[Asset Inventory][Azure] Fix Azure service names (cloud.service.name) #3466

kubasobon · 2025-07-24T09:12:59Z

Summary of your changes

Fixes missing cloud.service.name values for Azure assets (were all assigned Azure).

Related Issues

Fixes https://github.com/elastic/security-team/issues/13159

mergify · 2025-07-24T09:13:44Z

This pull request does not have a backport label. Could you fix it @kubasobon? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit
backport-active-all is the label that automatically backports to all active branches.
backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

romulets

Hmmm, maybe it's good to double check with @caitlinbetz about the names. I see that AWS mostly matches existing service names

romulets · 2025-07-24T09:40:25Z

internal/inventory/azurefetcher/fetcher_resource_graph.go

-		{"Snapshots", azurelib.AssetGroupResources, azurelib.SnapshotAssetType, inventory.AssetClassificationAzureSnapshot},
-		{"Storage Accounts", azurelib.AssetGroupResources, azurelib.StorageAccountAssetType, inventory.AssetClassificationAzureStorageAccount},
-		{"Virtual Machines", azurelib.AssetGroupResources, azurelib.VirtualMachineAssetType, inventory.AssetClassificationAzureVirtualMachine},
+		{"App Services", "Azure Compute", azurelib.AssetGroupResources, azurelib.WebsitesAssetType, inventory.AssetClassificationAzureAppService},


Isn't the name Azure App Services? 🤔

I was looking at All Services view, but with Azure it usually can be both.

romulets · 2025-07-24T09:40:26Z

internal/inventory/azurefetcher/fetcher_resource_graph.go

+		{"App Services", "Azure Compute", azurelib.AssetGroupResources, azurelib.WebsitesAssetType, inventory.AssetClassificationAzureAppService},
+		{"Container Registries", "Azure Containers", azurelib.AssetGroupResources, azurelib.ContainerRegistryAssetType, inventory.AssetClassificationAzureContainerRegistry},
+		{"Cosmos DB Accounts", "Azure Databases", azurelib.AssetGroupResources, azurelib.DocumentDBDatabaseAccountAssetType, inventory.AssetClassificationAzureCosmosDBAccount},
+		{"Cosmos DB SQL Databases", "Azure Databases", azurelib.AssetGroupResources, azurelib.CosmosDBForSQLDatabaseAssetType, inventory.AssetClassificationAzureCosmosDBSQLDatabase},


Is Databases the official name? I think it needs to match a service in Azure, doesn't it?

romulets · 2025-07-24T09:41:28Z

internal/inventory/azurefetcher/fetcher_resource_graph.go

-		{"Storage Accounts", azurelib.AssetGroupResources, azurelib.StorageAccountAssetType, inventory.AssetClassificationAzureStorageAccount},
-		{"Virtual Machines", azurelib.AssetGroupResources, azurelib.VirtualMachineAssetType, inventory.AssetClassificationAzureVirtualMachine},
+		{"App Services", "Azure Compute", azurelib.AssetGroupResources, azurelib.WebsitesAssetType, inventory.AssetClassificationAzureAppService},
+		{"Container Registries", "Azure Containers", azurelib.AssetGroupResources, azurelib.ContainerRegistryAssetType, inventory.AssetClassificationAzureContainerRegistry},


Is the name Container registries?

And this one again:

kubasobon · 2025-07-28T11:46:32Z

Basis for naming:

kubasobon · 2025-07-28T11:49:08Z

@caitlinbetz I'd love your input from product perspective on this naming convention.
@uri-weisman I'd love your input on what the final shape of service names for Azure should be. Should it just reflect Azure + Asset Type?

mergify · 2025-07-29T11:29:08Z

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b azure-svc-name upstream/azure-svc-name
git merge upstream/main
git push upstream azure-svc-name

caitlinbetz · 2025-08-04T11:27:53Z

@kubasobon I am good with the naming changes you have outlined

kubasobon · 2025-08-05T07:44:12Z

@romulets updated service names according to your remarks, PTAL :)

romulets · 2025-08-05T13:00:49Z

internal/inventory/azurefetcher/fetcher_resource_graph.go

+		{"Cosmos DB SQL Databases", "Azure Cosmos DB", azurelib.AssetGroupResources, azurelib.CosmosDBForSQLDatabaseAssetType, inventory.AssetClassificationAzureCosmosDBSQLDatabase},
+		{"Disks", "Azure Storage", azurelib.AssetGroupResources, azurelib.DiskAssetType, inventory.AssetClassificationAzureDisk},
+		{"Elastic Pools", "Azure SQL Elastic Pools", azurelib.AssetGroupResources, azurelib.ElasticPoolAssetType, inventory.AssetClassificationAzureElasticPool},
+		{"MySQL Flexible Servers", "Azure SQL Servers", azurelib.AssetGroupResources, azurelib.FlexibleMySQLDBAssetType, inventory.AssetClassificationAzureSQLServer},


