Skip to content

Commit

Permalink
azure - sql-server filters - failover-group and security-alert-polici…
Browse files Browse the repository at this point in the history 
…es (#9114)
  • Loading branch information
@dmytro-afanasiev
dmytro-afanasiev committed Feb 27, 2024
1 parent 95a4950 commit 7f3b28e
Show file tree
Hide file tree
Showing 4 changed files with 488 additions and 1 deletion.
53 changes: 52 additions & 1 deletion tools/c7n_azure/c7n_azure/resources/sqlserver.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
# SPDX-License-Identifier: Apache-2.0
import logging
import uuid

from c7n_azure.actions.firewall import SetFirewallAction
from c7n_azure.filters import FirewallRulesFilter, FirewallBypassFilter
from c7n_azure.provider import resources
Expand Down Expand Up @@ -159,6 +158,25 @@ def _process_resource_set(self, resources, event=None):
return result


@SqlServer.filter_registry.register('failover-group')
class FailoverGroupFilter(ListItemFilter):
schema = type_schema(
"failover-group",
attrs={"$ref": "#/definitions/filters_common/list_item_attrs"},
count={"type": "number"},
count_op={"$ref": "#/definitions/filters_common/comparison_operators"}
)
annotate_items = True
item_annotation_key = "c7n:FailoverGroups"

def get_item_values(self, resource):
groups = self.manager.get_client().failover_groups.list_by_server(
resource_group_name=resource['resourceGroup'],
server_name=resource['name']
)
return [g.serialize(True) for g in groups]


@SqlServer.filter_registry.register('azure-ad-administrators')
class AzureADAdministratorsFilter(ValueFilter):
"""
Expand Down Expand Up @@ -474,6 +492,39 @@ def __call__(self, resource):
return super().__call__(resource['properties'][self.cache_key])


@SqlServer.filter_registry.register('security-alert-policies')
class SecurityAlertPoliciesFilter(ListItemFilter):
"""
Filters sql servers by security alert policies
.. code-block:: yaml
policies:
- name: sql-server-filter
resource: azure.sql-server
filters:
- type: security-alert-policies
attrs: []
"""
schema = type_schema(
"security-alert-policies",
attrs={"$ref": "#/definitions/filters_common/list_item_attrs"},
count={"type": "number"},
count_op={"$ref": "#/definitions/filters_common/comparison_operators"}
)
annotate_items = True
item_annotation_key = "c7n:SecurityAlertPolicies"

def get_item_values(self, resource):
client = self.manager.get_client()
policies = client.server_security_alert_policies.list_by_server(
resource['resourceGroup'],
resource['name']
) # always only one item
return [p.serialize(True) for p in policies]


@SqlServer.action_registry.register('set-firewall-rules')
class SqlSetFirewallAction(SetFirewallAction):
""" Set Firewall Rules Action
Expand Down
182 changes: 182 additions & 0 deletions ...ServerSecurityAlertPoliciesFilterTest.test_sql_server_security_alert_policies_filter.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
{
"version": 1,
"interactions": [
{
"request": {
"method": "GET",
"uri": "https://management.azure.com/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/providers/Microsoft.Sql/servers?api-version=2019-06-01-preview",
"body": null,
"headers": {}
},
"response": {
"status": {
"code": 200,
"message": "OK"
},
"headers": {
"content-length": [
"960"
],
"cache-control": [
"no-cache"
],
"content-type": [
"application/json; charset=utf-8"
],
"date": [
"Fri, 09 Jul 2021 08:33:40 GMT"
],
"x-ms-original-request-ids": [
"6a060960-8eb0-4002-8260-4b6fbcf39886",
"f2f6a195-5f39-4d81-aded-10e429233f8b"
]
},
"body": {
"data": {
"value": [
{
"kind": "v12.0",
"properties": {
"administratorLogin": "user016cisads",
"version": "12.0",
"state": "Ready",
"fullyQualifiedDomainName": "server-016cisads.database.windows.net",
"privateEndpointConnections": [],
"publicNetworkAccess": "Enabled"
},
"location": "eastus",
"tags": {
"test": "Red"
},
"id": "/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/RG-016cisads/providers/Microsoft.Sql/servers/server-016cisads",
"name": "server-016cisads",
"type": "Microsoft.Sql/servers"
},
{
"kind": "v12.0",
"properties": {
"administratorLogin": "custodian",
"version": "12.0",
"state": "Ready",
"fullyQualifiedDomainName": "cctestsqlserverp2fkgne6rt5vw.database.windows.net",
"privateEndpointConnections": [],
"publicNetworkAccess": "Enabled"
},
"location": "eastus2",
"id": "/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/test_sqlserver/providers/Microsoft.Sql/servers/cctestsqlserverp2fkgne6rt5vw",
"name": "cctestsqlserverp2fkgne6rt5vw",
"type": "Microsoft.Sql/servers"
}
]
}
}
}
},
{
"request": {
"method": "GET",
"uri": "https://management.azure.com/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/RG-016cisads/providers/Microsoft.Sql/servers/server-016cisads/securityAlertPolicies?api-version=2017-03-01-preview",
"body": null,
"headers": {}
},
"response": {
"status": {
"code": 200,
"message": "OK"
},
"headers": {
"cache-control": [
"no-cache"
],
"content-type": [
"application/json; charset=utf-8"
],
"date": [
"Fri, 09 Jul 2021 08:33:41 GMT"
],
"content-length": [
"464"
]
},
"body": {
"data": {
"value": [
{
"properties": {
"state": "Disabled",
"disabledAlerts": [
""
],
"emailAddresses": [
""
],
"emailAccountAdmins": false,
"storageEndpoint": "",
"storageAccountAccessKey": "",
"retentionDays": 0,
"creationTime": "2021-07-09T08:17:19.253Z"
},
"id": "/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/RG-016cisads/providers/Microsoft.Sql/servers/server-016cisads/securityAlertPolicies/Default",
"name": "Default",
"type": "Microsoft.Sql/servers/securityAlertPolicies"
}
]
}
}
}
},
{
"request": {
"method": "GET",
"uri": "https://management.azure.com/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/test_sqlserver/providers/Microsoft.Sql/servers/cctestsqlserverp2fkgne6rt5vw/securityAlertPolicies?api-version=2017-03-01-preview",
"body": null,
"headers": {}
},
"response": {
"status": {
"code": 200,
"message": "OK"
},
"headers": {
"cache-control": [
"no-cache"
],
"content-type": [
"application/json; charset=utf-8"
],
"date": [
"Fri, 09 Jul 2021 08:33:41 GMT"
],
"content-length": [
"474"
]
},
"body": {
"data": {
"value": [
{
"properties": {
"state": "Disabled",
"disabledAlerts": [
""
],
"emailAddresses": [
""
],
"emailAccountAdmins": false,
"storageEndpoint": "",
"storageAccountAccessKey": "",
"retentionDays": 0,
"creationTime": "0001-01-01T00:00:00Z"
},
"id": "/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/test_sqlserver/providers/Microsoft.Sql/servers/cctestsqlserverp2fkgne6rt5vw/securityAlertPolicies/Default",
"name": "Default",
"type": "Microsoft.Sql/servers/securityAlertPolicies"
}
]
}
}
}
}
]
}

0 comments on commit 7f3b28e

Please sign in to comment.