steampipe plugin install azure

Table: azure_app_configuration - Query Azure App Configuration using SQL

Azure App Configuration is a service within Microsoft Azure that provides a way to centrally manage application settings and feature flags. It helps developers to separate configuration from code, making applications more modular and scalable. Azure App Configuration is fully managed, which allows developers to focus on code rather than managing and distributing configuration.

Table Usage Guide

The azure_app_configuration table provides insights into application configurations within Microsoft Azure. As a developer or DevOps engineer, you can explore configuration-specific details through this table, including settings, feature management, and associated metadata. Utilize it to manage and monitor application settings, understand feature flags, and ensure the scalability and modularity of your applications.

Examples

Basic info

Explore which Azure App configurations are currently active and when they were created. This is useful for understanding the status and timeline of your app's setup and deployment.

select
id,
name,
type,
provisioning_state,
creation_date
from
azure_app_configuration;
select
id,
name,
type,
provisioning_state,
creation_date
from
azure_app_configuration;

List public network access enabled app configurations

Explore which app configurations in Azure have public network access enabled. This can be beneficial in assessing potential security risks and ensuring appropriate network access settings are in place.

select
id,
name,
type,
provisioning_state,
public_network_access
from
azure_app_configuration
where
public_network_access = 'Enabled';
select
id,
name,
type,
provisioning_state,
public_network_access
from
azure_app_configuration
where
public_network_access = 'Enabled';

List app configurations with user assigned identities

This query is useful to identify and analyze the configurations of apps that have user-assigned identities within your Azure environment. It helps in managing and auditing access control, thereby enhancing the security of your applications.

select
id,
name,
identity -> 'type' as identity_type,
jsonb_pretty(identity -> 'userAssignedIdentities') as identity_user_assigned_identities
from
azure_app_configuration
where
exists (
select
from
unnest(regexp_split_to_array(identity ->> 'type', ',')) elem
where
trim(elem) = 'UserAssigned'
);
Error: SQLite does not support regexp_split_to_array function.

List private endpoint connection details for app configurations

Explore the status and details of private connections for app configurations in Azure. This can help identify any required actions or understand the provisioning state for these connections.

select
name as app_config_name,
id as app_config_id,
connections ->> 'id' as connection_id,
connections ->> 'privateEndpointPropertyId' as connection_private_endpoint_property_id,
connections ->> 'privateLinkServiceConnectionStateActionsRequired' as connection_actions_required,
connections ->> 'privateLinkServiceConnectionStateDescription' as connection_description,
connections ->> 'privateLinkServiceConnectionStateStatus' as connection_status,
connections ->> 'provisioningState' as connection_provisioning_state
from
azure_app_configuration,
jsonb_array_elements(private_endpoint_connections) as connections;
select
name as app_config_name,
c.id as app_config_id,
json_extract(connections.value, '$.id') as connection_id,
json_extract(connections.value, '$.privateEndpointPropertyId') as connection_private_endpoint_property_id,
json_extract(
connections.value,
'$.privateLinkServiceConnectionStateActionsRequired'
) as connection_actions_required,
json_extract(
connections.value,
'$.privateLinkServiceConnectionStateDescription'
) as connection_description,
json_extract(
connections.value,
'$.privateLinkServiceConnectionStateStatus'
) as connection_status,
json_extract(connections.value, '$.provisioningState') as connection_provisioning_state
from
azure_app_configuration as c,
json_each(private_endpoint_connections) as connections;

List encryption details for app configurations

Explore encryption specifics for your applications, particularly focusing on identity client IDs and key identifiers. This is useful for assessing the security measures in place for your app configurations.

select
name as app_config_name,
id as app_config_id,
encryption -> 'keyVaultProperties' ->> 'identityClientId' as key_vault_identity_client_id,
encryption -> 'keyVaultProperties' ->> 'keyIdentifier' as key_vault_key_identifier
from
azure_app_configuration;
select
name as app_config_name,
id as app_config_id,
json_extract(
encryption,
'$.keyVaultProperties.identityClientId'
) as key_vault_identity_client_id,
json_extract(encryption, '$.keyVaultProperties.keyIdentifier') as key_vault_key_identifier
from
azure_app_configuration;

Schema for azure_app_configuration

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
cloud_environmenttextThe Azure Cloud Environment.
creation_datetimestamp with time zoneThe creation date of configuration store.
diagnostic_settingsjsonbA list of active diagnostic settings for the configuration store.
encryptionjsonbThe encryption settings of the configuration store.
endpointtextThe DNS endpoint where the configuration store API will be available.
idtextThe resource ID.
identityjsonbThe managed identity information, if configured.
nametext=The name of the resource.
private_endpoint_connectionsjsonbThe list of private endpoint connections that are set up for this resource.
provisioning_statetextThe provisioning state of the configuration store. Possible values include: 'Creating', 'Updating', 'Deleting', 'Succeeded', 'Failed', 'Canceled'.
public_network_accesstextControl permission for data plane traffic coming from public networks while private endpoint is enabled. Possible values include: 'Enabled', 'Disabled'.
regiontextThe Azure region/location in which the resource is located.
resource_grouptext=The resource group which holds this resource.
sku_nametextThe SKU name of the configuration store.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextThe type of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_app_configuration