Snapshot configuration file¶
The Azure snapshot configuration file type is used along with the Azure connector. It allows you to take snapshots of ReST api calls to the Azure api.
To setup an Azure snapshot configuration file, copy the following code to a file named snapshot.json in your container's folder.
Notes: Naming conventions This file can be named anything you want but we suggest
snapshot.json
{
"fileType": "snapshot",
"snapshots": [
{
"source": "<azure-Connector>",
"testUser": "<spn-username>",
"subscriptionId": "<subscription-id>",
"nodes": [
{
"snapshotId": "<snapshot-name>",
"type": "<resource-provider>",
"collection": "<collection-name>",
"path": "<resource-id>",
"status": "<status>"
}
]
}
]
}
Remember to substitute all values in this file that looks like a <tag> such as:
| Tag | Value Description |
|---|---|
| azure-connector | Name of the Azure Connector file you want to use to connect to Azure backend |
| spn-username | Name of the SPN user to connect to the Azure backend, must be present in the Azure connector file |
| subscription-id | Id of the subscription to inspect, must be the same as the user described in the Azure connector file |
| snapshot-name | Name of the snapshot, you will use this in test files. This name should be unique in the container |
| resource-provider | Type of resource being queried for, see below for more information |
| collection-name | Name of the NoSQL db collection used to store snapshots of this file |
| resource-id | The id that corresponds to the resource you want to take snapshot, see Paths below |
| status | It could be active or inactive. If it is inactive then the snapshot is not taken from the provider |
Azure Resource Provider¶
The resource-provider parameter refers to a very wide list. Let's see how the Azure connector works to know how to properly set it up!
The Azure connector is a wrapper around the Azure ReST API. Prancer will call a GET operation on the API using the type-of-node and path. For example:
| What you need | Type of node |
|---|---|
| Availability Sets | Microsoft.Compute/availabilitySets |
| Virtual machines | Microsoft.Compute/virtualMachines |
| MySQL databases | Microsoft.DBforMySQL/servers/{replaceThisWithServerName}/databases |
The important part to remember is that if you find an Azure api endpoint in the documentation, you usually just need to copy and paste everything after the providers/ in the endpoint and paste it in the node type. For more information, you can check the Azure documentation
Resource id¶
the id of the resource in the Azure. Usually it is in the format of:
/resourceGroups/<name-of-the-resource-group>/providers/<name-of-the-provider>/<resource-name/
You can get the resource id from the URL in the Azure portal, or from the Azure CLI.
Master Snapshot Configuration File¶
Master Snapshot Configuration File is to define resource types. We do not have individual resources in the Master Snapshot Configuration File, instead we have the type of resources. Prancer validation framework is using the Master Snapshot Configuration File in the crawler functionality to find new resources.
{
"fileType":"masterSnapshot",
"snapshots": [
{
"source": "<connector-name>",
"testUser" : "<spn-username>",
"subscriptionId" : ["<subscription-id>"],
"nodes": [
{
"masterSnapshotId": "<master-Snapshot-Id>",
"type": "<resource-provider>",
"collection": "<name-of-collection>"
}
]
}
]
}
Remember to substitute all values in this file that looks like a <tag> such as:
| Tag | Value Description |
|---|---|
| azure-connector | Name of the Azure Connector file you want to use to connect to Azure backend |
| spn-username | Name of the SPN user to connect to the Azure backend, must be present in the Azure connector file |
| subscription-id | Id of the subscription to inspect, must be the same as the user described in the Azure connector file |
| master-Snapshot-Id | Name of the master snapshot id, you will use this in master test files. This name should be unique in the container |
| resource-provider | the type of the resource we want to capture during the crawl process. In the azure connector, this should be the resource type supported by Azure. |
| collection-name | in which collection in database we want to store this resource type. Usually it is a good practice to have a separate collection for each type. But based on the scale of implementation, you may want to put multiple resource types in a single collection |
Master Snapshot Configuration File in remote git¶
It is possible to centrally manage your master snapshot configuration files from a git repository. When you are doing that, you can make sure one version of truth is circulating in your different collections and you can manage it centrally. Here USER_1 is the user associated in the connector. A connector could have different users to connect to different resources in the cloud.
The format for the remote git master snapshot configuration file is like this:
{
"$schema": "",
"contentVersion": "1.0.0.0",
"fileType": "masterSnapshot",
"connector": "prancer_compliance_structure",
"remoteFile": "azure/iac/master-config.json",
"connectorUsers": [
{
"id": "USER_1",
"testUser": "farchide",
"source": "quickstart_structure"
}
]
}