Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update table azure_sql_server to return null instead of empty object, if not configured. Closes #67 #68

Merged
merged 4 commits into from
Apr 7, 2021
Merged

Update table azure_sql_server to return null instead of empty object, if not configured. Closes #67 #68

merged 4 commits into from
Apr 7, 2021

Conversation

Subhajit97
Copy link
Contributor

@Subhajit97 Subhajit97 commented Mar 30, 2021
edited
Loading

Integration test logs

Logs 
No env file present for the current environment:  staging 
 Falling back to .env config
No env file present for the current environment:  staging
customEnv TURBOT_TEST_EXPECTED_TIMEOUT 300

SETUP: tests/azure_sql_server []

PRETEST: tests/azure_sql_server

TEST: tests/azure_sql_server
Running terraform
data.azurerm_client_config.current: Refreshing state...
data.null_data_source.resource: Refreshing state...
azurerm_resource_group.named_test_resource: Creating...
azurerm_resource_group.named_test_resource: Creation complete after 3s [id=/subscriptions/********-****-****-****-************/resourceGroups/turbottest95686]
azurerm_storage_account.named_test_resource: Creating...
azurerm_storage_account.named_test_resource: Still creating... [10s elapsed]
azurerm_storage_account.named_test_resource: Still creating... [20s elapsed]
azurerm_storage_account.named_test_resource: Still creating... [30s elapsed]
azurerm_storage_account.named_test_resource: Creation complete after 36s [id=/subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Storage/storageAccounts/turbottest95686]
azurerm_sql_server.named_test_resource: Creating...
azurerm_sql_server.named_test_resource: Still creating... [10s elapsed]
azurerm_sql_server.named_test_resource: Still creating... [20s elapsed]
azurerm_sql_server.named_test_resource: Still creating... [30s elapsed]
azurerm_sql_server.named_test_resource: Still creating... [40s elapsed]
azurerm_sql_server.named_test_resource: Still creating... [50s elapsed]
azurerm_sql_server.named_test_resource: Still creating... [1m0s elapsed]
azurerm_sql_server.named_test_resource: Still creating... [1m10s elapsed]
azurerm_sql_server.named_test_resource: Still creating... [1m20s elapsed]
azurerm_sql_server.named_test_resource: Still creating... [1m30s elapsed]
azurerm_sql_server.named_test_resource: Creation complete after 1m39s [id=/subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Sql/servers/turbottest95686]

Warning: Deprecated Resource

The null_data_source was historically used to construct intermediate values to
re-use elsewhere in configuration, the same can now be achieved using locals


Warning: "extended_auditing_policy": [DEPRECATED] the `extended_auditing_policy` block has been moved to `azurerm_mssql_server_extended_auditing_policy` and `azurerm_mssql_database_extended_auditing_policy`. This block will be removed in version 3.0 of the provider.

  on variables.tf line 49, in resource "azurerm_sql_server" "named_test_resource":
  49: resource "azurerm_sql_server" "named_test_resource" {



Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

auditing_policy = [
  {
    "log_monitoring_enabled" = true
    "retention_in_days" = 6
    "storage_account_access_key" = "kpUFVoduK1vVgpwA9FGAqMVoQZykvPmoIglfEHHUvJmObc4/pTFOfubjFVIcuuha5zlo2tcwV5K3l/g8ccGSTg=="
    "storage_account_access_key_is_secondary" = true
    "storage_endpoint" = "https://turbottest95686.blob.core.windows.net/"
  },
]
location = eastus
resource_aka = azure:///subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Sql/servers/turbottest95686
resource_aka_lower = azure:///subscriptions/********-****-****-****-************/resourcegroups/turbottest95686/providers/microsoft.sql/servers/turbottest95686
resource_id = /subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Sql/servers/turbottest95686
resource_name = turbottest95686
subscription_id = ********-****-****-****-************

