Add support to query logging information for key vault. Closes #95 #96

Subhajit97 · 2021-04-15T15:42:54Z

Integration test logs

Logs

No env file present for the current environment:  staging 
 Falling back to .env config
No env file present for the current environment:  staging
customEnv TURBOT_TEST_EXPECTED_TIMEOUT 300

SETUP: tests/azure_key_vault []

PRETEST: tests/azure_key_vault

TEST: tests/azure_key_vault
Running terraform
data.azurerm_client_config.current: Refreshing state...
data.null_data_source.resource: Refreshing state...
azurerm_key_vault.named_test_resource: Creating...
azurerm_storage_account.named_test_resource: Creating...
azurerm_key_vault.named_test_resource: Still creating... [10s elapsed]
azurerm_storage_account.named_test_resource: Still creating... [10s elapsed]
azurerm_storage_account.named_test_resource: Still creating... [20s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [20s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [30s elapsed]
azurerm_storage_account.named_test_resource: Still creating... [30s elapsed]
azurerm_storage_account.named_test_resource: Creation complete after 35s [id=/subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.Storage/storageAccounts/turbottest2949]
azurerm_key_vault.named_test_resource: Still creating... [40s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [50s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [1m0s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [1m10s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [1m20s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [1m30s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [1m40s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [1m50s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [2m0s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [2m10s elapsed]
azurerm_key_vault.named_test_resource: Still creating... [2m20s elapsed]
azurerm_key_vault.named_test_resource: Creation complete after 2m25s [id=/subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.KeyVault/vaults/turbottest2949]
azurerm_key_vault_access_policy.named_test_resource: Creating...
azurerm_monitor_diagnostic_setting.named_test_resource: Creating...
azurerm_key_vault_access_policy.named_test_resource: Creation complete after 3s [id=/subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.KeyVault/vaults/turbottest2949/objectId/********-****-****-****-************]
azurerm_monitor_diagnostic_setting.named_test_resource: Creation complete after 10s [id=/subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.KeyVault/vaults/turbottest2949|turbottest2949]

Warning: Deprecated Resource

The null_data_source was historically used to construct intermediate values to
re-use elsewhere in configuration, the same can now be achieved using locals


Apply complete! Resources: 4 added, 0 changed, 0 destroyed.

Outputs:

object_id = ********-****-****-****-************
resource_aka = azure:///subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.KeyVault/vaults/turbottest2949
resource_aka_lower = azure:///subscriptions/********-****-****-****-************/resourcegroups/turbottest2949/providers/microsoft.keyvault/vaults/turbottest2949
resource_id = /subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.KeyVault/vaults/turbottest2949
resource_name = turbottest2949
storage_account_id = /subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.Storage/storageAccounts/turbottest2949
subscription_id = ********-****-****-****-************
tenant_id = ********-****-****-****-************

Running SQL query: test-get-query.sql
[
  {
    "enabled_for_deployment": false,
    "enabled_for_disk_encryption": false,
    "enabled_for_template_deployment": false,
    "id": "/subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.KeyVault/vaults/turbottest2949",
    "name": "turbottest2949",
    "region": "westus",
    "resource_group": "turbottest2949",
    "sku_name": "standard",
    "tenant_id": "********-****-****-****-************",
    "type": "Microsoft.KeyVault/vaults",
    "vault_uri": "https://turbottest2949.vault.azure.net/"
  }
]
✔ PASSED

Running SQL query: test-hydrate-query.sql
[
  {
    "access_policies": [
      {
        "objectId": "********-****-****-****-************",
        "permissions": {
          "certificates": [],
          "keys": [
            "get"
          ],
          "secrets": [
            "get"
          ],
          "storage": []
        },
        "tenantId": "********-****-****-****-************"
      }
    ],
    "akas": [
      "azure:///subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.KeyVault/vaults/turbottest2949",
      "azure:///subscriptions/********-****-****-****-************/resourcegroups/turbottest2949/providers/microsoft.keyvault/vaults/turbottest2949"
    ],
    "name": "turbottest2949",
    "tags": {
      "name": "turbottest2949"
    },
    "title": "turbottest2949"
  }
]
✔ PASSED

Running SQL query: test-list-query.sql
[
  {
    "id": "/subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.KeyVault/vaults/turbottest2949",
    "name": "turbottest2949"
  }
]
✔ PASSED

Running SQL query: test-logging-query.sql
[
  {
    "category": "AuditEvent",
    "log_retention_days": 30,
    "name": "turbottest2949",
    "storage_account_id": "/subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.Storage/storageAccounts/turbottest2949"
  }
]
✔ PASSED

Running SQL query: test-not-found-query.sql
null
✔ PASSED

Running SQL query: test-turbot-query.sql
[
  {
    "akas": [
      "azure:///subscriptions/********-****-****-****-************/resourceGroups/turbottest2949/providers/Microsoft.KeyVault/vaults/turbottest2949",
      "azure:///subscriptions/********-****-****-****-************/resourcegroups/turbottest2949/providers/microsoft.keyvault/vaults/turbottest2949"
    ],
    "name": "turbottest2949",
    "tags": {
      "name": "turbottest2949"
    },
    "title": "turbottest2949"
  }
]
✔ PASSED

POSTTEST: tests/azure_key_vault

TEARDOWN: tests/azure_key_vault

SUMMARY:

1/1 passed.

Example query results

Results

List vaults with logging enabled

select
  name,
  setting -> 'properties' ->> 'storageAccountId' storage_account_id,
  log ->> 'category' category,
  log -> 'retentionPolicy' ->> 'days' log_retention_days
from
  azure_key_vault,
  jsonb_array_elements(diagnostic_settings) setting,
  jsonb_array_elements(setting -> 'properties' -> 'logs') log
where
  diagnostic_settings is not null
  and setting -> 'properties' ->> 'storageAccountId' <> ''
  and (log ->> 'enabled')::boolean
  and log ->> 'category' = 'AuditEvent'
  and (log -> 'retentionPolicy' ->> 'days')::integer > 0;

+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+------------+--------------------+
| name             | storage_account_id                                                                                                                          | category   | log_retention_days |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+------------+--------------------+
| testkeyvault0012 | /subscriptions/********-****-****-****-************/resourceGroups/dummy1234/providers/Microsoft.Storage/storageAccounts/sqlva4pz6nakavj3mi | AuditEvent | 3                  |
+------------------+---------------------------------------------------------------------------------------------------------------------------------------------+------------+--------------------+

Add support to query logging information for key vault. Closes #95

816fc7d

Subhajit97 requested a review from LalitLab April 15, 2021 15:42

Subhajit97 self-assigned this Apr 15, 2021

Subhajit97 linked an issue Apr 15, 2021 that may be closed by this pull request

Add support to query logging information for key vault #95

Closed

LalitLab approved these changes Apr 16, 2021

View reviewed changes

LalitLab requested a review from cbruno10 April 16, 2021 07:45

cbruno10 approved these changes Apr 22, 2021

View reviewed changes

cbruno10 merged commit 791d4b8 into main Apr 22, 2021

cbruno10 deleted the issue-95 branch April 22, 2021 19:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support to query logging information for key vault. Closes #95 #96

Add support to query logging information for key vault. Closes #95 #96

Subhajit97 commented Apr 15, 2021

Add support to query logging information for key vault. Closes #95 #96

Add support to query logging information for key vault. Closes #95 #96

Conversation

Subhajit97 commented Apr 15, 2021

Integration test logs

Example query results

List vaults with logging enabled