From 1d8759b5e0d60541c611e051ae2fc015cad1f9fd Mon Sep 17 00:00:00 2001 From: vj Date: Sat, 21 Sep 2024 12:37:34 -0600 Subject: [PATCH 1/5] =?UTF-8?q?=E2=9C=A8=20add=20resource=20for=20azure=20?= =?UTF-8?q?functions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- providers/azure/resources/azure.lr | 16 +++ providers/azure/resources/azure.lr.go | 124 ++++++++++++++++++ .../azure/resources/azure.lr.manifest.yaml | 27 ++++ providers/azure/resources/web.go | 54 ++++++++ 4 files changed, 221 insertions(+) diff --git a/providers/azure/resources/azure.lr b/providers/azure/resources/azure.lr index ea20e2722f..297ebd1cfb 100644 --- a/providers/azure/resources/azure.lr +++ b/providers/azure/resources/azure.lr @@ -70,6 +70,20 @@ azure.subscription @defaults ("name") { iot() azure.subscription.iotService } +// Azure function +private azure.subscription.webService.function @defaults("name") { + // ID of the function + id string + // Name of the function + name string + // Type of function + type string + // Kind of function + kind string + // Properties for the function + properties dict +} + // Azure resource group private azure.subscription.resourcegroup @defaults("name location") { // Resource group ID @@ -1031,6 +1045,8 @@ private azure.subscription.webService.appsite @defaults("id name location") { stack() dict // Diagnostic settings for the web app site diagnosticSettings() []azure.subscription.monitorService.diagnosticsetting + // List of functions for the web app site + functions []azure.subscription.webService.function } // Azure AppSite authentication settings diff --git a/providers/azure/resources/azure.lr.go b/providers/azure/resources/azure.lr.go index 6d85568819..9a4198c5a6 100644 --- a/providers/azure/resources/azure.lr.go +++ b/providers/azure/resources/azure.lr.go @@ -26,6 +26,10 @@ func init() { Init: initAzureSubscription, Create: createAzureSubscription, }, + "azure.subscription.webService.function": { + // to override args, implement: initAzureSubscriptionWebServiceFunction(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createAzureSubscriptionWebServiceFunction, + }, "azure.subscription.resourcegroup": { // to override args, implement: initAzureSubscriptionResourcegroup(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createAzureSubscriptionResourcegroup, @@ -589,6 +593,21 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "azure.subscription.iot": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAzureSubscription).GetIot()).ToDataRes(types.Resource("azure.subscription.iotService")) }, + "azure.subscription.webService.function.id": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionWebServiceFunction).GetId()).ToDataRes(types.String) + }, + "azure.subscription.webService.function.name": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionWebServiceFunction).GetName()).ToDataRes(types.String) + }, + "azure.subscription.webService.function.type": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionWebServiceFunction).GetType()).ToDataRes(types.String) + }, + "azure.subscription.webService.function.kind": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionWebServiceFunction).GetKind()).ToDataRes(types.String) + }, + "azure.subscription.webService.function.properties": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionWebServiceFunction).GetProperties()).ToDataRes(types.Dict) + }, "azure.subscription.resourcegroup.id": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAzureSubscriptionResourcegroup).GetId()).ToDataRes(types.String) }, @@ -1738,6 +1757,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "azure.subscription.webService.appsite.diagnosticSettings": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAzureSubscriptionWebServiceAppsite).GetDiagnosticSettings()).ToDataRes(types.Array(types.Resource("azure.subscription.monitorService.diagnosticsetting"))) }, + "azure.subscription.webService.appsite.functions": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionWebServiceAppsite).GetFunctions()).ToDataRes(types.Array(types.Resource("azure.subscription.webService.function"))) + }, "azure.subscription.webService.appsiteauthsettings.id": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAzureSubscriptionWebServiceAppsiteauthsettings).GetId()).ToDataRes(types.String) }, @@ -3005,6 +3027,30 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAzureSubscription).Iot, ok = plugin.RawToTValue[*mqlAzureSubscriptionIotService](v.Value, v.Error) return }, + "azure.subscription.webService.function.