Running SQL query: test-get-query.sql
[
  {
    "administrator_login": "mradministrator",
    "fully_qualified_domain_name": "turbottest95686.database.windows.net",
    "kind": "v12.0",
    "location": "eastus",
    "name": "turbottest95686",
    "region": "eastus",
    "resource_group": "turbottest95686",
    "subscription_id": "********-****-****-****-************",
    "tags_src": {
      "name": "turbottest95686"
    },
    "type": "Microsoft.Sql/servers",
    "version": "12.0"
  }
]
✔ PASSED

Running SQL query: test-hydrate-query.sql
[
  {
    "encryption_protector": [
      {
        "id": "/subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Sql/servers/turbottest95686/encryptionProtector/current",
        "kind": "servicemanaged",
        "name": "current",
        "properties": {
          "serverKeyName": "ServiceManaged",
          "serverKeyType": "ServiceManaged"
        },
        "type": "Microsoft.Sql/servers/encryptionProtector"
      }
    ],
    "firewall_rules": [],
    "name": "turbottest95686",
    "server_audit_policy": [
      {
        "id": "/subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Sql/servers/turbottest95686/auditingSettings/Default",
        "name": "Default",
        "properties": {
          "auditActionsAndGroups": [
            "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP",
            "FAILED_DATABASE_AUTHENTICATION_GROUP",
            "BATCH_COMPLETED_GROUP"
          ],
          "isAzureMonitorTargetEnabled": true,
          "isStorageSecondaryKeyInUse": true,
          "retentionDays": 6,
          "state": "Enabled",
          "storageAccountSubscriptionId": "00000000-0000-0000-0000-000000000000",
          "storageEndpoint": "https://turbottest95686.blob.core.windows.net/"
        },
        "type": "Microsoft.Sql/servers/auditingSettings"
      }
    ],
    "server_azure_ad_administrator": "<null>",
    "server_security_alert_policy": [
      {
        "id": "/subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Sql/servers/turbottest95686/securityAlertPolicies/Default",
        "name": "Default",
        "properties": {
          "disabledAlerts": [
            ""
          ],
          "emailAccountAdmins": false,
          "emailAddresses": [
            ""
          ],
          "retentionDays": 0,
          "state": "Disabled",
          "storageAccountAccessKey": "",
          "storageEndpoint": ""
        },
        "type": "Microsoft.Sql/servers/securityAlertPolicies"
      }
    ],
    "server_vulnerability_assessment": [
      {
        "id": "/subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Sql/servers/turbottest95686/vulnerabilityAssessments/Default",
        "name": "Default",
        "properties": {
          "recurringScans": {
            "emailSubscriptionAdmins": true,
            "isEnabled": false
          }
        },
        "type": "Microsoft.Sql/servers/vulnerabilityAssessments"
      }
    ]
  }
]
✔ PASSED

Running SQL query: test-list-query.sql
[
  {
    "id": "/subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Sql/servers/turbottest95686",
    "location": "eastus",
    "name": "turbottest95686"
  }
]
✔ PASSED

Running SQL query: test-not-found-query.sql
null
✔ PASSED

Running SQL query: test-turbot-query.sql
[
  {
    "akas": [
      "azure:///subscriptions/********-****-****-****-************/resourceGroups/turbottest95686/providers/Microsoft.Sql/servers/turbottest95686",
      "azure:///subscriptions/********-****-****-****-************/resourcegroups/turbottest95686/providers/microsoft.sql/servers/turbottest95686"
    ],
    "name": "turbottest95686",
    "title": "turbottest95686"
  }
]
✔ PASSED

POSTTEST: tests/azure_sql_server

TEARDOWN: tests/azure_sql_server

SUMMARY:

1/1 passed.

