Skip to content

Commit

Permalink
fix: Renamed azure keyvault tables (#1123)
Browse files Browse the repository at this point in the history
  • Loading branch information
@k-rheinheimer
k-rheinheimer authored Nov 26, 2024
1 parent eafc168 commit 1dd1d10
Show file tree
Hide file tree
Showing 21 changed files with 119 additions and 119 deletions.
6 changes: 3 additions & 3 deletions transformations/azure/asset-inventory-free/macros/azure_asset_resources.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ kind
'unavailable'
{% endif %} AS kind,
{% if name_exist %}
name
name::text
{% else %}
'unavailable'
{% endif %} AS name,
Expand Down Expand Up @@ -58,7 +58,7 @@ kind
'unavailable'
{% endif %} AS kind,
{% if name_exist %}
name
name::text
{% else %}
'unavailable'
{% endif %} AS name,
Expand Down Expand Up @@ -90,7 +90,7 @@ kind
'unavailable'
{% endif %} AS kind,
{% if name_exist %}
name
json_value(name)
{% else %}
'unavailable'
{% endif %} AS name,
Expand Down
2 changes: 1 addition & 1 deletion transformations/azure/asset-inventory-free/tests/bigquery.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ spec:
name: azure
path: cloudquery/azure
registry: cloudquery
version: "v14.11.0" # latest version of source azure plugin
version: "v15.1.0" # latest version of source azure plugin
destinations: ["bigquery"]
tables: ["*"]
---
Expand Down
2 changes: 1 addition & 1 deletion transformations/azure/asset-inventory-free/tests/postgres.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ kind: source
spec:
name: azure
path: cloudquery/azure
version: "v14.11.0" # latest version of source azure plugin
version: "v15.1.0" # latest version of source azure plugin
destinations: ["postgresql"]
tables: ["*"]
---
Expand Down
2 changes: 1 addition & 1 deletion transformations/azure/asset-inventory-free/tests/snowflake.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ spec:
name: azure
path: cloudquery/azure
registry: cloudquery
version: "v14.11.0" # latest version of source azure plugin
version: "v15.1.0" # latest version of source azure plugin
destinations: ["snowflake"]
tables: ["*"]
---
Expand Down
2 changes: 1 addition & 1 deletion transformations/azure/compliance-premium/tests/bigquery.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ spec:
name: azure
path: cloudquery/azure
registry: cloudquery
version: "v14.11.0" # latest version of source azure plugin
version: "v15.1.0" # latest version of source azure plugin
destinations: ["bigquery"]
tables: ["*"]
---
Expand Down
2 changes: 1 addition & 1 deletion transformations/azure/compliance-premium/tests/postgres.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ spec:
name: azure
path: cloudquery/azure
registry: cloudquery
version: "v14.11.0" # latest version of source azure plugin
version: "v15.1.0" # latest version of source azure plugin
destinations: ["postgresql"]
tables: ["*"]
---
Expand Down
2 changes: 1 addition & 1 deletion transformations/azure/compliance-premium/tests/snowflake.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ spec:
name: azure
path: cloudquery/azure
registry: cloudquery
version: "v14.11.0" # latest version of source azure plugin
version: "v15.1.0" # latest version of source azure plugin
destinations: ["snowflake"]
tables: ["*"]
---
Expand Down
2 changes: 1 addition & 1 deletion transformations/azure/macros/azure_asset_resources.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@
'unavailable'
{% endif %} AS location,
{% if run_query(name_exists_query).rows %}
name
name::text
{% else %}
NULL
{% endif %} AS name,
Expand Down
2 changes: 1 addition & 1 deletion ...zure/macros/keyvault/azure_key_vault_managed_hsm_should_have_purge_protection_enabled.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ SELECT
OR (properties ->> 'enableSoftDelete')::boolean IS NOT TRUE THEN 'fail'
ELSE 'pass'
END AS status
FROM azure_keyvault_keyvault_managed_hsms
FROM azure_keyvault_managed_hsms
{% endmacro %}
36 changes: 18 additions & 18 deletions transformations/azure/macros/keyvault/expiry_set_for_keys_in_non_rbac_key_vaults.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,57 +6,57 @@

