feat: reporting SLAs #246

Azure · Jul 31, 2024 · c4aa85b · c4aa85b
1 parent 6c5b9d8
commit c4aa85b
Show file tree

Hide file tree

Showing 41 changed files with 283 additions and 223 deletions.
diff --git a/internal/azqr/azqr.go b/internal/azqr/azqr.go
@@ -210,13 +210,14 @@ func (e *RecommendationEngine) evaluateRecommendation(rule AzqrRecommendation, t
 	broken, result := rule.Eval(target, scanContext)
 
 	return AzqrResult{
-		RecommendationID: rule.RecommendationID,
-		Category:         rule.Category,
-		Recommendation:   rule.Recommendation,
-		Impact:           rule.Impact,
-		LearnMoreUrl:     rule.LearnMoreUrl,
-		Result:           result,
-		NotCompliant:     broken,
+		RecommendationID:   rule.RecommendationID,
+		Category:           rule.Category,
+		Recommendation:     rule.Recommendation,
+		RecommendationType: rule.RecommendationType,
+		Impact:             rule.Impact,
+		LearnMoreUrl:       rule.LearnMoreUrl,
+		Result:             result,
+		NotCompliant:       broken,
 	}
 }
 

diff --git a/internal/renderers/report_data.go b/internal/renderers/report_data.go
@@ -69,6 +69,22 @@ func (rd *ReportData) ResourcesTable() [][]string {
 
 	rows := [][]string{}
 	for _, r := range rd.Resources {
+		sla := ""
+
+		for _, a := range rd.AzqrData {
+			if strings.EqualFold(strings.ToLower(a.ResourceID()), strings.ToLower(r.ID)) {
+				for _, rc := range a.Recommendations {
+					if rc.RecommendationType == azqr.TypeSLA {
+						sla = rc.Result
+						break
+					}
+				}
+				if sla != "" {
+					break
+				}
+			}
+		}
+
 		row := []string{
 			MaskSubscriptionID(r.SubscriptionID, rd.Mask),
 			r.ResourceGroup,
@@ -78,7 +94,7 @@ func (rd *ReportData) ResourcesTable() [][]string {
 			r.SkuName,
 			r.SkuTier,
 			r.Kind,
-			"",
+			sla,
 			r.ID,
 		}
 		rows = append(rows, row)

diff --git a/internal/scanners/adf/rules.go b/internal/scanners/adf/rules.go
@@ -39,11 +39,12 @@ func (a *DataFactoryScanner) GetRecommendations() map[string]azqr.AzqrRecommenda
 			},
 		},
 		"adf-003": {
-			RecommendationID: "adf-003",
-			ResourceType:     "Microsoft.DataFactory/factories",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Azure Data Factory SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "adf-003",
+			ResourceType:       "Microsoft.DataFactory/factories",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Azure Data Factory SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.99%"
 			},

diff --git a/internal/scanners/afd/rules.go b/internal/scanners/afd/rules.go
@@ -27,11 +27,12 @@ func (a *FrontDoorScanner) GetRecommendations() map[string]azqr.AzqrRecommendati
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-logs",
 		},
 		"afd-003": {
-			RecommendationID: "afd-003",
-			ResourceType:     "Microsoft.Cdn/profiles",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Azure FrontDoor SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "afd-003",
+			ResourceType:       "Microsoft.Cdn/profiles",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Azure FrontDoor SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.99%"
 			},

diff --git a/internal/scanners/afw/rules.go b/internal/scanners/afw/rules.go
@@ -26,11 +26,12 @@ func (a *FirewallScanner) GetRecommendations() map[string]azqr.AzqrRecommendatio
 			LearnMoreUrl: "https://docs.microsoft.com/en-us/azure/firewall/logs-and-metrics",
 		},
 		"afw-003": {
-			RecommendationID: "afw-003",
-			ResourceType:     "Microsoft.Network/azureFirewalls",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Azure Firewall SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "afw-003",
+			ResourceType:       "Microsoft.Network/azureFirewalls",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Azure Firewall SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				g := target.(*armnetwork.AzureFirewall)
 				sla := "99.95%"

diff --git a/internal/scanners/agw/rules.go b/internal/scanners/agw/rules.go
@@ -27,11 +27,12 @@ func (a *ApplicationGatewayScanner) GetRecommendations() map[string]azqr.AzqrRec
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#diagnostic-logging",
 		},
 		"agw-103": {
-			RecommendationID: "agw-103",
-			ResourceType:     "Microsoft.Network/applicationGateways",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Application Gateway SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "agw-103",
+			ResourceType:       "Microsoft.Network/applicationGateways",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Application Gateway SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.95%"
 			},

