Add subscription_policy column in table azure_tenant close #956 (#957)

Author: khushboo9024

azure/table_azure_tenant.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/Azure/azure-sdk-for-go/profiles/latest/resources/mgmt/subscriptions"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription"
 	"github.com/turbot/steampipe-plugin-sdk/v5/grpc/proto"
 	"github.com/turbot/steampipe-plugin-sdk/v5/plugin"
 	"github.com/turbot/steampipe-plugin-sdk/v5/plugin/transform"
@@ -62,13 +63,20 @@ func tableAzureTenant(_ context.Context) *plugin.Table {
 				Type:        proto.ColumnType_STRING,
 				Description: "The list of domains for the tenant.",
 			},
-			{
-				Name:        "domains",
-				Type:        proto.ColumnType_JSON,
-				Description: "The list of domains for the tenant.",
-			},
+		{
+			Name:        "domains",
+			Type:        proto.ColumnType_JSON,
+			Description: "The list of domains for the tenant.",
+		},
+		{
+			Name:        "subscription_policy",
+			Type:        proto.ColumnType_JSON,
+			Description: "The subscription policy for the tenant, including properties like BlockSubscriptionsLeavingTenant, BlockSubscriptionsIntoTenant, and ExemptedPrincipals.",
+			Hydrate:     getTenantSubscriptionPolicy,
+			Transform:   transform.FromValue(),
+		},
 
-			// Steampipe standard columns
+		// Steampipe standard columns
 			{
 				Name:        "title",
 				Description: ColumnDescriptionTitle,
@@ -111,6 +119,33 @@ func listTenants(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData
 	return nil, nil
 }
 
+//// HYDRATE FUNCTION
+
+func getTenantSubscriptionPolicy(ctx context.Context, d *plugin.QueryData, _ *plugin.HydrateData) (interface{}, error) {
+	// Get the session with credentials
+	session, err := GetNewSessionUpdated(ctx, d)
+	if err != nil {
+		plugin.Logger(ctx).Error("azure_tenant.getTenantSubscriptionPolicy", "session_error", err)
+		return nil, err
+	}
+
+	// Create the policy client
+	client, err := armsubscription.NewPolicyClient(session.Cred, session.ClientOptions)
+	if err != nil {
+		plugin.Logger(ctx).Error("azure_tenant.getTenantSubscriptionPolicy", "client_error", err)
+		return nil, err
+	}
+
+	// Get the tenant policy
+	result, err := client.GetPolicyForTenant(ctx, nil)
+	if err != nil {
+		plugin.Logger(ctx).Error("azure_tenant.getTenantSubscriptionPolicy", "api_error", err)
+		return nil, err
+	}
+
+	return result.GetTenantPolicyResponse, nil
+}
+
 //// TRANSFORM FUNCTION
 
 func getNameOrID(ctx context.Context, d *transform.TransformData) (interface{}, error) {

docs/tables/azure_tenant.md

@@ -43,4 +43,31 @@ select
   domains
 from
   azure_tenant;
+```
+
+### Get subscription policy settings for tenants
+Retrieve the subscription policy configuration to understand restrictions on subscription transfers. This helps identify whether subscriptions are blocked from leaving or entering the tenant, and which principals are exempted from these policies.
+
+```sql+postgres
+select
+  tenant_id,
+  display_name,
+  subscription_policy ->> 'id' as policy_id,
+  subscription_policy -> 'properties' ->> 'blockSubscriptionsLeavingTenant' as block_leaving_tenant,
+  subscription_policy -> 'properties' ->> 'blockSubscriptionsIntoTenant' as block_into_tenant,
+  subscription_policy -> 'properties' -> 'exemptedPrincipals' as exempted_principals
+from
+  azure_tenant;
+```
+
+```sql+sqlite
+select
+  tenant_id,
+  display_name,
+  json_extract(subscription_policy, '$.id') as policy_id,
+  json_extract(subscription_policy, '$.properties.blockSubscriptionsLeavingTenant') as block_leaving_tenant,
+  json_extract(subscription_policy, '$.properties.blockSubscriptionsIntoTenant') as block_into_tenant,
+  json_extract(subscription_policy, '$.properties.exemptedPrincipals') as exempted_principals
+from
+  azure_tenant;
 ```

go.mod

@@ -24,6 +24,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity v0.14.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/sql/armsql v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription v1.2.0
 	github.com/Azure/azure-storage-blob-go v0.12.0
 	github.com/Azure/go-autorest/autorest v0.11.17
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.6

go.sum

@@ -655,6 +655,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/sql/armsql v1.2.0 h1:S087d
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/sql/armsql v1.2.0/go.mod h1:B4cEyXrWBmbfMDAPnpJ1di7MAt5DKP57jPEObAvZChg=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0 h1:AifHbc4mg0x9zW52WOpKbsHaDKuRhlI7TVl47thgQ70=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0/go.mod h1:T5RfihdXtBDxt1Ch2wobif3TvzTdumDy29kahv6AV9A=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription v1.2.0 h1:UrGzkHueDwAWDdjQxC+QaXHd4tVCkISYE9j7fSSXF8k=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/subscription/armsubscription v1.2.0/go.mod h1:qskvSQeW+cxEE2bcKYyKimB1/KiQ9xpJ99bcHY0BX6c=
 github.com/Azure/azure-storage-blob-go v0.12.0 h1:7bFXA1QB+lOK2/ASWHhp6/vnxjaeeZq6t8w1Jyp0Iaw=
 github.com/Azure/azure-storage-blob-go v0.12.0/go.mod h1:A0u4VjtpgZJ7Y7um/+ix2DHBuEKFC6sEIlj0xc13a4Q=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=