{% macro postgres__keyvault_expiry_set_for_keys_in_non_rbac_key_vaults(framework, check_id) %}
SELECT
akvk.id AS resource_id,
akvk.kid AS resource_id,
'{{framework}}' As framework,
'{{check_id}}' As check_id,
'Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN (akvk.properties -> 'attributes'->>'enabled')::boolean = TRUE
AND (akvk.properties -> 'attributes'->>'exp') IS NULL
WHEN (akv.properties -> 'attributes'->>'enabled')::boolean = TRUE
AND (akv.properties -> 'attributes'->>'exp') IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM azure_keyvault_keyvault akv
JOIN azure_keyvault_keyvault_keys akvk
FROM azure_keyvault_keyvaults akv
JOIN azure_keyvault_keys akvk
ON akv._cq_id = akvk._cq_parent_id
WHERE (akvk.properties ->> 'enableRBAC')::boolean IS distinct from TRUE
WHERE (akv.properties ->> 'enableRbacAuthorization')::boolean IS distinct from TRUE
{% endmacro %}

{% macro snowflake__keyvault_expiry_set_for_keys_in_non_rbac_key_vaults(framework, check_id) %}
SELECT
akvk.id AS resource_id,
akvk.kid AS resource_id,
'{{framework}}' As framework,
'{{check_id}}' As check_id,
'Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN (akvk.properties:attributes:enabled)::boolean = TRUE
AND (akvk.properties:attributes:exp) IS NULL
WHEN (akv.properties:attributes:enabled)::boolean = TRUE
AND (akv.properties:attributes:exp) IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM azure_keyvault_keyvault akv
JOIN azure_keyvault_keyvault_keys akvk
FROM azure_keyvault_keyvaults akv
JOIN azure_keyvault_keys akvk
ON akv._cq_id = akvk._cq_parent_id
where akvk.properties:enableRBAC::boolean = FALSE
where akv.properties:enableRbacAuthorization::boolean = FALSE
{% endmacro %}

{% macro bigquery__keyvault_expiry_set_for_keys_in_non_rbac_key_vaults(framework, check_id) %}
SELECT
akvk.id AS resource_id,
akvk.kid AS resource_id,
'{{framework}}' As framework,
'{{check_id}}' As check_id,
'Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN CAST( JSON_VALUE(akvk.properties.attributes.enabled) AS BOOL) = TRUE
AND JSON_VALUE(akvk.properties.attributes.exp) IS NULL
WHEN CAST( JSON_VALUE(akv.properties.attributes.enabled) AS BOOL) = TRUE
AND JSON_VALUE(akv.properties.attributes.exp) IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM {{ full_table_name("azure_keyvault_keyvault") }} akv
JOIN {{ full_table_name("azure_keyvault_keyvault_keys") }} akvk
FROM {{ full_table_name("azure_keyvault_keyvaults") }} akv
JOIN {{ full_table_name("azure_keyvault_keys") }} akvk
ON akv._cq_id = akvk._cq_parent_id
where CAST( JSON_VALUE(akvk.properties.enableRBAC) AS BOOL) = FALSE
where CAST( JSON_VALUE(akv.properties.enableRbacAuthorization) AS BOOL) = FALSE
{% endmacro %}
36 changes: 18 additions & 18 deletions transformations/azure/macros/keyvault/expiry_set_for_keys_in_rbac_key_vaults.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,57 +6,57 @@

{% macro postgres__keyvault_expiry_set_for_keys_in_rbac_key_vaults(framework, check_id) %}
SELECT
akvk.id AS resource_id,
akvk.kid AS resource_id,
'{{framework}}' As framework,
'{{check_id}}' As check_id,
'Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN (akvk.properties -> 'attributes'->>'enabled')::boolean = TRUE
AND (akvk.properties -> 'attributes'->>'exp') IS NULL
WHEN (akv.properties -> 'attributes'->>'enabled')::boolean = TRUE
AND (akv.properties -> 'attributes'->>'exp') IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM azure_keyvault_keyvault akv
JOIN azure_keyvault_keyvault_keys akvk
FROM azure_keyvault_keyvaults akv
JOIN azure_keyvault_keys akvk
ON akv._cq_id = akvk._cq_parent_id
WHERE (akvk.properties ->> 'enableRBAC')::boolean IS NOT distinct from TRUE
WHERE (akv.properties ->> 'enableRbacAuthorization')::boolean IS NOT distinct from TRUE
{% endmacro %}

