-
Notifications
You must be signed in to change notification settings - Fork 668
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature/AKD-118: Added Azure 'DDoS Standard Protection Enabled' plugi…
…n and test cases (#588) * feature/AKD-118: Added Azure 'DDoS Standard Protection Enabled' plugin and test cases * feature/AKD-118: Added Azure 'DDoS Standard Protection Enabled' plugin and test cases * feature/AKD-118: Added Azure 'DDoS Standard Protection Enabled' plugin and test cases * feature/AKD-118: Added Azure 'DDoS Standard Protection Enabled' plugin and test cases * feature/AKD-118: Added Azure 'DDoS Standard Protection Enabled' plugin and test cases * feature/AKD-118: Added Azure 'DDoS Standard Protection Enabled' plugin and test cases * Update plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.js Co-authored-by: Gio Rodriguez <gioroddev@gmail.com>
- Loading branch information
1 parent
d16af08
commit d12a487
Showing
3 changed files
with
144 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
50 changes: 50 additions & 0 deletions
50
plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
const async = require('async'); | ||
const helpers = require('../../../helpers/azure'); | ||
|
||
module.exports = { | ||
title: 'DDoS Standard Protection Enabled', | ||
category: 'Virtual Networks', | ||
description: 'Ensures that DDoS Standard Protection is enabled for Microsoft Azure Virtual Networks', | ||
more_info: 'DDoS Protection Standard offers enhanced Distributed Denial-of-Service (DDoS) mitigation capabilities via adaptive tuning, attack alert notifications, and telemetry to protect against the impacts of large DDoS attacks for all the protected resources available within your Azure Virtual Networks.', | ||
recommended_action: 'Enable DDoS protection for virtual networks', | ||
link: 'https://azure.microsoft.com/en-us/blog/azure-ddos-protection-for-virtual-networks-generally-available/', | ||
apis: ['virtualNetworks:listAll'], | ||
|
||
run: function(cache, settings, callback) { | ||
const results = []; | ||
const source = {}; | ||
const locations = helpers.locations(settings.govcloud); | ||
|
||
async.each(locations.virtualNetworks, (location, rcb) => { | ||
var virtualNetworks = helpers.addSource(cache, source, | ||
['virtualNetworks', 'listAll', location]); | ||
|
||
if (!virtualNetworks) return rcb(); | ||
|
||
if (virtualNetworks.err || !virtualNetworks.data) { | ||
helpers.addResult(results, 3, 'Unable to query for Virtual Networks: ' + helpers.addError(virtualNetworks), location); | ||
return rcb(); | ||
} | ||
|
||
if (!virtualNetworks.data.length) { | ||
helpers.addResult(results, 0, 'No existing Virtual Networks found', location); | ||
return rcb(); | ||
} | ||
|
||
virtualNetworks.data.forEach(virtualNetwork => { | ||
if (virtualNetwork.enableDdosProtection) { | ||
helpers.addResult(results, 0, | ||
'DDoS Standard Protection is enabled for Microsoft Azure Virtual Network', location, virtualNetwork.id); | ||
} else { | ||
helpers.addResult(results, 2, | ||
'DDoS Standard Protection is not enabled for Microsoft Azure Virtual Network', location, virtualNetwork.id); | ||
} | ||
}); | ||
|
||
rcb(); | ||
}, function() { | ||
// Global checking goes here | ||
callback(null, results, source); | ||
}); | ||
} | ||
}; |
93 changes: 93 additions & 0 deletions
93
plugins/azure/virtualnetworks/ddosStandardProtectionEnabled.spec.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
var expect = require('chai').expect; | ||
var ddosStandardProtectionEnabled = require('./ddosStandardProtectionEnabled'); | ||
|
||
const virtualNetworks = [ | ||
{ | ||
"name": 'test-vnet', | ||
"id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/virtualNetworks/test-vnet', | ||
"type": 'Microsoft.Network/virtualNetworks', | ||
"location": 'eastus', | ||
"provisioningState": 'Succeeded', | ||
"virtualNetworkPeerings": [], | ||
"enableDdosProtection": true | ||
}, | ||
{ | ||
"name": 'test-vnet', | ||
"id": '/subscriptions/123/resourceGroups/aqua-resource-group/providers/Microsoft.Network/virtualNetworks/test-vnet', | ||
"type": 'Microsoft.Network/virtualNetworks', | ||
"location": 'eastus', | ||
"provisioningState": 'Succeeded', | ||
"virtualNetworkPeerings": [], | ||
"enableDdosProtection": false | ||
} | ||
]; | ||
|
||
const createCache = (virtualNetworks) => { | ||
return { | ||
virtualNetworks: { | ||
listAll: { | ||
'eastus': { | ||
data: virtualNetworks | ||
} | ||
} | ||
} | ||
}; | ||
}; | ||
|
||
const createErrorCache = () => { | ||
return { | ||
virtualNetworks: { | ||
listAll: { | ||
'eastus': {} | ||
} | ||
} | ||
}; | ||
}; | ||
|
||
describe('ddosStandardProtectionEnabled', function() { | ||
describe('run', function() { | ||
it('should give passing result if no virtual networks', function(done) { | ||
const cache = createCache([]); | ||
ddosStandardProtectionEnabled.run(cache, {}, (err, results) => { | ||
expect(results.length).to.equal(1); | ||
expect(results[0].status).to.equal(0); | ||
expect(results[0].message).to.include('No existing Virtual Networks found'); | ||
expect(results[0].region).to.equal('eastus'); | ||
done(); | ||
}); | ||
}); | ||
|
||
it('should give failing result if DDoS standard protection is not enabled for virtual network', function(done) { | ||
const cache = createCache([virtualNetworks[1]]); | ||
ddosStandardProtectionEnabled.run(cache, {}, (err, results) => { | ||
expect(results.length).to.equal(1); | ||
expect(results[0].status).to.equal(2); | ||
expect(results[0].message).to.include('DDoS Standard Protection is not enabled for Microsoft Azure Virtual Network'); | ||
expect(results[0].region).to.equal('eastus'); | ||
done(); | ||
}); | ||
}); | ||
|
||
it('should give unknown result if Unable to query for Virtual Networks', function(done) { | ||
const cache = createErrorCache(); | ||
ddosStandardProtectionEnabled.run(cache, {}, (err, results) => { | ||
expect(results.length).to.equal(1); | ||
expect(results[0].status).to.equal(3); | ||
expect(results[0].message).to.include('Unable to query for Virtual Networks:'); | ||
expect(results[0].region).to.equal('eastus'); | ||
done(); | ||
}); | ||
}); | ||
|
||
it('should give passing result if DDoS standard protection is enabled for virtual network', function(done) { | ||
const cache = createCache([virtualNetworks[0]]); | ||
ddosStandardProtectionEnabled.run(cache, {}, (err, results) => { | ||
expect(results.length).to.equal(1); | ||
expect(results[0].status).to.equal(0); | ||
expect(results[0].message).to.include('DDoS Standard Protection is enabled for Microsoft Azure Virtual Network'); | ||
expect(results[0].region).to.equal('eastus'); | ||
done(); | ||
}); | ||
}); | ||
}); | ||
}); |