Skip to content

cloudforet-io/plugin-azure-inven-collector

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Microsoft Azure Collector



Version License: Apache 2.0

Plugin to collect Microsoft Azure Cloud Services

Cloudforet's plugin-azure-cloud-services is a convenient tool to get cloud service data from Azure Cloud Services.

Find us also at Dockerhub

Latest stable version : 2.0.0

Please contact us if you need any further information. [email protected]

Contents

Cloud Service Type Cloud Service
Instance Application Gateways
Container Container Instances
Instance CosmosDB
Disk Disks
Instance KeyVaults
Instance Load Balancers
Server MySQL Servers
Server MySQL Flexible Servers
Instance NAT Gateways
Instance Network Security Groups
Server PostgreSQL Servers
Server PostgreSQL Flexible Servers
IPAddress Public IP Addresses
Instance Snapshots
Server SQL Servers
Database SQL Databases
Storage Storage Accounts
Instance Virtual Machines
Instance Virtual Networks
ScaleSet VM ScaleSets
Service Web PubSub Service

SETTING

You should insert information about account in Cloudforet's Service Account initially.

  • Base Information

    • name
    • Tenant ID
    • Subscription ID
    • Tag
  • Credentials

    • Tenant ID
    • Subscription ID
    • Client Secret
    • Client ID

Azure Service Endpoint (in use)

There is an endpoints used to collect Azure resources information.

https://management.azure.com
https://login.microsoftonline.com
https://*.vault.azure.net

Service list

The following is a list of services being collected and service code information.

No. Service name Service Code
1 Application Gateways Microsoft.Network/applicationGateways
2 Cosmos DB Microsoft.DocumentDB/databaseAccounts
3 Disks Microsoft.Compute/disks
4 Key Vaults Microsoft.KeyVault/vaults
5 Load Balancers Microsoft.Network/loadBalancers
6 MySQL Servers Microsoft.DBforMySQL/servers
7 MySQL Flexible Servers Microsoft.DBforMySQL/flexibleServers
8 SQL Servers Microsoft.Sql/servers
9 SQL Databases Microsoft.Sql/servers/databases
10 NAT Gateways Microsoft.Network/natGateways
11 Network Security Groups Microsoft.Network/networkSecurityGroups
12 PostgreSQL Servers Microsoft.DBforPostgreSQL/servers
13 PostgreSQL Flexible Servers Microsoft.DBforPostgreSQL/flexibleServers
14 Public IP Addresses Microsoft.Network/publicIPAddresses
15 Snapshots Microsoft.Compute/snapshots
16 Storage Accounts Microsoft.Storage/storageAccounts
17 Virtual Machines Microsoft.Compute/virtualMachines
18 Virtual Networks Microsoft.Network/virtualNetworks
19 VM ScaleSets Microsoft.Compute/virtualMachineScaleSets
20 Container Instances Microsoft.ContainerInstance/containerGroups
21 Web PubSub Service Microsoft.SignalRService/WebPubSub

Authentication Overview

Registered service account on Cloudforet must have certain permissions to collect cloud service data Please, set authentication privilege for followings:

Custom roles for collecting Azure cloud resources

Cloudforet Azure collector requires several privileges for collecting resources.
Please create custom roles in Azure portal, and assign following roles to Cloudforet Azure collector apps before collect resources. For information on creating custom roles in Azure, see the Microsoft custom role document.