{% macro snowflake__keyvault_expiry_set_for_keys_in_rbac_key_vaults(framework, check_id) %}
SELECT
akvk.id AS resource_id,
akvk.kid AS resource_id,
'{{framework}}' As framework,
'{{check_id}}' As check_id,
'Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN (akvk.properties:attributes:enabled)::boolean = TRUE
AND (akvk.properties:attributes:exp) IS NULL
WHEN (akv.properties:attributes:enabled)::boolean = TRUE
AND (akv.properties:attributes:exp) IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM azure_keyvault_keyvault akv
JOIN azure_keyvault_keyvault_keys akvk
FROM azure_keyvault_keyvaults akv
JOIN azure_keyvault_keys akvk
ON akv._cq_id = akvk._cq_parent_id
where akvk.properties:enableRBAC::boolean = TRUE
where akv.properties:enableRbacAuthorization::boolean = TRUE
{% endmacro %}

{% macro bigquery__keyvault_expiry_set_for_keys_in_rbac_key_vaults(framework, check_id) %}
SELECT
akvk.id AS resource_id,
akvk.kid AS resource_id,
'{{framework}}' As framework,
'{{check_id}}' As check_id,
'Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN CAST( JSON_VALUE(akvk.properties.attributes.enabled) AS BOOL) = TRUE
AND JSON_VALUE(akvk.properties.attributes.exp) IS NULL
WHEN CAST( JSON_VALUE(akv.properties.attributes.enabled) AS BOOL) = TRUE
AND JSON_VALUE(akv.properties.attributes.exp) IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM {{ full_table_name("azure_keyvault_keyvault") }} akv
JOIN {{ full_table_name("azure_keyvault_keyvault_keys") }} akvk
FROM {{ full_table_name("azure_keyvault_keyvaults") }} akv
JOIN {{ full_table_name("azure_keyvault_keys") }} akvk
ON akv._cq_id = akvk._cq_parent_id
where CAST( JSON_VALUE(akvk.properties.enableRBAC) AS BOOL) = TRUE
where CAST( JSON_VALUE(akv.properties.enableRbacAuthorization) AS BOOL) = TRUE
{% endmacro %}
30 changes: 15 additions & 15 deletions transformations/azure/macros/keyvault/expiry_set_for_secrets_in_non_rbac_key_vaults.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,15 @@ SELECT
'Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN (akvs.properties -> 'attributes'->>'enabled')::boolean = TRUE
AND (akvs.properties -> 'attributes'->>'exp') IS NULL
WHEN (akvs.attributes ->>'enabled')::boolean = TRUE
AND (akvs.attributes ->>'exp') IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM azure_keyvault_keyvault akv
JOIN azure_keyvault_keyvault_secrets akvs
FROM azure_keyvault_keyvaults akv
JOIN azure_keyvault_secrets akvs
ON akv._cq_id = akvs._cq_parent_id
WHERE (akvs.properties ->> 'enableRBAC')::boolean IS NOT distinct from FALSE
WHERE (akvs.attributes ->> 'enableRbacAuthorization')::boolean IS NOT distinct from FALSE
{% endmacro %}

{% macro snowflake__keyvault_expiry_set_for_secrets_in_non_rbac_key_vaults(framework, check_id) %}
Expand All @@ -31,15 +31,15 @@ SELECT
'Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN (akvs.properties:attributes:enabled)::boolean = TRUE
AND (akvs.properties:attributes:exp) IS NULL
WHEN (akvs.attributes:enabled)::boolean = TRUE
AND (akvs.attributes:exp) IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM azure_keyvault_keyvault akv
JOIN azure_keyvault_keyvault_secrets akvs
FROM azure_keyvault_keyvaults akv
JOIN azure_keyvault_secrets akvs
ON akv._cq_id = akvs._cq_parent_id
where akvs.properties:enableRBAC::boolean = FALSE
where akv.properties:enableRbacAuthorization::boolean = FALSE
{% endmacro %}

