azure / azqr Goto Github PK
View Code? Open in Web Editor NEWAzure Quick Review
Home Page: https://azure.github.io/azqr
License: MIT License
Azure Quick Review
Home Page: https://azure.github.io/azqr
License: MIT License
Successfully run
./azqr-ubuntu-latest-amd64 -s "XXX" -g "YYY"
`2023/02/08 13:03:35 Analyzing SQL in Resource Group YYY
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xbfb1ff]
goroutine 86 [running]:
github.com/cmendible/azqr/internal/scanners.(*StorageScanner).Scan(0xc000382b40, {0x7fffaeff2edd, 0x1a})
/home/runner/work/azqr/azqr/internal/scanners/st.go:50 +0x19f
main.reviewRunner.func1(0xc000153d00, {0x7fffaeff2edd, 0x1a})
/home/runner/work/azqr/azqr/cmd/azqr/main.go:195 +0x102
created by main.reviewRunner
/home/runner/work/azqr/azqr/cmd/azqr/main.go:189 +0x73`
[Service] Include EventHub analysis
I should be able to execute the tool without error.
After running the tool for a customer, I received the following error:
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x8 pc=0x168a8ed]
goroutine 419 [running]:
github.com/cmendible/azqr/internal/scanners.(*AKSScanner).Scan(0xc0002815f0, {0xc0002ba4c0, 0xc})
D:/a/azqr/azqr/internal/scanners/aks.go:56 +0x18d
main.reviewRunner.func1(0xc0000e1440, {0xc0002ba4c0, 0xc})
D:/a/azqr/azqr/cmd/azqr/main.go:196 +0x102
created by main.reviewRunner
D:/a/azqr/azqr/cmd/azqr/main.go:190 +0x73
I actually don't know, there is no problem when executing the same in other customers.
During Storage Account scan inside a resource group, script crashes
2023/02/08 16:39:15 Analyzing SQL in Resource Group RG_CONTAINER_REGISTRY
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0xed53ff]
goroutine 290 [running]:
github.com/cmendible/azqr/internal/scanners.(*StorageScanner).Scan(0xc000388840, {0xc000036180, 0x15})
D:/a/azqr/azqr/internal/scanners/st.go:50 +0x19f
main.reviewRunner.func1(0xc0001331c0, {0xc000036180, 0x15})
D:/a/azqr/azqr/cmd/azqr/main.go:195 +0x102
created by main.reviewRunner
D:/a/azqr/azqr/cmd/azqr/main.go:189 +0x73
Crash happens during scan of storage accounts (presumed by st.go error)
Version used: latest release .\azqr-windows-latest-amd64.exe
azqr version: 0.7.3
No verbose logs can be shared, so is not possible to know deeply the root cause of the issue
Creation Code of Conduct for supporting Community Standards
Include Azure App Services analysis
Private Endpoints always must return true
for App Services or Functions configured with Private Endpoints
Private Endpoints always return false for App Services or Functions
Add guidance on what can be done when facing Azure ARM throttling issues:
Tipical output looks like:
--------------------------------------------------------------------------------
RESPONSE 429: 429 Too Many Requests
ERROR CODE: ResourceRequestsThrottled
--------------------------------------------------------------------------------
{
"error": {
"code": "ResourceRequestsThrottled",
"message": "Number of requests for action 'Microsoft.Cdn/profiles/read' exceeded the limit of '50' for time interval '00:05:00'. Please try again after '372' seconds."
}
}
Create Azure Cognitive Services scanner
if user is not authorized, azqr
should continue instead of stopping with exception.
Exception Example:
2023/04/21 11:31:29 Scanning Costs...
