From 5b2f0d8e7901be23ed49cc1f8bcbd2cffc5240f3 Mon Sep 17 00:00:00 2001 From: bigdatasourav Date: Wed, 5 May 2021 16:28:57 +0530 Subject: [PATCH 01/10] test-setting --- azure/plugin.go | 1 + azure/table_azure_security_center_setting.go | 117 +++++++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 azure/table_azure_security_center_setting.go diff --git a/azure/plugin.go b/azure/plugin.go index 5e2de582..e81bd5b2 100644 --- a/azure/plugin.go +++ b/azure/plugin.go @@ -63,6 +63,7 @@ func Plugin(ctx context.Context) *plugin.Plugin { "azure_role_assignment": tableAzureIamRoleAssignment(ctx), "azure_role_definition": tableAzureIamRoleDefinition(ctx), "azure_route_table": tableAzureRouteTable(ctx), + "azure_security_center_setting": tableAzureSecurityCenterSetting(ctx), "azure_sql_database": tableAzureSqlDatabase(ctx), "azure_sql_server": tableAzureSQLServer(ctx), "azure_storage_account": tableAzureStorageAccount(ctx), diff --git a/azure/table_azure_security_center_setting.go b/azure/table_azure_security_center_setting.go new file mode 100644 index 00000000..d53effac --- /dev/null +++ b/azure/table_azure_security_center_setting.go @@ -0,0 +1,117 @@ +package azure + +import ( + "context" + + "github.com/Azure/azure-sdk-for-go/services/preview/security/mgmt/v1.0/security" + "github.com/turbot/steampipe-plugin-sdk/grpc/proto" + "github.com/turbot/steampipe-plugin-sdk/plugin/transform" + + "github.com/turbot/steampipe-plugin-sdk/plugin" +) + +//// TABLE DEFINITION + +func tableAzureSecurityCenterSetting(_ context.Context) *plugin.Table { + return &plugin.Table{ + Name: "azure_security_center_setting", + Description: "Azure Security Center Setting", + Get: &plugin.GetConfig{ + KeyColumns: plugin.SingleColumn("name"), + Hydrate: getSettingDetails, + ShouldIgnoreError: isNotFoundError([]string{"ResourceNotFound", "ResourceGroupNotFound", "404"}), + }, + List: &plugin.ListConfig{ + Hydrate: listSettingDetails, + }, + Columns: []*plugin.Column{ + { + Name: "id", + Type: proto.ColumnType_STRING, + Description: "The resource Id.", + Transform: transform.FromField("ID"), + }, + { + Name: "name", + Description: "The resource name.", + Type: proto.ColumnType_STRING, + }, + { + Name: "type", + Description: "The resource type.", + Type: proto.ColumnType_STRING, + }, + { + Name: "kind", + Description: "The kind of the settings string (DataExportSettings).", + Type: proto.ColumnType_STRING, + }, + + // Steampipe standard columns + { + Name: "title", + Description: ColumnDescriptionTitle, + Type: proto.ColumnType_STRING, + Transform: transform.FromField("Name"), + }, + { + Name: "akas", + Description: ColumnDescriptionAkas, + Type: proto.ColumnType_JSON, + Transform: transform.FromField("ID").Transform(idToAkas), + }, + + // Azure standard columns + { + Name: "subscription_id", + Description: ColumnDescriptionSubscription, + Type: proto.ColumnType_STRING, + Transform: transform.FromField("ID").Transform(idToSubscriptionID), + }, + }, + } +} + +//// LIST FUNCTION + +func listSettingDetails(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { + session, err := GetNewSession(ctx, d, "MANAGEMENT") + if err != nil { + return nil, err + } + + subscriptionID := session.SubscriptionID + settingClient := security.NewSettingsClient(subscriptionID, "") + settingClient.Authorizer = session.Authorizer + + settingList, err := settingClient.List(ctx) + if err != nil { + return err, nil + } + + for _, setting := range settingList.Values() { + d.StreamListItem(ctx, setting) + } + return nil, nil +} + +//// TABLE DEFINITION + +func getSettingDetails(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { + session, err := GetNewSession(ctx, d, "MANAGEMENT") + if err != nil { + return nil, err + } + name := d.KeyColumnQuals["name"].GetStringValue() + + subscriptionID := session.SubscriptionID + settingClient := security.NewSettingsClient(subscriptionID, "") + settingClient.Authorizer = session.Authorizer + + setting, err := settingClient.Get(ctx, name) + if err != nil { + return err, nil + } + + return setting, nil +} From ba4b73fb9e4f2d3dcd8370bb9c5074b220a5320b Mon Sep 17 00:00:00 2001 From: bigdatasourav Date: Thu, 6 May 2021 15:25:50 +0530 Subject: [PATCH 02/10] new table --- .../dependencies.txt | 0 .../test-get-expected.json | 7 +++ .../test-get-query.sql | 3 + .../test-list-expected.json | 6 ++ .../test-list-query.sql | 3 + .../test-not-found-expected.json | 1 + .../test-not-found-query.sql | 3 + .../test-turbot-expected.json | 10 ++++ .../test-turbot-query.sql | 3 + .../variables.json | 1 + .../variables.tf | 60 +++++++++++++++++++ docs/tables/azure_security_center_setting.md | 45 ++++++++++++++ 12 files changed, 142 insertions(+) create mode 100644 azure-test/tests/azure_security_center_setting/dependencies.txt create mode 100644 azure-test/tests/azure_security_center_setting/test-get-expected.json create mode 100644 azure-test/tests/azure_security_center_setting/test-get-query.sql create mode 100644 azure-test/tests/azure_security_center_setting/test-list-expected.json create mode 100644 azure-test/tests/azure_security_center_setting/test-list-query.sql create mode 100644 azure-test/tests/azure_security_center_setting/test-not-found-expected.json create mode 100644 azure-test/tests/azure_security_center_setting/test-not-found-query.sql create mode 100644 azure-test/tests/azure_security_center_setting/test-turbot-expected.json create mode 100644 azure-test/tests/azure_security_center_setting/test-turbot-query.sql create mode 100644 