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionWebServiceFunction).__id, ok = v.Value.(string) + return + }, + "azure.subscription.webService.function.id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionWebServiceFunction).Id, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "azure.subscription.webService.function.name": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionWebServiceFunction).Name, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "azure.subscription.webService.function.type": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionWebServiceFunction).Type, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "azure.subscription.webService.function.kind": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionWebServiceFunction).Kind, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "azure.subscription.webService.function.properties": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionWebServiceFunction).Properties, ok = plugin.RawToTValue[interface{}](v.Value, v.Error) + return + }, "azure.subscription.resourcegroup.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAzureSubscriptionResourcegroup).__id, ok = v.Value.(string) return @@ -4733,6 +4779,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAzureSubscriptionWebServiceAppsite).DiagnosticSettings, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return }, + "azure.subscription.webService.appsite.functions": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionWebServiceAppsite).Functions, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, "azure.subscription.webService.appsiteauthsettings.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAzureSubscriptionWebServiceAppsiteauthsettings).__id, ok = v.Value.(string) return @@ -6933,6 +6983,75 @@ func (c *mqlAzureSubscription) GetIot() *plugin.TValue[*mqlAzureSubscriptionIotS }) } +// mqlAzureSubscriptionWebServiceFunction for the azure.subscription.webService.function resource +type mqlAzureSubscriptionWebServiceFunction struct { + MqlRuntime *plugin.Runtime + __id string + // optional: if you define mqlAzureSubscriptionWebServiceFunctionInternal it will be used here + Id plugin.TValue[string] + Name plugin.TValue[string] + Type plugin.TValue[string] + Kind plugin.TValue[string] + Properties plugin.TValue[interface{}] +} + +// createAzureSubscriptionWebServiceFunction creates a new instance of this resource +func createAzureSubscriptionWebServiceFunction(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlAzureSubscriptionWebServiceFunction{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + if res.__id == "" { + res.__id, err = res.id() + if err != nil { + return nil, err + } + } + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("azure.subscription.webService.function", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlAzureSubscriptionWebServiceFunction) MqlName() string { + return "azure.subscription.webService.function" +} + +func (c *mqlAzureSubscriptionWebServiceFunction) MqlID() string { + return c.__id +} + +func (c *mqlAzureSubscriptionWebServiceFunction) GetId() *plugin.TValue[string] { + return &c.Id +} + +func (c *mqlAzureSubscriptionWebServiceFunction) GetName() *plugin.TValue[string] { + return &c.Name +} + +func (c *mqlAzureSubscriptionWebServiceFunction) GetType() *plugin.TValue[string] { + return &c.Type +} + +func (c *mqlAzureSubscriptionWebServiceFunction) GetKind() *plugin.TValue[string] { + return &c.Kind +} + +func (c *mqlAzureSubscriptionWebServiceFunction) GetProperties() *plugin.TValue[interface{}] { + return &c.Properties +} + // mqlAzureSubscriptionResourcegroup for the azure.subscription.resourcegroup resource type mqlAzureSubscriptionResourcegroup struct { MqlRuntime *plugin.Runtime @@ -11407,6 +11526,7 @@ type mqlAzureSubscriptionWebServiceAppsite struct { ConnectionSettings plugin.TValue[interface{}] Stack plugin.TValue[interface{}] DiagnosticSettings plugin.TValue[[]interface{}] + Functions plugin.TValue[[]interface{}] } // createAzureSubscriptionWebServiceAppsite creates a new instance of this resource @@ -11550,6 +11670,10 @@ func (c *mqlAzureSubscriptionWebServiceAppsite) GetDiagnosticSettings() *plugin. }) } +func (c *mqlAzureSubscriptionWebServiceAppsite) GetFunctions() *plugin.TValue[[]interface{}] { + return &c.Functions +} + // mqlAzureSubscriptionWebServiceAppsiteauthsettings for the azure.subscription.webService.appsiteauthsettings resource type mqlAzureSubscriptionWebServiceAppsiteauthsettings struct { MqlRuntime *plugin.Runtime diff --git a/providers/azure/resources/azure.lr.manifest.yaml b/providers/azure/resources/azure.lr.manifest.yaml index f69e532982..83ed688843 100644 --- a/providers/azure/resources/azure.lr.manifest.yaml +++ b/providers/azure/resources/azure.lr.manifest.yaml @@ -20,6 +20,8 @@ resources: cloudDefender: {} compute: {} cosmosDb: {} + functions: + min_mondoo_version: 9.0.0 iam: min_mondoo_version: 9.0.0 id: {} @@ -604,6 +606,17 @@ resources: refs: - title: Azure Cosmos DB documentation url: https://learn.microsoft.com/en-us/azure/cosmos-db/ + azure.subscription.function: + fields: + id: {} + kind: {} + name: {} + properties: {} + type: {} + min_mondoo_version: 9.0.0 + platform: + name: + - azure azure.subscription.iotService: fields: hubs: {} @@ -2853,6 +2866,8 @@ resources: connectionSettings: {} diagnosticSettings: min_mondoo_version: 9.0.0 + functions: + min_mondoo_version: 9.0.0 id: {} identity: {} kind: {} @@ -2901,3 +2916,15 @@ resources: refs: - title: Azure Web documentation url: https://learn.microsoft.com/en-us/azure/?product=web + azure.subscription.webService.function: + fields: + id: {} + kind: {} + name: {} + properties: {} + type: {} + is_private: true + min_mondoo_version: 9.0.0 + platform: + name: + - azure diff --git a/providers/azure/resources/web.go b/providers/azure/resources/web.go index baeca21503..addb601f73 100644 --- a/providers/azure/resources/web.go +++ b/providers/azure/resources/web.go @@ -394,6 +394,60 @@ func (a *mqlAzureSubscriptionWebServiceAppsite) metadata() (interface{}, error) return res, nil } +func (a *mqlAzureSubscriptionWebServiceAppsite) functions() ([]interface{}, error) { + conn := a.MqlRuntime.Connection.(*connection.AzureConnection) + ctx := context.Background() + token := conn.Token() + id := a.Id.Data + resourceID, err := ParseResourceID(id) + if err != nil { + return nil, err + } + client, err := web.NewWebAppsClient(resourceID.SubscriptionID, token, &arm.ClientOptions{ + ClientOptions: conn.ClientOptions(), + }) + if err != nil { + return nil, err + } + + site, err := resourceID.Component("sites") + if err != nil { + return nil, err + } + pager := client.NewListFunctionsPager(resourceID.ResourceGroup, site, &web.WebAppsClientListFunctionsOptions{}) + res := []interface{}{} + + for pager.More() { + page, err := pager.NextPage(ctx) + if err != nil { + return nil, err + } + for _, entry := range page.Value { + props, err := convert.JsonToDict(entry.Properties) + if err != nil { + return nil, err + } + mqlAzure, err := CreateResource(a.MqlRuntime, "azure.subscription.webService.function", + map[string]*llx.RawData{ + "id": llx.StringDataPtr(entry.ID), + "name": llx.StringDataPtr(entry.Name), + "type": llx.StringDataPtr(entry.Type), + "kind": llx.StringDataPtr(entry.Kind), + "properties": llx.AnyData(props), + }) + if err != nil { + return nil, err + } + res = append(res, mqlAzure) + } + } + return res, nil +} + +func (a *mqlAzureSubscriptionWebServiceFunction) id() (string, error) { + return a.id() +} + func (a *mqlAzureSubscriptionWebServiceAppsite) connectionSettings() (interface{}, error) { conn := a.MqlRuntime.Connection.(*connection.AzureConnection) ctx := context.Background() From 12363ee014272e5c93e5810436613d324424c927 Mon Sep 17 00:00:00 2001 From: vj Date: Mon, 23 Sep 2024 16:56:44 -0600 Subject: [PATCH 2/5] =?UTF-8?q?=E2=9C=A8=20add=20application=20gateway=20W?