2023/04/21 11:31:31 POST https://management.azure.com/subscriptions/40945bea-3615-4350-9169-4cfa61f0f064/providers/Microsoft.CostManagement/query
--------------------------------------------------------------------------------
RESPONSE 401: 401 Unauthorized
ERROR CODE: RBACAccessDenied
--------------------------------------------------------------------------------
{
"error": {
"code": "RBACAccessDenied",
"message": "The client does not have authorization to perform action. Request ID: 3dc73d4b-c00a-4820-88d3-2bc896310563"
}
}
--------------------------------------------------------------------------------
Create Azure Bastion scanner
azqr should check for nil pointers in advisor line 82
azqr exits with Nil pointer dereference exception on advisor line 82
[Analyzer] Create SLA rule for CosmosDB
See documentation for more information: https://learn.microsoft.com/en-us/azure/cosmos-db/high-availability#slas
I expect some output when running the azqr scan command
azqr scan
2023/06/26 07:51:51 Generating Report: azqr_report_2023_06_26_T075150.xlsx
2023/06/26 07:51:51 Skipping Overview. No data to render
2023/06/26 07:51:52 Skipping Recommendations. No data to render
2023/06/26 07:51:52 Skipping Services. No data to render
2023/06/26 07:51:52 Skipping Defender. No data to render
2023/06/26 07:51:52 Skipping Advisor. No data to render
2023/06/26 07:51:52 Skipping Costs. No data to render
2023/06/26 07:51:52 Scan completed.
az login successful , account set also , full access to subscription , still no output ...
azqr runs as expected.
I received the following error with an AKS component:
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0x145a9f0]
goroutine 355 [running]:
github.com/cmendible/azqr/internal/scanners/aks.(*AKSScanner).GetRules.func15({0x18f7a60?, 0xc00051c460?}, 0xc000546000?)
D:/a/azqr/azqr/internal/scanners/aks/rules.go:238 +0x50
github.com/cmendible/azqr/internal/scanners.(*RuleEngine).EvaluateRule(_, {{0x1b99f4c, 0x7}, {0x1b9de3a, 0xa}, {0x1b9f568, 0xb}, {0x1bbcaa5, 0x22}, {0x1b981f1, ...}, ...}, ...)
D:/a/azqr/azqr/internal/scanners/scanner.go:70 +0x6c
github.com/cmendible/azqr/internal/scanners.(*RuleEngine).EvaluateRules(0xc00034e360?, 0xc0002fa700?, {0x18f7a60, 0xc00051c460}, 0xc0003924b8?)
D:/a/azqr/azqr/internal/scanners/scanner.go:89 +0x138
github.com/cmendible/azqr/internal/scanners/aks.(*AKSScanner).Scan(0xc00034e360, {0xc0002fa700, 0xb}, 0x1d01d60?)
D:/a/azqr/azqr/internal/scanners/aks/aks.go:48 +0x16d
main.scanRunner.func1(0xc00014d080, {0xc0002fa700, 0xb})
D:/a/azqr/azqr/cmd/azqr/main.go:234 +0x114
created by main.scanRunner
D:/a/azqr/azqr/cmd/azqr/main.go:228 +0x7b
[Service] Include AppService analysis
Include Azure Database for PostgreSQL Flexible Server
Include Azure Database for MySQL scan
Add a retry policy for ARM requests so MaxRetryDelay
is higher than 60 seconds. This will help with throttling issues.
clientOptions := &arm.ClientOptions{
ClientOptions: policy.ClientOptions{
Retry: policy.RetryOptions{
RetryDelay: 20 * time.Millisecond,
MaxRetries: 3,
MaxRetryDelay: 10 * time.Minute,
},
},
}
```
Create Azure Logic Apps scanner
Nil pointer issue when scanning AKS
Check the following logs:
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0x88199b]
goroutine 199 [running]:
github.com/cmendible/azqr/internal/scanners/aks.(*AKSScanner).GetRules.func4({0xe5c1a0?, 0xc0006220a0?}, 0xc0003a7420?)
D:/a/azqr/azqr/internal/scanners/aks/rules.go:91 +0x3b
github.com/cmendible/azqr/internal/scanners.(*RuleEngine).EvaluateRule(_, {{0x10f5da8, 0x7}, {0x10f7502, 0x8}, {0x10f9f38, 0xa}, {0x1115af7, 0x1d}, {0x10f1c7d, ...}, ...}, ...)
D:/a/azqr/azqr/internal/scanners/scanner.go:74 +0x6c
github.com/cmendible/azqr/internal/scanners.(*RuleEngine).EvaluateRules(0xc0000a2270?, 0xc0004100f0?, {0xe5c1a0, 0xc0006220a0}, 0x0?)
