Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azure - sql-server.filters failover-group-filter sql-server-security-alert-policies #9114

Merged
merged 21 commits into from
Feb 27, 2024
Merged

azure - sql-server.filters failover-group-filter sql-server-security-alert-policies #9114

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
efac97c
azure - sql-server.filters.failover-group-filter
dmytro-afanasiev Oct 27, 2023
dd5e547
azure - sql-server.filters.sql-server-security-alert-policies
dmytro-afanasiev Oct 27, 2023
6c98e7d
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Oct 27, 2023
2438bce
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Oct 31, 2023
354c522
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Nov 3, 2023
52ea8b8
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Nov 17, 2023
4391d52
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Nov 21, 2023
c62ba0c
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Dec 1, 2023
53908ff
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Dec 8, 2023
58a0cee
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Dec 14, 2023
1ea3534
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Jan 12, 2024
263c3ac
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Jan 19, 2024
fca41ca
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Jan 29, 2024
1915cc3
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Jan 31, 2024
a6b26f3
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Feb 2, 2024
5918593
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Feb 6, 2024
55ba055
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Feb 16, 2024
25c0e4e
Rewrite sql-service security alert policies filter
dmytro-afanasiev Feb 16, 2024
4926b95
Rewrite failover group filter
dmytro-afanasiev Feb 16, 2024
25c2fcc
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Feb 23, 2024
a682688
Merge remote-tracking branch 'origin/main' into sql-server.filters
dmytro-afanasiev Feb 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
53 changes: 52 additions & 1 deletion tools/c7n_azure/c7n_azure/resources/sqlserver.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
# SPDX-License-Identifier: Apache-2.0
import logging
import uuid

from c7n_azure.actions.firewall import SetFirewallAction
from c7n_azure.filters import FirewallRulesFilter, FirewallBypassFilter
from c7n_azure.provider import resources
Expand Down Expand Up @@ -159,6 +158,25 @@ def _process_resource_set(self, resources, event=None):
return result


@SqlServer.filter_registry.register('failover-group')
class FailoverGroupFilter(ListItemFilter):
schema = type_schema(
"failover-group",
attrs={"$ref": "#/definitions/filters_common/list_item_attrs"},
count={"type": "number"},
count_op={"$ref": "#/definitions/filters_common/comparison_operators"}
)
annotate_items = True
item_annotation_key = "c7n:FailoverGroups"

def get_item_values(self, resource):
groups = self.manager.get_client().failover_groups.list_by_server(
resource_group_name=resource['resourceGroup'],
server_name=resource['name']
)
return [g.serialize(True) for g in groups]


@SqlServer.filter_registry.register('azure-ad-administrators')
class AzureADAdministratorsFilter(ValueFilter):
"""
Expand Down Expand Up @@ -474,6 +492,39 @@ def __call__(self, resource):
return super().__call__(resource['properties'][self.cache_key])


@SqlServer.filter_registry.register('security-alert-policies')
class SecurityAlertPoliciesFilter(ListItemFilter):
"""
Filters sql servers by security alert policies

.. code-block:: yaml

policies:
- name: sql-server-filter
resource: azure.sql-server
filters:
- type: security-alert-policies
attrs: []

"""
schema = type_schema(
"security-alert-policies",
attrs={"$ref": "#/definitions/filters_common/list_item_attrs"},
count={"type": "number"},
count_op={"$ref": "#/definitions/filters_common/comparison_operators"}
)
annotate_items = True
item_annotation_key = "c7n:SecurityAlertPolicies"

def get_item_values(self, resource):
client = self.manager.get_client()
policies = client.server_security_alert_policies.list_by_server(
resource['resourceGroup'],
resource['name']
) # always only one item
return [p.serialize(True) for p in policies]


