steampipe plugin install azure

Table: azure_servicebus_namespace - Query Azure Service Bus Namespaces using SQL

Azure Service Bus is a fully managed enterprise integration message broker. Service Bus can decouple applications and services. Service Bus offers secure and reliable message delivery.

Table Usage Guide

The azure_servicebus_namespace table provides insights into namespaces within Azure Service Bus. As a DevOps engineer, explore namespace-specific details through this table, including active message count, scheduled message count, and transfer message count. Utilize it to uncover information about namespaces, such as their status, SKU, and properties.

Examples

Basic info

Explore the status and tier level of your Azure Service Bus namespaces to assess their setup and monitor their creation time. This helps in managing resources and understanding their distribution across different tiers.

select
name,
id,
sku_tier,
provisioning_state,
created_at
from
azure_servicebus_namespace;
select
name,
id,
sku_tier,
provisioning_state,
created_at
from
azure_servicebus_namespace;

List premium namespaces

Analyze the settings to understand the distribution of premium-tier service bus namespaces across different regions in your Azure environment. This can help optimize resource allocation and cost management.

select
name,
sku_tier,
region
from
azure_servicebus_namespace
where
sku_tier = 'Premium';
select
name,
sku_tier,
region
from
azure_servicebus_namespace
where
sku_tier = 'Premium';

List unencrypted namespaces

Analyze the settings to understand the premium Azure Service Bus namespaces that lack encryption. This can be useful for identifying potential security risks and ensuring data protection standards are met.

select
name,
sku_tier,
encryption
from
azure_servicebus_namespace
where
sku_tier = 'Premium'
and encryption is null;
select
name,
sku_tier,
encryption
from
azure_servicebus_namespace
where
sku_tier = 'Premium'
and encryption is null;

List namespaces not using a virtual network service endpoint

Determine the areas in your Azure service bus setup where premium tier namespaces are not utilizing a virtual network service endpoint. This can be useful to improve security by ensuring all communication within your service bus happens over your virtual network.

select
name,
region,
network_rule_set -> 'properties' -> 'virtualNetworkRules' as virtual_network_rules
from
azure_servicebus_namespace
where
sku_tier = 'Premium'
and (
jsonb_array_length(
network_rule_set -> 'properties' -> 'virtualNetworkRules'
) = 0
or exists (
select
*
from
jsonb_array_elements(
network_rule_set -> 'properties' -> 'virtualNetworkRules'
) as t
where
t -> 'subnet' ->> 'id' is null
)
);
select
name,
region,
json_extract(
network_rule_set,
'$.properties.virtualNetworkRules'
) as virtual_network_rules
from
azure_servicebus_namespace
where
sku_tier = 'Premium'
and (
json_array_length(
json_extract(
network_rule_set,
'$.properties.virtualNetworkRules'
)
) = 0
or exists (
select
1
from
json_each(
json_extract(
network_rule_set,
'$.properties.virtualNetworkRules'
)
) as t
where
json_extract(t.value, '$.subnet.id') is null
)
);

List private endpoint connection details

Explore the details of private endpoint connections in Azure Service Bus Namespace to understand their provisioning state and connection types. This is useful for assessing the security and configuration of your cloud resources.

select
name,
id,
connections ->> 'id' as connection_id,
connections ->> 'name' as connection_name,
connections ->> 'privateEndpointPropertyID' as property_private_endpoint_id,
connections ->> 'provisioningState' as property_provisioning_state,
jsonb_pretty(connections -> 'privateLinkServiceConnectionState') as property_private_link_service_connection_state,
connections ->> 'type' as connection_type
from
azure_servicebus_namespace,
jsonb_array_elements(private_endpoint_connections) as connections;
select
name,
n.id,
json_extract(connections.value, '$.id') as connection_id,
json_extract(connections.value, '$.name') as connection_name,
json_extract(connections.value, '$.privateEndpointPropertyID') as property_private_endpoint_id,
json_extract(connections.value, '$.provisioningState') as property_provisioning_state,
connections.value as property_private_link_service_connection_state,
json_extract(connections.value, '$.type') as connection_type
from
azure_servicebus_namespace as n,
json_each(private_endpoint_connections) as connections;

