Feature/keyvault expiration dates

[ncc-akis]

Description

New rules to measure compliance against several Key Vault recommendations in CIS Azure Foundations Benchmark v2.0.0:

• 8.1/8.2 (Key Expiration Disabled) same rule to check for both recommendations
• 8.3/8.4 (Secret Expiration Disabled) same rule to check for both recommendations
• 8.8 (Automatic Key Rotation Disabled)

The latter rule requires a separate API request to retrieve details of each specific key. Because, for subscriptions with large numbers of keys, this could greatly increase the time required to run the tool, it currently limits the check to 3 enabled keys per vault. This sampling-based approach requires more nuance -- for subscriptions containing few keys, ScoutSuite should just check them all, while for subscriptions containing larger numbers of keys, the user should be able to control how many / which keys are checked, according to their specific requirements. I will raise a separate Issue to discuss this and propose an approach which could be applied to other rules as well.

Additional notes:

• Upgrade of azure-mgmt-keyvault dependency is required to support required API requests which were not present in the older version.

Type of change

Select the relevant option(s):

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works (optional)
• New and existing unit tests pass locally with my changes

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: -0.13 ⚠️

Comparison is base (3caf861) 20.52% compared to head (8fc1adf) 20.39%.

❗ Current head 8fc1adf differs from pull request most recent head 3986326. Consider uploading reports for the commit 3986326 to get more accurate results

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #1554      +/-   ##
===========================================
- Coverage    20.52%   20.39%   -0.13%     
===========================================
  Files          384      384              
  Lines        13038    13121      +83     
===========================================
  Hits          2676     2676              
- Misses       10362    10445      +83     

Impacted Files	Coverage Δ
ScoutSuite/providers/azure/facade/keyvault.py	0.00% <0.00%> (ø)
...Suite/providers/azure/resources/keyvault/vaults.py	0.00% <0.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.