@SqlServer.action_registry.register('set-firewall-rules')
class SqlSetFirewallAction(SetFirewallAction):
""" Set Firewall Rules Action
Expand Down
182 changes: 182 additions & 0 deletions ...ServerSecurityAlertPoliciesFilterTest.test_sql_server_security_alert_policies_filter.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
{
"version": 1,
"interactions": [
{
"request": {
"method": "GET",
"uri": "https://management.azure.com/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/providers/Microsoft.Sql/servers?api-version=2019-06-01-preview",
"body": null,
"headers": {}
},
"response": {
"status": {
"code": 200,
"message": "OK"
},
"headers": {
"content-length": [
"960"
],
"cache-control": [
"no-cache"
],
"content-type": [
"application/json; charset=utf-8"
],
"date": [
"Fri, 09 Jul 2021 08:33:40 GMT"
],
"x-ms-original-request-ids": [
"6a060960-8eb0-4002-8260-4b6fbcf39886",
"f2f6a195-5f39-4d81-aded-10e429233f8b"
]
},
"body": {
"data": {
"value": [
{
"kind": "v12.0",
"properties": {
"administratorLogin": "user016cisads",
"version": "12.0",
"state": "Ready",
"fullyQualifiedDomainName": "server-016cisads.database.windows.net",
"privateEndpointConnections": [],
"publicNetworkAccess": "Enabled"
},
"location": "eastus",
"tags": {
"test": "Red"
},
"id": "/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/RG-016cisads/providers/Microsoft.Sql/servers/server-016cisads",
"name": "server-016cisads",
"type": "Microsoft.Sql/servers"
},
{
"kind": "v12.0",
"properties": {
"administratorLogin": "custodian",
"version": "12.0",
"state": "Ready",
"fullyQualifiedDomainName": "cctestsqlserverp2fkgne6rt5vw.database.windows.net",
"privateEndpointConnections": [],
"publicNetworkAccess": "Enabled"
},
"location": "eastus2",
"id": "/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/test_sqlserver/providers/Microsoft.Sql/servers/cctestsqlserverp2fkgne6rt5vw",
"name": "cctestsqlserverp2fkgne6rt5vw",
"type": "Microsoft.Sql/servers"
}
]
}
}
}
},
{
"request": {
"method": "GET",
"uri": "https://management.azure.com/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/RG-016cisads/providers/Microsoft.Sql/servers/server-016cisads/securityAlertPolicies?api-version=2017-03-01-preview",
"body": null,
"headers": {}
},
"response": {
"status": {
"code": 200,
"message": "OK"
},
"headers": {
"cache-control": [
"no-cache"
],
"content-type": [
"application/json; charset=utf-8"
],
"date": [
"Fri, 09 Jul 2021 08:33:41 GMT"
],
"content-length": [
"464"
]
},
"body": {
"data": {
"value": [
{
"properties": {
"state": "Disabled",
"disabledAlerts": [
""
],
"emailAddresses": [
""
],
"emailAccountAdmins": false,
"storageEndpoint": "",
"storageAccountAccessKey": "",
"retentionDays": 0,
"creationTime": "2021-07-09T08:17:19.253Z"
},
"id": "/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/RG-016cisads/providers/Microsoft.Sql/servers/server-016cisads/securityAlertPolicies/Default",
"name": "Default",
"type": "Microsoft.Sql/servers/securityAlertPolicies"
}
]
}
}
}
},
{
"request": {
"method": "GET",
"uri": "https://management.azure.com/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/test_sqlserver/providers/Microsoft.Sql/servers/cctestsqlserverp2fkgne6rt5vw/securityAlertPolicies?api-version=2017-03-01-preview",
"body": null,
"headers": {}
},
"response": {
"status": {
"code": 200,
"message": "OK"
},
"headers": {
"cache-control": [
"no-cache"
],
"content-type": [
"application/json; charset=utf-8"
],
"date": [
"Fri, 09 Jul 2021 08:33:41 GMT"
],
"content-length": [
"474"
]
},
"body": {
"data": {
"value": [
{
"properties": {
"state": "Disabled",
"disabledAlerts": [
""
],
"emailAddresses": [
""
],
"emailAccountAdmins": false,
"storageEndpoint": "",
"storageAccountAccessKey": "",
"retentionDays": 0,
"creationTime": "0001-01-01T00:00:00Z"
},
"id": "/subscriptions/ea42f556-5106-4743-99b0-c129bfa71a47/resourceGroups/test_sqlserver/providers/Microsoft.Sql/servers/cctestsqlserverp2fkgne6rt5vw/securityAlertPolicies/Default",
"name": "Default",
"type": "Microsoft.Sql/servers/securityAlertPolicies"
}
]
}
}
}
}
]
}