turbot/azure

steampipe plugin install azuresteampipe plugin install azure
azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_security_groupazure_compute_availability_setazure_compute_diskazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_diagnostic_settingazure_express_route_circuitazure_firewallazure_key_vaultazure_key_vault_keyazure_key_vault_secretazure_kubernetes_clusterazure_locationazure_log_alertazure_log_profileazure_management_lockazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_resource_groupazure_role_assignmentazure_role_definitionazure_route_tableazure_security_center_auto_provisioningazure_security_center_contactazure_security_center_settingazure_security_center_subscription_pricingazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_tableazure_storage_table_serviceazure_subnetazure_subscriptionazure_tenantazure_virtual_networkazure_virtual_network_gateway

Table: azure_ad_service_principal

An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources.

Examples

List of ad service principals where service principal account is disabled

select
object_id,
object_type,
display_name,
account_enabled
from
azure_ad_service_principal
where
not account_enabled;

List of ad service principals where app role assignment is not required

select
object_id,
display_name,
app_role_assignment_required
from
azure_ad_service_principal
where
not app_role_assignment_required;

Application role info of service principals

select
object_id,
approle ->> 'allowedMemberTypes' as allowed_member_types,
approle ->> 'description' as description,
approle ->> 'displayName' as display_name,
approle -> 'isEnabled' as isEnabled,
approle ->> 'id' as id,
approle ->> 'value' as id
from
azure_ad_service_principal
cross join jsonb_array_elements(app_roles) as approle;

Oauth 2.0 permission info of ad service principal

select
object_id,
perm ->> 'adminConsentDescription' as admin_consent_description,
perm ->> 'adminConsentDisplayName' as admin_consent_display_ame,
perm ->> 'id' as id,
perm ->> 'isEnabled' as is_enabled,
perm ->> 'type' as type,
perm ->> 'value' as value
from
azure_ad_service_principal
cross join jsonb_array_elements(oauth2_permissions) as perm;

.inspect azure_ad_service_principal

Azure AD Service Principal

NameTypeDescription
account_enabledbooleanIndicates whether or not the service principal account is enabled.
additional_propertiesjsonbA list of unmatched properties from the message are deserialized this collection.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
alternative_namesjsonbA list of alternative names.
app_role_assignment_requiredbooleanSpecifies whether an AppRoleAssignment to a user or group is required before Azure AD will issue a user or access token to the application.
app_rolesjsonbA list of application roles that an application may declare. These roles can be assigned to users, groups or service principals.
deletion_timestamptimestamp without time zoneThe time at which the directory object was deleted.
display_nametextA friendly name that identifies a service principal.
error_urltextAn URL provided by the author of the associated application to report errors when using the application.
homepagetextThe URL to the homepage of the associated application.
key_credentialsjsonbA list of key credentials associated with the service principal.
logout_urltextAn URL provided by the author of the associated application to logout.
oauth2_permissionsjsonbThe OAuth 2.0 permissions exposed by the associated application.
object_idtextThe unique ID that identifies a service principal.
object_typetextA string that identifies the object type.
password_credentialsjsonbA list of password credentials associated with the service principal.
reply_urlsjsonbThe URLs that user tokens are sent to for sign in with the associated application. The redirect URIs that the oAuth 2.0 authorization code and access tokens are sent to for the associated application.
saml_metadata_urltextThe URL to the SAML metadata of the associated application.
service_principal_namesjsonbA list of service principal names.
titletextTitle of the resource.