Note
Requires the typical Azure credentials to be set in your environment for the client to work. This can either be set manually or using the az tool
| Name | Environment Variable | Required | Description |
|---|---|---|---|
subscription_id |
$CCF_PLUGINS_AZURE_CONFIG_SUBSCRIPTION_ID |
✅ | Subscription ID for the Azure instance |
$ mkdir -p dist
$ go build -o dist/plugin main.goThe plugin does not do any manipulation of the structures provided back from azure-go-sdk, so anything that is passed back can be queried in rego. However, due to the linked nature of azure with IDs through the API, the plugin saturates the data that is passed back and places them in a wrapper around structures.
The golang definition can be found below:
type AzureVMInstance struct {
Instance *armcompute.VirtualMachine `json:"instance"`
NetworkInterfaces []*AzureVMNetworkInterface `json:"network_interfaces"`
}
type AzureVMNetworkInterface struct {
Config *armnetwork.InterfacesClientGetResponse `json:"config"`
PublicIPs []*armnetwork.PublicIPAddressesClientGetResponse `json:"public_ips,omitempty"`
SecurityGroup *armnetwork.SecurityGroupsClientGetResponse `json:"security_group,omitempty"`
}To see what data is available, the recommendation is to look at the golang documentation for the different types:
armcompute.VirtualMachinearmnetwork.InterfacesClientGetResponsearmnetwork.PublicIPAddressesClientGetResponsearmnetwork.SecurityGroupsClientGetResponse
To see the data in action, have a look at the unit tests found in the policies repo