D:/a/azqr/azqr/internal/scanners/scanner.go:93 +0x138
github.com/cmendible/azqr/internal/scanners/aks.(*AKSScanner).Scan(0xc0000a2270, {0xc0004100f0, 0x21}, 0xc0005f1f08?)
D:/a/azqr/azqr/internal/scanners/aks/aks.go:51 +0x16d
github.com/cmendible/azqr/cmd/azqr.retry(0x3, 0xc000666688?, 0xc0000c0000, {0xc0004100f0, 0x21}, 0x0?)
D:/a/azqr/azqr/cmd/azqr/scan.go:328 +0x90
github.com/cmendible/azqr/cmd/azqr.scanRunner.func1(0x6b924a?, {0xc0004100f0, 0x21})
D:/a/azqr/azqr/cmd/azqr/scan.go:316 +0xf1
created by github.com/cmendible/azqr/cmd/azqr.scanRunner
D:/a/azqr/azqr/cmd/azqr/scan.go:310 +0x8c
azqr should work as expected when user is logged in using Azure CLI and running large scans
Scan fails with: AzureCLICredential: signal: killed
Continues on a 400 request by scanning the other subscriptions.
Fails and stops on 400, requiring manual interaction ... and potentially manually scanning multiple subscriptions?
{
"error": {
"code": "DisallowedOperation",
"message": "The current subscription type is not permitted to perform operations on any provider namespace. Please use a different subscription."
}
}
Add rules to check if supported services have tags
Add scan to get the cost of each Azure subscription grouped by service name.
azqr should not failed if provider for a service is not registered.
azqr fails with exception: ERROR CODE: Subscription Not Registered exception
Include Azure Web PubSub scan
Include Azure Firewall scan
I expect to have an SLA of 99.9% of storage accounts that are configured as LRS and HOT tier.
I got an SLA of 99.99% of storage accounts that are configured as LRS and HOT tier.
Create an storage account with SKU LRS and HOT tier.
Additional info: https://azure.microsoft.com/en-us/support/legal/sla/storage/v1_5/
Hi there!
I tried running the scan and there's an error:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xbc5279]
any suggestion how do I solve this?
or might it be lack of permission related?
Disable cost scan by default
Create Azure Data Factory scanner
Create Azure Load Balancer scanner
Installing azqr using winget should download the app, copy it to a logical location, add it to the path
and be called azqr
winget only downloads the binary, is called azqr-windows-latest-amd64.exe and is not added to the path. The is however a simlink called azqr in the links folder (C:\Users<username>\AppData\Local\Microsoft\WinGet\Links)
run : winget install azqr
Create Azure Automation scanner
Include Azure Functions analysis
[Tool] Enable setting the Subscription and Resource Group as parameter
Hey guys,
I came across this project and decided to give it a try. While playing with the project, I saw that the analyzers were run in a sequential manner. As a lot of the review process is API calls, the whole thing should mainly be I/O bound and would benefit greatly for a parallel approach
I'll link a PR as a follow up
Include Azure Database for PostgreSQL Single Server analysis
as a user i'm not getting any report back in Excel nor a location where the file is located, I'm only getting the logging output (scan list)
Create VWAN scanner
If the AKS is using a free SKU the report should include a recommendation message saying is not recommended for production environment, with a link to the official documentation: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#kubernetes-api-server-uptime-sla
Add guidance on how to install azqr
on Azure Cloud Shell
I have an Application Gateway with SKU Standard V2 that is using Availability Zones. I don't expect any recommendation to show in the report if the resource is properly configured.
I got the following message after executing the tool:
_v2 SKU includes Zone Redundancy so an Application Gateway or WAF deployment can span multiple Availability Zones, removing the need to provision separate Application Gateway instances in each zone with a Traffic Manager.
Autoscaling and Zone-redundant Application Gateway v2 | Microsoft Docs_
Create an Application Gateway with SKU Standard V2 and configure Availability Zones for the resource. Then, run the tool and read the report.
Create Azure Data Explorer scanner
Thanks for creating a great tool, appreciate if you can create binaries for arm64 based systems. Currently, users have to build locally and generate the binary.
Since many admins use macOS, I would recommend offering the installation via homebrew.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.