Skip to main content

🔌 Azure SQL Server - object.extracts.yaml

  • Contextual name: 🔌 object.extracts.yaml
  • ID: /types/CA10__CaAzureSqlServer__c/object.extracts.yaml

Used In

LogicPolicyFlags
🧠 prod.logic.yaml🟢🛡️ Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP)🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ Azure SQL Server Auditing is not enabled🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ Azure SQL Server Auditing Retention is less than 90 days🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ Azure SQL Server Microsoft Entra authentication is not configured🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ Azure SQL Server Public Network Access is not disabled🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ Azure SQL Server Transparent Data Encryption Protector is not encrypted with Customer-managed key🟢🟢 x3

Content

Open File

---
extracts:
# Values: Enabled, Disabled. Not Nullable.
  - name: "CA10__auditing__c"
    value: 
      FIELD:
        path: "CA10__auditing__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__auditing__c"
            currentStateMessage: "Unable to determine Server auditing settings. Possible permission issue with Microsoft.Sql/servers/auditingSettings/read"
          isEmpty: "SQL Server auditing settings are not populated yet"
# Number field
  - name: "CA10__auditingRetentionDays__c"
    value: 
      FIELD:
        path: "CA10__auditingRetentionDays__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__auditingRetentionDays__c"
            currentStateMessage: "Unable to determine Server auditing settings. Possible permission issue with Microsoft.Sql/servers/auditingSettings/read"
# Values: servicemanaged, azurekeyvault. Not Nullable. 
  - name: "CA10__encryptionProtectorKind__c"
    value: 
      FIELD:
        path: "CA10__encryptionProtectorKind__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__encryptionProtectorKind__c"
            currentStateMessage: "Unable to determine Server Encryption Protectors. Possible permission issue with Microsoft.Sql/servers/encryptionProtector/read"
          isEmpty: "SQL Server Encryption Protectors are not populated yet"
# Values: ServiceManaged, AzureKeyVault. Not Nullable. 
  - name: "CA10__encryptionProtectorServerKeyType__c"
    value: 
      FIELD:
        path: "CA10__encryptionProtectorServerKeyType__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__encryptionProtectorServerKeyType__c"
            currentStateMessage: "Unable to determine Server Encryption Protectors. Possible permission issue with Microsoft.Sql/servers/encryptionProtector/read"
          isEmpty: "SQL Server Encryption Protectors are not populated yet"
# Nullable. 
  - name: "CA10__encryptionProtectorUri__c"
    value: 
      FIELD:
        path: "CA10__encryptionProtectorUri__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__encryptionProtectorUri__c"
            currentStateMessage: "Unable to determine Server Encryption Protectors. Possible permission issue with Microsoft.Sql/servers/encryptionProtector/read"
# Values: ActiveDirectory, null. Nullable. 
  - name: "CA10__activeDirectoryAdminType__c"
    value: 
      FIELD:
        path: "CA10__activeDirectoryAdminType__c"
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__activeDirectoryAdminType__c"
            currentStateMessage: "Unable to determine Server AD Administrator type. Possible permission issue with Microsoft.Sql/servers/administrators"
  - name: "CA10__firewallRulesJson__c"
    value: 
      FIELD:
        path: "CA10__firewallRulesJson__c"
        returnType: BYTES
        undeterminedIf:
          noAccessDelegate:
            path: "CA10__firewallRulesJson__c"
            currentStateMessage: "Unable to determine Firewall Rules. Possible permission issue with Microsoft.Sql/servers/firewallRules/read"
  - name: "caJsonFrom__firewallRulesJson__c"
    value: 
      JSON_FROM:
        arg: 
          EXTRACT: "CA10__firewallRulesJson__c"
        undeterminedIf:
          isInvalid: "Firewall Rules JSON is invalid."
# Nullable. Values: Enabled, Disabled, Can't have no access, retrieved via Microsoft.Sql/servers
  - name: "CA10__publicNetworkAccess__c"
    value: 
      FIELD:
        path: "CA10__publicNetworkAccess__c"
# Text
  - name: "CA10__locationName__c"
    value: 
      FIELD:
        path: "CA10__locationName__c"