This repository has been archived by the owner on Nov 3, 2023. It is now read-only.
Azure input with basic collector for VM instances #314
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
💚 Build Succeeded
History
cc @girodav |
MichaelKatsoulis
approved these changes
Sep 19, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do
This PR adds a new input to collect Azure-related assets. To keep the PR at a reasonable size, only Azure VM instances assets collection is included.
Important notes
cloud.account.id. While it might be more accurate to consider the 'Tenant' as the closest Azure equivalent to an 'account,' it's worth noting that the vast majority of resources we intend to gather information about are organized and grouped by subscription. This includes items like VM instances, storage, event hubs, and networks.asset.id(see the generated sample below). While it may appear lengthy and somewhat redundant, it aligns with what is published in our Azure integrations.Generated asset document sample
{ "@timestamp": "2023-09-13T14:42:51.494Z", "asset.metadata.resource_group": "GIZASVM", "host": { "name": "host" }, "cloud.region": "westeurope", "cloud.provider": "azure", "agent": { "ephemeral_id": "a80c69df-22dd-4f97-bfd2-14572af2b9d4", "id": "9a7ef1a9-0cce-4857-90f9-699bc14d8df3", "name": "worklaptop.fritz.box", "type": "assetbeat", "version": "8.9.0" }, "input": { "type": "assets_azure" }, "cloud.account.id": "12cabcb4-86e8-404f-a3d2-111111111111", "asset.kind": "host", "asset.id": "/subscriptions/12cabcb4-86e8-404f-a3d2-111111111111/resourceGroups/GIZASVM/providers/Microsoft.Compute/virtualMachines/gizasvmWindowsenterprise", "asset.ean": "host:/subscriptions/12cabcb4-86e8-404f-a3d2-111111111111/resourceGroups/GIZASVM/providers/Microsoft.Compute/virtualMachines/gizasvmWindowsenterprise", "asset.metadata.state": "VM running", "asset.type": "azure.vm.instance", "ecs": { "version": "8.0.0" } }Additional remarks
The current stable version of the Azure SDK for Go doesn't have support for fakes/mocks. However, the good news is that they're actively addressing this issue. According to the information in this GitHub issue, support for fakes is expected to be included in the upcoming GA version scheduled for release in September. Given this, I've made the decision not to spend time on a temporary workaround for unit tests. Instead, I'll be utilizing the latest beta version of the SDK, which already incorporates the new fakes.