azure-test/tests/azure_security_center_setting/variables.json create mode 100644 azure-test/tests/azure_security_center_setting/variables.tf create mode 100644 docs/tables/azure_security_center_setting.md diff --git a/azure-test/tests/azure_security_center_setting/dependencies.txt b/azure-test/tests/azure_security_center_setting/dependencies.txt new file mode 100644 index 00000000..e69de29b diff --git a/azure-test/tests/azure_security_center_setting/test-get-expected.json b/azure-test/tests/azure_security_center_setting/test-get-expected.json new file mode 100644 index 00000000..30f6fcba --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/test-get-expected.json @@ -0,0 +1,7 @@ +[ + { + "id": "{{ output.resource_id.value }}", + "name": "MCAS", + "type": "Microsoft.Security/settings" + } +] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_setting/test-get-query.sql b/azure-test/tests/azure_security_center_setting/test-get-query.sql new file mode 100644 index 00000000..a4f6c596 --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/test-get-query.sql @@ -0,0 +1,3 @@ +select name, id, type +from azure.azure_security_center_setting +where name = '{{ output.resource_name.value }}'; diff --git a/azure-test/tests/azure_security_center_setting/test-list-expected.json b/azure-test/tests/azure_security_center_setting/test-list-expected.json new file mode 100644 index 00000000..7b00f6dd --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/test-list-expected.json @@ -0,0 +1,6 @@ +[ + { + "id": "{{ output.resource_id.value }}", + "name": "MCAS" + } +] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_setting/test-list-query.sql b/azure-test/tests/azure_security_center_setting/test-list-query.sql new file mode 100644 index 00000000..5bfd4301 --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/test-list-query.sql @@ -0,0 +1,3 @@ +select id, name +from azure.azure_security_center_setting +where id = '{{ output.resource_id.value }}' diff --git a/azure-test/tests/azure_security_center_setting/test-not-found-expected.json b/azure-test/tests/azure_security_center_setting/test-not-found-expected.json new file mode 100644 index 00000000..ec747fa4 --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/test-not-found-expected.json @@ -0,0 +1 @@ +null \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_setting/test-not-found-query.sql b/azure-test/tests/azure_security_center_setting/test-not-found-query.sql new file mode 100644 index 00000000..60a95b6a --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/test-not-found-query.sql @@ -0,0 +1,3 @@ +select name, akas, title +from azure.azure_security_center_setting +where name = 'dummy-{{ output.resource_name.value }}'; diff --git a/azure-test/tests/azure_security_center_setting/test-turbot-expected.json b/azure-test/tests/azure_security_center_setting/test-turbot-expected.json new file mode 100644 index 00000000..80911840 --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/test-turbot-expected.json @@ -0,0 +1,10 @@ +[ + { + "akas": [ + "{{ output.resource_aka.value }}", + "{{ output.resource_aka_lower.value }}" + ], + "name": "MCAS", + "title": "MCAS" + } +] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_setting/test-turbot-query.sql b/azure-test/tests/azure_security_center_setting/test-turbot-query.sql new file mode 100644 index 00000000..9180c40c --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/test-turbot-query.sql @@ -0,0 +1,3 @@ +select name, akas, title +from azure.azure_security_center_setting +where name = '{{ output.resource_name.value }}'; diff --git a/azure-test/tests/azure_security_center_setting/variables.json b/azure-test/tests/azure_security_center_setting/variables.json new file mode 100644 index 00000000..0967ef42 --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/variables.json @@ -0,0 +1 @@ +{} diff --git a/azure-test/tests/azure_security_center_setting/variables.tf b/azure-test/tests/azure_security_center_setting/variables.tf new file mode 100644 index 00000000..b6eac132 --- /dev/null +++ b/azure-test/tests/azure_security_center_setting/variables.tf @@ -0,0 +1,60 @@ + +variable "resource_name" { + type = string + default = "turbot-test-20200125-create-update" + description = "Name of the resource used throughout the test." +} + +variable "azure_environment" { + type = string + default = "public" + description = "Azure environment used for the test." +} + +variable "azure_subscription" { + type = string + default = "d7245080-b4ae-4fe5-b6fa-2e71b3dae6c8" + description = "Azure subscription used for the test." +} + +provider "azurerm" { + # Cannot be passed as a variable + version = "=2.43.0" + features {} + environment = var.azure_environment + subscription_id = var.azure_subscription +} + +data "azurerm_client_config" "current" {} + +data "null_data_source" "resource" { + inputs = { + scope = "azure:///subscriptions/${data.azurerm_client_config.current.subscription_id}" + } +} + +resource "azurerm_security_center_setting" "named_test_resource" { + #expected setting_name to be one of [MCAS WDATP] + setting_name = "MCAS" + enabled = true +} + +output "resource_aka" { + value = "azure://${azurerm_security_center_setting.named_test_resource.id}" +} + +output "resource_aka_lower" { + value = "azure://${lower(azurerm_security_center_setting.named_test_resource.id)}" +} + +output "resource_id" { + value = azurerm_security_center_setting.named_test_resource.id +} + +output "resource_name" { + value = "MCAS" +} + +output "subscription_id" { + value = var.azure_subscription +} diff --git a/docs/tables/azure_security_center_setting.md b/docs/tables/azure_security_center_setting.md new file mode 100644 index 00000000..2664883d --- /dev/null +++ b/docs/tables/azure_security_center_setting.md @@ -0,0 +1,45 @@ +# Table: azure_security_center_setting + +Azure security center settings contains different configurations in security center. + +## Examples + +### Basic info + +```sql +select + id, + name, + type, + kind +from + azure_security_center_setting; +``` + +### Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected + +```sql +select + id, + name, + type, + kind +from + azure_security_center_setting +where + name = 'MCAS'; +``` + +### Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected + +```sql +select + id, + name, + type, + kind +from + azure_security_center_setting +where + name = 'WDATP'; +``` From 2abeb929b2393c6794920a9123a24a41a19b93c1 Mon Sep 17 00:00:00 2001 From: bigdatasourav Date: Thu, 6 May 2021 16:09:52 +0530 Subject: [PATCH 03/10] test update --- .../test-get-expected.json | 2 +- .../test-list-expected.json | 2 +- .../test-turbot-expected.json | 4 ++-- .../tests/azure_security_center_setting/variables.tf | 10 ++++++++-- azure/table_azure_security_center_setting.go | 10 +++++----- 5 files changed, 17 insertions(+), 11 deletions(-) diff --git a/azure-test/tests/azure_security_center_setting/test-get-expected.json b/azure-test/tests/azure_security_center_setting/test-get-expected.json index 30f6fcba..7575985d 100644 --- a/azure-test/tests/azure_security_center_setting/test-get-expected.json +++ b/azure-test/tests/azure_security_center_setting/test-get-expected.json @@ -1,7 +1,7 @@ [ { "id": "{{ output.resource_id.value }}", - "name": "MCAS", + "name": "{{ output.resource_name.value }}", "type": "Microsoft.Security/settings" } ] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_setting/test-list-expected.json b/azure-test/tests/azure_security_center_setting/test-list-expected.json index 7b00f6dd..37aee719 100644 --- a/azure-test/tests/azure_security_center_setting/test-list-expected.json +++ b/azure-test/tests/azure_security_center_setting/test-list-expected.json @@ -1,6 +1,6 @@ [ { "id": "{{ output.resource_id.value }}", - "name": "MCAS" + "name": "{{ output.resource_name.value }}" } ] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_setting/test-turbot-expected.json b/azure-test/tests/azure_security_center_setting/test-turbot-expected.json index 80911840..3977b7f4 100644 --- a/azure-test/tests/azure_security_center_setting/test-turbot-expected.json +++ b/azure-test/tests/azure_security_center_setting/test-turbot-expected.json @@ -4,7 +4,7 @@ "{{ output.resource_aka.value }}", "{{ output.resource_aka_lower.value }}" ], - "name": "MCAS", - "title": "MCAS" + "name": "{{ output.resource_name.value }}", + "title": "{{ output.resource_name.value }}" } ] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_setting/variables.tf b/azure-test/tests/azure_security_center_setting/variables.tf index b6eac132..d5d8dda8 100644 --- a/azure-test/tests/azure_security_center_setting/variables.tf +++ b/azure-test/tests/azure_security_center_setting/variables.tf @@ -17,6 +17,12 @@ variable "azure_subscription" { description = "Azure subscription used for the test." } +variable "setting_name" { + type = string + default = "MCAS" + description = "Name of the resource." +} + provider "azurerm" { # Cannot be passed as a variable version = "=2.43.0" @@ -35,7 +41,7 @@ data "null_data_source" "resource" { resource "azurerm_security_center_setting" "named_test_resource" { #expected setting_name to be one of [MCAS WDATP] - setting_name = "MCAS" + setting_name = var.setting_name enabled = true } @@ -52,7 +58,7 @@ output "resource_id" { } output "resource_name" { - value = "MCAS" + value = var.setting_name } output "subscription_id" { diff --git a/azure/table_azure_security_center_setting.go b/azure/table_azure_security_center_setting.go index d53effac..b11614d6 100644 --- a/azure/table_azure_security_center_setting.go +++ b/azure/table_azure_security_center_setting.go @@ -18,11 +18,11 @@ func tableAzureSecurityCenterSetting(_ context.Context) *plugin.Table { Description: "Azure Security Center Setting", Get: &plugin.GetConfig{ KeyColumns: plugin.SingleColumn("name"), - Hydrate: getSettingDetails, + Hydrate: getSecurityCenterSetting, ShouldIgnoreError: isNotFoundError([]string{"ResourceNotFound", "ResourceGroupNotFound", "404"}), }, List: &plugin.ListConfig{ - Hydrate: listSettingDetails, + Hydrate: listSecurityCenterSettings, }, Columns: []*plugin.Column{ { @@ -74,7 +74,7 @@ func tableAzureSecurityCenterSetting(_ context.Context) *plugin.Table { //// LIST FUNCTION -func listSettingDetails(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { +func listSecurityCenterSettings(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { session, err := GetNewSession(ctx, d, "MANAGEMENT") if err != nil { return nil, err @@ -95,9 +95,9 @@ func listSettingDetails(ctx context.Context, d *plugin.QueryData, _ *plugin.Hydr return nil, nil } -//// TABLE DEFINITION +//// HYDRATE FUNCTIONS -func getSettingDetails(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { +func getSecurityCenterSetting(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { session, err := GetNewSession(ctx, d, "MANAGEMENT") if err != nil { return nil, err From 7762943ba98c8a43cfb43647e67f8c0a7077a68a Mon Sep 17 00:00:00 2001 From: bigdatasourav Date: Thu, 6 May 2021 16:48:15 +0530 Subject: [PATCH 04/10] new table --- .../dependencies.txt | 