diff --git a/azure-test/tests/azure_security_center_auto_provisioning/dependencies.txt b/azure-test/tests/azure_security_center_auto_provisioning/dependencies.txt new file mode 100644 index 00000000..e69de29b diff --git a/azure-test/tests/azure_security_center_auto_provisioning/test-get-expected.json b/azure-test/tests/azure_security_center_auto_provisioning/test-get-expected.json new file mode 100644 index 00000000..d7b43122 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-get-expected.json @@ -0,0 +1,7 @@ +[ + { + "id": "{{ output.resource_id.value }}", + "name": "{{ output.resource_name.value }}", + "type": "Microsoft.Security/autoProvisioningSettings" + } +] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_auto_provisioning/test-get-query.sql b/azure-test/tests/azure_security_center_auto_provisioning/test-get-query.sql new file mode 100644 index 00000000..d04dfa83 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-get-query.sql @@ -0,0 +1,3 @@ +select name, id, type +from azure.azure_security_center_auto_provisioning +where name = '{{ output.resource_name.value }}'; diff --git a/azure-test/tests/azure_security_center_auto_provisioning/test-list-expected.json b/azure-test/tests/azure_security_center_auto_provisioning/test-list-expected.json new file mode 100644 index 00000000..37aee719 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-list-expected.json @@ -0,0 +1,6 @@ +[ + { + "id": "{{ output.resource_id.value }}", + "name": "{{ output.resource_name.value }}" + } +] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_auto_provisioning/test-list-query.sql b/azure-test/tests/azure_security_center_auto_provisioning/test-list-query.sql new file mode 100644 index 00000000..7a2e61d7 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-list-query.sql @@ -0,0 +1,3 @@ +select id, name +from azure.azure_security_center_auto_provisioning +where id = '{{ output.resource_id.value }}' diff --git a/azure-test/tests/azure_security_center_auto_provisioning/test-not-found-expected.json b/azure-test/tests/azure_security_center_auto_provisioning/test-not-found-expected.json new file mode 100644 index 00000000..ec747fa4 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-not-found-expected.json @@ -0,0 +1 @@ +null \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_auto_provisioning/test-not-found-query.sql b/azure-test/tests/azure_security_center_auto_provisioning/test-not-found-query.sql new file mode 100644 index 00000000..4e8c9f46 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-not-found-query.sql @@ -0,0 +1,3 @@ +select name, akas, title +from azure.azure_security_center_auto_provisioning +where name = 'dummy-{{ output.resource_name.value }}'; diff --git a/azure-test/tests/azure_security_center_auto_provisioning/test-turbot-expected.json b/azure-test/tests/azure_security_center_auto_provisioning/test-turbot-expected.json new file mode 100644 index 00000000..3977b7f4 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-turbot-expected.json @@ -0,0 +1,10 @@ +[ + { + "akas": [ + "{{ output.resource_aka.value }}", + "{{ output.resource_aka_lower.value }}" + ], + "name": "{{ output.resource_name.value }}", + "title": "{{ output.resource_name.value }}" + } +] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_auto_provisioning/test-turbot-query.sql b/azure-test/tests/azure_security_center_auto_provisioning/test-turbot-query.sql new file mode 100644 index 00000000..67ea4f73 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-turbot-query.sql @@ -0,0 +1,3 @@ +select name, akas, title +from azure.azure_security_center_auto_provisioning +where name = '{{ output.resource_name.value }}'; diff --git a/azure-test/tests/azure_security_center_auto_provisioning/variables.json b/azure-test/tests/azure_security_center_auto_provisioning/variables.json new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/variables.json @@ -0,0 +1 @@ +{} diff --git a/azure-test/tests/azure_security_center_auto_provisioning/variables.tf b/azure-test/tests/azure_security_center_auto_provisioning/variables.tf new file mode 100644 index 00000000..72ed3d01 --- /dev/null +++ b/azure-test/tests/azure_security_center_auto_provisioning/variables.tf @@ -0,0 +1,57 @@ + +variable "resource_name" { + type = string + default = "turbot-test-20200125-create-update" + description = "Name of the resource used throughout the test." +} + +variable "azure_environment" { + type = string + default = "public" + description = "Azure environment used for the test." +} + +variable "azure_subscription" { + type = string + description = "Azure subscription used for the test." +} + +provider "azurerm" { + # Cannot be passed as a variable + version = "=2.43.0" + features {} + environment = var.azure_environment + subscription_id = var.azure_subscription +} + +data "azurerm_client_config" "current" {} + +data "null_data_source" "resource" { + inputs = { + scope = "azure:///subscriptions/${data.azurerm_client_config.current.subscription_id}" + } +} + +resource "azurerm_security_center_auto_provisioning" "named_test_resource" { + auto_provision = "On" +} + +output "resource_aka" { + value = "azure://${azurerm_security_center_auto_provisioning.named_test_resource.id}" +} + +output "resource_aka_lower" { + value = "azure://${lower(azurerm_security_center_auto_provisioning.named_test_resource.id)}" +} + +output "resource_id" { + value = azurerm_security_center_auto_provisioning.named_test_resource.id +} + +output "resource_name" { + value = element(split("/", azurerm_security_center_auto_provisioning.named_test_resource.id), 6) +} + +output "subscription_id" { + value = var.azure_subscription +} diff --git a/azure/plugin.go b/azure/plugin.go index cc4353bb..3104ae43 100644 --- a/azure/plugin.go +++ b/azure/plugin.go @@ -22,60 +22,61 @@ func Plugin(ctx context.Context) *plugin.Plugin { Schema: ConfigSchema, }, TableMap: map[string]*plugin.Table{ - "azure_ad_group": tableAzureAdGroup(ctx), - "azure_ad_service_principal": tableAzureAdServicePrincipal(ctx), - "azure_ad_user": tableAzureAdUser(ctx), - "azure_api_management": tableAzureAPIManagement(ctx), - "azure_app_service_environment": tableAzureAppServiceEnvironment(ctx), - "azure_app_service_function_app": tableAzureAppServiceFunctionApp(ctx), - "azure_app_service_plan": tableAzureAppServicePlan(ctx), - "azure_app_service_web_app": tableAzureAppServiceWebApp(ctx), - "azure_application_security_group": tableAzureApplicationSecurityGroup(ctx), - "azure_compute_availability_set": tableAzureComputeAvailabilitySet(ctx), - "azure_compute_disk": tableAzureComputeDisk(ctx), - "azure_compute_disk_encryption_set": tableAzureComputeDiskEncryptionSet(ctx), - "azure_compute_image": tableAzureComputeImage(ctx), - "azure_compute_resource_sku": tableAzureResourceSku(ctx), - "azure_compute_snapshot": tableAzureComputeSnapshot(ctx), - "azure_compute_virtual_machine": tableAzureComputeVirtualMachine(ctx), - "azure_cosmosdb_account": tableAzureCosmosDBAccount(ctx), - "azure_cosmosdb_mongo_database": tableAzureCosmosDBMongoDatabase(ctx), - "azure_cosmosdb_sql_database": tableAzureCosmosDBSQLDatabase(ctx), - "azure_diagnostic_setting": tableAzureDiagnosticSetting(ctx), - "azure_firewall": tableAzureFirewall(ctx), - "azure_key_vault": tableAzureKeyVault(ctx), - "azure_key_vault_key": tableAzureKeyVaultKey(ctx), - "azure_key_vault_secret": tableAzureKeyVaultSecret(ctx), - "azure_kubernetes_cluster": tableAzureKubernetesCluster(ctx), - "azure_location": tableAzureLocation(ctx), - "azure_log_alert": tableAzureLogAlert(ctx), - "azure_log_profile": tableAzureLogProfile(ctx), - "azure_management_lock": tableAzureManagementLock(ctx), - "azure_mysql_server": tableAzureMySQLServer(ctx), - "azure_network_interface": tableAzureNetworkInterface(ctx), - "azure_network_security_group": tableAzureNetworkSecurityGroup(ctx), - "azure_network_watcher": tableAzureNetworkWatcher(ctx), - "azure_network_watcher_flow_log": tableAzureNetworkWatcherFlowLog(ctx), - "azure_postgresql_server": tableAzurePostgreSqlServer(ctx), - "azure_provider": tableAzureProvider(ctx), - "azure_public_ip": tableAzurePublicIP(ctx), - "azure_resource_group": tableAzureResourceGroup(ctx), - "azure_role_assignment": tableAzureIamRoleAssignment(ctx), - "azure_role_definition": tableAzureIamRoleDefinition(ctx), - "azure_route_table": tableAzureRouteTable(ctx), - "azure_security_center_contact": tableAzureSecurityCenterContact(ctx), - "azure_sql_database": tableAzureSqlDatabase(ctx), - "azure_sql_server": tableAzureSQLServer(ctx), - "azure_storage_account": tableAzureStorageAccount(ctx), - "azure_storage_blob_service": tableAzureStorageBlobService(ctx), - "azure_storage_container": tableAzureStorageContainer(ctx), - "azure_storage_queue": tableAzureStorageQueue(ctx), - "azure_storage_table": tableAzureStorageTable(ctx), - "azure_storage_table_service": tableAzureStorageTableService(ctx), - "azure_subnet": tableAzureSubnet(ctx), - "azure_virtual_network": tableAzureVirtualNetwork(ctx), - // "azure_storage_blob": tableAzureStorageBlob(ctx), - // "azure_storage_table": tableAzureStorageTable(ctx), + "azure_ad_group": tableAzureAdGroup(ctx), + "azure_ad_service_principal": tableAzureAdServicePrincipal(ctx), + "azure_ad_user": tableAzureAdUser(ctx), + "azure_api_management": tableAzureAPIManagement(ctx), + "azure_app_service_environment": tableAzureAppServiceEnvironment(ctx), + "azure_app_service_function_app": tableAzureAppServiceFunctionApp(ctx), + "azure_app_service_plan": tableAzureAppServicePlan(ctx), + "azure_app_service_web_app": tableAzureAppServiceWebApp(ctx), + "azure_application_security_group": tableAzureApplicationSecurityGroup(ctx), + "azure_compute_availability_set": tableAzureComputeAvailabilitySet(ctx), + "azure_compute_disk": tableAzureComputeDisk(ctx), + "azure_compute_disk_encryption_set": tableAzureComputeDiskEncryptionSet(ctx), + "azure_compute_image": tableAzureComputeImage(ctx), + "azure_compute_resource_sku": tableAzureResourceSku(ctx), + "azure_compute_snapshot": tableAzureComputeSnapshot(ctx), + "azure_compute_virtual_machine": tableAzureComputeVirtualMachine(ctx), + "azure_cosmosdb_account": tableAzureCosmosDBAccount(ctx), + "azure_cosmosdb_mongo_database": tableAzureCosmosDBMongoDatabase(ctx), + "azure_cosmosdb_sql_database": tableAzureCosmosDBSQLDatabase(ctx), + "azure_diagnostic_setting": tableAzureDiagnosticSetting(ctx), + "azure_firewall": tableAzureFirewall(ctx), + "azure_key_vault": tableAzureKeyVault(ctx), + "azure_key_vault_key": tableAzureKeyVaultKey(ctx), + "azure_key_vault_secret": tableAzureKeyVaultSecret(ctx), + "azure_kubernetes_cluster": tableAzureKubernetesCluster(ctx), + "azure_location": tableAzureLocation(ctx), + "azure_log_alert": tableAzureLogAlert(ctx), + "azure_log_profile": tableAzureLogProfile(ctx), + "azure_management_lock": tableAzureManagementLock(ctx), + "azure_mysql_server": tableAzureMySQLServer(ctx), + "azure_network_interface": tableAzureNetworkInterface(ctx), + "azure_network_security_group": tableAzureNetworkSecurityGroup(ctx), + "azure_network_watcher": tableAzureNetworkWatcher(ctx), + "azure_network_watcher_flow_log": tableAzureNetworkWatcherFlowLog(ctx), + "azure_postgresql_server": tableAzurePostgreSqlServer(ctx), + "azure_provider": tableAzureProvider(ctx), + "azure_public_ip": tableAzurePublicIP(ctx), + "azure_resource_group": tableAzureResourceGroup(ctx), + "azure_role_assignment": tableAzureIamRoleAssignment(ctx), + "azure_role_definition": tableAzureIamRoleDefinition(ctx), + "azure_route_table": tableAzureRouteTable(ctx), + "azure_security_center_auto_provisioning": tableAzureSecurityCenterAutoProvisioning(ctx), + "azure_security_center_contact": tableAzureSecurityCenterContact(ctx), + "azure_sql_database": tableAzureSqlDatabase(ctx), + "azure_sql_server": tableAzureSQLServer(ctx), + "azure_storage_account": tableAzureStorageAccount(ctx), + "azure_storage_blob_service": tableAzureStorageBlobService(ctx), + "azure_storage_container": tableAzureStorageContainer(ctx), + "azure_storage_queue": tableAzureStorageQueue(ctx), + "azure_storage_table": tableAzureStorageTable(ctx), + "azure_storage_table_service": tableAzureStorageTableService(ctx), + "azure_subnet": tableAzureSubnet(ctx), + "azure_virtual_network": tableAzureVirtualNetwork(ctx), + // "azure_storage_blob": tableAzureStorageBlob(ctx), + // "azure_storage_table": tableAzureStorageTable(ctx), }, } diff --git a/azure/table_azure_security_center_auto_provisioning.go