{
    "properties": {
        "roleName": "cloudforet_azure_collector_role",
        "description": "custom role for cloudforet azure collector",
        "assignableScopes": [
            "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Network/applicationGateways/read",
                    "Microsoft.Network/applicationGateways/privateEndpointConnections/read",
                    "Microsoft.Network/applicationGateways/privateLinkConfigurations/read",
                    "Microsoft.Network/applicationGateways/privateLinkResources/read",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/publicIPAddresses/dnsAliases/read",
                    "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/logDefinitions/read",
                    "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read",
                    "Microsoft.DocumentDB/databaseAccounts/services/read",
                    "Microsoft.DocumentDB/databaseAccounts/read",
                    "Microsoft.DocumentDB/databaseAccounts/listKeys/action",
                    "Microsoft.DocumentDB/databaseAccounts/privateLinkResources/read",
                    "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/read",
                    "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/clientEncryptionKeys/read",
                    "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/read",
                    "Microsoft.DocumentDB/databaseAccounts/tables/read",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.KeyVault/vaults/read",
                    "Microsoft.KeyVault/vaults/keys/read",
                    "Microsoft.KeyVault/vaults/providers/Microsoft.Insights/diagnosticSettings/Read",
                    "Microsoft.KeyVault/vaults/privateEndpointConnections/read",
                    "Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/read",
                    "Microsoft.KeyVault/vaults/secrets/read",
                    "Microsoft.Network/loadBalancers/read",
                    "Microsoft.Network/loadBalancers/backendAddressPools/read",
                    "Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read",
                    "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
                    "Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/read",
                    "Microsoft.Network/loadBalancers/inboundNatPools/read",
                    "Microsoft.Network/loadBalancers/inboundNatRules/read",
                    "Microsoft.Network/loadBalancers/loadBalancingRules/read",
                    "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
                    "Microsoft.Network/loadBalancers/outboundRules/read",
                    "Microsoft.Network/loadBalancers/networkInterfaces/read",
                    "Microsoft.Network/loadBalancers/probes/read",
                    "Microsoft.Network/loadBalancers/virtualMachines/read",
                    "Microsoft.Network/networkInterfaces/loadBalancers/read",
                    "Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action",
                    "Microsoft.Network/virtualNetworks/joinLoadBalancer/action",
                    "Microsoft.DBforMySQL/flexibleServers/read",
                    "Microsoft.DBforMySQL/flexibleServers/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.DBforMySQL/servers/read",
                    "Microsoft.DBforMySQL/servers/administrators/read",
                    "Microsoft.DBforMySQL/servers/advisors/read",
                    "Microsoft.DBforMySQL/servers/privateEndpointConnectionProxies/read",
                    "Microsoft.DBforMySQL/servers/keys/read",
                    "Microsoft.DBforMySQL/servers/privateEndpointConnections/read",
                    "Microsoft.DBforMySQL/servers/privateLinkResources/read",
                    "Microsoft.DBforMySQL/servers/configurations/read",
                    "Microsoft.DBforMySQL/servers/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.DBforMySQL/servers/providers/Microsoft.Insights/metricDefinitions/read",
                    "Microsoft.DBforMySQL/servers/firewallRules/read",
                    "Microsoft.DBforMySQL/servers/databases/read",
                    "Microsoft.DBforMySQL/servers/replicas/read",
                    "Microsoft.DBforMySQL/servers/performanceTiers/read",
                    "Microsoft.DBforMySQL/servers/recoverableServers/read",
                    "Microsoft.DBforMySQL/servers/virtualNetworkRules/read",
                    "Microsoft.Network/natGateways/read",
                    "Microsoft.Network/natGateways/join/action",
                    "microsoft.network/vpnGateways/natRules/read",
                    "microsoft.network/virtualNetworkGateways/natRules/read",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/publicIPAddresses/dnsAliases/read",
                    "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Network/publicIPPrefixes/read",
                    "Microsoft.Network/virtualNetworks/subnets/read",
                    "Microsoft.Network/networkSecurityGroups/read",
                    "Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
                    "Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Network/networkSecurityGroups/securityRules/read",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action",
                    "Microsoft.Network/virtualNetworks/subnets/read",
                    "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.DBforPostgreSQL/servers/read",
                    "Microsoft.DBforPostgreSQL/servers/administrators/read",
                    "Microsoft.DBforPostgreSQL/servers/advisors/read",
                    "Microsoft.DBforPostgreSQL/servers/privateEndpointConnectionProxies/read",
                    "Microsoft.DBforPostgreSQL/servers/keys/read",
                    "Microsoft.DBforPostgreSQL/servers/privateEndpointConnections/read",
                    "Microsoft.DBforPostgreSQL/servers/privateLinkResources/read",
                    "Microsoft.DBforPostgreSQL/servers/configurations/read",
                    "Microsoft.DBforPostgreSQL/servers/firewallRules/read",
                    "Microsoft.DBforPostgreSQL/servers/databases/read",
                    "Microsoft.DBforPostgreSQL/servers/replicas/read",
                    "Microsoft.DBforPostgreSQL/servers/recoverableServers/read",
                    "Microsoft.DBforPostgreSQL/servers/securityAlertPolicies/read",
                    "Microsoft.DBforPostgreSQL/servers/virtualNetworkRules/read",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/publicIPAddresses/join/action",
