From a747c7983e4a717af57db0c0fc0cedcb785175c7 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Wed, 1 Nov 2023 21:39:09 -0700 Subject: [PATCH] Added ability to filter by Management Groups when excluding Subscriptions --- engine/app/routers/argquery.py | 28 ++++++++++++++++++++--- engine/app/routers/azure.py | 16 ++++++------- engine/app/routers/user.py | 2 +- ui/src/features/exclusions/exclusions.jsx | 6 ++++- 4 files changed, 39 insertions(+), 13 deletions(-) diff --git a/engine/app/routers/argquery.py b/engine/app/routers/argquery.py index 9f7a4e3..9028ef2 100644 --- a/engine/app/routers/argquery.py +++ b/engine/app/routers/argquery.py @@ -6,9 +6,25 @@ | project id, prefixes, resv = tags["ipam-res-id"] """ +# SUBSCRIPTION = """ +# resourcecontainers +# | where type =~ 'microsoft.resources/subscriptions' +# | extend quotaId = properties.subscriptionPolicies.quotaId +# | extend type = case( +# quotaId startswith "EnterpriseAgreement", "Enterprise Agreement", +# quotaId startswith "MSDNDevTest", "Dev/Test", +# quotaId startswith "MSDN_2014-09-0", "PAYGO", +# quotaId startswith "Internal", "Microsoft Internal", +# "Unknown" +# ) +# | project name, id, type, subscription_id = subscriptionId, tenant_id = tenantId +# """ + SUBSCRIPTION = """ -ResourceContainers -| where type =~ 'microsoft.resources/subscriptions' +resourcecontainers +| where type=~ 'microsoft.resources/subscriptions' +| extend mgParent = properties.managementGroupAncestorsChain +| extend mgName = tostring(mgParent[0].name) | extend quotaId = properties.subscriptionPolicies.quotaId | extend type = case( quotaId startswith "EnterpriseAgreement", "Enterprise Agreement", @@ -17,7 +33,13 @@ quotaId startswith "Internal", "Microsoft Internal", "Unknown" ) -| project name, id, type, subscription_id = subscriptionId, tenant_id = tenantId +| join kind=leftouter ( + resourcecontainers + | where type =~ 'microsoft.management/managementgroups' + | extend mgDisplayName = iff((tostring(name) == tostring(tenantId)), "Tenant Root Group", name) + | project mgId = id, mgName = name, mgDisplayName +) on mgName +| project name, id, type, subscription_id = subscriptionId, mg_id = mgId, mg_name = mgDisplayName, tenant_id = tenantId """ SPACE = """ diff --git a/engine/app/routers/azure.py b/engine/app/routers/azure.py index cd0fa8e..6f4e9c6 100644 --- a/engine/app/routers/azure.py +++ b/engine/app/routers/azure.py @@ -298,17 +298,17 @@ async def subscription( Get a list of Azure subscriptions. """ - # subscription_list = await arg_query(authorization, admin, argquery.SUBSCRIPTION) + subscription_list = await arg_query(authorization, admin, argquery.SUBSCRIPTION) - if admin: - creds = await get_client_credentials() - else: - user_assertion=authorization.split(' ')[1] - creds = await get_obo_credentials(user_assertion) + # if admin: + # creds = await get_client_credentials() + # else: + # user_assertion=authorization.split(' ')[1] + # creds = await get_obo_credentials(user_assertion) - subscription_list = await get_subscriptions_sdk(creds) + # subscription_list = await get_subscriptions_sdk(creds) - await creds.close() + # await creds.close() return subscription_list diff --git a/engine/app/routers/user.py b/engine/app/routers/user.py index 6cdb596..d5a3407 100644 --- a/engine/app/routers/user.py +++ b/engine/app/routers/user.py @@ -230,7 +230,7 @@ async def update_user( user_data = copy.deepcopy(user_query[0]) try: - patch = jsonpatch.JsonPatch(updates) + patch = jsonpatch.JsonPatch([x.model_dump() for x in updates]) except jsonpatch.InvalidJsonPatch: raise HTTPException(status_code=500, detail="Invalid JSON patch, please review and try again.") diff --git a/ui/src/features/exclusions/exclusions.jsx b/ui/src/features/exclusions/exclusions.jsx index 8bafb33..df748f4 100644 --- a/ui/src/features/exclusions/exclusions.jsx +++ b/ui/src/features/exclusions/exclusions.jsx @@ -273,13 +273,17 @@ export default function ManageExclusions() { { name: "name", header: "Subscription Name", type: "string", flex: 1, visible: true }, { name: "subscription_id", header: "Subscription ID", type: "string", flex: 1, visible: true }, { name: "type", header: "Subscription Type", type: "string", flex: 0.75, visible: true }, + { name: "mg_name", header: "Management Group Name", type: "string", flex: 0.75, visible: true }, + { name: "mg_id", header: "Management Group ID", type: "string", flex: 0.75, visible: false }, { name: "id", header: () => , width: 25, resizable: false, hideable: false, sortable: false, draggable: false, showColumnMenuTool: false, render: ({data}) => "", visible: true } ], []); const filterValue = [ { name: "name", operator: "contains", type: "string", value: "" }, { name: "subscription_id", operator: "contains", type: "string", value: "" }, - { name: "type", operator: "contains", type: "string", value: "" } + { name: "type", operator: "contains", type: "string", value: "" }, + { name: "mg_name", operator: "contains", type: "string", value: "" }, + { name: "mg_id", operator: "contains", type: "string", value: "" } ]; React.useEffect(() => {