Table azure_key_vault failed to populate column private_endpoint_conn…

…ections issue. Fixes #340 (#342)

azure-test/tests/azure_key_vault/test-hydrate-expected.json

@@ -3,16 +3,14 @@
     "access_policies": [
       {
         "objectId": "{{ output.object_id.value }}",
-        "permissions": {
-          "certificates": [],
-          "keys": [
-            "get"
-          ],
-          "secrets": [
-            "get"
-          ],
-          "storage": []
-        },
+        "permissionsCertificates": [],
+        "permissionsKeys": [
+          "get"
+        ],
+        "permissionsSecrets": [
+          "get"
+        ],
+        "permissionsStorage": [],
         "tenantId": "{{ output.tenant_id.value }}"
       }
     ],

azure/table_azure_key_vault.go

@@ -137,6 +137,7 @@ func tableAzureKeyVault(_ context.Context) *plugin.Table {
 				Description: "A list of 0 to 1024 identities that have access to the key vault.",
 				Type:        proto.ColumnType_JSON,
 				Hydrate:     getKeyVault,
+				Transform:   transform.From(extractKeyVaultAccessPolicies),
 			},
 			{
 				Name:        "diagnostic_settings",
@@ -334,32 +335,73 @@ func extractKeyVaultPrivateEndpointConnections(ctx context.Context, d *transform
 	plugin.Logger(ctx).Trace("extractKeyVaultPrivateEndpointConnections")
 	var privateEndpointDetails []PrivateEndpointConnectionInfo
 	var privateEndpoint PrivateEndpointConnectionInfo
-	for _, connection := range *vault.Properties.PrivateEndpointConnections {
-		// Below checks are required for handling invalid memory address or nil pointer dereference error
-		if connection.PrivateEndpointConnectionProperties != nil {
-			if connection.PrivateEndpoint != nil {
-				privateEndpoint.PrivateEndpointId = *connection.PrivateEndpoint.ID
-			}
-			if connection.PrivateLinkServiceConnectionState != nil {
-				if connection.PrivateLinkServiceConnectionState.ActionRequired != nil {
-					privateEndpoint.PrivateLinkServiceConnectionStateActionRequired = *connection.PrivateLinkServiceConnectionState.ActionRequired
+	if vault.Properties.PrivateEndpointConnections != nil {
+		for _, connection := range *vault.Properties.PrivateEndpointConnections {
+			// Below checks are required for handling invalid memory address or nil pointer dereference error
+			if connection.PrivateEndpointConnectionProperties != nil {
+				if connection.PrivateEndpoint != nil {
+					privateEndpoint.PrivateEndpointId = *connection.PrivateEndpoint.ID
 				}
-				if connection.PrivateLinkServiceConnectionState.Description != nil {
-					privateEndpoint.PrivateLinkServiceConnectionStateDescription = *connection.PrivateLinkServiceConnectionState.Description
+				if connection.PrivateLinkServiceConnectionState != nil {
+					if connection.PrivateLinkServiceConnectionState.ActionRequired != nil {
+						privateEndpoint.PrivateLinkServiceConnectionStateActionRequired = *connection.PrivateLinkServiceConnectionState.ActionRequired
+					}
+					if connection.PrivateLinkServiceConnectionState.Description != nil {
+						privateEndpoint.PrivateLinkServiceConnectionStateDescription = *connection.PrivateLinkServiceConnectionState.Description
+					}
+					if connection.PrivateLinkServiceConnectionState.Status != "" {
+						privateEndpoint.PrivateLinkServiceConnectionStateStatus = string(connection.PrivateLinkServiceConnectionState.Status)
+					}
 				}
-				if connection.PrivateLinkServiceConnectionState.Status != "" {
-					privateEndpoint.PrivateLinkServiceConnectionStateStatus = string(connection.PrivateLinkServiceConnectionState.Status)
+				if connection.ProvisioningState != "" {
+					privateEndpoint.ProvisioningState = string(connection.ProvisioningState)
 				}
 			}
-			if connection.ProvisioningState != "" {
-				privateEndpoint.ProvisioningState = string(connection.ProvisioningState)
-			}
+			privateEndpointDetails = append(privateEndpointDetails, privateEndpoint)
 		}
-		privateEndpointDetails = append(privateEndpointDetails, privateEndpoint)
 	}
+
 	return privateEndpointDetails, nil
 }
 
+// If we return the API response directly, the output will not provide the properties of AccessPolicies
+func extractKeyVaultAccessPolicies(ctx context.Context, d *transform.TransformData) (interface{}, error) {
+	vault := d.HydrateItem.(keyvault.Vault)
+	var policies []map[string]interface{}
+
+	if vault.Properties.AccessPolicies != nil {
+		for _, i := range *vault.Properties.AccessPolicies {
+			objectMap := make(map[string]interface{})
+			if i.TenantID != nil {
+				objectMap["tenantId"] = i.TenantID
+			}
+			if i.ObjectID != nil {
+				objectMap["objectId"] = i.ObjectID
+			}
+			if i.ApplicationID != nil {
+				objectMap["applicationId"] = i.ApplicationID
+			}
+			if i.Permissions != nil {
+				if i.Permissions.Keys != nil {
+					objectMap["permissionsKeys"] = i.Permissions.Keys
+				}
+				if i.Permissions.Secrets != nil {
+					objectMap["permissionsSecrets"] = i.Permissions.Secrets
+				}
+				if i.Permissions.Keys != nil {
+					objectMap["permissionsCertificates"] = i.Permissions.Certificates
+				}
+				if i.Permissions.Keys != nil {
+					objectMap["permissionsStorage"] = i.Permissions.Storage
+				}
+			}
+			policies = append(policies, objectMap)
+		}
+	}
+
+	return policies, nil
+}
+
 func getKeyVaultID(item interface{}) string {
 	switch item := item.(type) {
 	case keyvault.Vault:

docs/tables/azure_key_vault.md

@@ -68,9 +68,9 @@ where
 ```sql
 select
   name,
-  policy #> '{permissions, certificates}'  certificates_permissions,
-  policy #> '{permissions, keys}'  keys_permissions,
-  policy #> '{permissions, secrets}'  secrets_permissions
+  policy -> 'permissionsCertificates' as certificates_permissions,
+  policy -> 'permissionsKeys' as keys_permissions,
+  policy -> 'permissionsSecrets' as  secrets_permissions
 from
   azure_key_vault,
   jsonb_array_elements(access_policies) as policy;