0 .../test-get-expected.json | 4 +- .../test-get-query.sql | 2 +- .../test-list-expected.json | 0 .../test-list-query.sql | 2 +- .../test-not-found-expected.json | 0 .../test-not-found-query.sql | 2 +- .../test-turbot-expected.json | 0 .../test-turbot-query.sql | 2 +- .../variables.json | 0 .../variables.tf | 20 ++-- azure/plugin.go | 104 +++++++++--------- ...zure_security_center_auto_provisioning.go} | 37 ++++--- ...azure_security_center_auto_provisioning.md | 31 ++++++ docs/tables/azure_security_center_setting.md | 45 -------- 15 files changed, 117 insertions(+), 132 deletions(-) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/dependencies.txt (100%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/test-get-expected.json (62%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/test-get-query.sql (58%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/test-list-expected.json (100%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/test-list-query.sql (54%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/test-not-found-expected.json (100%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/test-not-found-query.sql (61%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/test-turbot-expected.json (100%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/test-turbot-query.sql (59%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/variables.json (100%) rename azure-test/tests/{azure_security_center_setting => azure_security_center_auto_provisioning}/variables.tf (66%) rename azure/{table_azure_security_center_setting.go => table_azure_security_center_auto_provisioning.go} (60%) create mode 100644 docs/tables/azure_security_center_auto_provisioning.md delete mode 100644 docs/tables/azure_security_center_setting.md diff --git a/azure-test/tests/azure_security_center_setting/dependencies.txt b/azure-test/tests/azure_security_center_auto_provisioning/dependencies.txt similarity index 100% rename from azure-test/tests/azure_security_center_setting/dependencies.txt rename to azure-test/tests/azure_security_center_auto_provisioning/dependencies.txt diff --git a/azure-test/tests/azure_security_center_setting/test-get-expected.json b/azure-test/tests/azure_security_center_auto_provisioning/test-get-expected.json similarity index 62% rename from azure-test/tests/azure_security_center_setting/test-get-expected.json rename to azure-test/tests/azure_security_center_auto_provisioning/test-get-expected.json index 7575985d..d7b43122 100644 --- a/azure-test/tests/azure_security_center_setting/test-get-expected.json +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-get-expected.json @@ -2,6 +2,6 @@ { "id": "{{ output.resource_id.value }}", "name": "{{ output.resource_name.value }}", - "type": "Microsoft.Security/settings" + "type": "Microsoft.Security/autoProvisioningSettings" } -] \ No newline at end of file +] \ No newline at end of file diff --git a/azure-test/tests/azure_security_center_setting/test-get-query.sql b/azure-test/tests/azure_security_center_auto_provisioning/test-get-query.sql similarity index 58% rename from azure-test/tests/azure_security_center_setting/test-get-query.sql rename to azure-test/tests/azure_security_center_auto_provisioning/test-get-query.sql index a4f6c596..d04dfa83 100644 --- a/azure-test/tests/azure_security_center_setting/test-get-query.sql +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-get-query.sql @@ -1,3 +1,3 @@ select name, id, type -from azure.azure_security_center_setting +from azure.azure_security_center_auto_provisioning where name = '{{ output.resource_name.value }}'; diff --git a/azure-test/tests/azure_security_center_setting/test-list-expected.json b/azure-test/tests/azure_security_center_auto_provisioning/test-list-expected.json similarity index 100% rename from azure-test/tests/azure_security_center_setting/test-list-expected.json rename to azure-test/tests/azure_security_center_auto_provisioning/test-list-expected.json diff --git a/azure-test/tests/azure_security_center_setting/test-list-query.sql b/azure-test/tests/azure_security_center_auto_provisioning/test-list-query.sql similarity index 54% rename from azure-test/tests/azure_security_center_setting/test-list-query.sql rename to azure-test/tests/azure_security_center_auto_provisioning/test-list-query.sql index 5bfd4301..7a2e61d7 100644 --- a/azure-test/tests/azure_security_center_setting/test-list-query.sql +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-list-query.sql @@ -1,3 +1,3 @@ select id, name -from azure.azure_security_center_setting +from azure.azure_security_center_auto_provisioning where id = '{{ output.resource_id.value }}' diff --git a/azure-test/tests/azure_security_center_setting/test-not-found-expected.json b/azure-test/tests/azure_security_center_auto_provisioning/test-not-found-expected.json similarity index 100% rename from azure-test/tests/azure_security_center_setting/test-not-found-expected.json rename to azure-test/tests/azure_security_center_auto_provisioning/test-not-found-expected.json diff --git a/azure-test/tests/azure_security_center_setting/test-not-found-query.sql b/azure-test/tests/azure_security_center_auto_provisioning/test-not-found-query.sql similarity index 61% rename from azure-test/tests/azure_security_center_setting/test-not-found-query.sql rename to azure-test/tests/azure_security_center_auto_provisioning/test-not-found-query.sql index 60a95b6a..4e8c9f46 100644 --- a/azure-test/tests/azure_security_center_setting/test-not-found-query.sql +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-not-found-query.sql @@ -1,3 +1,3 @@ select name, akas, title -from azure.azure_security_center_setting +from azure.azure_security_center_auto_provisioning where name = 'dummy-{{ output.resource_name.value }}'; diff --git a/azure-test/tests/azure_security_center_setting/test-turbot-expected.json b/azure-test/tests/azure_security_center_auto_provisioning/test-turbot-expected.json similarity index 100% rename from azure-test/tests/azure_security_center_setting/test-turbot-expected.json rename to azure-test/tests/azure_security_center_auto_provisioning/test-turbot-expected.json diff --git a/azure-test/tests/azure_security_center_setting/test-turbot-query.sql b/azure-test/tests/azure_security_center_auto_provisioning/test-turbot-query.sql similarity index 59% rename from azure-test/tests/azure_security_center_setting/test-turbot-query.sql rename to azure-test/tests/azure_security_center_auto_provisioning/test-turbot-query.sql index 9180c40c..67ea4f73 100644 --- a/azure-test/tests/azure_security_center_setting/test-turbot-query.sql +++ b/azure-test/tests/azure_security_center_auto_provisioning/test-turbot-query.sql @@ -1,3 +1,3 @@ select name, akas, title -from azure.azure_security_center_setting +from azure.azure_security_center_auto_provisioning where name = '{{ output.resource_name.value }}'; diff --git a/azure-test/tests/azure_security_center_setting/variables.json b/azure-test/tests/azure_security_center_auto_provisioning/variables.json similarity index 100% rename from azure-test/tests/azure_security_center_setting/variables.json rename to azure-test/tests/azure_security_center_auto_provisioning/variables.json diff --git a/azure-test/tests/azure_security_center_setting/variables.tf b/azure-test/tests/azure_security_center_auto_provisioning/variables.tf similarity index 66% rename from azure-test/tests/azure_security_center_setting/variables.tf rename to azure-test/tests/azure_security_center_auto_provisioning/variables.tf index d5d8dda8..b9a22b27 100644 --- a/azure-test/tests/azure_security_center_setting/variables.tf +++ b/azure-test/tests/azure_security_center_auto_provisioning/variables.tf @@ -13,13 +13,13 @@ variable "azure_environment" { variable "azure_subscription" { type = string - default = "d7245080-b4ae-4fe5-b6fa-2e71b3dae6c8" + default = "3510ae4d-530b-497d-8f30-53b9616fc6c1" description = "Azure subscription used for the test." } -variable "setting_name" { +variable "provision_name" { type = string - default = "MCAS" + default = "default" description = "Name of the resource." } @@ -39,26 +39,24 @@ data "null_data_source" "resource" { } } -resource "azurerm_security_center_setting" "named_test_resource" { - #expected setting_name to be one of [MCAS WDATP] - setting_name = var.setting_name - enabled = true +resource "azurerm_security_center_auto_provisioning" "named_test_resource" { + auto_provision = "On" } output "resource_aka" { - value = "azure://${azurerm_security_center_setting.named_test_resource.id}" + value = "azure://${azurerm_security_center_auto_provisioning.named_test_resource.id}" } output "resource_aka_lower" { - value = "azure://${lower(azurerm_security_center_setting.named_test_resource.id)}" + value = "azure://${lower(azurerm_security_center_auto_provisioning.named_test_resource.id)}" } output "resource_id" { - value = azurerm_security_center_setting.named_test_resource.id + value = azurerm_security_center_auto_provisioning.named_test_resource.id } output "resource_name" { - value = var.setting_name + value = var.provision_name } output "subscription_id" { diff --git a/azure/plugin.go b/azure/plugin.go index e81bd5b2..028a299f 100644 --- a/azure/plugin.go +++ b/azure/plugin.go @@ -22,58 +22,58 @@ func Plugin(ctx context.Context) *plugin.Plugin { Schema: ConfigSchema, }, TableMap: map[string]*plugin.Table{ - "azure_ad_group": tableAzureAdGroup(ctx), - "azure_ad_service_principal": tableAzureAdServicePrincipal(ctx), - "azure_ad_user": tableAzureAdUser(ctx), - "azure_api_management": tableAzureAPIManagement(ctx), - "azure_app_service_environment": tableAzureAppServiceEnvironment(ctx), - "azure_app_service_function_app": tableAzureAppServiceFunctionApp(ctx), - "azure_app_service_plan": tableAzureAppServicePlan(ctx), - "azure_app_service_web_app": tableAzureAppServiceWebApp(ctx), - "azure_application_security_group": tableAzureApplicationSecurityGroup(ctx), - "azure_compute_availability_set": tableAzureComputeAvailabilitySet(ctx), - "azure_compute_disk": tableAzureComputeDisk(ctx), - "azure_compute_disk_encryption_set": tableAzureComputeDiskEncryptionSet(ctx), - "azure_compute_image": tableAzureComputeImage(ctx), - "azure_compute_resource_sku": tableAzureResourceSku(ctx), - "azure_compute_snapshot": tableAzureComputeSnapshot(ctx), - "azure_compute_virtual_machine": tableAzureComputeVirtualMachine(ctx), - "azure_cosmosdb_account": tableAzureCosmosDBAccount(ctx), - "azure_cosmosdb_mongo_database": tableAzureCosmosDBMongoDatabase(ctx), - "azure_cosmosdb_sql_database": tableAzureCosmosDBSQLDatabase(ctx), - "azure_diagnostic_setting": tableAzureDiagnosticSetting(ctx), - "azure_firewall": tableAzureFirewall(ctx), - "azure_key_vault": tableAzureKeyVault(ctx), - "azure_key_vault_key": tableAzureKeyVaultKey(ctx), - "azure_key_vault_secret": tableAzureKeyVaultSecret(ctx), - "azure_kubernetes_cluster": tableAzureKubernetesCluster(ctx), - "azure_location": tableAzureLocation(ctx), - "azure_log_alert": tableAzureLogAlert(ctx), - "azure_log_profile": tableAzureLogProfile(ctx), - "azure