                    "Microsoft.Network/publicIPAddresses/dnsAliases/read",
                    "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/publicIPAddresses/join/action",
                    "Microsoft.Network/publicIPAddresses/dnsAliases/read",
                    "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Storage/deletedAccounts/read",
                    "Microsoft.Storage/storageAccounts/read",
                    "Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
                    "Microsoft.Storage/storageAccounts/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Storage/storageAccounts/blobServices/read",
                    "Microsoft.Storage/storageAccounts/blobServices/containers/read",
                    "Microsoft.Storage/storageAccounts/tableServices/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Storage/storageAccounts/privateLinkResources/read",
                    "Microsoft.Storage/storageAccounts/objectReplicationPolicies/read",
                    "Microsoft.Storage/storageAccounts/encryptionScopes/read",
                    "Microsoft.Compute/virtualMachineScaleSets/read",
                    "Microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read",
                    "Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses/read",
                    "Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Compute/virtualMachineScaleSets/extensions/read",
                    "Microsoft.Compute/virtualMachineScaleSets/extensions/roles/read",
                    "Microsoft.Compute/virtualMachineScaleSets/instanceView/read",
                    "Microsoft.Compute/virtualMachineScaleSets/osUpgradeHistory/read",
                    "Microsoft.Compute/virtualMachineScaleSets/skus/read",
                    "Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/read",
                    "Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read",
                    "Microsoft.Compute/virtualMachineScaleSets/vmSizes/read",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/read",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/read",
                    "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read",
                    "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/read",
                    "Microsoft.Network/loadBalancers/virtualMachines/read",
                    "Microsoft.Network/networkInterfaces/join/action",
                    "Microsoft.Network/privateDnsZones/read",
                    "Microsoft.Network/privateDnsZones/virtualNetworkLinks/read",
                    "Microsoft.Network/locations/virtualNetworkAvailableEndpointServices/read",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/locations/supportedVirtualMachineSizes/read",
                    "Microsoft.Network/virtualNetworks/bastionHosts/default/action",
                    "Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read",
                    "Microsoft.Network/virtualNetworks/privateDnsZoneLinks/read",
                    "Microsoft.Network/virtualNetworks/usages/read",
                    "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
                    "Microsoft.Network/virtualNetworks/remoteVirtualNetworkPeeringProxies/read",
                    "Microsoft.Network/virtualNetworks/subnets/read",
                    "Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/read",
                    "Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/read",
                    "Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read",
                    "Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/details/read",
                    "Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
                    "Microsoft.Network/virtualNetworks/virtualMachines/read",
                    "Microsoft.Network/virtualNetworks/customViews/read",
                    "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read",
                    "Microsoft.Network/virtualNetworkGateways/read",
                    "microsoft.network/virtualNetworkGateways/natRules/read",
                    "Microsoft.Network/virtualNetworkGateways/providers/Microsoft.Insights/diagnosticSettings/read",
                    "microsoft.network/virtualnetworkgateways/connections/read",
                    "Microsoft.Network/connections/read",
                    "Microsoft.Network/virtualNetworkTaps/read",
                    "Microsoft.Network/virtualNetworkTaps/networkInterfaceTapConfigurationProxies/read",
                    "Microsoft.Network/virtualRouters/read",
                    "Microsoft.Network/virtualRouters/providers/Microsoft.Insights/metricDefinitions/read",
                    "Microsoft.Network/virtualRouters/peerings/read",
                    "Microsoft.DocumentDB/databaseAccounts/listKeys/action",
                    "Microsoft.ContainerInstance/containerGroups/read",
                    "Microsoft.SignalRService/WebPubSub/read",
                    "Microsoft.SignalRService/WebPubSub/hubs/read",
                    "Microsoft.SignalRService/webPubSub/listKeys/action",
                    "Microsoft.Insights/Metrics/Read",
                    "Microsoft.Sql/servers/read",
                    "Microsoft.Sql/servers/administrators/read",
                    "Microsoft.Sql/servers/databases/read",
                    "Microsoft.Sql/servers/automaticTuning/read",
                    "Microsoft.Sql/servers/databases/automaticTuning/read",
                    "Microsoft.Sql/servers/databases/auditingSettings/read",
                    "Microsoft.Sql/servers/auditingSettings/read",
                    "Microsoft.Sql/servers/failoverGroups/read",
                    "Microsoft.Sql/servers/encryptionProtector/read",
                    "Microsoft.Sql/servers/elasticPools/read",
                    "Microsoft.Sql/servers/elasticPools/databases/read",
                    "Microsoft.Sql/servers/restorableDroppedDatabases/read",
                    "Microsoft.Sql/servers/firewallRules/read",
                    "Microsoft.Sql/servers/virtualNetworkRules/read",
                    "Microsoft.Sql/servers/databases/syncGroups/read",
                    "Microsoft.Sql/servers/syncAgents/read",
                    "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules/read",
                    "Microsoft.Sql/servers/databases/replicationLinks/read",
                    "Microsoft.Sql/servers/replicationLinks/read"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

