := false
 				for _, profile := range c.Properties.AgentPoolProfiles {
-					if profile.UpgradeSettings.MaxSurge == nil || (profile.UpgradeSettings.MaxSurge == ref.Of("1")) {
+					if profile.UpgradeSettings == nil || profile.UpgradeSettings.MaxSurge == nil || (profile.UpgradeSettings.MaxSurge == ref.Of("1")) {
 						defaultMaxSurge = true
 						break
 					}

internal/scanners/aks/rules_test.go

@@ -547,6 +547,27 @@ func TestAKSScanner_Rules(t *testing.T) {
 				result: "",
 			},
 		},
+		{
+			name: "AKSScanner Max Surge with nil UpgradeSettings",
+			fields: fields{
+				rule: "aks-016",
+				target: &armcontainerservice.ManagedCluster{
+					SKU: &armcontainerservice.ManagedClusterSKU{
+						Tier: getSKUTierPaid(),
+					},
+					Properties: &armcontainerservice.ManagedClusterProperties{
+						AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
+							{},
+						},
+					},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
+			want: want{
+				broken: true,
+				result: "",
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

internal/scanners/plan/plan.go → internal/scanners/asp/asp.go

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-package plan
+package asp
 
 import (
 	"strings"
@@ -71,7 +71,7 @@ func (a *AppServiceScanner) Scan(resourceGroupName string, scanContext *scanners
 			// https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings
 			kind := strings.ToLower(*s.Kind)
 			switch kind {
-			case "functionapp":
+			case "functionapp,linux", "functionapp":
 				rr := engine.EvaluateRules(functionRules, s, scanContext)
 
 				result = scanners.AzureServiceResult{

internal/scanners/plan/rules.go → internal/scanners/asp/rules.go

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-package plan
+package asp
 
 import (
 	"strings"
@@ -27,8 +27,8 @@ func (a *AppServiceScanner) GetRules() map[string]scanners.AzureRule {
 
 func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 	return map[string]scanners.AzureRule{
-		"plan-001": {
-			Id:          "plan-001",
+		"asp-001": {
+			Id:          "asp-001",
 			Category:    scanners.RulesCategoryReliability,
 			Subcategory: scanners.RulesSubcategoryReliabilityDiagnosticLogs,
 			Description: "Plan should have diagnostic settings enabled",
@@ -40,8 +40,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			},
 			Field: scanners.OverviewFieldDiagnostics,
 		},
-		"plan-002": {
-			Id:          "plan-002",
+		"asp-002": {
+			Id:          "asp-002",
 			Category:    scanners.RulesCategoryReliability,
 			Subcategory: scanners.RulesSubcategoryReliabilityAvailabilityZones,
 			Description: "Plan should have availability zones enabled",
@@ -54,8 +54,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			Url:   "https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service",
 			Field: scanners.OverviewFieldAZ,
 		},
-		"plan-003": {
-			Id:          "plan-003",
+		"asp-003": {
+			Id:          "asp-003",
 			Category:    scanners.RulesCategoryReliability,
 			Subcategory: scanners.RulesSubcategoryReliabilitySLA,
 			Description: "Plan should have a SLA",
@@ -72,8 +72,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			Url:   "https://www.azure.cn/en-us/support/sla/app-service/",
 			Field: scanners.OverviewFieldSLA,
 		},
-		"plan-005": {
-			Id:          "plan-005",
+		"asp-005": {
+			Id:          "asp-005",
 			Category:    scanners.RulesCategoryReliability,
 			Subcategory: scanners.RulesSubcategoryReliabilitySKU,
 			Description: "Plan SKU",
@@ -85,8 +85,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			Url:   "https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans",
 			Field: scanners.OverviewFieldSKU,
 		},
-		"plan-006": {
-			Id:          "plan-006",
+		"asp-006": {
+			Id:          "asp-006",
 			Category:    scanners.RulesCategoryOperationalExcellence,
 			Subcategory: scanners.RulesSubcategoryOperationalExcellenceCAF,
 			Description: "Plan Name should comply with naming conventions",
@@ -99,8 +99,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			Url:   "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations",
 			Field: scanners.OverviewFieldCAF,
 		},
-		"plan-007": {
-			Id:          "plan-007",
+		"asp-007": {
+			Id:          "asp-007",
 			Category:    scanners.RulesCategoryOperationalExcellence,
 			Subcategory: scanners.RulesSubcategoryOperationalExcellenceTags,
 			Description: "Plan should have tags",

internal/scanners/plan/rules_test.go → internal/scanners/asp/rules_test.go

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-package plan
+package asp
 
 import (
 	"reflect"
@@ -30,7 +30,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner DiagnosticSettings",
 			fields: fields{
-				rule: "plan-001",
+				rule: "asp-001",
 				target: &armappservice.Plan{
 					ID: ref.Of("test"),
 				},
@@ -48,7 +48,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner Availability Zones",
 			fields: fields{
-				rule: "plan-002",
+				rule: "asp-002",
 				target: &armappservice.Plan{
 					Properties: &armappservice.PlanProperties{
 						ZoneRedundant: ref.Of(true),
@@ -64,7 +64,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner SLA None",
 			fields: fields{
-				rule: "plan-003",
+				rule: "asp-003",
 				target: &armappservice.Plan{
 					SKU: &armappservice.SKUDescription{
 						Tier: ref.Of("Free"),
@@ -80,7 +80,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner SLA 99.95%",
 			fields: fields{
-				rule: "plan-003",
+				rule: "asp-003",
 				target: &armappservice.Plan{
 					SKU: &armappservice.SKUDescription{
 						Tier: ref.Of("ElasticPremium"),
@@ -96,7 +96,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner SKU",
 			fields: fields{
-				rule: "plan-005",
+				rule: "asp-005",
 				target: &armappservice.Plan{
 					SKU: &armappservice.SKUDescription{
 						Name: ref.Of("EP1"),
@@ -112,7 +112,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner CAF",
 			fields: fields{
-				rule: "plan-006",
+				rule: "asp-006",
 				target: &armappservice.Plan{
 					Name: ref.Of("asp-test"),
 				},

internal/scanners/sql/rules.go

@@ -156,7 +156,7 @@ func (a *SQLScanner) getDatabaseRules() map[string]scanners.AzureRule {
 			Severity:    scanners.SeverityLow,
 			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
 				c := target.(*armsql.Database)
-				caf := strings.HasPrefix(*c.Name, "sqldb")
+				caf := *c.Name == "master" || strings.HasPrefix(*c.Name, "sqldb")
 				return !caf, ""
 			},
 			Url:   "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations",