From 0371528bb0828567761c81fd4d2823e7ebd22d7a Mon Sep 17 00:00:00 2001
From: Jon Chancellor <jchancellor@microsoft.com>
Date: Thu, 26 Sep 2024 15:22:16 -0700
Subject: [PATCH 1/3] new WAF rules

---
 waf/azurerm_app_service_plan.go               | 14 ++++++++
 waf/azurerm_cosmosdb_account.go               | 12 +++++++
 waf/azurerm_kubernetes_cluster.go             | 32 +++++++++++++++++++
 waf/azurerm_kubernetes_cluster_node_pool      |  4 +++
 ..._maintenance_assignment_virtual_machine.go | 17 ++++++++++
 waf/azurerm_managed_disk.go                   | 16 ++++++++++
 waf/azurerm_redis_cache.go                    | 15 +++++++++
 waf/azurerm_virtual_machine.go                |  4 +--
 8 files changed, 112 insertions(+), 2 deletions(-)
 create mode 100644 waf/azurerm_app_service_plan.go
 create mode 100644 waf/azurerm_kubernetes_cluster_node_pool
 create mode 100644 waf/azurerm_maintenance_assignment_virtual_machine.go
 create mode 100644 waf/azurerm_managed_disk.go
 create mode 100644 waf/azurerm_redis_cache.go

diff --git a/waf/azurerm_app_service_plan.go b/waf/azurerm_app_service_plan.go
new file mode 100644
index 0000000..ca2fe2e
--- /dev/null
+++ b/waf/azurerm_app_service_plan.go
@@ -0,0 +1,14 @@
+package waf
+
+import "github.com/Azure/tflint-ruleset-avm/attrvalue"
+
+func (wf WafRules) AzurermAppServicePlanZoneRedundant() *attrvalue.SimpleRule[bool] {
+	return attrvalue.NewSimpleRule[bool](
+		"azurerm_app_service_plan",
+		"zone_redundant",
+		[]bool{true},
+		"https://learn.microsoft.com/en-us/azure/reliability/reliability-app-service?tabs=cli#-asp-2--use-an-app-service-plan-that-supports-availability-zones",
+		false,
+		"",
+	)
+}
\ No newline at end of file
diff --git a/waf/azurerm_cosmosdb_account.go b/waf/azurerm_cosmosdb_account.go
index 5e4e956..d922cc1 100644
--- a/waf/azurerm_cosmosdb_account.go
+++ b/waf/azurerm_cosmosdb_account.go
@@ -15,3 +15,15 @@ func (wf WafRules) AzurermCosmosDbAccountBackupMode() *attrvalue.SimpleRule[stri
 		"",
 	)
 }
+
+func (wf WafRules) AzurermCosmosDbAccountFailoverEnabled() *attrvalue.SimpleRule[bool] {
+	return attrvalue.NewSimpleRule[bool](
+		"azurerm_cosmosdb_account",
+		"automatic_failover_enabled",
+		[]bool{true},
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/ContainerService/managedClusters/#enable-the-cluster-auto-scaler-on-an-existing-cluster",
+		false,
+		"",
+	)
+}
+
diff --git a/waf/azurerm_kubernetes_cluster.go b/waf/azurerm_kubernetes_cluster.go
index 4104506..12518a1 100644
--- a/waf/azurerm_kubernetes_cluster.go
+++ b/waf/azurerm_kubernetes_cluster.go
@@ -11,3 +11,35 @@ func (wf WafRules) AzurermKubernetesClusterZones() *attrvalue.SetRule[int] {
 		"",
 	)
 }
+
+func (wf WafRules) AzurermKubernetesClusterSkuTier() *attrvalue.SimpleRule[string] {
+	return attrvalue.NewSimpleRule[string](
+		"azurerm_kubernetes_cluster",
+		"sku_tier",
+		[]string{"Standard", "Premium"},
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/ContainerService/managedClusters/#update-aks-tier-to-standard",
+		false,
+		"",
+	)
+}
+
+func (wf WafRules) AzurermKubernetesClusterAutoScalingEnabled() *attrvalue.SimpleRule[bool] {
+	return attrvalue.NewSimpleRule[bool](
+		"azurerm_kubernetes_cluster",
+		"auto_scaling_enabled",
+		[]bool{true},
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/ContainerService/managedClusters/#enable-the-cluster-auto-scaler-on-an-existing-cluster",
+		false,
+		"",
+	)
+}
+
+func (wf WafRules) AzurermKubernetesClusterOMSAgentUnconfigured() *attrvalue.UnknownValueNestedBlockRule {
+	return attrvalue.NewUnknownValueNestedBlockRule(
+		"azurerm_kubernetes_cluster",
+		"oms_agent",
+		"log_analytics_workspace_id",
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#deploy-vms-across-availability-zones",
+		"",
+	)
+}
\ No newline at end of file
diff --git a/waf/azurerm_kubernetes_cluster_node_pool b/waf/azurerm_kubernetes_cluster_node_pool
new file mode 100644
index 0000000..2ddf6b4
--- /dev/null
+++ b/waf/azurerm_kubernetes_cluster_node_pool
@@ -0,0 +1,4 @@
+package waf
+
+import "github.com/Azure/tflint-ruleset-avm/attrvalue"
+
diff --git a/waf/azurerm_maintenance_assignment_virtual_machine.go b/waf/azurerm_maintenance_assignment_virtual_machine.go
new file mode 100644
index 0000000..dba5855
--- /dev/null
+++ b/waf/azurerm_maintenance_assignment_virtual_machine.go
@@ -0,0 +1,17 @@
+func (wf WafRules) AzurermVirtualMachineUseMaintenanceConfiguration1() *attrvalue.UnknownValueRule {
+	return attrvalue.NewUnknownValueRule(
+		"azurerm_maintenance_assignment_virtual_machine",
+		"maintenance_configuration_id",
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#use-maintenance-configurations-for-the-vms",
+		"",
+	)
+}
+
+func (wf WafRules) AzurermVirtualMachineUseMaintenanceConfiguration2() *attrvalue.UnknownValueRule {
+	return attrvalue.NewUnknownValueRule(
+		"azurerm_maintenance_assignment_virtual_machine",
+		"virtual_machine_id",
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#use-maintenance-configurations-for-the-vms",
+		"",
+	)
+}
\ No newline at end of file
diff --git a/waf/azurerm_managed_disk.go b/waf/azurerm_managed_disk.go
new file mode 100644
index 0000000..34032fd
--- /dev/null
+++ b/waf/azurerm_managed_disk.go
@@ -0,0 +1,16 @@
+package waf
+
+import (
+	"github.com/Azure/tflint-ruleset-avm/attrvalue"
+)
+
+func (wf WafRules) AzurermManagedDiskStorageAccountTypeIsZRS() *attrvalue.SimpleRule[string] {
+	return attrvalue.NewSimpleRule[string](
+		"azurerm_amanaged_disk",
+		"sku",
+		[]string{"StandardSSD_ZRS", "Premium_ZRS"},
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/welcome/",
+		false,
+		"",
+	)
+}
\ No newline at end of file
diff --git a/waf/azurerm_redis_cache.go b/waf/azurerm_redis_cache.go
new file mode 100644
index 0000000..4e3386e
--- /dev/null
+++ b/waf/azurerm_redis_cache.go
@@ -0,0 +1,15 @@
+package waf
+
+import (
+	"github.com/Azure/tflint-ruleset-avm/attrvalue"
+)
+
+func (wf WafRules) AzurermRedisCacheZoneRedundancyEnabled() *attrvalue.SetRule[int] {
+	return attrvalue.NewSetRule(
+		"azurerm_redis_cache",
+		"zones",
+		[][]int{{1, 2, 3}},
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Cache/Redis/#enable-zone-redundancy-for-azure-cache-for-redis",
+		"",
+	)
+}
\ No newline at end of file
diff --git a/waf/azurerm_virtual_machine.go b/waf/azurerm_virtual_machine.go
index e1add75..bf39717 100644
--- a/waf/azurerm_virtual_machine.go
+++ b/waf/azurerm_virtual_machine.go
@@ -6,7 +6,7 @@ func (wf WafRules) AzurermVirtualMachineZoneUnknown() *attrvalue.UnknownValueRul
 	return attrvalue.NewUnknownValueRule(
 		"azurerm_virtual_machine",
 		"zone",
-		"https://azure.github.io/Azure-Proactive-Resiliency-Library/services/compute/virtual-machines/#vm-2---deploy-vms-across-availability-zones",
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#deploy-vms-across-availability-zones",
 		"",
 	)
 }
@@ -15,7 +15,7 @@ func (wf WafRules) AzurermVirtualMachineZonesUnknown() *attrvalue.UnknownValueRu
 	return attrvalue.NewUnknownValueRule(
 		"azurerm_virtual_machine",
 		"zones",
-		"https://azure.github.io/Azure-Proactive-Resiliency-Library/services/compute/virtual-machines/#vm-2---deploy-vms-across-availability-zones",
+		"https://azure.github.io/Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#deploy-vms-across-availability-zones",
 		"",
 	)
 }

From fe53c6e07c80b2c17495c995be6aba085d38173f Mon Sep 17 00:00:00 2001
From: Jon Chancellor <jchancellor@microsoft.com>
Date: Fri, 27 Sep 2024 08:22:48 -0700
Subject: [PATCH 2/3] fixing lint issue

---
 waf/azurerm_maintenance_assignment_virtual_machine.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/waf/azurerm_maintenance_assignment_virtual_machine.go b/waf/azurerm_maintenance_assignment_virtual_machine.go
index dba5855..b528e58 100644
--- a/waf/azurerm_maintenance_assignment_virtual_machine.go
+++ b/waf/azurerm_maintenance_assignment_virtual_machine.go
@@ -1,3 +1,7 @@
+package waf
+
+import "github.com/Azure/tflint-ruleset-avm/attrvalue"
+
 func (wf WafRules) AzurermVirtualMachineUseMaintenanceConfiguration1() *attrvalue.UnknownValueRule {
 	return attrvalue.NewUnknownValueRule(
 		"azurerm_maintenance_assignment_virtual_machine",

From 4c3e30bc1afeece51ff6b2ed9fdf46c463ce209b Mon Sep 17 00:00:00 2001
From: Jon Chancellor <jchancellor@microsoft.com>
Date: Fri, 27 Sep 2024 08:25:05 -0700
Subject: [PATCH 3/3] fixing lint issue

---
 waf/azurerm_kubernetes_cluster.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/waf/azurerm_kubernetes_cluster.go b/waf/azurerm_kubernetes_cluster.go
index 12518a1..b5d6421 100644
--- a/waf/azurerm_kubernetes_cluster.go
+++ b/waf/azurerm_kubernetes_cluster.go
@@ -34,7 +34,7 @@ func (wf WafRules) AzurermKubernetesClusterAutoScalingEnabled() *attrvalue.Simpl
 	)
 }
 
-func (wf WafRules) AzurermKubernetesClusterOMSAgentUnconfigured() *attrvalue.UnknownValueNestedBlockRule {
+func (wf WafRules) AzurermKubernetesClusterOMSAgentUnconfigured() *attrvalue.UnknownValueRule {
 	return attrvalue.NewUnknownValueNestedBlockRule(
 		"azurerm_kubernetes_cluster",
 		"oms_agent",