_management_lock": tableAzureManagementLock(ctx), - "azure_mysql_server": tableAzureMySQLServer(ctx), - "azure_network_interface": tableAzureNetworkInterface(ctx), - "azure_network_security_group": tableAzureNetworkSecurityGroup(ctx), - "azure_network_watcher": tableAzureNetworkWatcher(ctx), - "azure_network_watcher_flow_log": tableAzureNetworkWatcherFlowLog(ctx), - "azure_postgresql_server": tableAzurePostgreSqlServer(ctx), - "azure_provider": tableAzureProvider(ctx), - "azure_public_ip": tableAzurePublicIP(ctx), - "azure_resource_group": tableAzureResourceGroup(ctx), - "azure_role_assignment": tableAzureIamRoleAssignment(ctx), - "azure_role_definition": tableAzureIamRoleDefinition(ctx), - "azure_route_table": tableAzureRouteTable(ctx), - "azure_security_center_setting": tableAzureSecurityCenterSetting(ctx), - "azure_sql_database": tableAzureSqlDatabase(ctx), - "azure_sql_server": tableAzureSQLServer(ctx), - "azure_storage_account": tableAzureStorageAccount(ctx), - "azure_storage_blob_service": tableAzureStorageBlobService(ctx), - "azure_storage_container": tableAzureStorageContainer(ctx), - "azure_storage_queue": tableAzureStorageQueue(ctx), - "azure_storage_table": tableAzureStorageTable(ctx), - "azure_storage_table_service": tableAzureStorageTableService(ctx), - "azure_subnet": tableAzureSubnet(ctx), - "azure_virtual_network": tableAzureVirtualNetwork(ctx), + "azure_ad_group": tableAzureAdGroup(ctx), + "azure_ad_service_principal": tableAzureAdServicePrincipal(ctx), + "azure_ad_user": tableAzureAdUser(ctx), + "azure_api_management": tableAzureAPIManagement(ctx), + "azure_app_service_environment": tableAzureAppServiceEnvironment(ctx), + "azure_app_service_function_app": tableAzureAppServiceFunctionApp(ctx), + "azure_app_service_plan": tableAzureAppServicePlan(ctx), + "azure_app_service_web_app": tableAzureAppServiceWebApp(ctx), + "azure_application_security_group": tableAzureApplicationSecurityGroup(ctx), + "azure_compute_availability_set": tableAzureComputeAvailabilitySet(ctx), + "azure_compute_disk": tableAzureComputeDisk(ctx), + "azure_compute_disk_encryption_set": tableAzureComputeDiskEncryptionSet(ctx), + "azure_compute_image": tableAzureComputeImage(ctx), + "azure_compute_resource_sku": tableAzureResourceSku(ctx), + "azure_compute_snapshot": tableAzureComputeSnapshot(ctx), + "azure_compute_virtual_machine": tableAzureComputeVirtualMachine(ctx), + "azure_cosmosdb_account": tableAzureCosmosDBAccount(ctx), + "azure_cosmosdb_mongo_database": tableAzureCosmosDBMongoDatabase(ctx), + "azure_cosmosdb_sql_database": tableAzureCosmosDBSQLDatabase(ctx), + "azure_diagnostic_setting": tableAzureDiagnosticSetting(ctx), + "azure_firewall": tableAzureFirewall(ctx), + "azure_key_vault": tableAzureKeyVault(ctx), + "azure_key_vault_key": tableAzureKeyVaultKey(ctx), + "azure_key_vault_secret": tableAzureKeyVaultSecret(ctx), + "azure_kubernetes_cluster": tableAzureKubernetesCluster(ctx), + "azure_location": tableAzureLocation(ctx), + "azure_log_alert": tableAzureLogAlert(ctx), + "azure_log_profile": tableAzureLogProfile(ctx), + "azure_management_lock": tableAzureManagementLock(ctx), + "azure_mysql_server": tableAzureMySQLServer(ctx), + "azure_network_interface": tableAzureNetworkInterface(ctx), + "azure_network_security_group": tableAzureNetworkSecurityGroup(ctx), + "azure_network_watcher": tableAzureNetworkWatcher(ctx), + "azure_network_watcher_flow_log": tableAzureNetworkWatcherFlowLog(ctx), + "azure_postgresql_server": tableAzurePostgreSqlServer(ctx), + "azure_provider": tableAzureProvider(ctx), + "azure_public_ip": tableAzurePublicIP(ctx), + "azure_resource_group": tableAzureResourceGroup(ctx), + "azure_role_assignment": tableAzureIamRoleAssignment(ctx), + "azure_role_definition": tableAzureIamRoleDefinition(ctx), + "azure_route_table": tableAzureRouteTable(ctx), + "azure_security_center_auto_provisioning": tableAzureSecurityCenterAutoProvisioning(ctx), + "azure_sql_database": tableAzureSqlDatabase(ctx), + "azure_sql_server": tableAzureSQLServer(ctx), + "azure_storage_account": tableAzureStorageAccount(ctx), + "azure_storage_blob_service": tableAzureStorageBlobService(ctx), + "azure_storage_container": tableAzureStorageContainer(ctx), + "azure_storage_queue": tableAzureStorageQueue(ctx), + "azure_storage_table": tableAzureStorageTable(ctx), + "azure_storage_table_service": tableAzureStorageTableService(ctx), + "azure_subnet": tableAzureSubnet(ctx), + "azure_virtual_network": tableAzureVirtualNetwork(ctx), // "azure_storage_blob": tableAzureStorageBlob(ctx), // "azure_storage_table": tableAzureStorageTable(ctx), }, diff --git a/azure/table_azure_security_center_setting.go b/azure/table_azure_security_center_auto_provisioning.go similarity index 60% rename from azure/table_azure_security_center_setting.go rename to azure/table_azure_security_center_auto_provisioning.go index b11614d6..9003c98d 100644 --- a/azure/table_azure_security_center_setting.go +++ b/azure/table_azure_security_center_auto_provisioning.go @@ -12,17 +12,17 @@ import ( //// TABLE DEFINITION -func tableAzureSecurityCenterSetting(_ context.Context) *plugin.Table { +func tableAzureSecurityCenterAutoProvisioning(_ context.Context) *plugin.Table { return &plugin.Table{ - Name: "azure_security_center_setting", - Description: "Azure Security Center Setting", + Name: "azure_security_center_auto_provisioning", + Description: "Azure Security Center Auto Provisioning", Get: &plugin.GetConfig{ KeyColumns: plugin.SingleColumn("name"), - Hydrate: getSecurityCenterSetting, + Hydrate: getSecurityCenterAutoProvisioning, ShouldIgnoreError: isNotFoundError([]string{"ResourceNotFound", "ResourceGroupNotFound", "404"}), }, List: &plugin.ListConfig{ - Hydrate: listSecurityCenterSettings, + Hydrate: listSecurityCenterAutoProvisioning, }, Columns: []*plugin.Column{ { @@ -42,9 +42,10 @@ func tableAzureSecurityCenterSetting(_ context.Context) *plugin.Table { Type: proto.ColumnType_STRING, }, { - Name: "kind", - Description: "The kind of the settings string (DataExportSettings).", + Name: "auto_provision", + Description: "Describes what kind of security agent provisioning action to take. Possible values include: AutoProvisionOn, AutoProvisionOff", Type: proto.ColumnType_STRING, + Transform: transform.FromField("AutoProvisioningSettingProperties.AutoProvision"), }, // Steampipe standard columns @@ -74,30 +75,30 @@ func tableAzureSecurityCenterSetting(_ context.Context) *plugin.Table { //// LIST FUNCTION -func listSecurityCenterSettings(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { +func listSecurityCenterAutoProvisioning(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { session, err := GetNewSession(ctx, d, "MANAGEMENT") if err != nil { return nil, err } subscriptionID := session.SubscriptionID - settingClient := security.NewSettingsClient(subscriptionID, "") - settingClient.Authorizer = session.Authorizer + autoProvisioningClient := security.NewAutoProvisioningSettingsClient(subscriptionID, "") + autoProvisioningClient.Authorizer = session.Authorizer - settingList, err := settingClient.List(ctx) + autoProvisioningList, err := autoProvisioningClient.List(ctx) if err != nil { return err, nil } - for _, setting := range settingList.Values() { - d.StreamListItem(ctx, setting) + for _, autoProvisioning := range autoProvisioningList.Values() { + d.StreamListItem(ctx, autoProvisioning) } return nil, nil } //// HYDRATE FUNCTIONS -func getSecurityCenterSetting(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { +func getSecurityCenterAutoProvisioning(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) { session, err := GetNewSession(ctx, d, "MANAGEMENT") if err != nil { return nil, err @@ -105,13 +106,13 @@ func getSecurityCenterSetting(ctx context.Context, d *plugin.QueryData, _ *plugi name := d.KeyColumnQuals["name"].GetStringValue() subscriptionID := session.SubscriptionID - settingClient := security.NewSettingsClient(subscriptionID, "") - settingClient.Authorizer = session.Authorizer + autoProvisioningClient := security.NewAutoProvisioningSettingsClient(subscriptionID, "") + autoProvisioningClient.Authorizer = session.Authorizer - setting, err := settingClient.Get(ctx, name) + autoProvisioning, err := autoProvisioningClient.Get(ctx, name) if err != nil { return err, nil } - return setting, nil + return autoProvisioning, nil } diff --git a/docs/tables/azure_security_center_auto_provisioning.md b/docs/tables/azure_security_center_auto_provisioning.md new file mode 100644 index 00000000..7a9840d1 --- /dev/null +++ b/docs/tables/azure_security_center_auto_provisioning.md @@ -0,0 +1,31 @@ +# Table: azure_security_center_auto_provisioning + +Azure security center auto provisioning settings exposes the auto provisioning settings of the subscriptions. + +## Examples + +### Basic info + +```sql +select + id, + name, + type, + auto_provision +from + azure_security_center_auto_provisioning; +``` + +### Ensure that Automatic provisioning of monitoring agent is set to On + +```sql +select + id, + name, + type, + auto_provision +from + azure_security_center_auto_provisioning +where + auto_provision = 'On'; +``` diff --git a/docs/tables/azure_security_center_setting.md b/docs/tables/azure_security_center_setting.md deleted file mode 100644 index 2664883d..00000000 --- a/docs/tables/azure_security_center_setting.md +++ /dev/null @@ -1,45 +0,0 @@ -# Table: azure_security_center_setting - -Azure security center settings contains different configurations in security center. - -## Examples - -### Basic info - -```sql -select - id, - name, - type, - kind -from - azure_security_center_setting; -``` - -### Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected - -```sql -select - id, - name, - type, - kind -from - azure_security_center_setting -where - name = 'MCAS'; -``` - -### Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected - -```sql -select - id, - name, - type, - kind -from - azure_security_center_setting -where - name = 'WDATP'; -``` From f13e6b940d6ac3d21f5ff16de603934b955b5d9c Mon Sep 17 00:00:00 2001 From: bigdatasourav Date: Thu, 6 May 2021 17:36:50 +0530 Subject: [PATCH 05/10] fix --- azure/table_azure_security_center_auto_provisioning.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/azure/table_azure_security_center_auto_provisioning.go b/azure/table_azure_security_center_auto_provisioning.go index 9003c98d..7e155aca 100644 --- a/azure/table_azure_security_center_auto_provisioning.go +++ b/azure/table_azure_security_center_auto_provisioning.go @@ -17,9 +17,8 @@ func tableAzureSecurityCenterAutoProvisioning(_ context.Context) *plugin.Table { Name: "azure_security_center_auto_provisioning", Description: "Azure Security Center Auto Provisioning", Get: &plugin.GetConfig{ - KeyColumns: plugin.SingleColumn("name"), - Hydrate: getSecurityCenterAutoProvisioning, - ShouldIgnoreError: isNotFoundError([]string{"ResourceNotFound", "ResourceGroupNotFound", "404"}), + KeyColumns: plugin.SingleColumn("name"), + Hydrate: getSecurityCenterAutoProvisioning, }, List: &plugin.ListConfig{ Hydrate: listSecurityCenterAutoProvisioning, @@ -28,7 +27,7 @@ func tableAzureSecurityCenterAutoProvisioning(_ context.Context) *plugin.Table { { Name: "id", Type: proto.ColumnType_STRING, - Description: "The resource Id.", + Description: "The resource id.", Transform: transform.FromField("ID"), }, { From e9bc6fd0de5691f18944bed8a45a63710fe85a0d Mon Sep 17 00:00:00 2001 From: bigdatasourav Date: Fri, 7 May 2021 12:56:02 +0530 Subject: [PATCH 06/10] doc fix --- .../azure_security_center_auto_provisioning/variables.tf | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/azure-test/tests/azure_security_center_auto_provisioning/variables.tf b/azure-test/tests/azure_security_center_auto_provisioning/variables.tf index b9a22b27..5853173f 100644 --- a/azure-test/tests/azure_security_center_auto_provisioning/variables.tf +++ b/azure-test/tests/azure_security_center_auto_provisioning/variables.tf @@ -17,12 +17,6 @@ variable "azure_subscription" { description = "Azure subscription used for the test." } -variable "provision_name" { - type = string - default = "default" - description = "Name of the resource." -} - provider "azurerm" { # Cannot be passed as a variable version = "=2.43.0" @@ -56,7 +50,7 @@ output "resource_id" { } output "resource_name" { - value = var.provision_name + value = element(split("/", azurerm_security_center_auto_provisioning.named_test_resource.id), 6) } output "subscription_id" { From 00bef281760a8208b3eb194fbcf9e1a03572b923 Mon Sep 17 00:00:00 2001 From: bigdatasourav Date: Fri, 7 May 2021 14:45:10 +0530 Subject: [PATCH 07/10] fix --- azure/table_azure_security_center_auto_provisioning.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure/table_azure_security_center_auto_provisioning.go b/azure/table_azure_security_center_auto_provisioning.go index 7e155aca..3f516b98 100644 --- a/azure/table_azure_security_center_auto_provisioning.go +++ b/azure/table_azure_security_center_auto_provisioning.go @@ -28,7 +28,7 @@ func tableAzureSecurityCenterAutoProvisioning(_ context.Context) *plugin.Table { Name: "id", Type: proto.ColumnType_STRING, Description: "The resource id.", - Transform: transform.FromField("ID"), + Transform: transform.FromGo(), }, { Name: "name", From e3580407de8bed9623145375012e8e6c8679f834 Mon Sep 17 00:00:00 2001 From: bigdatasourav Date: Tue, 11 May 2021 11:35:40 +0530 Subject: [PATCH 08/10] refactor --- .../tests/azure_security_center_auto_provisioning/variables.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/azure-test/tests/azure_security_center_auto_provisioning/variables.tf b/azure-test/tests/azure_security_center_auto_provisioning/variables.tf index 5853173f..72ed3d01 100644 --- a/azure-test/tests/azure_security_center_auto_provisioning/variables.tf +++ b/azure-test/tests/azure_security_center_auto_provisioning/variables.tf @@ -13,7 +13,6 @@ variable "azure_environment" { variable "azure_subscription" { type = string - default = "3510ae4d-530b-497d-8f30-53b9616fc6c1" description = "Azure subscription used for the test." } From a7273a50c39e37866ff306860f9a3b24147bf6df Mon Sep 17 00:00:00 2001 From: bigdatasourav Date: Tue, 11 May 2021 15:57:28 +0530 Subject: [PATCH 09/10] changes --- azure/table_azure_security_center_auto_provisioning.go | 2 +- azure/utils.go | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/azure/table_azure_security_center_auto_provisioning.go b/azure/table_azure_security_center_auto_provisioning.go index 3f516b98..70cfeee9 100644 --- a/azure/table_azure_security_center_auto_provisioning.go +++ b/azure/table_azure_security_center_auto_provisioning.go @@ -42,7 +42,7 @@ func tableAzureSecurityCenterAutoProvisioning(_ context.Context) *plugin.Table { }, { Name: "auto_provision", - Description: "Describes what kind of security agent provisioning action to take. Possible values include: AutoProvisionOn, AutoProvisionOff", + Description: "Describes what kind of security agent provisioning action to take. Possible values include: On, Off", Type: proto.ColumnType_STRING, Transform: transform.FromField("AutoProvisioningSettingProperties.AutoProvision"), }, diff --git a/azure/utils.go b/azure/utils.go index 9079e6a4..3c91d144 100644 --- a/azure/utils.go +++ b/azure/utils.go @@ -14,6 +14,9 @@ import ( func idToSubscriptionID(ctx context.Context, d *transform.TransformData) (interface{}, error) { id := types.SafeString(d.Value) + if len(id) == 0 { + return nil, nil + } subscriptionid := strings.Split(id, "/")[2] return subscriptionid, nil } From f3fb7d49de70b472714b415898d283e1a62ccaa7 Mon Sep 17 00:00:00 2001 From: cbruno10 Date: Thu, 13 May 2021 07:32:18 -0400 Subject: [PATCH 10/10] Update examples --- docs/tables/azure_security_center_auto_provisioning.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/tables/azure_security_center_auto_provisioning.md b/docs/tables/azure_security_center_auto_provisioning.md index 7a9840d1..3d075336 100644 --- a/docs/tables/azure_security_center_auto_provisioning.md +++ b/docs/tables/azure_security_center_auto_provisioning.md @@ -1,6 +1,6 @@ # Table: azure_security_center_auto_provisioning -Azure security center auto provisioning settings exposes the auto provisioning settings of the subscriptions. +Azure security center auto provisioning settings expose the auto provisioning settings of the subscriptions. ## Examples @@ -16,7 +16,7 @@ from azure_security_center_auto_provisioning; ``` -### Ensure that Automatic provisioning of monitoring agent is set to On +### List subscriptions that have automatic provisioning of VM monitoring agent enabled ```sql select