Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add column public_network_access and data_access_auth_mode to table azure_compute_disk. Closes #843 #844

Merged
merged 1 commit into from
Sep 26, 2024
Merged

Add column public_network_access and data_access_auth_mode to table azure_compute_disk. Closes #843 #844

merged 1 commit into from
Sep 26, 2024

Conversation

Priyanka-Chatterjee-2000
Copy link
Contributor

@Priyanka-Chatterjee-2000 Priyanka-Chatterjee-2000 commented Sep 22, 2024
edited
Loading

Compliance queries dependent on these columns:

Needed for cis_v300 section 8.5 and 8.6

> select name, public_network_access, data_access_auth_mode from azure_compute_disk
+-----------------+-----------------------+-----------------------+
| name            | public_network_access | data_access_auth_mode |
+-----------------+-----------------------+-----------------------+
| disk-123        | Disabled              | AzureActiveDirectory  |
| turbottest76149 | Enabled               |                       |
+-----------------+-----------------------+-----------------------+

select
      disk.id as resource,
      case
        when network_access_policy in ('DenyAll','AllowPrivate') and public_network_access = 'Disabled' then 'ok'
        else 'alarm'
      end as status,
      case
        when network_access_policy in ('DenyAll','AllowPrivate') and public_network_access = 'Disabled' then disk.name || ' network access disabled.'
        else disk.name || ' network access enabled.'
      end as reason
    from
      azure_compute_disk disk,
      azure_subscription sub
    where
      sub.subscription_id = disk.subscription_id;
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
| resource                                                                                                          | status | reason                    >
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
| /subscriptions/ddddddddddddddddddddddddddddd/resourceGroups/DEMO/providers/Microsoft.Compute/disks/test-pc | ok     | test-pc network access dis>
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->


select
      disk.id as resource,
      case
        when data_access_auth_mode = 'AzureActiveDirectory' then 'ok'
        else 'alarm'
      end as status,
      case
        when data_access_auth_mode = 'AzureActiveDirectory' then disk.name || ' data authentication mode enabled.'
        else disk.name || ' data authentication mode disabled.'
      end as reason
    from
      azure_compute_disk disk,
      azure_subscription sub
    where
      sub.subscription_id = disk.subscription_id;
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
| resource                                                                                                          | status | reason                    >
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->
| /subscriptions/ddddddddddddddddddddddddddddd/resourceGroups/DEMO/providers/Microsoft.Compute/disks/test-pc | ok     | test-pc data authenticatio>
+-------------------------------------------------------------------------------------------------------------------+--------+--------------------------->

select id,name,network_access_policy,data_access_auth_mode from azure_compute_disk
+--------------------------------------------------------------------------------------------------------------------+----------+-----------------------+-----------------------+
| id                                                                                                                 | name     | network_access_policy | data_access_auth_mode |
+--------------------------------------------------------------------------------------------------------------------+----------+-----------------------+-----------------------+
| /subscriptions/ddddddddddddddddddddddddddddd/resourceGroups/DEMO/providers/Microsoft.Compute/disks/disk-123 | disk-123 | DenyAll               | AzureActiveDirectory  |
+--------------------------------------------------------------------------------------------------------------------+----------+-----------------------+-----------------------+

@Priyanka-Chatterjee-2000 Priyanka-Chatterjee-2000 linked an issue Sep 22, 2024 that may be closed by this pull request
Add column public_network_access and data_access_auth_mode to table azure_compute_disk #843
Closed
@misraved
Copy link
Contributor

@Priyanka-Chatterjee-2000 could you please add a query where the newly added columns are populated with data?

@misraved misraved merged commit 37b50dc into main Sep 26, 2024
1 check passed
@misraved misraved deleted the issue#843 branch September 26, 2024 05:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ParthaI ParthaI ParthaI approved these changes

Assignees

@Priyanka-Chatterjee-2000 Priyanka-Chatterjee-2000

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add column public_network_access and data_access_auth_mode to table azure_compute_disk
3 participants
@Priyanka-Chatterjee-2000 @misraved @ParthaI