= =?UTF-8?q?AF=20manifests?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- providers/azure/go.mod | 1 + providers/azure/go.sum | 2 + providers/azure/resources/azure.lr | 20 ++- providers/azure/resources/azure.lr.go | 150 +++++++++++++++++- .../azure/resources/azure.lr.manifest.yaml | 15 ++ providers/azure/resources/network.go | 52 ++++++ providers/azure/resources/web.go | 1 + 7 files changed, 238 insertions(+), 3 deletions(-) diff --git a/providers/azure/go.mod b/providers/azure/go.mod index 450ed26ff5..94a9c1745b 100644 --- a/providers/azure/go.mod +++ b/providers/azure/go.mod @@ -57,6 +57,7 @@ require ( github.com/99designs/keyring v1.2.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/BurntSushi/toml v1.4.0 // indirect diff --git a/providers/azure/go.sum b/providers/azure/go.sum index 2b51689bc5..5ebd3a7956 100644 --- a/providers/azure/go.sum +++ b/providers/azure/go.sum @@ -69,6 +69,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysqlflexibleserv github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysqlflexibleservers v1.2.0/go.mod h1:0mKVz3WT8oNjBunT1zD/HPwMleQ72QClMa7Gmsm+6Kc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 h1:QM6sE5k2ZT/vI5BEe0r7mqjsUSnhVBFbOsVkEuaEfiA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0/go.mod h1:243D9iHbcQXoFUtgHJwL7gl2zx1aDuDMjvBZVGr2uW0= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 h1:6gbgo57khn0HUCcozxGgDodl7HPH0wr9x3QPt1uJSMM= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0/go.mod h1:ulHyBFJOI0ONiRL4vcJTmS7rx18jQQlEPmAgo80cRdM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresql v1.2.0 h1:0hXKrsbh2M6CQyW0TDC9Bsyd99vQmrOxiBTUfQHZjPA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresql v1.2.0/go.mod h1:bvZZor36Jg9q9kouuMyfJ+ay77+qK+YUfThXH1FdXjU= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresqlflexibleservers v1.1.0 h1:HzqcSJWx32XQdr8KtxAu/SZJj0PqDo9tKf2YGPdynV0= diff --git a/providers/azure/resources/azure.lr b/providers/azure/resources/azure.lr index 297ebd1cfb..5c25f569b7 100644 --- a/providers/azure/resources/azure.lr +++ b/providers/azure/resources/azure.lr @@ -71,7 +71,7 @@ azure.subscription @defaults ("name") { } // Azure function -private azure.subscription.webService.function @defaults("name") { +private azure.subscription.webService.function @defaults("name type") { // ID of the function id string // Name of the function @@ -860,6 +860,22 @@ azure.subscription.networkService.applicationGateway @defaults("id name location properties dict // Gets the attached application firewall policy policy() azure.subscription.networkService.applicationFirewallPolicy + // WAF configurations + wafConfiguration() []azure.subscription.networkService.wafConfig +} + +// Azure Application Firewall Config +azure.subscription.networkService.wafConfig @defaults("id name type") { + // ID of the WAF configuration + id string + // Name of the WAF configuration + name string + // Type of WAF configuration + type string + // Kind of WAF configuration + kind string + // Properties for the WAF configuration + properties dict } // Azure Application Firewall Policy (WAF) @@ -1046,7 +1062,7 @@ private azure.subscription.webService.appsite @defaults("id name location") { // Diagnostic settings for the web app site diagnosticSettings() []azure.subscription.monitorService.diagnosticsetting // List of functions for the web app site - functions []azure.subscription.webService.function + functions() []azure.subscription.webService.function } // Azure AppSite authentication settings diff --git a/providers/azure/resources/azure.lr.go b/providers/azure/resources/azure.lr.go index 9a4198c5a6..25a9d894db 100644 --- a/providers/azure/resources/azure.lr.go +++ b/providers/azure/resources/azure.lr.go @@ -182,6 +182,10 @@ func init() { // to override args, implement: initAzureSubscriptionNetworkServiceApplicationGateway(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createAzureSubscriptionNetworkServiceApplicationGateway, }, + "azure.subscription.networkService.wafConfig": { + // to override args, implement: initAzureSubscriptionNetworkServiceWafConfig(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createAzureSubscriptionNetworkServiceWafConfig, + }, "azure.subscription.networkService.applicationFirewallPolicy": { // to override args, implement: initAzureSubscriptionNetworkServiceApplicationFirewallPolicy(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createAzureSubscriptionNetworkServiceApplicationFirewallPolicy, @@ -1547,6 +1551,24 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "azure.subscription.networkService.applicationGateway.policy": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAzureSubscriptionNetworkServiceApplicationGateway).GetPolicy()).ToDataRes(types.Resource("azure.subscription.networkService.applicationFirewallPolicy")) }, + "azure.subscription.networkService.applicationGateway.wafConfiguration": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionNetworkServiceApplicationGateway).GetWafConfiguration()).ToDataRes(types.Array(types.Resource("azure.subscription.networkService.wafConfig"))) + }, + "azure.subscription.networkService.wafConfig.id": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionNetworkServiceWafConfig).GetId()).ToDataRes(types.String) + }, + "azure.subscription.networkService.wafConfig.name": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionNetworkServiceWafConfig).GetName()).ToDataRes(types.String) + }, + "azure.subscription.networkService.wafConfig.type": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionNetworkServiceWafConfig).GetType()).ToDataRes(types.String) + }, + "azure.subscription.networkService.wafConfig.kind": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionNetworkServiceWafConfig).GetKind()).ToDataRes(types.String) + }, + "azure.subscription.networkService.wafConfig.properties": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionNetworkServiceWafConfig).GetProperties()).ToDataRes(types.Dict) + }, "azure.subscription.networkService.applicationFirewallPolicy.id": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAzureSubscriptionNetworkServiceApplicationFirewallPolicy).GetId()).ToDataRes(types.String) }, @@ -4455,6 +4477,34 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAzureSubscriptionNetworkServiceApplicationGateway).Policy, ok = plugin.RawToTValue[*mqlAzureSubscriptionNetworkServiceApplicationFirewallPolicy](v.Value, v.Error) return }, + "azure.subscription.networkService.applicationGateway.wafConfiguration": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionNetworkServiceApplicationGateway).WafConfiguration, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, + "azure.subscription.networkService.wafConfig.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionNetworkServiceWafConfig).__id, ok = v.Value.(string) + return + }, + "azure.subscription.networkService.wafConfig.id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionNetworkServiceWafConfig).Id, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "azure.subscription.networkService.wafConfig.name": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionNetworkServiceWafConfig).Name, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "azure.subscription.networkService.wafConfig.type": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionNetworkServiceWafConfig).Type, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "azure.subscription.networkService.wafConfig.kind": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionNetworkServiceWafConfig).Kind, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "azure.subscription.networkService.wafConfig.properties": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionNetworkServiceWafConfig).Properties, ok = plugin.RawToTValue[interface{}](v.Value, v.Error) + return + }, "azure.subscription.networkService.applicationFirewallPolicy.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAzureSubscriptionNetworkServiceApplicationFirewallPolicy).__id, ok = v.Value.