Additional custom roles for Cloudforet collector

Some of cloud services require several additional IAM settings for collecting resources.

  • KeyVaults

For collecting Azure KeyVaults resources, you need to assign a Key Vault access policy to SpaceONE collector App in Azure portal.

For information on assigning access policy, see Microsoft key vault access policy document - legacy.
If your KeyVaults has Azure RBAC model see Microsoft key vault access policy document

  • Cosmos DB

For collecting key lists in CosmosDB azure resources, you need to assign an access policy to SpaceONE collector App in Azure portal. For information on creating custom roles in Azure, see the Microsoft custom role document.

{
    "properties": {
        "roleName": "YOUR_ROLE_NAME_FOR_LIST_KEYS_IN_COSMOSDB",
        "description": "",
        "assignableScopes": [
            "/subscriptions/YOUR_SUBSCRIPTION_ID"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.DocumentDB/databaseAccounts/listKeys/action"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
  • Virtual Machine Scale Sets
    • Scope

    • Permissions

      "Microsoft.Compute/virtualMachineScaleSets/read",
      "Microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read",
      "Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses/read",
      "Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read",
      "Microsoft.Compute/virtualMachineScaleSets/extensions/read",
      "Microsoft.Compute/virtualMachineScaleSets/extensions/roles/read",
      "Microsoft.Compute/virtualMachineScaleSets/instanceView/read",
      "Microsoft.Compute/virtualMachineScaleSets/osUpgradeHistory/read",
      "Microsoft.Compute/virtualMachineScaleSets/skus/read",
      "Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/read",
      "Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read",
      "Microsoft.Compute/virtualMachineScaleSets/vmSizes/read",
      "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read",
      "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/read",
      "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read",
      "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read",
      "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read",
      "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read",
      "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/read",
      "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read"
      
  • Virtual Networks

  • Permissions

      "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks/read",
      "Microsoft.Network/virtualNetworks/listDnsResolvers/action",
      "Microsoft.Network/virtualNetworks/listDnsForwardingRulesets/action"
      "Microsoft.Network/loadBalancers/virtualMachines/read",
      "Microsoft.Network/networkInterfaces/join/action",
      "Microsoft.Network/privateDnsZones/read",
      "Microsoft.Network/privateDnsZones/virtualNetworkLinks/read",
      "Microsoft.Network/locations/virtualNetworkAvailableEndpointServices/read",
      "Microsoft.Network/virtualNetworks/read",
      "Microsoft.Network/locations/supportedVirtualMachineSizes/read",
      "Microsoft.Network/virtualNetworks/bastionHosts/default/action",
      "Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read",
      "Microsoft.Network/virtualNetworks/privateDnsZoneLinks/read",
      "Microsoft.Network/virtualNetworks/usages/read",
      "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
      "Microsoft.Network/virtualNetworks/remoteVirtualNetworkPeeringProxies/read",
      "Microsoft.Network/virtualNetworks/subnets/read",
      "Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/read",
      "Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/read",
      "Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read",
      "Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/details/read",
      "Microsoft.Network/virtualNetworks/subnets/virtualMachines/read",
      "Microsoft.Network/virtualNetworks/virtualMachines/read",
      "Microsoft.Network/virtualNetworks/customViews/read",
      "Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read",
      "Microsoft.Network/virtualNetworkGateways/read",
      "microsoft.network/virtualNetworkGateways/natRules/read",
      "Microsoft.Network/virtualNetworkGateways/providers/Microsoft.Insights/diagnosticSettings/read",
      "microsoft.network/virtualnetworkgateways/connections/read",
      "Microsoft.Network/connections/read",
      "Microsoft.Network/virtualNetworkTaps/read",
      "Microsoft.Network/virtualNetworkTaps/networkInterfaceTapConfigurationProxies/read",
      "Microsoft.Network/virtualRouters/read",
      "Microsoft.Network/virtualRouters/providers/Microsoft.Insights/metricDefinitions/read",
      "Microsoft.Network/virtualRouters/peerings/read"
    
