Skip to content

Commit

Permalink
Add column authorization_rules in the table azure_servicebus_namespace
Browse files Browse the repository at this point in the history
…Closes #716 (#719)
  • Loading branch information
ParthaI authored Jan 29, 2024
1 parent 1f0a3fc commit 1f901bf
Show file tree
Hide file tree
Showing 4 changed files with 102 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
"defaultAction": "Allow",
"ipRules": [],
"publicNetworkAccess": "Enabled",
"trustedServiceAccessEnabled": false,
"virtualNetworkRules": []
}
},
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
null
[]
73 changes: 73 additions & 0 deletions azure/table_azure_servicebus_namespace.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,13 @@ func tableAzureServiceBusNamespace(_ context.Context) *plugin.Table {
Hydrate: listServiceBusNamespacePrivateEndpointConnections,
Transform: transform.FromValue(),
},
{
Name: "authorization_rules",
Description: "The authorization rules for a namespace.",
Type: proto.ColumnType_JSON,
Hydrate: listServiceBusNamespaceAuthorizationRules,
Transform: transform.FromValue(),
},

// Steampipe standard columns
{
Expand Down Expand Up @@ -359,6 +366,72 @@ func listServiceBusNamespacePrivateEndpointConnections(ctx context.Context, d *p
return serviceBusNamespacePrivateEndpointConnections, nil
}

func listServiceBusNamespaceAuthorizationRules(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) {

namespace := h.Item.(servicebus.SBNamespace)
resourceGroup := strings.Split(string(*namespace.ID), "/")[4]
namespaceName := *namespace.Name

session, err := GetNewSession(ctx, d, "MANAGEMENT")
if err != nil {
return nil, err
}
subscriptionID := session.SubscriptionID

client := servicebus.NewNamespacesClientWithBaseURI(session.ResourceManagerEndpoint, subscriptionID)
client.Authorizer = session.Authorizer

op, err := client.ListAuthorizationRules(ctx, resourceGroup, namespaceName)
if err != nil {
plugin.Logger(ctx).Error("azure_servicebus_namespace.listServiceBusNamespaceAuthorizationRules", "api_error", err)
return nil, err
}

var serviceBusNamespaceAuthorizationRules []map[string]interface{}

for _, r := range op.Values() {
serviceBusNamespaceAuthorizationRules = append(serviceBusNamespaceAuthorizationRules, extractServiceBusNamespacAuthRule(r))
}

for op.NotDone() {
err = op.NextWithContext(ctx)
if err != nil {
plugin.Logger(ctx).Error("azure_servicebus_namespace.listServiceBusNamespaceAuthorizationRules", "paging_error", err)
return nil, err
}
for _, r := range op.Values() {
serviceBusNamespaceAuthorizationRules = append(serviceBusNamespaceAuthorizationRules, extractServiceBusNamespacAuthRule(r))
}
}

return serviceBusNamespaceAuthorizationRules, nil
}

// If we return the API response directly, the output will not provide the properties of AuthorizationRuleProperties
func extractServiceBusNamespacAuthRule(i servicebus.SBAuthorizationRule) map[string]interface{} {
serviceBusNamespaceAuthRule := make(map[string]interface{})
if i.ID != nil {
serviceBusNamespaceAuthRule["id"] = *i.ID
}
if i.Name != nil {
serviceBusNamespaceAuthRule["name"] = *i.Name
}
if i.Type != nil {
serviceBusNamespaceAuthRule["type"] = *i.Type
}
if i.SystemData != nil {
serviceBusNamespaceAuthRule["systemData"] = *i.SystemData
}
if i.SBAuthorizationRuleProperties != nil {
if len(*i.SBAuthorizationRuleProperties.Rights) > 0 {
serviceBusNamespaceAuthRule["properties"] = map[string]interface{}{
"rights": *i.SBAuthorizationRuleProperties.Rights,
}
}
}
return serviceBusNamespaceAuthRule
}

// If we return the API response directly, the output will not provide the properties of PrivateEndpointConnections
func extractServiceBusNamespacePrivateEndpointConnection(i servicebus.PrivateEndpointConnection) map[string]interface{} {
serviceBusNamespacePrivateEndpointConnection := make(map[string]interface{})
Expand Down
27 changes: 27 additions & 0 deletions docs/tables/azure_servicebus_namespace.md
Original file line number Diff line number Diff line change
Expand Up @@ -193,4 +193,31 @@ select
json_extract(encryption, '$.requireInfrastructureEncryption') as require_infrastructure_encryption
from
azure_servicebus_namespace;
```

### Get authorization rules of namespaces
An Azure Service Bus Authorization Rule is a security feature that defines the set of permissions assigned to a user or application for accessing and performing operations within a Service Bus namespace or on specific entities like queues, topics, and subscriptions. These rules manage who can send, receive, and manage messages. They play a crucial role in controlling access and ensuring secure operations within the Azure Service Bus environment. Each rule can grant different levels of access, ranging from listening to messages, sending messages, or managing the entity.

```sql+postgres
select
name,
r ->> 'name' as rule_name,
r ->> 'id' as rule_id,
r ->> 'type' as rule_type,
r ->> 'properties' as rule_properties
from
azure_servicebus_namespace as n,
jsonb_array_elements(authorization_rules) as r;
```

```sql+sqlite
select
name,
json_extract(r.value, '$.name') as rule_name,
json_extract(r.value, '$.id') as rule_id,
json_extract(r.value, '$.type') as rule_type,
json_extract(r.value, '$.properties') as rule_properties
from
azure_servicebus_namespace as n,
json_each(n.authorization_rules) as r;
```

0 comments on commit 1f901bf

Please sign in to comment.