(string) return @@ -10610,6 +10660,7 @@ type mqlAzureSubscriptionNetworkServiceApplicationGateway struct { Etag plugin.TValue[string] Properties plugin.TValue[interface{}] Policy plugin.TValue[*mqlAzureSubscriptionNetworkServiceApplicationFirewallPolicy] + WafConfiguration plugin.TValue[[]interface{}] } // createAzureSubscriptionNetworkServiceApplicationGateway creates a new instance of this resource @@ -10693,6 +10744,91 @@ func (c *mqlAzureSubscriptionNetworkServiceApplicationGateway) GetPolicy() *plug }) } +func (c *mqlAzureSubscriptionNetworkServiceApplicationGateway) GetWafConfiguration() *plugin.TValue[[]interface{}] { + return plugin.GetOrCompute[[]interface{}](&c.WafConfiguration, func() ([]interface{}, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("azure.subscription.networkService.applicationGateway", c.__id, "wafConfiguration") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.([]interface{}), nil + } + } + + return c.wafConfiguration() + }) +} + +// mqlAzureSubscriptionNetworkServiceWafConfig for the azure.subscription.networkService.wafConfig resource +type mqlAzureSubscriptionNetworkServiceWafConfig struct { + MqlRuntime *plugin.Runtime + __id string + // optional: if you define mqlAzureSubscriptionNetworkServiceWafConfigInternal it will be used here + Id plugin.TValue[string] + Name plugin.TValue[string] + Type plugin.TValue[string] + Kind plugin.TValue[string] + Properties plugin.TValue[interface{}] +} + +// createAzureSubscriptionNetworkServiceWafConfig creates a new instance of this resource +func createAzureSubscriptionNetworkServiceWafConfig(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlAzureSubscriptionNetworkServiceWafConfig{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + if res.__id == "" { + res.__id, err = res.id() + if err != nil { + return nil, err + } + } + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("azure.subscription.networkService.wafConfig", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlAzureSubscriptionNetworkServiceWafConfig) MqlName() string { + return "azure.subscription.networkService.wafConfig" +} + +func (c *mqlAzureSubscriptionNetworkServiceWafConfig) MqlID() string { + return c.__id +} + +func (c *mqlAzureSubscriptionNetworkServiceWafConfig) GetId() *plugin.TValue[string] { + return &c.Id +} + +func (c *mqlAzureSubscriptionNetworkServiceWafConfig) GetName() *plugin.TValue[string] { + return &c.Name +} + +func (c *mqlAzureSubscriptionNetworkServiceWafConfig) GetType() *plugin.TValue[string] { + return &c.Type +} + +func (c *mqlAzureSubscriptionNetworkServiceWafConfig) GetKind() *plugin.TValue[string] { + return &c.Kind +} + +func (c *mqlAzureSubscriptionNetworkServiceWafConfig) GetProperties() *plugin.TValue[interface{}] { + return &c.Properties +} + // mqlAzureSubscriptionNetworkServiceApplicationFirewallPolicy for the azure.subscription.networkService.applicationFirewallPolicy resource type mqlAzureSubscriptionNetworkServiceApplicationFirewallPolicy struct { MqlRuntime *plugin.Runtime @@ -11671,7 +11807,19 @@ func (c *mqlAzureSubscriptionWebServiceAppsite) GetDiagnosticSettings() *plugin. } func (c *mqlAzureSubscriptionWebServiceAppsite) GetFunctions() *plugin.TValue[[]interface{}] { - return &c.Functions + return plugin.GetOrCompute[[]interface{}](&c.Functions, func() ([]interface{}, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("azure.subscription.webService.appsite", c.__id, "functions") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.([]interface{}), nil + } + } + + return c.functions() + }) } // mqlAzureSubscriptionWebServiceAppsiteauthsettings for the azure.subscription.webService.appsiteauthsettings resource diff --git a/providers/azure/resources/azure.lr.manifest.yaml b/providers/azure/resources/azure.lr.manifest.yaml index 83ed688843..33d3553978 100644 --- a/providers/azure/resources/azure.lr.manifest.yaml +++ b/providers/azure/resources/azure.lr.manifest.yaml @@ -1483,6 +1483,10 @@ resources: properties: {} tags: {} type: {} + wafConfig: + min_mondoo_version: 9.0.0 + wafConfiguration: + min_mondoo_version: 9.0.0 min_mondoo_version: latest platform: name: @@ -1988,6 +1992,17 @@ resources: refs: - title: Virtual Network documentation url: https://learn.microsoft.com/en-us/azure/virtual-network/ + azure.subscription.networkService.wafConfig: + fields: + id: {} + kind: {} + name: {} + properties: {} + type: {} + min_mondoo_version: 9.0.0 + platform: + name: + - azure azure.subscription.networkService.watcher: fields: etag: {} diff --git a/providers/azure/resources/network.go b/providers/azure/resources/network.go index 48831adf14..f9567b6aea 100644 --- a/providers/azure/resources/network.go +++ b/providers/azure/resources/network.go @@ -18,6 +18,7 @@ import ( "go.mondoo.com/cnquery/v11/utils/stringx" network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork" + networkv6 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6" ) func (a *mqlAzureSubscriptionNetworkService) id() (string, error) { @@ -1066,6 +1067,57 @@ func (a *mqlAzureSubscriptionNetworkService) applicationGateways() ([]interface{ return res, nil } +func (a *mqlAzureSubscriptionNetworkServiceWafConfig) id() (string, error) { + return a.Id.Data, nil +} + +func (a *mqlAzureSubscriptionNetworkServiceApplicationGateway) wafConfiguration() ([]interface{}, error) { + conn := a.MqlRuntime.Connection.(*connection.AzureConnection) + ctx := context.Background() + token := conn.Token() + id := a.Id.Data + resourceID, err := ParseResourceID(id) + if err != nil { + return nil, err + } + client, err := networkv6.NewClientFactory(resourceID.SubscriptionID, token, &arm.ClientOptions{ + ClientOptions: conn.ClientOptions(), + }) + if err != nil { + return nil, err + } + c := client.NewApplicationGatewayWafDynamicManifestsClient() + + res := []interface{}{} + pager := c.NewGetPager(a.Location.Data, &networkv6.ApplicationGatewayWafDynamicManifestsClientGetOptions{}) + for pager.More() { + page, err := pager.NextPage(ctx) + if err != nil { + return nil, err + } + for _, entry := range page.Value { + if entry != nil { + props, err := convert.JsonToDict(entry.Properties) + if err != nil { + return nil, err + } + mqlAzure, err := CreateResource(a.MqlRuntime, "azure.subscription.applicationGateway.wafconfig", + map[string]*llx.RawData{ + "id": llx.StringDataPtr(entry.ID), + "name": llx.StringDataPtr(entry.Name), + "type": llx.StringDataPtr(entry.Type), + "properties": llx.AnyData(props), + }) + if err != nil { + return nil, err + } + res = append(res, mqlAzure) + } + } + } + return res, nil +} + func (a *mqlAzureSubscriptionNetworkService) applicationFirewallPolicies() ([]interface{}, error) { conn := a.MqlRuntime.Connection.(*connection.AzureConnection) ctx := context.Background() diff --git a/providers/azure/resources/web.go b/providers/azure/resources/web.go index addb601f73..b92c1fa0dd 100644 --- a/providers/azure/resources/web.go +++ b/providers/azure/resources/web.go @@ -414,6 +414,7 @@ func (a *mqlAzureSubscriptionWebServiceAppsite) functions() ([]interface{}, erro if err != nil { return nil, err } + pager := client.NewListFunctionsPager(resourceID.ResourceGroup, site, &web.WebAppsClientListFunctionsOptions{}) res := []interface{}{} From 0665d4358b57ab1142f8356bfffc81b96da78352 Mon Sep 17 00:00:00 2001 From: Preslav Date: Tue, 24 Sep 2024 08:13:35 +0300 Subject: [PATCH 3/5] cleanup azure lr file. Signed-off-by: Preslav --- providers/azure/resources/azure.lr.manifest.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/providers/azure/resources/azure.lr.manifest.yaml b/providers/azure/resources/azure.lr.manifest.yaml index 33d3553978..e6065cc9c5 100644 --- a/providers/azure/resources/azure.lr.manifest.yaml +++ b/providers/azure/resources/azure.lr.manifest.yaml @@ -1483,8 +1483,6 @@ resources: properties: {} tags: {} type: {} - wafConfig: - min_mondoo_version: 9.0.0 wafConfiguration: min_mondoo_version: 9.0.0 min_mondoo_version: latest From 7d975dec5e47ea419e846b750a0722c900b3a580 Mon Sep 17 00:00:00 2001 From: Preslav Date: Tue, 24 Sep 2024 08:17:17 +0300 Subject: [PATCH 4/5] switch entirely to network v6. Signed-off-by: Preslav --- providers/azure/go.mod | 4 ++-- providers/azure/go.sum | 4 ++-- providers/azure/resources/compute.go | 2 +- providers/azure/resources/network.go | 3 +-- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/providers/azure/go.mod b/providers/azure/go.mod index 94a9c1745b..e4ad31caa5 100644 --- a/providers/azure/go.mod +++ b/providers/azure/go.mod @@ -24,7 +24,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.2.