turbot/azure

GitHub
steampipe plugin install azuresteampipe plugin install azure
azure_ad_groupazure_ad_service_principalazure_ad_userazure_api_managementazure_app_configurationazure_app_service_environmentazure_app_service_function_appazure_app_service_planazure_app_service_web_appazure_application_gatewayazure_application_security_groupazure_batch_accountazure_cognitive_accountazure_compute_availability_setazure_compute_diskazure_compute_disk_accessazure_compute_disk_encryption_setazure_compute_disk_metric_read_opsazure_compute_disk_metric_read_ops_dailyazure_compute_disk_metric_read_ops_hourlyazure_compute_disk_metric_write_opsazure_compute_disk_metric_write_ops_dailyazure_compute_disk_metric_write_ops_hourlyazure_compute_imageazure_compute_resource_skuazure_compute_snapshotazure_compute_virtual_machineazure_compute_virtual_machine_metric_cpu_utilizationazure_compute_virtual_machine_metric_cpu_utilization_dailyazure_compute_virtual_machine_metric_cpu_utilization_hourlyazure_compute_virtual_machine_scale_setazure_compute_virtual_machine_scale_set_vmazure_container_registryazure_cosmosdb_accountazure_cosmosdb_mongo_databaseazure_cosmosdb_sql_databaseazure_data_factoryazure_data_factory_datasetazure_data_factory_pipelineazure_data_lake_analytics_accountazure_data_lake_storeazure_databox_edge_deviceazure_diagnostic_settingazure_eventgrid_domainazure_eventgrid_topicazure_eventhub_namespaceazure_express_route_circuitazure_firewallazure_frontdoorazure_hdinsight_clusterazure_healthcare_serviceazure_hpc_cacheazure_hybrid_compute_machineazure_hybrid_kubernetes_connected_clusterazure_iothubazure_iothub_dpsazure_key_vaultazure_key_vault_deleted_vaultazure_key_vault_keyazure_key_vault_managed_hardware_security_moduleazure_key_vault_secretazure_kubernetes_clusterazure_kusto_clusterazure_lbazure_lb_backend_address_poolazure_lb_nat_ruleazure_lb_outbound_ruleazure_lb_probeazure_lb_ruleazure_locationazure_log_alertazure_log_profileazure_logic_app_workflowazure_machine_learning_workspaceazure_management_groupazure_management_lockazure_mariadb_serverazure_mssql_elasticpoolazure_mssql_managed_instanceazure_mssql_virtual_machineazure_mysql_flexible_serverazure_mysql_serverazure_network_interfaceazure_network_security_groupazure_network_watcherazure_network_watcher_flow_logazure_policy_assignmentazure_policy_definitionazure_postgresql_serverazure_providerazure_public_ipazure_recovery_services_vaultazure_redis_cacheazure_resource_groupazure_resource_linkazure_role_assignmentazure_role_definitionazure_route_tableazure_search_serviceazure_security_center_auto_provisioningazure_security_center_automationazure_security_center_contactazure_security_center_jit_network_access_policyazure_security_center_settingazure_security_center_sub_assessmentazure_security_center_subscription_pricingazure_service_fabric_clusterazure_servicebus_namespaceazure_signalr_serviceazure_spring_cloud_serviceazure_sql_databaseazure_sql_serverazure_storage_accountazure_storage_blobazure_storage_blob_serviceazure_storage_containerazure_storage_queueazure_storage_share_fileazure_storage_syncazure_storage_tableazure_storage_table_serviceazure_stream_analytics_jobazure_subnetazure_subscriptionazure_synapse_workspaceazure_tenantazure_virtual_networkazure_virtual_network_gatewayindex

Table: azure_mysql_server

Azure Database for MySQL Server is a fully managed database service designed to provide more granular control and flexibility over database management functions and configuration settings.

Examples

Basic info

select
name,
id,
location,
ssl_enforcement,
minimal_tls_version
from
azure_mysql_server;

List servers with SSL enabled

select
name,
id,
location,
ssl_enforcement
from
azure_mysql_server
where
ssl_enforcement = 'Enabled';

List servers with public network access disabled

select
name,
id,
public_network_access
from
azure_mysql_server
where
public_network_access = 'Disabled';

List servers with storage profile auto growth disabled

select
name,
id,
storage_auto_grow
from
azure_mysql_server
where
storage_auto_grow = 'Disabled';

List servers with 'backup_retention_days' greater than 90 days

select
name,
id,
backup_retention_days
from
azure_mysql_server
where
backup_retention_days > 90;

List servers with minimum TLS version lower than 1.2

select
name,
id,
minimal_tls_version
from
azure_mysql_server
where
minimal_tls_version = 'TLS1_0'
or minimal_tls_version = 'TLS1_1';