{% macro bigquery__keyvault_expiry_set_for_secrets_in_non_rbac_key_vaults(framework, check_id) %}
Expand All @@ -50,13 +50,13 @@ SELECT
'Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN CAST( JSON_VALUE(akvs.properties.attributes.enabled) AS BOOL) = TRUE
AND JSON_VALUE(akvs.properties.attributes.exp) IS NULL
WHEN CAST( JSON_VALUE(akvs.attributes.enabled) AS BOOL) = TRUE
AND JSON_VALUE(akvs.attributes.exp) IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM {{ full_table_name("azure_keyvault_keyvault") }} akv
JOIN {{ full_table_name("azure_keyvault_keyvault_secrets") }} akvs
FROM {{ full_table_name("azure_keyvault_keyvaults") }} akv
JOIN {{ full_table_name("azure_keyvault_secrets") }} akvs
ON akv._cq_id = akvs._cq_parent_id
where CAST( JSON_VALUE(akvs.properties.enableRBAC) AS BOOL) = FALSE
where CAST( JSON_VALUE(akv.properties.enableRbacAuthorization) AS BOOL) = FALSE
{% endmacro %}
30 changes: 15 additions & 15 deletions transformations/azure/macros/keyvault/expiry_set_for_secrets_in_rbac_key_vaults.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,15 @@ SELECT
'Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN (akvs.properties -> 'attributes'->>'enabled')::boolean = TRUE
AND (akvs.properties -> 'attributes'->>'exp') IS NULL
WHEN (akvs.attributes ->>'enabled')::boolean = TRUE
AND (akvs.attributes ->>'exp') IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM azure_keyvault_keyvault akv
JOIN azure_keyvault_keyvault_secrets akvs
FROM azure_keyvault_keyvaults akv
JOIN azure_keyvault_secrets akvs
ON akv._cq_id = akvs._cq_parent_id
WHERE (akvs.properties ->> 'enableRBAC')::boolean IS NOT distinct from TRUE
WHERE (akv.properties ->> 'enableRbacAuthorization')::boolean IS NOT distinct from TRUE
{% endmacro %}

{% macro snowflake__keyvault_expiry_set_for_secrets_in_rbac_key_vaults(framework, check_id) %}
Expand All @@ -31,15 +31,15 @@ SELECT
'Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN (akvs.properties:attributes:enabled)::boolean = TRUE
AND (akvs.properties:attributes:exp) IS NULL
WHEN (akvs.attributes:enabled)::boolean = TRUE
AND (akvs.attributes:exp) IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM azure_keyvault_keyvault akv
JOIN azure_keyvault_keyvault_secrets akvs
FROM azure_keyvault_keyvaults akv
JOIN azure_keyvault_secrets akvs
ON akv._cq_id = akvs._cq_parent_id
where akvs.properties:enableRBAC::boolean = TRUE
where akv.properties:enableRbacAuthorization::boolean = TRUE
{% endmacro %}

{% macro bigquery__keyvault_expiry_set_for_secrets_in_rbac_key_vaults(framework, check_id) %}
Expand All @@ -50,13 +50,13 @@ SELECT
'Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated)' AS title,
akv.subscription_id AS subscription_id,
CASE
WHEN CAST( JSON_VALUE(akvs.properties.attributes.enabled) AS BOOL) = TRUE
AND JSON_VALUE(akvs.properties.attributes.exp) IS NULL
WHEN CAST( JSON_VALUE(akvs.attributes.enabled) AS BOOL) = TRUE
AND JSON_VALUE(akvs.attributes.exp) IS NULL
THEN 'fail'
ELSE 'pass'
END AS status
FROM {{ full_table_name("azure_keyvault_keyvault") }} akv
JOIN {{ full_table_name("azure_keyvault_keyvault_secrets") }} akvs
FROM {{ full_table_name("azure_keyvault_keyvaults") }} akv
JOIN {{ full_table_name("azure_keyvault_secrets") }} akvs
ON akv._cq_id = akvs._cq_parent_id
where CAST( JSON_VALUE(akvs.properties.enableRBAC) AS BOOL) = TRUE
where CAST( JSON_VALUE(akvs.attributes.enableRbacAuthorization) AS BOOL) = TRUE
{% endmacro %}
4 changes: 2 additions & 2 deletions transformations/azure/macros/keyvault/hsms_without_logging.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ WITH
),
logging_enabled AS (
SELECT DISTINCT a._cq_id
FROM azure_keyvault_keyvault_managed_hsms a
FROM azure_keyvault_managed_hsms a
LEFT JOIN settings_with_logs s ON a.id = s.resource_id
WHERE (s.logs->>'enabled')::boolean IS TRUE
AND s.logs->>'category' = 'AuditEvent'
Expand All @@ -22,6 +22,6 @@ SELECT
case
when e._cq_id is null then 'fail' else 'pass'
end
FROM azure_keyvault_keyvault_managed_hsms a
FROM azure_keyvault_managed_hsms a
LEFT JOIN logging_enabled e ON a._cq_id = e._cq_id
{% endmacro %}
Loading

0 comments on commit 1dd1d10

Please sign in to comment.