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysql v1.2.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysqlflexibleservers v1.2.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresql v1.2.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresqlflexibleservers v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 @@ -57,7 +57,7 @@ require ( github.com/99designs/keyring v1.2.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/BurntSushi/toml v1.4.0 // indirect diff --git a/providers/azure/go.sum b/providers/azure/go.sum index 5ebd3a7956..04c3758fd3 100644 --- a/providers/azure/go.sum +++ b/providers/azure/go.sum @@ -49,8 +49,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2 h1:mLY+pNL github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2/go.mod h1:FbdwsQ2EzwvXxOPcMFYO8ogEc9uMMIj3YkmCdXdAFmk= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0 h1:Kb8eVvjdP6kZqYnER5w/PiGCFp91yVgaxve3d7kCEpY= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0/go.mod h1:lYq15QkJyEsNegz5EhI/0SXQ6spvGfgwBH/Qyzkoc/s= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0 h1:2qsIIvxVT+uE6yrNldntJKlLRgxGbZ85kgtz5SNBhMw= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0/go.mod h1:AW8VEadnhw9xox+VaVd9sP7NjzOAnaZBLRH6Tq3cJ38= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/iothub/armiothub v1.3.0 h1:NZP+oPbAVFy7PhQ4PTD3SuGWbEziNhp7lphGkkN707s= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/iothub/armiothub v1.3.0/go.mod h1:djbLk3ngutFfQ9fSOM29UzywAkcBI1YUsuUnxTQGsqU= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0 h1:HlZMUZW8S4P9oob1nCHxCCKrytxyLc+24nUJGssoEto= diff --git a/providers/azure/resources/compute.go b/providers/azure/resources/compute.go index 5ae60dac94..f227363770 100644 --- a/providers/azure/resources/compute.go +++ b/providers/azure/resources/compute.go @@ -10,7 +10,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" compute "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute" - network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork" + network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6" "go.mondoo.com/cnquery/v11/llx" "go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin" "go.mondoo.com/cnquery/v11/providers-sdk/v1/util/convert" diff --git a/providers/azure/resources/network.go b/providers/azure/resources/network.go index f9567b6aea..a1c8f4bb03 100644 --- a/providers/azure/resources/network.go +++ b/providers/azure/resources/network.go @@ -17,8 +17,7 @@ import ( "go.mondoo.com/cnquery/v11/types" "go.mondoo.com/cnquery/v11/utils/stringx" - network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork" - networkv6 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6" + network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6" ) func (a *mqlAzureSubscriptionNetworkService) id() (string, error) { From a4ec75818c188d282eea03bad9eca4035724494c Mon Sep 17 00:00:00 2001 From: Preslav Date: Tue, 24 Sep 2024 08:30:25 +0300 Subject: [PATCH 5/5] fix build. Signed-off-by: Preslav --- providers/azure/resources/network.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/providers/azure/resources/network.go b/providers/azure/resources/network.go index a1c8f4bb03..2350c5dce0 100644 --- a/providers/azure/resources/network.go +++ b/providers/azure/resources/network.go @@ -1079,7 +1079,7 @@ func (a *mqlAzureSubscriptionNetworkServiceApplicationGateway) wafConfiguration( if err != nil { return nil, err } - client, err := networkv6.NewClientFactory(resourceID.SubscriptionID, token, &arm.ClientOptions{ + client, err := network.NewClientFactory(resourceID.SubscriptionID, token, &arm.ClientOptions{ ClientOptions: conn.ClientOptions(), }) if err != nil { @@ -1088,7 +1088,7 @@ func (a *mqlAzureSubscriptionNetworkServiceApplicationGateway) wafConfiguration( c := client.NewApplicationGatewayWafDynamicManifestsClient() res := []interface{}{} - pager := c.NewGetPager(a.Location.Data, &networkv6.ApplicationGatewayWafDynamicManifestsClientGetOptions{}) + pager := c.NewGetPager(a.Location.Data, &network.ApplicationGatewayWafDynamicManifestsClientGetOptions{}) for pager.More() { page, err := pager.NextPage(ctx) if err != nil {