Is FlexibleMySQLDBAssetType a SQL Server? As far as I know is just another offering of MySQL and I would classify as Azure SQL Databases, not as SQL Server. I could be wrong of course 🤓

I think SQL Servers are azurelib.SQLServersAssetType ones. We are not fetching them it seems?

Our docs specify we need to fetch two kinds of resources:

Category Old Type Current Type

Database Azure SQL Database Azure SQL Database

Database Azure SQL Server Azure SQL Server

But the Azure offering contains:

Azure Database for PostgreSQL flexible servers

SQL virtual machines

Azure Arc (and within it)

SQL Server instances

SQL managed instances

PostgreSQL servers

MySQL servers

SQL Server stretch databases

Azure SQL Database Hyperscale

Azure Database for MySQL flexible servers

SQL Managed instances (different to those in Azure Arc)

...and more, but I've omitted ones that did not fit SQL Database or SQL Server description. Some of those are PaaS, some IaaS, some managed by Azure, some by the user. I don't have enough information to make an educated guess as to which ones we should be querying. @romulets How do you feel about merging this and bringing the database question to product?

I'm fine with your decision @kubasobon

My point was

We are saying:

azurelib.FlexibleMySQLDBAssetType -> Azure SQL Servers

azurelib.MySQLDatabaseAssetType -> Azure SQL Databases

I thought we had to keep those consistent. But I also don't fully understand the Azure distribution. So I trust your call!

github-actions · 2025-08-25T11:38:38Z

@Mergifyio backport 8.17 8.18 8.19 9.0 9.1

mergify · 2025-08-25T11:38:51Z

backport 8.17 8.18 8.19 9.0 9.1

✅ Backports have been created

#3541 [8.17](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) has been created for branch 8.17 but encountered conflicts
#3542 [8.18](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) has been created for branch 8.18 but encountered conflicts
#3543 [8.19](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) has been created for branch 8.19 but encountered conflicts
#3544 [9.0](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) has been created for branch 9.0 but encountered conflicts
#3545 [9.1](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) has been created for branch 9.1 but encountered conflicts

…#3466) * update test cases * update Azure service names * apply review remarks * rename FlexibleMySQLDBAssetType * rename MySQLDBAssetType * gofmt (cherry picked from commit 7e3234f) # Conflicts: # internal/inventory/azurefetcher/fetcher_resource_graph.go # internal/inventory/azurefetcher/fetcher_resource_graph_test.go # internal/inventory/azurefetcher/fetcher_storage.go

…#3466) * update test cases * update Azure service names * apply review remarks * rename FlexibleMySQLDBAssetType * rename MySQLDBAssetType * gofmt (cherry picked from commit 7e3234f) # Conflicts: # internal/inventory/azurefetcher/fetcher_account.go # internal/inventory/azurefetcher/fetcher_account_test.go # internal/inventory/azurefetcher/fetcher_activedirectory.go # internal/inventory/azurefetcher/fetcher_activedirectory_test.go # internal/inventory/azurefetcher/fetcher_resource_graph.go # internal/inventory/azurefetcher/fetcher_resource_graph_test.go # internal/inventory/azurefetcher/fetcher_storage.go # internal/inventory/azurefetcher/fetcher_storage_test.go # internal/resources/fetching/fetchers/azure/assets_fetcher.go

…#3466) * update test cases * update Azure service names * apply review remarks * rename FlexibleMySQLDBAssetType * rename MySQLDBAssetType * gofmt (cherry picked from commit 7e3234f) # Conflicts: # internal/inventory/azurefetcher/fetcher_activedirectory.go # internal/inventory/azurefetcher/fetcher_activedirectory_test.go # internal/inventory/azurefetcher/fetcher_resource_graph.go # internal/inventory/azurefetcher/fetcher_resource_graph_test.go # internal/inventory/azurefetcher/fetcher_storage.go # internal/inventory/azurefetcher/fetcher_storage_test.go # internal/resources/fetching/fetchers/azure/assets_fetcher.go

