Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Create ARG Queries

This section provides guidance on how to create new Azure Resource Graph (ARG) queries. The following requirements should be followed:

Requirements for ARG Queries

  1. All ARG queries should have two comments at the top of the query, one comment stating Azure Resource Graph Query and another comment providing a description of the query results returned. For example:

    // Azure Resource Graph Query
    // Provides a list of Azure Container Registry resources that do not have soft delete enabled
    
  2. If the ARG query is under development, the query should have a single line stating: // under-development

  3. If a recommendation query cannot be returned due to limitations with the data provided within ARG, the query should have a single line stating: // cannot-be-validated-with-arg

  4. Queries should only return resources that do not adhere to the APRL recommendation. For example, if the recommendation is to enable soft delete for Azure Container Registries, the associated query should only return Azure Container Registry resources that do not have soft delete enabled.

  5. If a ARG query folder has a file with a file type suffixed with .fix, this means that the current query does not work as anticipated and to consider using this as a starting point for fixing the query. Once you have validated that the query is working as anticipated, please remove the file with the .fix suffix.

  6. ARG query columns name returned should only include the following:

The column names should be in the order they are listed and match exactly.
Column NameRequiredInformation Returned (Example)Description
recommendationIdYes4f63619f-5001-439c-bacb-8de891287727The aprlGuid associated to the APRL recommendation.
nameYestest-aksThe resource name of the Azure resource that does not adhere to the APRL recommendation.
idYes/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/test-resource-group/providers/Microsoft.ContainerService/managedClusters/test-aksThe resource ID of the Azure resource that does not adhere to the APRL recommendation.
tagsNo{“Environment”:“Test”,“Department”:“IT”}Any relevant tags associated to the resource that does not adhere to the APRL recommendation.
param1NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.
param2NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.
param3NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.
param4NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.
param5NonetworkProfile:kubenetAny additional information that is necessary to provide clarification for the APRL recommendation.
If you need support with validating a query, please reach out to the APRL team via the APRL GitHub General Question/Feedback Form

Requirements for ARG Query Files

  1. All query files should be named to match the aprlGuid for the respective APRL recommendation. For instance, if the aprlGuid for a recommendation is 4f63619f-5001-439c-bacb-8de891287727, then the associated query file should be named 4f63619f-5001-439c-bacb-8de891287727.kql.

  2. All query files should be placed in the relevant kql folder within the relevant directory. For example, if the recommendation is for Azure Container Registries, the query file should be placed in the azure-resources\ContainerRegistry\registries\kql directory.

Requirements for Pull Requests Containing ARG Queries

All pull requests that modify and/or create ARG queries should contain a screenshot of the query results returned from the Azure Resource Graph Explorer. The screenshot should be taken from the Azure Resource Graph Explorer and should include a resource that is not adhering to the APRL recommendation. This is to ensure that the query is returning the expected results and to validate that the columns are populated correctly.