diff --git a/azure/table_azure_application_gateway.go b/azure/table_azure_application_gateway.go index a7ef5b5d..68da1a25 100644 --- a/azure/table_azure_application_gateway.go +++ b/azure/table_azure_application_gateway.go @@ -2,9 +2,11 @@ package azure import ( "context" + "reflect" + "strings" - "github.com/Azure/azure-sdk-for-go/profiles/preview/preview/monitor/mgmt/insights" "github.com/Azure/azure-sdk-for-go/profiles/latest/network/mgmt/network" + "github.com/Azure/azure-sdk-for-go/profiles/preview/preview/monitor/mgmt/insights" "github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto" "github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform" @@ -241,11 +243,16 @@ func tableAzureApplicationGateway(_ context.Context) *plugin.Table { Type: proto.ColumnType_JSON, Transform: transform.From(extractGatewayURLPathMaps), }, + // The list/get API response contains a property called WebApplicationFirewallConfiguration. + // However, in all cases, we are receiving a null value for this property. + // The CLI command exhibits the same behavior as the API. + // Therefore, we have added a hydrate function to retrieve these details. { Name: "web_application_firewall_configuration", Description: "Web application firewall configuration of the application gateway.", Type: proto.ColumnType_JSON, - Transform: transform.FromField("ApplicationGatewayPropertiesFormat.WebApplicationFirewallConfiguration"), + Hydrate: getWebApplicationFirewallConfiguration, + Transform: transform.FromValue(), }, { Name: "zones", @@ -405,6 +412,36 @@ func listApplicationGatewayDiagnosticSettings(ctx context.Context, d *plugin.Que return diagnosticSettings, nil } +func getWebApplicationFirewallConfiguration(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) { + firewallPolicy := h.Item.(network.ApplicationGateway).FirewallPolicy + + // Check for any WAF policy association + if firewallPolicy == nil { + return nil, nil + } + policyId := firewallPolicy.ID + resourceGroup := strings.Split(*policyId, "/")[4] + policyname := strings.Split(*policyId, "/")[len(strings.Split(*policyId, "/"))-1] + + // Create session + session, err := GetNewSession(ctx, d, "MANAGEMENT") + if err != nil { + return nil, err + } + subscriptionID := session.SubscriptionID + + client := network.NewWebApplicationFirewallPoliciesClientWithBaseURI(session.ResourceManagerEndpoint, subscriptionID) + client.Authorizer = session.Authorizer + + op, err := client.Get(ctx, resourceGroup, policyname) + if err != nil { + plugin.Logger(ctx).Error("azure_application_gateway.getWebApplicationFirewallConfiguration", "api_error", err) + return nil, err + } + + return structToMap(reflect.ValueOf(*op.WebApplicationFirewallPolicyPropertiesFormat)), nil +} + //// TRANSFORM FUNCTIONS // If we return the API response directly, the output will not provide all the properties of GatewayIPConfigurations