aks managed aad integration

Azure · May 19, 2023 · 1b1cd44 · 1b1cd44
1 parent bc0a6a4
commit 1b1cd44
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/internal/scanners/aks/rules.go b/internal/scanners/aks/rules.go
@@ -126,14 +126,14 @@ func (a *AKSScanner) GetRules() map[string]scanners.AzureRule {
 			Id:          "aks-007",
 			Category:    scanners.RulesCategorySecurity,
 			Subcategory: scanners.RulesSubcategorySecurityIdentity,
-			Description: "AKS should integrate authentication with AAD",
+			Description: "AKS should integrate authentication with AAD (Managed)",
 			Severity:    scanners.SeverityMedium,
 			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
 				c := target.(*armcontainerservice.ManagedCluster)
-				aad := c.Properties.AADProfile != nil
+				aad := c.Properties.AADProfile != nil && c.Properties.AADProfile.Managed != nil && *c.Properties.AADProfile.Managed
 				return !aad, ""
 			},
-			Url: "https://learn.microsoft.com/azure/aks/manage-azure-rbac",
+			Url: "https://learn.microsoft.com/en-us/azure/aks/managed-azure-ad",
 		},
 		"aks-008": {
 			Id:          "aks-008",

diff --git a/internal/scanners/aks/rules_test.go b/internal/scanners/aks/rules_test.go
@@ -203,7 +203,9 @@ func TestAKSScanner_Rules(t *testing.T) {
 				rule: "aks-007",
 				target: &armcontainerservice.ManagedCluster{
 					Properties: &armcontainerservice.ManagedClusterProperties{
-						AADProfile: &armcontainerservice.ManagedClusterAADProfile{},
+						AADProfile: &armcontainerservice.ManagedClusterAADProfile{
+							Managed: to.BoolPtr(true),
+						},
 					},
 				},
 				scanContext:         &scanners.ScanContext{},