Example query results

Results

List servers that have auditing disabled

select
  name,
  id,
  audit -> 'properties' ->> 'state' as audit_policy_state
from
  azure_sql_server,
  jsonb_array_elements(server_audit_policy) as audit
where
  audit -> 'properties' ->> 'state' = 'Disabled';
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+--------------------+
| name                   | id                                                                                                                                  | audit_policy_state |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+--------------------+
| testsqlserver230032021 | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver230032021 | Disabled           |
| testsqlserver30032021  | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver30032021  | Disabled           |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+--------------------+

List servers with an audit log retention period that is less than 90 days

select
  name,
  id,
  (audit -> 'properties' ->> 'retentionDays')::integer as audit_policy_retention_days
from
  azure_sql_server,
  jsonb_array_elements(server_audit_policy) as audit
where
  (audit -> 'properties' ->> 'retentionDays')::integer < 90;
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-----------------------------+
| name                   | id                                                                                                                                  | audit_policy_retention_days |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-----------------------------+
| testsqlserver230032021 | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver230032021 | 0                           |
| testsqlserver30032021  | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver30032021  | 0                           |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-----------------------------+

List servers that have advanced data security disabled

select
  name,
  id,
  security -> 'properties' ->> 'state' as security_alert_policy_state
from
  azure_sql_server,
  jsonb_array_elements(server_security_alert_policy) as security
where
  security -> 'properties' ->> 'state' = 'Disabled';
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-----------------------------+
| name                   | id                                                                                                                                  | security_alert_policy_state |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-----------------------------+
| testsqlserver30032021  | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver30032021  | Disabled                    |
| testsqlserver230032021 | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver230032021 | Disabled                    |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-----------------------------+

List servers that have Advanced Threat Protection types set to All

select
  name,
  id,
  security -> 'properties' -> 'disabledAlerts' as security_alert_policy_state
from
  azure_sql_server,
  jsonb_array_elements(server_security_alert_policy) as security,
  jsonb_array_elements_text(security -> 'properties' -> 'disabledAlerts') as disabled_alerts,
  jsonb_array_length(security -> 'properties' -> 'disabledAlerts') as alert_length
where
  alert_length = 1
  and disabled_alerts = '';
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-----------------------------+
| name                   | id                                                                                                                                  | security_alert_policy_state |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-----------------------------+
| testsqlserver30032021  | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver30032021  | [""]                        |
| testsqlserver230032021 | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver230032021 | [""]                        |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+-----------------------------+

List servers that do not have an Active Directory admin set

select
  name,
  id
from
  azure_sql_server
where
  server_azure_ad_administrator is null;
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------+
| name                  | id                                                                                                                                 |
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------+
| testsqlserver30032021 | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver30032021 |
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------+

List servers for which TDE protector is encrypted with the service-managed key

select
  name,
  id,
  encryption ->> 'kind' as encryption_protector_kind
from
  azure_sql_server,
  jsonb_array_elements(encryption_protector) as encryption
where
  encryption ->> 'kind' = 'servicemanaged';
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------------+
| name                   | id                                                                                                                                  | encryption_protector_kind |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------------+
| testsqlserver30032021  | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver30032021  | servicemanaged            |
| testsqlserver230032021 | /subscriptions/********-****-****-****-************/resourceGroups/turbot_rg/providers/Microsoft.Sql/servers/testsqlserver230032021 | servicemanaged            |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------+---------------------------+

@Subhajit97 Subhajit97 requested a review from LalitLab March 30, 2021 14:14
@Subhajit97 Subhajit97 self-assigned this Mar 30, 2021
This was linked to issues Mar 30, 2021
Update table azure_sql_server to return null instead of empty object, if not configured #67
Closed
Add PostgreSql server table #37
Closed
@cbruno10 cbruno10 merged commit 794562a into main Apr 7, 2021
@cbruno10 cbruno10 deleted the issue-67 branch April 7, 2021 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LalitLab LalitLab LalitLab approved these changes

@cbruno10 cbruno10 cbruno10 approved these changes

Assignees

@Subhajit97 Subhajit97

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@Subhajit97 @cbruno10 @LalitLab