b/azure/table_azure_security_center_auto_provisioning.go new file mode 100644 index 00000000..70cfeee9 --- /dev/null +++ b/azure/table_azure_security_center_auto_provisioning.go @@ -0,0 +1,117 @@ +package azure + +import ( + "context" + + "github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v1.0/security" + "github.com/turbot/steampipe-plugin-sdk/grpc/proto" + "github.com/turbot/steampipe-plugin-sdk/plugin/transform" + + "github.com/turbot/steampipe-plugin-sdk/plugin" +) + +//// TABLE DEFINITION + +func tableAzureSecurityCenterAutoProvisioning(_ context.Context) *plugin.Table { + return &plugin.Table{ + Name: "azure_security_center_auto_provisioning", + Description: "Azure Security Center Auto Provisioning", + Get: &plugin.GetConfig{ + KeyColumns: plugin.SingleColumn("name"), + Hydrate: getSecurityCenterAutoProvisioning, + }, + List: &plugin.ListConfig{ + Hydrate: listSecurityCenterAutoProvisioning, + }, + Columns: []*plugin.Column{ + { + Name: "id", + Type: proto.ColumnType_STRING, + Description: "The resource id.", + Transform: transform.FromGo(), + }, + { + Name: "name", + Description: "The resource name.", + Type: proto.ColumnType_STRING, + }, + { + Name: "type", + Description: "The resource type.", + Type: proto.ColumnType_STRING, + }, + { + Name: "auto_provision", + Description: "Describes what kind of security agent provisioning action to take. Possible values include: On, Off", + Type: proto.ColumnType_STRING, + Transform: transform.FromField("AutoProvisioningSettingProperties.AutoProvision"), + }, + + // Steampipe standard columns + { + Name: "title", + Description: ColumnDescriptionTitle, + Type: proto.ColumnType_STRING, + Transform: transform.FromField("Name"), + }, + { + Name: "akas", + Description: ColumnDescriptionAkas, + Type: proto.ColumnType_JSON, + Transform: transform.FromField("ID").Transform(idToAkas), + }, + + // Azure standard columns + { + Name: "subscription_id", + Description: ColumnDescriptionSubscription, + Type: proto.ColumnType_STRING, + Transform: transform.FromField("ID").Transform(idToSubscriptionID), + }, + }, + } +} + +//// LIST FUNCTION + +func listSecurityCenterAutoProvisioning(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { + session, err := GetNewSession(ctx, d, "MANAGEMENT") + if err != nil { + return nil, err + } + + subscriptionID := session.SubscriptionID + autoProvisioningClient := security.NewAutoProvisioningSettingsClient(subscriptionID, "") + autoProvisioningClient.Authorizer = session.Authorizer + + autoProvisioningList, err := autoProvisioningClient.List(ctx) + if err != nil { + return err, nil + } + + for _, autoProvisioning := range autoProvisioningList.Values() { + d.StreamListItem(ctx, autoProvisioning) + } + return nil, nil +} + +//// HYDRATE FUNCTIONS + +func getSecurityCenterAutoProvisioning(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { + session, err := GetNewSession(ctx, d, "MANAGEMENT") + if err != nil { + return nil, err + } + name := d.KeyColumnQuals["name"].GetStringValue() + + subscriptionID := session.SubscriptionID + autoProvisioningClient := security.NewAutoProvisioningSettingsClient(subscriptionID, "") + autoProvisioningClient.Authorizer = session.Authorizer + + autoProvisioning, err := autoProvisioningClient.Get(ctx, name) + if err != nil { + return err, nil + } + + return autoProvisioning, nil +} diff --git a/docs/tables/azure_security_center_auto_provisioning.md b/docs/tables/azure_security_center_auto_provisioning.md new file mode 100644 index 00000000..3d075336 --- /dev/null +++ b/docs/tables/azure_security_center_auto_provisioning.md @@ -0,0 +1,31 @@ +# Table: azure_security_center_auto_provisioning + +Azure security center auto provisioning settings expose the auto provisioning settings of the subscriptions. + +## Examples + +### Basic info + +```sql +select + id, + name, + type, + auto_provision +from + azure_security_center_auto_provisioning; +``` + +### List subscriptions that have automatic provisioning of VM monitoring agent enabled + +```sql +select + id, + name, + type, + auto_provision +from + azure_security_center_auto_provisioning +where + auto_provision = 'On'; +```