Retrieving Regions with Deployed Resources in Azure Subscription (Azure)

[HRouhani]

Description:

We need a new cnquery resource for Azure that can retrieve the regions where resources are deployed in that subscription. This is critical for ensuring that services like Network Watcher are properly enabled in all regions that are in use.

Feature Request:

Please implement a resource or extend the current resources in cnquery to allow us to fetch regions where Azure resources are deployed. The equivalent Azure CLI command is:

az resource list --query "[].location" -o table

Use Case:

This feature will help us verify compliance policies that require services (e.g., Network Watcher) to be enabled in every region where resources are actively deployed.

Suggested Implementation:

• Query Azure resources using the az resource list or similar functionality in the Go SDK.
• Extract the locations (regions) where resources are deployed.
• Provide this information as part of the cnquery resource set for Azure, so it can be easily accessed and integrated into compliance checks.

Expected Outcome:

After implementation, we should be able to retrieve a list of Azure regions where resources are deployed within the subscription. This will allow more precise and accurate auditing of services that should be enabled in specific regions.

1. azure.subscription.region

equivalent to:

        az account list-locations --query "[?metadata.regionType=='Physical'].{Name:name,DisplayName:regionalDisplayName}" -o table

2. azure.subscription.region { InUse}

az resource list --query "[].location" -o table

Related test can be improved:

Ensure that Network Watcher is 'Enabled' for Azure Regions that are in use