  • SQL Servers
    • Scope

      • https://learn.microsoft.com/en-us/python/api/azure-mgmt-sql/azure.mgmt.sql.sqlmanagementclient?view=azure-python
        • servers
          • list()
        • databases
          • list_by_server()
          • list_by_elastic_pool()
        • server_azure_ad_administrators
          • list_by_server()
        • server_automatic_tuning
          • get()
        • server_blob_auditing_policies
          • get()
        • failover_groups
          • list_by_server()
        • list_encryption_protectors
          • list_by_server()
        • elastic_pools
          • list_by_server()
        • restorable_dropped_databases
          • list_by_server()
        • firewall_rules
          • list_by_server()
        • virtual_network_rules
          • list_by_server()
        • sync_groups
          • list_by_server()
        • sync_agents
          • list_by_server()
        • data_masking_policies
          • list_by_database()
        • replication_links
          • list_by_database()
    • Permissions

    "Microsoft.Sql/servers/read",
    "Microsoft.Sql/servers/administrators/read",
    "Microsoft.Sql/servers/databases/read",
    "Microsoft.Sql/servers/automaticTuning/read",
    "Microsoft.Sql/servers/databases/automaticTuning/read",
    "Microsoft.Sql/servers/databases/auditingSettings/read",
    "Microsoft.Sql/servers/auditingSettings/read",
    "Microsoft.Sql/servers/failoverGroups/read",
    "Microsoft.Sql/servers/encryptionProtector/read",
    "Microsoft.Sql/servers/elasticPools/read",
    "Microsoft.Sql/servers/elasticPools/databases/read",
    "Microsoft.Sql/servers/restorableDroppedDatabases/read",
    "Microsoft.Sql/servers/firewallRules/read",
    "Microsoft.Sql/servers/virtualNetworkRules/read",
    "Microsoft.Sql/servers/databases/syncGroups/read",
    "Microsoft.Sql/servers/syncAgents/read",
    "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules/read",
    "Microsoft.Sql/servers/databases/replicationLinks/read",
    "Microsoft.Sql/servers/replicationLinks/read"
    
  • SQL Databases
    • Scope
    • Permissions
      "Microsoft.Sql/servers/read",
      "Microsoft.Sql/servers/syncAgents/read",
      "Microsoft.Sql/servers/replicationLinks/read",
      "Microsoft.Sql/servers/databases/replicationLinks/read",
      "Microsoft.Sql/servers/databases/read",
      "Microsoft.Sql/servers/databases/auditingSettings/read",
      "Microsoft.Sql/servers/databases/syncGroups/read"
      
  • Load Balancer
    • Scope

    • Permissions

      "Microsoft.Network/loadBalancers/read",
      "Microsoft.Network/loadBalancers/backendAddressPools/read",
      "Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read",
      "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/read",
      "Microsoft.Network/loadBalancers/frontendIPConfigurations/read",
      "Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/read",
      "Microsoft.Network/loadBalancers/inboundNatPools/read",
      "Microsoft.Network/loadBalancers/inboundNatRules/read",
      "Microsoft.Network/loadBalancers/loadBalancingRules/read",
      "Microsoft.Network/loadBalancers/providers/Microsoft.Insights/logDefinitions/read",
      "Microsoft.Network/loadBalancers/outboundRules/read",
      "Microsoft.Network/loadBalancers/networkInterfaces/read",
      "Microsoft.Network/loadBalancers/probes/read",
      "Microsoft.Network/loadBalancers/virtualMachines/read",
      "Microsoft.Network/networkInterfaces/loadBalancers/read",
      "Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action",
      "Microsoft.Network/virtualNetworks/joinLoadBalancer/action"
      
