/* * Copyright 2016-2019 Fraunhofer AISEC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * $$\ $$\ $$\ $$\ * $$ | $$ |\__| $$ | * $$$$$$$\ $$ | $$$$$$\ $$\ $$\ $$$$$$$ |$$\ $$$$$$\ $$$$$$\ $$$$$$\ * $$ _____|$$ |$$ __$$\ $$ | $$ |$$ __$$ |$$ |\_$$ _| $$ __$$\ $$ __$$\ * $$ / $$ |$$ / $$ |$$ | $$ |$$ / $$ |$$ | $$ | $$ / $$ |$$ | \__| * $$ | $$ |$$ | $$ |$$ | $$ |$$ | $$ |$$ | $$ |$$\ $$ | $$ |$$ | * \$$$$$$\ $$ |\$$$$$ |\$$$$$ |\$$$$$$ |$$ | \$$$ |\$$$$$ |$$ | * \_______|\__| \______/ \______/ \_______|\__| \____/ \______/ \__| * * This file is part of Clouditor Community Edition. */ package io.clouditor.discovery.azure; import com.microsoft.azure.management.sql.SqlActiveDirectoryAdministrator; import com.microsoft.azure.management.sql.SqlEncryptionProtector; import com.microsoft.azure.management.sql.SqlFirewallRule; import com.microsoft.azure.management.sql.SqlServer; import com.microsoft.azure.management.sql.SqlServerSecurityAlertPolicy; import com.microsoft.azure.management.sql.implementation.ServerBlobAuditingPolicyInner; import io.clouditor.discovery.Asset; import io.clouditor.discovery.ScanException; import io.clouditor.discovery.ScannerInfo; import java.util.List; @ScannerInfo(assetType = "SQLServer", group = "Azure", service = "SQL", assetIcon = "fas fa-server") public class AzureSQLServerScanner extends AzureScanner<SqlServer> { public AzureSQLServerScanner() { super(SqlServer::id, SqlServer::name); } @Override protected List<SqlServer> list() { return this.resourceGroup != null ? this.api.azure().sqlServers().listByResourceGroup(this.resourceGroup) : this.api.azure().sqlServers().list(); } @Override protected Asset transform(SqlServer server) throws ScanException { var asset = super.transform(server); enrich( asset, "securityAlertPolicy", server, x -> x.serverSecurityAlertPolicies().get(), SqlServerSecurityAlertPolicy::id, SqlServerSecurityAlertPolicy::name); enrich( asset, "encryptionProtectors", server, x -> x.encryptionProtectors().get(), SqlEncryptionProtector::id, SqlEncryptionProtector::serverKeyName); enrich( asset, "activeDirectoryAdmin", server, x -> server.getActiveDirectoryAdministrator(), SqlActiveDirectoryAdministrator::id, SqlActiveDirectoryAdministrator::signInName); enrichList( asset, "firewallRules", server, x -> x.firewallRules().list(), SqlFirewallRule::id, SqlFirewallRule::name); enrich( asset, "auditingPolicy", server, x -> this.api .azure() .sqlServers() .manager() .inner() .serverBlobAuditingPolicies() .get(server.resourceGroupName(), server.name()), ServerBlobAuditingPolicyInner::id, ServerBlobAuditingPolicyInner::name); return asset; } }