List encryption details

Determine the encryption specifications of your Azure Service Bus namespaces. This can provide insights into your security configurations, helping you understand if your data is properly secured and whether infrastructure encryption is required.

select
name,
id,
encryption ->> 'keySource' as key_source,
jsonb_pretty(encryption -> 'keyVaultProperties') as key_vault_properties,
encryption -> 'requireInfrastructureEncryption' as require_infrastructure_encryption
from
azure_servicebus_namespace;
select
name,
id,
json_extract(encryption, '$.keySource') as key_source,
encryption as key_vault_properties,
json_extract(encryption, '$.requireInfrastructureEncryption') as require_infrastructure_encryption
from
azure_servicebus_namespace;

Get authorization rules of namespaces

An Azure Service Bus Authorization Rule is a security feature that defines the set of permissions assigned to a user or application for accessing and performing operations within a Service Bus namespace or on specific entities like queues, topics, and subscriptions. These rules manage who can send, receive, and manage messages. They play a crucial role in controlling access and ensuring secure operations within the Azure Service Bus environment. Each rule can grant different levels of access, ranging from listening to messages, sending messages, or managing the entity.

select
name,
r ->> 'name' as rule_name,
r ->> 'id' as rule_id,
r ->> 'type' as rule_type,
r ->> 'properties' as rule_properties
from
azure_servicebus_namespace as n,
jsonb_array_elements(authorization_rules) as r;
select
name,
json_extract(r.value, '$.name') as rule_name,
json_extract(r.value, '$.id') as rule_id,
json_extract(r.value, '$.type') as rule_type,
json_extract(r.value, '$.properties') as rule_properties
from
azure_servicebus_namespace as n,
json_each(n.authorization_rules) as r;

Schema for azure_servicebus_namespace

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
authorization_rulesjsonbThe authorization rules for a namespace.
cloud_environmenttextThe Azure Cloud Environment.
created_attimestamp with time zoneThe time the namespace was created.
diagnostic_settingsjsonbA list of active diagnostic settings for the servicebus namespace.
disable_local_authbooleanThis property disables SAS authentication for the Service Bus namespace.
encryptionjsonbSpecifies the properties of BYOK encryption configuration. Customer-managed key encryption at rest (Bring Your Own Key) is only available on Premium namespaces.
idtextThe unique id identifying the resource in subscription.
metric_idtextThe identifier for Azure insights metrics.
nametext=The name of the resource.
network_rule_setjsonbDescribes the network rule set for specified namespace. The ServiceBus Namespace must be Premium in order to attach a ServiceBus Namespace Network Rule Set.
private_endpoint_connectionsjsonbThe private endpoint connections of the namespace.
provisioning_statetextThe provisioning state of the namespace.
regiontextThe Azure region/location in which the resource is located.
resource_grouptext=The resource group which holds this resource.
servicebus_endpointtextSpecifies the endpoint used to perform Service Bus operations.
sku_capacitybigintThe specified messaging units for the tier. For Premium tier, capacity are 1,2 and 4.
sku_nametextName of this SKU. Valid valuer are: 'Basic', 'Standard', 'Premium'.
sku_tiertextThe billing tier of this particular SKU. Valid values are: 'Basic', 'Standard', 'Premium'.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextStatus of the namespace.
subscription_idtext=, !=, ~~, ~~*, !~~, !~~*The Azure Subscription ID in which the resource is located.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
typetextThe type of the resource.
updated_attimestamp with time zoneThe time the namespace was updated.
zone_redundantbooleanEnabling this property creates a Premium Service Bus Namespace in regions supported availability zones.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_servicebus_namespace