  • Network Security Group
    • Scope

    • Permissions

        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read",
        "Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Network/networkSecurityGroups/securityRules/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
        "Microsoft.Network/virtualNetworks/subnets/join/action"
      
  • Application Gateways
    • Scope

    • Permissions

        "Microsoft.Network/applicationGateways/read",
        "Microsoft.Network/applicationGateways/privateEndpointConnections/read",
        "Microsoft.Network/applicationGateways/privateLinkConfigurations/read",
        "Microsoft.Network/applicationGateways/privateLinkResources/read",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/publicIPAddresses/dnsAliases/read",
        "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/logDefinitions/read",
        "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read"
      
  • NAT Gateways
    • Scope

    • Permissions

        "Microsoft.Network/natGateways/read",
        "Microsoft.Network/natGateways/join/action",
        "microsoft.network/vpnGateways/natRules/read",
        "microsoft.network/virtualNetworkGateways/natRules/read",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/publicIPAddresses/dnsAliases/read",
        "Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Network/publicIPPrefixes/read",
        "Microsoft.Network/virtualNetworks/subnets/read"
      

MySQL Servers (Deprecated)

  • MySQL Servers
    • Scope

    • Permissions

      "Microsoft.DBforMySQL/flexibleServers/read",
      "Microsoft.DBforMySQL/flexibleServers/providers/Microsoft.Insights/diagnosticSettings/read",
      "Microsoft.DBforMySQL/servers/read",
      "Microsoft.DBforMySQL/servers/administrators/read",
      "Microsoft.DBforMySQL/servers/advisors/read",
      "Microsoft.DBforMySQL/servers/privateEndpointConnectionProxies/read",
      "Microsoft.DBforMySQL/servers/keys/read",
      "Microsoft.DBforMySQL/servers/privateEndpointConnections/read",
      "Microsoft.DBforMySQL/servers/privateLinkResources/read",
      "Microsoft.DBforMySQL/servers/configurations/read",
      "Microsoft.DBforMySQL/servers/providers/Microsoft.Insights/diagnosticSettings/read",
      "Microsoft.DBforMySQL/servers/providers/Microsoft.Insights/metricDefinitions/read",
      "Microsoft.DBforMySQL/servers/firewallRules/read",
      "Microsoft.DBforMySQL/servers/databases/read",
      "Microsoft.DBforMySQL/servers/replicas/read",
      "Microsoft.DBforMySQL/servers/performanceTiers/read",
      "Microsoft.DBforMySQL/servers/recoverableServers/read",
      "Microsoft.DBforMySQL/servers/virtualNetworkRules/read"
      
    • SpaceONE Inventory Collector only supports Single Servers type.

    • Azure Database for MySQL Single Servers is on the retirement path.

PostgreSQL Servers (Deprecated)

  • PostgreSQL Servers
    • Scope

    • Permissions

        "Microsoft.DBforPostgreSQL/servers/read",
        "Microsoft.DBforPostgreSQL/servers/administrators/read",
        "Microsoft.DBforPostgreSQL/servers/advisors/read",
        "Microsoft.DBforPostgreSQL/servers/privateEndpointConnectionProxies/read",
        "Microsoft.DBforPostgreSQL/servers/keys/read",
        "Microsoft.DBforPostgreSQL/servers/privateEndpointConnections/read",
        "Microsoft.DBforPostgreSQL/servers/privateLinkResources/read",
        "Microsoft.DBforPostgreSQL/servers/configurations/read",
        "Microsoft.DBforPostgreSQL/servers/firewallRules/read",
        "Microsoft.DBforPostgreSQL/servers/databases/read",
        "Microsoft.DBforPostgreSQL/servers/replicas/read",
        "Microsoft.DBforPostgreSQL/servers/recoverableServers/read",
        "Microsoft.DBforPostgreSQL/servers/securityAlertPolicies/read",
        "Microsoft.DBforPostgreSQL/servers/virtualNetworkRules/read"
      
    • SpaceONE Inventory Collector only supports Single Servers type.

