Add 'identity' column to azure_app_service_web_app table. closes #54 (#…

…90)

azure-test/tests/azure_app_service_web_app/test-get-expected.json

@@ -4,10 +4,15 @@
     "enabled": true,
     "https_only": false,
     "id": "{{ output.resource_id.value }}",
+    "identity": {
+      "PrincipalID": "{{ output.principal_id.value }}",
+      "TenantID": "{{ output.tenant_id.value }}",
+      "Type": "SystemAssigned"
+    },
     "kind": "app",
     "name": "{{resourceName}}",
-    "region": "East US",
+    "region": "east us",
     "reserved": false,
     "resource_group": "{{resourceName}}"
   }
-]
+]

azure-test/tests/azure_app_service_web_app/test-get-query.sql

@@ -1,3 +1,3 @@
-select name, id, kind, region, client_affinity_enabled, enabled, https_only, reserved, resource_group
+select name, id, kind, region, client_affinity_enabled, enabled, https_only, reserved, resource_group, identity
 from azure.azure_app_service_web_app
-where name = '{{resourceName}}' and resource_group = '{{resourceName}}'
+where name = '{{resourceName}}' and resource_group = '{{resourceName}}';

azure-test/tests/azure_app_service_web_app/test-hydrate-expected.json

@@ -6,7 +6,7 @@
     "id": "{{ output.resource_id.value }}",
     "kind": "app",
     "name": "{{resourceName}}",
-    "region": "East US",
+    "region": "east us",
     "resource_group": "{{resourceName}}"
   }
-]
+]

azure-test/tests/azure_app_service_web_app/test-hydrate-query.sql

@@ -1,3 +1,3 @@
 select name, id, kind, region, client_affinity_enabled, enabled, https_only, resource_group
 from azure.azure_app_service_web_app
-where name = '{{resourceName}}' and resource_group = '{{resourceName}}'
+where name = '{{resourceName}}' and resource_group = '{{resourceName}}';

azure-test/tests/azure_app_service_web_app/test-list-expected.json

@@ -1,6 +1,11 @@
 [
   {
     "id": "{{ output.resource_id.value }}",
+    "identity": {
+      "PrincipalID": "{{ output.principal_id.value }}",
+      "TenantID": "{{ output.tenant_id.value }}",
+      "Type": "SystemAssigned"
+    },
     "name": "{{resourceName}}"
   }
-]
+]

azure-test/tests/azure_app_service_web_app/test-list-query.sql

@@ -1,3 +1,3 @@
-select id, name
+select id, name, identity
 from azure.azure_app_service_web_app
-where name = '{{resourceName}}'
+where name = '{{resourceName}}';

azure-test/tests/azure_app_service_web_app/test-not-found-expected.json

@@ -1 +1 @@
-null
+null

azure-test/tests/azure_app_service_web_app/test-not-found-query.sql

@@ -1,3 +1,3 @@
 select name, id
 from azure.azure_app_service_web_app
-where name = 'dummy-{{resourceName}}' and resource_group = '{{resourceName}}'
+where name = 'dummy-{{resourceName}}' and resource_group = '{{resourceName}}';

azure-test/tests/azure_app_service_web_app/test-turbot-expected.json

@@ -10,4 +10,4 @@
     },
     "title": "{{resourceName}}"
   }
-]
+]

azure-test/tests/azure_app_service_web_app/test-turbot-query.sql

@@ -1,3 +1,3 @@
 select name, akas, title, tags
 from azure.azure_app_service_web_app
-where name = '{{resourceName}}' and resource_group = '{{resourceName}}'
+where name = '{{resourceName}}' and resource_group = '{{resourceName}}';

azure-test/tests/azure_app_service_web_app/variables.tf

@@ -62,6 +62,9 @@ resource "azurerm_app_service" "named_test_resource" {
   location            = azurerm_resource_group.named_test_resource.location
   resource_group_name = azurerm_resource_group.named_test_resource.name
   app_service_plan_id = azurerm_app_service_plan.named_test_resource.id
+  identity {
+    type = "SystemAssigned"
+  }
 
   tags = {
     name = var.resource_name
@@ -87,3 +90,11 @@ output "resource_id" {
 output "subscription_id" {
   value = var.azure_subscription
 }
+
+output "tenant_id" {
+  value = azurerm_app_service.named_test_resource.identity[0].tenant_id
+}
+
+output "principal_id" {
+  value = azurerm_app_service.named_test_resource.identity[0].principal_id
+}

azure/table_azure_app_service_web_app.go

@@ -88,6 +88,12 @@ func tableAzureAppServiceWebApp(_ context.Context) *plugin.Table {
 				Type:        proto.ColumnType_BOOL,
 				Transform:   transform.FromField("SiteProperties.HTTPSOnly"),
 			},
+			{
+				Name:        "identity",
+				Description: "Managed service identity for the resource.",
+				Type:        proto.ColumnType_JSON,
+				Transform:   transform.From(webAppIdentity),
+			},
 			{
 				Name:        "outbound_ip_addresses",
 				Description: "List of IP addresses that the app uses for outbound connections (e.g. database access).",
@@ -286,3 +292,25 @@ func getAppServiceWebAppSiteAuthSetting(ctx context.Context, d *plugin.QueryData
 
 	return op, nil
 }
+
+//// TRANSFORM FUNCTION
+
+func webAppIdentity(ctx context.Context, d *transform.TransformData) (interface{}, error) {
+	data := d.HydrateItem.(web.Site)
+	objectMap := make(map[string]interface{})
+	if data.Identity != nil {
+		if &data.Identity.Type != nil {
+			objectMap["Type"] = data.Identity.Type
+		}
+		if data.Identity.TenantID != nil {
+			objectMap["TenantID"] = data.Identity.TenantID
+		}
+		if data.Identity.PrincipalID != nil {
+			objectMap["PrincipalID"] = data.Identity.PrincipalID
+		}
+		if data.Identity.UserAssignedIdentities != nil {
+			objectMap["UserAssignedIdentities"] = data.Identity.UserAssignedIdentities
+		}
+	}
+	return objectMap, nil
+}

docs/tables/azure_app_service_web_app.md

@@ -85,3 +85,18 @@ from
 where
   configuration -> 'properties' ->> 'ftpsState' <> 'AllAllowed';
 ```
+
+
+### List web apps that have managed service identity disabled
+
+```sql
+select
+  name,
+  enabled,
+  region,
+  identity
+from
+  azure_app_service_web_app
+where
+  identity = '{}';
+```