diff --git a/internal/scanners/aks/rules.go b/internal/scanners/aks/rules.go
@@ -28,11 +28,12 @@ func (a *AKSScanner) GetRecommendations() map[string]azqr.AzqrRecommendation {
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/aks/monitor-aks#collect-resource-logs",
 		},
 		"aks-003": {
-			RecommendationID: "aks-003",
-			ResourceType:     "Microsoft.ContainerService/managedClusters",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "AKS Cluster should have an SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "aks-003",
+			ResourceType:       "Microsoft.ContainerService/managedClusters",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "AKS Cluster should have an SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				c := target.(*armcontainerservice.ManagedCluster)
 

diff --git a/internal/scanners/amg/rules.go b/internal/scanners/amg/rules.go
@@ -27,11 +27,12 @@ func (a *ManagedGrafanaScanner) GetRecommendations() map[string]azqr.AzqrRecomme
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations",
 		},
 		"amg-002": {
-			RecommendationID: "amg-002",
-			ResourceType:     "Microsoft.Dashboard/managedGrafana",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Azure Managed Grafana SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "amg-002",
+			ResourceType:       "Microsoft.Dashboard/managedGrafana",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Azure Managed Grafana SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				c := target.(*armdashboard.ManagedGrafana)
 				sku := ""

diff --git a/internal/scanners/apim/rules.go b/internal/scanners/apim/rules.go
@@ -28,11 +28,12 @@ func (a *APIManagementScanner) GetRecommendations() map[string]azqr.AzqrRecommen
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor#resource-logs",
 		},
 		"apim-003": {
-			RecommendationID: "apim-003",
-			ResourceType:     "Microsoft.ApiManagement/service",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "APIM should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "apim-003",
+			ResourceType:       "Microsoft.ApiManagement/service",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "APIM should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				a := target.(*armapimanagement.ServiceResource)
 				sku := string(*a.SKU.Name)

diff --git a/internal/scanners/appcs/rules.go b/internal/scanners/appcs/rules.go
@@ -27,11 +27,12 @@ func (a *AppConfigurationScanner) GetRecommendations() map[string]azqr.AzqrRecom
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/azure-app-configuration/monitor-app-configuration?tabs=portal",
 		},
 		"appcs-003": {
-			RecommendationID: "appcs-003",
-			ResourceType:     "Microsoft.AppConfiguration/configurationStores",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "AppConfiguration should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "appcs-003",
+			ResourceType:       "Microsoft.AppConfiguration/configurationStores",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "AppConfiguration should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				a := target.(*armappconfiguration.ConfigurationStore)
 				sku := strings.ToLower(*a.SKU.Name)

diff --git a/internal/scanners/appi/rules.go b/internal/scanners/appi/rules.go
@@ -14,11 +14,12 @@ import (
 func (a *AppInsightsScanner) GetRecommendations() map[string]azqr.AzqrRecommendation {
 	return map[string]azqr.AzqrRecommendation{
 		"appi-001": {
-			RecommendationID: "appi-001",
-			ResourceType:     "Microsoft.Insights/components",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Azure Application Insights SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "appi-001",
+			ResourceType:       "Microsoft.Insights/components",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Azure Application Insights SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.9%"
 			},

diff --git a/internal/scanners/as/rules.go b/internal/scanners/as/rules.go
@@ -28,11 +28,12 @@ func (a *AnalysisServicesScanner) GetRecommendations() map[string]azqr.AzqrRecom
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/analysis-services/analysis-services-logging",
 		},
 		"as-002": {
-			RecommendationID: "as-002",
-			ResourceType:     "Microsoft.AnalysisServices/servers",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Azure Analysis Service should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "as-002",
+			ResourceType:       "Microsoft.AnalysisServices/servers",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Azure Analysis Service should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				i := target.(*armanalysisservices.Server)
 				sku := *i.SKU.Tier

diff --git a/internal/scanners/asp/rules.go b/internal/scanners/asp/rules.go
@@ -40,11 +40,12 @@ func (a *AppServiceScanner) getPlanRules() map[string]azqr.AzqrRecommendation {
 			},
 		},
 		"asp-003": {
-			RecommendationID: "asp-003",
-			ResourceType:     "Microsoft.Web/serverfarms",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Plan should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "asp-003",
+			ResourceType:       "Microsoft.Web/serverfarms",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Plan should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				i := target.(*armappservice.Plan)
 				sku := string(*i.SKU.Tier)

diff --git a/internal/scanners/ca/rules.go b/internal/scanners/ca/rules.go
@@ -14,11 +14,12 @@ import (
 func (a *ContainerAppsScanner) GetRecommendations() map[string]azqr.AzqrRecommendation {
 	return map[string]azqr.AzqrRecommendation{
 		"ca-003": {
-			RecommendationID: "ca-003",
-			ResourceType:     "Microsoft.App/containerApps",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "ContainerApp should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "ca-003",
+			ResourceType:       "Microsoft.App/containerApps",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "ContainerApp should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.95%"
 			},