List private endpoint connection details

select
name as server_name,
id as server_id,
connections ->> 'id' as connection_id,
connections ->> 'privateEndpointPropertyId' as connection_private_endpoint_property_id,
connections ->> 'privateLinkServiceConnectionStateActionsRequired' as connection_actions_required,
connections ->> 'privateLinkServiceConnectionStateDescription' as connection_description,
connections ->> 'privateLinkServiceConnectionStateStatus' as connection_status,
connections ->> 'provisioningState' as connection_provisioning_state
from
azure_mysql_server,
jsonb_array_elements(private_endpoint_connections) as connections;

List server keys

select
name as server_name,
id as server_id,
keys ->> 'creationDate' as keys_creation_date,
keys ->> 'id' as keys_id,
keys ->> 'kind' as keys_kind,
keys ->> 'name' as keys_name,
keys ->> 'serverKeyType' as keys_server_key_type,
keys ->> 'type' as keys_type,
keys ->> 'uri' as keys_uri
from
azure_mysql_server,
jsonb_array_elements(server_keys) as keys;

List server configuration details

Note: Server configurations is the same as Server parameters as shown in Azure MySQL server console

select
name as server_name,
id as server_id,
configurations ->> 'Name' as configuration_name,
configurations -> 'ConfigurationProperties' ->> 'value' as value
from
azure_mysql_server,
jsonb_array_elements(server_configurations) as configurations;

Current state of audit_log_enabled parameter for the servers

select
name as server_name,
id as server_id,
configurations ->> 'Name' as configuration_name,
configurations -> 'ConfigurationProperties' ->> 'value' as value
from
azure_mysql_server,
jsonb_array_elements(server_configurations) as configurations
where
configurations ->> 'Name' = 'audit_log_enabled';

List servers with slow_query_log parameter enabled

select
name as server_name,
id as server_id,
configurations ->> 'Name' as configuration_name,
configurations -> 'ConfigurationProperties' ->> 'value' as value
from
azure_mysql_server,
jsonb_array_elements(server_configurations) as configurations
where
configurations ->'ConfigurationProperties' ->> 'value' = 'ON'
and configurations ->> 'Name' = 'slow_query_log';

List servers with log_output parameter set to file

select
name as server_name,
id as server_id,
configurations ->> 'Name' as configuration_name,
configurations -> 'ConfigurationProperties' ->> 'value' as value
from
azure_mysql_server,
jsonb_array_elements(server_configurations) as configurations
where
configurations ->'ConfigurationProperties' ->> 'value' = 'FILE'
and configurations ->> 'Name' = 'log_output';

Control examples

.inspect azure_mysql_server

Azure MySQL Server

NameTypeDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
administrator_logintextSpecifies the username of the administrator for this server.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
backup_retention_daysbigintBackup retention days for the server.
byok_enforcementtextStatus showing whether the server data encryption is enabled with customer-managed keys.
cloud_environmenttextThe Azure Cloud Environment.
earliest_restore_datetimestamp with time zoneSpecifies the earliest restore point creation time.
fully_qualified_domain_nametextThe fully qualified domain name of the server.
geo_redundant_backuptextIndicates whether Geo-redundant is enabled, or not for server backup.
idtextContains ID to identify a server uniquely.
infrastructure_encryptiontextStatus showing whether the server enabled infrastructure encryption. Possible values include: 'Enabled', 'Disabled'.
locationtextThe resource location.
master_server_idtextThe master server id of a replica server.
minimal_tls_versiontextEnforce a minimal Tls version for the server. Possible values include: 'TLS10', 'TLS11', 'TLS12', 'TLSEnforcementDisabled'.
nametextThe friendly name that identifies the server.
private_endpoint_connectionsjsonbA list of private endpoint connections on a server.
public_network_accesstextIndicates whether or not public network access is allowed for this server. Value is optional but if passed in, must be 'Enabled' or 'Disabled'. Possible values include: 'Enabled', 'Disabled'.
regiontextThe Azure region/location in which the resource is located.
replica_capacitybigintThe maximum number of replicas that a master server can have.
replication_roletextThe replication role of the server.
resource_grouptextThe resource group which holds this resource.
server_configurationsjsonbThe server configurations(parameters) details of the server.
server_keysjsonbThe server keys of the server.
sku_capacitybigintThe scale up/out capacity, representing server's compute units.
sku_familytextThe family of hardware.
sku_nametextThe name of the sku. For example: 'B_Gen4_1', 'GP_Gen5_8'.
sku_sizetextThe size code, to be interpreted by resource as appropriate.
sku_tiertextThe tier of the particular SKU. Possible values include: 'Basic', 'GeneralPurpose', 'MemoryOptimized'.
ssl_enforcementtextEnable ssl enforcement or not when connect to server. Possible values include: 'Enabled', 'Disabled'.
statetextThe state of the server.
storage_auto_growtextIndicates whether storage auto grow is enabled, or not.
storage_mbbigintIndicates max storage allowed for a server.
subscription_idtextThe Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextThe resource type of the server.
user_visible_statetextA state of a server that is visible to user. Possible values include: 'Ready', 'Dropping', 'Disabled', 'Inaccessible'.
versiontextSpecifies the version of the server.