feature: add Azure Virtual Network Gateway scanner

[vanwinkelseppe]

Description

Add a scanner for Azure Virtual Network Gateway

Issue reference

We strive to have all PR being opened based on an issue, where the problem or feature have been discussed prior to implementation.

Please reference the issue this PR will close: #206

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

• [x] Code compiles correctly
• [x] Created/updated tests
• [x] Run linter
• [x] Unit tests passing

[vanwinkelseppe]

@cmendible I'm not 100% familiar with the Go SDK for Azure, but do you have an idea where we find the Azure VPN Gateway SKU & Generation in the properties? I wasn't able to locate them.

You have any requests for other scan rules?

Thanks!

[cmendible]

@vanwinkelseppe I'm about to merge: https://github.com/Azure/azqr/pull/214 so please check if the new SDK for networking helps you with the SLA rule we are reviewing

[vanwinkelseppe]

@cmendible will do thanks!

[vanwinkelseppe]

@cmendible Still no SKU on the VPNGateway, bypassed it by querying for the VirtualNetworkGateway.

Ready for review, have to do the list of rules, but with all the merges I'll do it when it looks ready to go!

[vanwinkelseppe]

Hey! Check the following branch: https://github.com/Azure/azqr/tree/vpn I made some changes so we only query for Virtual Network Gateway objects and take decisions based on the type.

If you are ok with it merge it into your PR and if possible add an Availability Zone rule based on the service tier.

Will do tonight or tomorrow! Thanks for the refactor!

[vanwinkelseppe]

@cmendible, uncertain for the availability zones. I've checked the properties on virtualnetworkgateway, but couldn't find anything related to it except ExtendedLocation. But uncertain what this actually means. I've queried some resources on my environment via api to see, but it seems to be never filled in.

I did make a list of which gateway skus can enable them: Express:

• ErGw1AZ
• ErGw2AZ
• ErGw3AZ

VPN

• Gen 1 - VpnGw1AZ
• Gen 1 - VpnGw2AZ
• Gen 1 - VpnGw3AZ
• Gen 2 - VpnGw2AZ
• Gen 2 - VpnGw3AZ
• Gen 2 - VpnGw4AZ
• Gen 2 - VpnGw5AZ

[cmendible]

@cmendible, uncertain for the availability zones. I've checked the properties on virtualnetworkgateway, but couldn't find anything related to it except ExtendedLocation. But uncertain what this actually means. I've queried some resources on my environment via api to see, but it seems to be never filled in.

I did make a list of which gateway skus can enable them: Express:

• ErGw1AZ
• ErGw2AZ
• ErGw3AZ

VPN

• Gen 1 - VpnGw1AZ
• Gen 1 - VpnGw2AZ
• Gen 1 - VpnGw3AZ
• Gen 2 - VpnGw2AZ
• Gen 2 - VpnGw3AZ
• Gen 2 - VpnGw4AZ
• Gen 2 - VpnGw5AZ

@vanwinkelseppe let's use the SKU, and if SKU (to lower) contains az then the Gateway is compliant.

[cmendible]

Closed in favor of: https://github.com/Azure/azqr/pull/237