Open jodyford-msft opened 2 months ago
brsteph
commented
2 months ago @jodyford-msft There is no description of the change - the title says that it is creating queries for DDoS Protection, but it looks like it is creating Key Vault queries and added to the DDoS protection recommendations. I think there may be a mix up for this PR.
jodyford-msft
commented
2 months ago corrected. sorry. clipped the wrong query
brsteph
commented
2 months ago @jodyford-msft Doing a quick test of the query, and it looks like it doesn't resolve for me:
I changed the query to:
resources | where type =~ 'microsoft.network/publicIPAddresses' | extend properties = parse_json(properties) | project id, name, location, ddosProtectionPlan = properties.ddosSettings.protectionPlan | extend compliant = iff(isnotempty(ddosProtectionPlan), 1, 0) | where compliant == 1 | project id, compliant
(by adding a | before the last project), and it showed, but it didn't correctly evaluate as I expected. I would expect it to show me non-compliant resources at least.
I took out | where compliant == 1 and it properly showed me the ID and its compliancy status.
So, I think we either need to change that to | where compliant == 0 to show us the non-compliant items, or just remove it to show both compliancy status.
Description
Please provide a detailed description of your changes.
Related Issue
Link to any related issues or discussions here. This helps reviewers understand the context and the need for your changes.
Checklist
Additional Information
Is there any additional context, screenshots, or considerations that might help in the review process? Please include them here.
Reviewer Notes
Is there a specific area you’d like feedback on? Please highlight it here. We're here to help and learn together! 💡
[^note]: Details on how to add Azure Resource Graph queries to recommendations can be found here.