turbot · bigdatasourav · Jan 29, 2024 · Jan 16, 2024
diff --git a/azure-test/tests/azure_servicebus_namespace/test-get-expected.json b/azure-test/tests/azure_servicebus_namespace/test-get-expected.json
@@ -8,6 +8,7 @@
         "defaultAction": "Allow",
         "ipRules": [],
         "publicNetworkAccess": "Enabled",
+        "trustedServiceAccessEnabled": false,
         "virtualNetworkRules": []
       }
     },

diff --git a/azure-test/tests/azure_servicebus_namespace/test-not-found-expected.json b/azure-test/tests/azure_servicebus_namespace/test-not-found-expected.json
@@ -1 +1 @@
-null
+[]
diff --git a/azure/table_azure_servicebus_namespace.go b/azure/table_azure_servicebus_namespace.go
@@ -137,6 +137,13 @@ func tableAzureServiceBusNamespace(_ context.Context) *plugin.Table {
 				Hydrate:     listServiceBusNamespacePrivateEndpointConnections,
 				Transform:   transform.FromValue(),
 			},
+			{
+				Name:        "authorization_rules",
+				Description: "The authorization rules for a namespace.",
+				Type:        proto.ColumnType_JSON,
+				Hydrate:     listServiceBusNamespaceAuthorizationRules,
+				Transform:   transform.FromValue(),
+			},
 
 			// Steampipe standard columns
 			{
@@ -359,6 +366,72 @@ func listServiceBusNamespacePrivateEndpointConnections(ctx context.Context, d *p
 	return serviceBusNamespacePrivateEndpointConnections, nil
 }
 
+func listServiceBusNamespaceAuthorizationRules(ctx context.Context, d *plugin.QueryData, h *plugin.HydrateData) (interface{}, error) {
+
+	namespace := h.Item.(servicebus.SBNamespace)
+	resourceGroup := strings.Split(string(*namespace.ID), "/")[4]
+	namespaceName := *namespace.Name
+
+	session, err := GetNewSession(ctx, d, "MANAGEMENT")
+	if err != nil {
+		return nil, err
+	}
+	subscriptionID := session.SubscriptionID
+
+	client := servicebus.NewNamespacesClientWithBaseURI(session.ResourceManagerEndpoint, subscriptionID)
+	client.Authorizer = session.Authorizer
+
+	op, err := client.ListAuthorizationRules(ctx, resourceGroup, namespaceName)
+	if err != nil {
+		plugin.Logger(ctx).Error("azure_servicebus_namespace.listServiceBusNamespaceAuthorizationRules", "api_error", err)
+		return nil, err
+	}
+
+	var serviceBusNamespaceAuthorizationRules []map[string]interface{}
+
+	for _, r := range op.Values() {
+		serviceBusNamespaceAuthorizationRules = append(serviceBusNamespaceAuthorizationRules, extractServiceBusNamespacAuthRule(r))
+	}
+
+	for op.NotDone() {
+		err = op.NextWithContext(ctx)
+		if err != nil {
+			plugin.Logger(ctx).Error("azure_servicebus_namespace.listServiceBusNamespaceAuthorizationRules", "paging_error", err)
+			return nil, err
+		}
+		for _, r := range op.Values() {
+			serviceBusNamespaceAuthorizationRules = append(serviceBusNamespaceAuthorizationRules, extractServiceBusNamespacAuthRule(r))
+		}
+	}
+
+	return serviceBusNamespaceAuthorizationRules, nil
+}
+
+// If we return the API response directly, the output will not provide the properties of AuthorizationRuleProperties
+func extractServiceBusNamespacAuthRule(i servicebus.SBAuthorizationRule) map[string]interface{} {
+	serviceBusNamespaceAuthRule := make(map[string]interface{})
+	if i.ID != nil {
+		serviceBusNamespaceAuthRule["id"] = *i.ID
+	}
+	if i.Name != nil {
+		serviceBusNamespaceAuthRule["name"] = *i.Name
+	}
+	if i.Type != nil {
+		serviceBusNamespaceAuthRule["type"] = *i.Type
+	}
+	if i.SystemData != nil {
+		serviceBusNamespaceAuthRule["systemData"] = *i.SystemData
+	}
+	if i.SBAuthorizationRuleProperties != nil {
+		if len(*i.SBAuthorizationRuleProperties.Rights) > 0 {
+			serviceBusNamespaceAuthRule["properties"] = map[string]interface{}{
+				"rights": *i.SBAuthorizationRuleProperties.Rights,
+			}
+		}
+	}
+	return serviceBusNamespaceAuthRule
+}
+
 // If we return the API response directly, the output will not provide the properties of PrivateEndpointConnections
 func extractServiceBusNamespacePrivateEndpointConnection(i servicebus.PrivateEndpointConnection) map[string]interface{} {
 	serviceBusNamespacePrivateEndpointConnection := make(map[string]interface{})

diff --git a/docs/tables/azure_servicebus_namespace.md b/docs/tables/azure_servicebus_namespace.md
@@ -193,4 +193,31 @@ select
   json_extract(encryption, '$.requireInfrastructureEncryption') as require_infrastructure_encryption
 from
   azure_servicebus_namespace;
+```
+
+### Get authorization rules of namespaces
+An Azure Service Bus Authorization Rule is a security feature that defines the set of permissions assigned to a user or application for accessing and performing operations within a Service Bus namespace or on specific entities like queues, topics, and subscriptions. These rules manage who can send, receive, and manage messages. They play a crucial role in controlling access and ensuring secure operations within the Azure Service Bus environment. Each rule can grant different levels of access, ranging from listening to messages, sending messages, or managing the entity.
+
+```sql+postgres
+select
+  name,
+  r ->> 'name' as rule_name,
+  r ->> 'id' as rule_id,
+  r ->> 'type' as rule_type,
+  r ->> 'properties' as rule_properties
+from
+  azure_servicebus_namespace as n,
+  jsonb_array_elements(authorization_rules) as r;
+```
+
+```sql+sqlite
+select
+  name,
+  json_extract(r.value, '$.name') as rule_name,
+  json_extract(r.value, '$.id') as rule_id,
+  json_extract(r.value, '$.type') as rule_type,
+  json_extract(r.value, '$.properties') as rule_properties
+from
+  azure_servicebus_namespace as n,
+  json_each(n.authorization_rules) as r;
 ```