chore: Fixed SQL Database diagnostic settings rule

Azure · Apr 26, 2024 · b24e7cb · b24e7cb
1 parent dbbf082
commit b24e7cb
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 29 deletions.
diff --git a/internal/scanners/sql/rules.go b/internal/scanners/sql/rules.go
@@ -24,17 +24,6 @@ func (a *SQLScanner) GetRules() map[string]scanners.AzureRule {
 
 func (a *SQLScanner) getServerRules() map[string]scanners.AzureRule {
 	return map[string]scanners.AzureRule{
-		"sql-001": {
-			Id:             "sql-001",
-			Category:       scanners.RulesCategoryMonitoringAndAlerting,
-			Recommendation: "SQL should have diagnostic settings enabled",
-			Impact:         scanners.ImpactLow,
-			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
-				service := target.(*armsql.Server)
-				_, ok := scanContext.DiagnosticsSettings[strings.ToLower(*service.ID)]
-				return !ok, ""
-			},
-		},
 		"sql-004": {
 			Id:             "sql-004",
 			Category:       scanners.RulesCategorySecurity,
@@ -85,6 +74,17 @@ func (a *SQLScanner) getServerRules() map[string]scanners.AzureRule {
 
 func (a *SQLScanner) getDatabaseRules() map[string]scanners.AzureRule {
 	return map[string]scanners.AzureRule{
+		"sqldb-001": {
+			Id:             "sqldb-001",
+			Category:       scanners.RulesCategoryMonitoringAndAlerting,
+			Recommendation: "SQL Database should have diagnostic settings enabled",
+			Impact:         scanners.ImpactLow,
+			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
+				service := target.(*armsql.Database)
+				_, ok := scanContext.DiagnosticsSettings[strings.ToLower(*service.ID)]
+				return !ok, ""
+			},
+		},
 		"sqldb-002": {
 			Id:             "sqldb-002",
 			Category:       scanners.RulesCategoryHighAvailability,

diff --git a/internal/scanners/sql/rules_test.go b/internal/scanners/sql/rules_test.go
@@ -27,24 +27,6 @@ func TestSQLScanner_Rules(t *testing.T) {
 		fields fields
 		want   want
 	}{
-		{
-			name: "SQLScanner DiagnosticSettings",
-			fields: fields{
-				rule: "sql-001",
-				target: &armsql.Server{
-					ID: to.Ptr("test"),
-				},
-				scanContext: &scanners.ScanContext{
-					DiagnosticsSettings: map[string]bool{
-						"test": true,
-					},
-				},
-			},
-			want: want{
-				broken: false,
-				result: "",
-			},
-		},
 		{
 			name: "SQLScanner Private Endpoint",
 			fields: fields{
@@ -127,6 +109,24 @@ func TestSQLScanner_DatabaseRules(t *testing.T) {
 		fields fields
 		want   want
 	}{
+		{
+			name: "SQLScanner DiagnosticSettings",
+			fields: fields{
+				rule: "sqldb-001",
+				target: &armsql.Database{
+					ID: to.Ptr("test"),
+				},
+				scanContext: &scanners.ScanContext{
+					DiagnosticsSettings: map[string]bool{
+						"test": true,
+					},
+				},
+			},
+			want: want{
+				broken: false,
+				result: "",
+			},
+		},
 		{
 			name: "SQLScanner Availability Zones",
 			fields: fields{