diff --git a/internal/scanners/cae/rules.go b/internal/scanners/cae/rules.go
@@ -27,11 +27,12 @@ func (a *ContainerAppsEnvironmentScanner) GetRecommendations() map[string]azqr.A
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/container-apps/log-options#diagnostic-settings",
 		},
 		"cae-003": {
-			RecommendationID: "cae-003",
-			ResourceType:     "Microsoft.App/managedenvironments",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Container Apps Environment should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "cae-003",
+			ResourceType:       "Microsoft.App/managedenvironments",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Container Apps Environment should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.95%"
 			},

diff --git a/internal/scanners/ci/rules.go b/internal/scanners/ci/rules.go
@@ -27,11 +27,12 @@ func (a *ContainerInstanceScanner) GetRecommendations() map[string]azqr.AzqrReco
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/container-instances/availability-zones",
 		},
 		"ci-003": {
-			RecommendationID: "ci-003",
-			ResourceType:     "Microsoft.ContainerInstance/containerGroups",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "ContainerInstance should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "ci-003",
+			ResourceType:       "Microsoft.ContainerInstance/containerGroups",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "ContainerInstance should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.9%"
 			},

diff --git a/internal/scanners/cog/rules.go b/internal/scanners/cog/rules.go
@@ -27,11 +27,12 @@ func (a *CognitiveScanner) GetRecommendations() map[string]azqr.AzqrRecommendati
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/event-hubs/monitor-event-hubs#collection-and-routing",
 		},
 		"cog-003": {
-			RecommendationID: "cog-003",
-			ResourceType:     "Microsoft.CognitiveServices/accounts",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Cognitive Service Account should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "cog-003",
+			ResourceType:       "Microsoft.CognitiveServices/accounts",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Cognitive Service Account should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.9%"
 			},

diff --git a/internal/scanners/cosmos/rules.go b/internal/scanners/cosmos/rules.go
@@ -53,11 +53,12 @@ func (a *CosmosDBScanner) GetRecommendations() map[string]azqr.AzqrRecommendatio
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/cosmos-db/high-availability",
 		},
 		"cosmos-003": {
-			RecommendationID: "cosmos-003",
-			ResourceType:     "Microsoft.DocumentDB/databaseAccounts",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "CosmosDB should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "cosmos-003",
+			ResourceType:       "Microsoft.DocumentDB/databaseAccounts",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "CosmosDB should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				i := target.(*armcosmos.DatabaseAccountGetResults)
 				sla := "99.99%"

diff --git a/internal/scanners/cr/rules.go b/internal/scanners/cr/rules.go
@@ -27,11 +27,12 @@ func (a *ContainerRegistryScanner) GetRecommendations() map[string]azqr.AzqrReco
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service",
 		},
 		"cr-003": {
-			RecommendationID: "cr-003",
-			ResourceType:     "Microsoft.ContainerRegistry/registries",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "ContainerRegistry should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "cr-003",
+			ResourceType:       "Microsoft.ContainerRegistry/registries",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "ContainerRegistry should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.95%"
 			},

diff --git a/internal/scanners/dbw/rules.go b/internal/scanners/dbw/rules.go
@@ -28,11 +28,12 @@ func (a *DatabricksScanner) GetRecommendations() map[string]azqr.AzqrRecommendat
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/databricks/administration-guide/account-settings/audit-log-delivery",
 		},
 		"dbw-003": {
-			RecommendationID: "dbw-003",
-			ResourceType:     "Microsoft.Databricks/workspaces",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Azure Databricks should have a SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "dbw-003",
+			ResourceType:       "Microsoft.Databricks/workspaces",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Azure Databricks should have a SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				return false, "99.95%"
 			},

diff --git a/internal/scanners/dec/rules.go b/internal/scanners/dec/rules.go
@@ -27,11 +27,12 @@ func (a *DataExplorerScanner) GetRecommendations() map[string]azqr.AzqrRecommend
 			LearnMoreUrl: "https://learn.microsoft.com/en-us/azure/data-explorer/using-diagnostic-logs",
 		},
 		"dec-002": {
-			RecommendationID: "dec-002",
-			ResourceType:     "Microsoft.Kusto/clusters",
-			Category:         azqr.CategoryHighAvailability,
-			Recommendation:   "Azure Data Explorer SLA",
-			Impact:           azqr.ImpactHigh,
+			RecommendationID:   "dec-002",
+			ResourceType:       "Microsoft.Kusto/clusters",
+			Category:           azqr.CategoryHighAvailability,
+			Recommendation:     "Azure Data Explorer SLA",
+			RecommendationType: azqr.TypeSLA,
+			Impact:             azqr.ImpactHigh,
 			Eval: func(target interface{}, scanContext *azqr.ScanContext) (bool, string) {
 				c := target.(*armkusto.Cluster)
 				sla := "99.9%"