    • Azure Database for PostgreSQL Single Servers is on the retirement path.


Options

Cloud Service Type : Specify what to collect

If cloud_service_types is added to the list elements in options, only the specified cloud service type is collected. By default, if cloud_service_types is not specified in options, all services are collected.

The cloud_service_types items that can be specified are as follows.


{
    "cloud_service_types": [
        'ApplicationGateways',
        'CosmosDB',
        'Disks',
        'KeyVaults',
        'LoadBalancers',
        'MySQLServers',
        'SQLServers',
        'SQLDatabases',
        'NATGateways',
        'NetworkSecurityGroups,
        'PostgreSQLServers',
        'PublicIPAddresses',
        'Snapshots',
        'StorageAccounts',
        'VirtualMachines',
        'VirtualNetworks',
        'VMScaleSets',
        'ContainerInstances',
        'WebPubSubService'
    ]
}

How to update plugin information using spacectl is as follows. First, create a yaml file to set options.


> cat update_collector.yaml
---
collector_id: collector-xxxxxxx
options:
  cloud_service_types:
    - VMScaleSet
    - VirtualNetwork

Update plugin through spacectl command with the created yaml file.


> spacectl exec update_plugin inventory.Collector -f update_collector.yaml

Service Code Mapper : Convert service code in Cloud Service Type what you want.

If service_code_mappers is added in options, You can replace the service code specified in the cloud service type. The service code set by default can be checked in the Service List item of this document.

The service_code_mappers items that can be specified are as follows.


{
    "service_code_mappers": {
        "Microsoft.Compute/disks": "Azure Virtual Disk",
        "Microsoft.Storage/storageAccounts": "Azure Storage Account",
    }
}

Custom Asset URL : Update ASSET_URL in Cloud Service Type.

If custom_asset_url is in options, You can change it to an asset_url that users will use instead of the default asset_url.
The default ASSET_URL in cloud_service_conf is https://spaceone-custom-assets.s3.ap-northeast-2.amazonaws.com/console-assets/icons/cloud-services/azure


{
    "custom_asset_url": "https://xxxxx.cloudforet.dev/icon/azure"
}


Release Note

Version Description Affected Service Release Date
2.0.0 - Migration to spaceone framework 2.0 All Services 2024.08.22
1.7.0 - Add metric data query for all services All Services 2024.07.02
1.6.18 - Fix Data Size too big error when collecting StorageAccounts Storage Accounts 2023.09.26
1.6.15 - Fix SQL Databases error 'mappingproxy' object does not support item assignment SQL Databases 2023.08.04
1.6.14 - Fix Application Gateways error with assigned managed identity Application Gateways 2023.08.01
1.6.13 - Fix Application Gateways None type error Application Gateways 2023.07.13
1.6.12 - Fix Virtual Networks modeling error
- Fix Disks modeling error
- Fix error occurs when collecting SQL server and database
Virtual Networks, Disks, SQL Servers, SQL Databases 2023.07.05
1.6.9 - Fix CosmosDB location info
- Add all Azure location info
CosmosDB 2023.06.30

Ver 1.6.14

Ver 1.6.13

Ver 1.6.12

Ver 1.6.9

Ver 1.6.7

Ver 1.6.4

Ver 1.6.3

Ver 1.6.1

Ver 1.6.0

Ver 1.5.0

Ver 1.4.0

Ver 1.3.0

Ver 1.2.15

Ver 1.2.14

Ver 1.2.13

Ver 1.2.12

Ver 1.2.10

Ver 1.2.8

Ver 1.2.7

Ver 1.2.6

  • Add Storage Accounts cloud service

Ver 1.2.5

  • Add NAT Gateways cloud service

Ver 1.2.4

  • Add Network Security Groups cloud service

Ver 1.2.3

  • Add Virtual Networks, Application Gateways, Public IP Address cloud service