…#3466) * update test cases * update Azure service names * apply review remarks * rename FlexibleMySQLDBAssetType * rename MySQLDBAssetType * gofmt (cherry picked from commit 7e3234f) # Conflicts: # internal/inventory/azurefetcher/fetcher_resource_graph.go # internal/inventory/azurefetcher/fetcher_resource_graph_test.go # internal/inventory/azurefetcher/fetcher_storage.go

…s (cloud.service.name) (#3545) * [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) (#3466) * update test cases * update Azure service names * apply review remarks * rename FlexibleMySQLDBAssetType * rename MySQLDBAssetType * gofmt (cherry picked from commit 7e3234f) # Conflicts: # internal/inventory/azurefetcher/fetcher_resource_graph.go # internal/inventory/azurefetcher/fetcher_resource_graph_test.go # internal/inventory/azurefetcher/fetcher_storage.go * resolve conflicts * update tests * make linter happy --------- Co-authored-by: Kuba Soboń <[email protected]>

…s (cloud.service.name) (#3544) * [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) (#3466) * update test cases * update Azure service names * apply review remarks * rename FlexibleMySQLDBAssetType * rename MySQLDBAssetType * gofmt (cherry picked from commit 7e3234f) # Conflicts: # internal/inventory/azurefetcher/fetcher_resource_graph.go # internal/inventory/azurefetcher/fetcher_resource_graph_test.go # internal/inventory/azurefetcher/fetcher_storage.go * resolve conflicts * update tests * make linter happy --------- Co-authored-by: Kuba Soboń <[email protected]>

…es (cloud.service.name) (#3543) * [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) (#3466) * update test cases * update Azure service names * apply review remarks * rename FlexibleMySQLDBAssetType * rename MySQLDBAssetType * gofmt (cherry picked from commit 7e3234f) # Conflicts: # internal/inventory/azurefetcher/fetcher_resource_graph.go # internal/inventory/azurefetcher/fetcher_resource_graph_test.go # internal/inventory/azurefetcher/fetcher_storage.go * resolve conflicts * update tests * make linter happy --------- Co-authored-by: Kuba Soboń <[email protected]>

kubasobon requested a review from a team as a code owner July 24, 2025 09:13

mergify bot assigned kubasobon Jul 24, 2025

kubasobon added the backport-active-all label Jul 24, 2025

romulets requested changes Jul 24, 2025

View reviewed changes

kubasobon requested a review from romulets July 28, 2025 09:30

kubasobon added 3 commits August 5, 2025 09:35

update test cases

3b2f60a

update Azure service names

01f444d

apply review remarks

414660e

kubasobon force-pushed the azure-svc-name branch from 9c17b74 to 414660e Compare August 5, 2025 07:43

Merge branch 'main' into azure-svc-name

2613097

romulets approved these changes Aug 5, 2025

View reviewed changes

kubasobon added 4 commits August 25, 2025 13:13

rename FlexibleMySQLDBAssetType

a484326

rename MySQLDBAssetType

dc3d84e

gofmt

13b960e

Merge branch 'main' into azure-svc-name

c243289

kubasobon enabled auto-merge (squash) August 25, 2025 11:20

kubasobon merged commit 7e3234f into main Aug 25, 2025
9 checks passed

kubasobon deleted the azure-svc-name branch August 25, 2025 11:38

mergify bot mentioned this pull request Aug 25, 2025

[8.17](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) #3541

Open

This was referenced Aug 25, 2025

[8.18](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) #3542

Open

[8.19](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) #3543

Merged

This was referenced Aug 25, 2025

[9.0](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) #3544

Merged

[9.1](backport #3466) [Asset Inventory][Azure] Fix Azure service names (cloud.service.name) #3545

Merged

Category	Old Type	Current Type
Database	Azure SQL Database	Azure SQL Database
Database	Azure SQL Server	Azure SQL Server

[Asset Inventory][Azure] Fix Azure service names (cloud.service.name) #3466

[Asset Inventory][Azure] Fix Azure service names (cloud.service.name) #3466

Uh oh!

Conversation

kubasobon commented Jul 24, 2025

Summary of your changes

Related Issues

Uh oh!

mergify bot commented Jul 24, 2025

Uh oh!

romulets left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

kubasobon commented Jul 28, 2025

Uh oh!

kubasobon commented Jul 28, 2025

Uh oh!

mergify bot commented Jul 29, 2025

Uh oh!

caitlinbetz commented Aug 4, 2025

Uh oh!

kubasobon commented Aug 5, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

github-actions bot commented Aug 25, 2025

Uh oh!

mergify bot commented Aug 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Backports have been created

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

mergify bot commented Aug 25, 2025 •

edited

Loading