From 1f901bf34cd24854a9f0777d435466f23fbb4da7 Mon Sep 17 00:00:00 2001 From: ParthaI <47887552+ParthaI@users.noreply.github.com> Date: Mon, 29 Jan 2024 11:07:43 +0530 Subject: [PATCH] Add column authorization_rules in the table azure_servicebus_namespace Closes #716 (#719) --- .../test-get-expected.json | 1 + .../test-not-found-expected.json | 2 +- azure/table_azure_servicebus_namespace.go | 73 +++++++++++++++++++ docs/tables/azure_servicebus_namespace.md | 27 +++++++ 4 files changed, 102 insertions(+), 1 deletion(-) diff --git a/azure-test/tests/azure_servicebus_namespace/test-get-expected.json b/azure-test/tests/azure_servicebus_namespace/test-get-expected.json index 9ea28ed2..79777233 100644 --- a/azure-test/tests/azure_servicebus_namespace/test-get-expected.json +++ b/azure-test/tests/azure_servicebus_namespace/test-get-expected.json @@ -8,6 +8,7 @@ "defaultAction": "Allow", "ipRules": [], "publicNetworkAccess": "Enabled", + "trustedServiceAccessEnabled": false, "virtualNetworkRules": [] } }, diff --git a/azure-test/tests/azure_servicebus_namespace/test-not-found-expected.json b/azure-test/tests/azure_servicebus_namespace/test-not-found-expected.json index 19765bd5..fe51488c 100644 --- a/azure-test/tests/azure_servicebus_namespace/test-not-found-expected.json +++ b/azure-test/tests/azure_servicebus_namespace/test-not-found-expected.json @@ -1 +1 @@ -null +[] diff --git a/azure/table_azure_servicebus_namespace.go b/azure/table_azure_servicebus_namespace.go index 9304228d..5cc8fabc 100644 --- a/azure/table_azure_servicebus_namespace.go +++ b/azure/table_azure_servicebus_namespace.go @@ -137,6 +137,13 @@ func tableAzureServiceBusNamespace(_ context.Context) *plugin.Table { Hydrate: listServiceBusNamespacePrivateEndpointConnections, Transform: transform.FromValue(), }, + { + Name: "authorization_rules", + Description: "The authorization rules for a namespace.", + Type: proto.ColumnType_JSON, + Hydrate: listServiceBusNamespaceAuthorizationRules, + Transform: transform.FromValue(), + }, // Steampipe standard columns { @@ -359,6 +366,72 @@ func listServiceBusNamespacePrivateEndpointConnections(ctx context.Context, d *p return serviceBusNamespacePrivateEndpointConnections, nil } +func listServiceBusNamespaceAuthorizationRules(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { + + namespace := h.Item.(servicebus.SBNamespace) + resourceGroup := strings.Split(string(*namespace.ID), "/")[4] + namespaceName := *namespace.Name + + session, err := GetNewSession(ctx, d, "MANAGEMENT") + if err != nil { + return nil, err + } + subscriptionID := session.SubscriptionID + + client := servicebus.NewNamespacesClientWithBaseURI(session.ResourceManagerEndpoint, subscriptionID) + client.Authorizer = session.Authorizer + + op, err := client.ListAuthorizationRules(ctx, resourceGroup, namespaceName) + if err != nil { + plugin.Logger(ctx).Error("azure_servicebus_namespace.listServiceBusNamespaceAuthorizationRules", "api_error", err) + return nil, err + } + + var serviceBusNamespaceAuthorizationRules []map[string]interface{} + + for _, r := range op.Values() { + serviceBusNamespaceAuthorizationRules = append(serviceBusNamespaceAuthorizationRules, extractServiceBusNamespacAuthRule(r)) + } + + for op.NotDone() { + err = op.NextWithContext(ctx) + if err != nil { + plugin.Logger(ctx).Error("azure_servicebus_namespace.listServiceBusNamespaceAuthorizationRules", "paging_error", err) + return nil, err + } + for _, r := range op.Values() { + serviceBusNamespaceAuthorizationRules = append(serviceBusNamespaceAuthorizationRules, extractServiceBusNamespacAuthRule(r)) + } + } + + return serviceBusNamespaceAuthorizationRules, nil +} + +// If we return the API response directly, the output will not provide the properties of AuthorizationRuleProperties +func extractServiceBusNamespacAuthRule(i servicebus.SBAuthorizationRule) map[string]interface{} { + serviceBusNamespaceAuthRule := make(map[string]interface{}) + if i.ID != nil { + serviceBusNamespaceAuthRule["id"] = *i.ID + } + if i.Name != nil { + serviceBusNamespaceAuthRule["name"] = *i.Name + } + if i.Type != nil { + serviceBusNamespaceAuthRule["type"] = *i.Type + } + if i.SystemData != nil { + serviceBusNamespaceAuthRule["systemData"] = *i.SystemData + } + if i.SBAuthorizationRuleProperties != nil { + if len(*i.SBAuthorizationRuleProperties.Rights) > 0 { + serviceBusNamespaceAuthRule["properties"] = map[string]interface{}{ + "rights": *i.SBAuthorizationRuleProperties.Rights, + } + } + } + return serviceBusNamespaceAuthRule +} + // If we return the API response directly, the output will not provide the properties of PrivateEndpointConnections func extractServiceBusNamespacePrivateEndpointConnection(i servicebus.PrivateEndpointConnection) map[string]interface{} { serviceBusNamespacePrivateEndpointConnection := make(map[string]interface{}) diff --git a/docs/tables/azure_servicebus_namespace.md b/docs/tables/azure_servicebus_namespace.md index ca1fd289..256c7cc4 100644 --- a/docs/tables/azure_servicebus_namespace.md +++ b/docs/tables/azure_servicebus_namespace.md @@ -193,4 +193,31 @@ select json_extract(encryption, '$.requireInfrastructureEncryption') as require_infrastructure_encryption from azure_servicebus_namespace; +``` + +### Get authorization rules of namespaces +An Azure Service Bus Authorization Rule is a security feature that defines the set of permissions assigned to a user or application for accessing and performing operations within a Service Bus namespace or on specific entities like queues, topics, and subscriptions. These rules manage who can send, receive, and manage messages. They play a crucial role in controlling access and ensuring secure operations within the Azure Service Bus environment. Each rule can grant different levels of access, ranging from listening to messages, sending messages, or managing the entity. + +```sql+postgres +select + name, + r ->> 'name' as rule_name, + r ->> 'id' as rule_id, + r ->> 'type' as rule_type, + r ->> 'properties' as rule_properties +from + azure_servicebus_namespace as n, + jsonb_array_elements(authorization_rules) as r; +``` + +```sql+sqlite +select + name, + json_extract(r.value, '$.name') as rule_name, + json_extract(r.value, '$.id') as rule_id, + json_extract(r.value, '$.type') as rule_type, + json_extract(r.value, '$.properties') as rule_properties +from + azure_servicebus_namespace as n, + json_each(n.authorization_rules) as r; ``` \ No newline at end of file