From 985fb8f1f6ced78d33c0c95b65362793818f1cff Mon Sep 17 00:00:00 2001 From: Hossein Rouhani Date: Wed, 13 Nov 2024 07:11:43 +0100 Subject: [PATCH 1/4] =?UTF-8?q?=F0=9F=A7=B9=20Adding=20Country=20location?= =?UTF-8?q?=20to=20NamedLocation=20under=20confitional=20access=20-=20MS36?= =?UTF-8?q?5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Hossein Rouhani --- .../ms365/resources/conditional-access.go | 50 +++++++++ providers/ms365/resources/ms365.lr | 10 ++ providers/ms365/resources/ms365.lr.go | 100 ++++++++++++++++++ .../ms365/resources/ms365.lr.manifest.yaml | 6 ++ 4 files changed, 166 insertions(+) diff --git a/providers/ms365/resources/conditional-access.go b/providers/ms365/resources/conditional-access.go index 773f4d2c74..f046cabd91 100644 --- a/providers/ms365/resources/conditional-access.go +++ b/providers/ms365/resources/conditional-access.go @@ -59,3 +59,53 @@ func (a *mqlMicrosoftConditionalAccess) namedLocations() ([]interface{}, error) return locationDetails, nil } + +func (m *mqlMicrosoftConditionalAccessCountryNamedLocation) id() (string, error) { + return m.Name.Data, nil +} + +func (a *mqlMicrosoftConditionalAccess) countryLocations() ([]interface{}, error) { + conn := a.MqlRuntime.Connection.(*connection.Ms365Connection) + graphClient, err := conn.GraphClient() + if err != nil { + return nil, err + } + + ctx := context.Background() + namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Get(ctx, nil) + if err != nil { + return nil, transformError(err) + } + + var locationDetails []interface{} + for _, location := range namedLocations.GetValue() { + if countryLocation, ok := location.(*models.CountryNamedLocation); ok { + displayName := countryLocation.GetDisplayName() + countryLookupMethod := countryLocation.GetCountryLookupMethod() + + var lookupMethodStr *string + if countryLookupMethod != nil { + method := countryLookupMethod.String() + lookupMethodStr = &method + } + + if displayName != nil && lookupMethodStr != nil { + locationInfo, err := CreateResource(a.MqlRuntime, "microsoft.conditionalAccess.countryNamedLocation", + map[string]*llx.RawData{ + "name": llx.StringDataPtr(displayName), + "lookupMethod": llx.StringDataPtr(lookupMethodStr), + }) + if err != nil { + return nil, err + } + locationDetails = append(locationDetails, locationInfo) + } + } + } + + if len(locationDetails) == 0 { + return nil, nil + } + + return locationDetails, nil +} diff --git a/providers/ms365/resources/ms365.lr b/providers/ms365/resources/ms365.lr index a5c6ead4ff..e2152f5c11 100644 --- a/providers/ms365/resources/ms365.lr +++ b/providers/ms365/resources/ms365.lr @@ -60,6 +60,8 @@ microsoft.tenant @defaults("name") { microsoft.conditionalAccess { // IP named location namedLocations() []microsoft.conditionalAccess.ipNamedLocation + // Country-based named location + countryLocations() []microsoft.conditionalAccess.countryNamedLocation } // Microsoft Conditional Access IP named location @@ -70,6 +72,14 @@ microsoft.conditionalAccess.ipNamedLocation @defaults("name trusted") { trusted bool } +// Microsoft Conditional Access Country named location +microsoft.conditionalAccess.countryNamedLocation @defaults("name lookupMethod") { + // Named location name + name string + // Method to determine the country location + lookupMethod string +} + // Microsoft Entra ID user private microsoft.user @defaults("id displayName userPrincipalName") { // User Object ID diff --git a/providers/ms365/resources/ms365.lr.go b/providers/ms365/resources/ms365.lr.go index d0d7f8b45c..4581a3cb44 100644 --- a/providers/ms365/resources/ms365.lr.go +++ b/providers/ms365/resources/ms365.lr.go @@ -34,6 +34,10 @@ func init() { // to override args, implement: initMicrosoftConditionalAccessIpNamedLocation(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createMicrosoftConditionalAccessIpNamedLocation, }, + "microsoft.conditionalAccess.countryNamedLocation": { + // to override args, implement: initMicrosoftConditionalAccessCountryNamedLocation(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createMicrosoftConditionalAccessCountryNamedLocation, + }, "microsoft.user": { Init: initMicrosoftUser, Create: createMicrosoftUser, @@ -300,12 +304,21 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "microsoft.conditionalAccess.namedLocations": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlMicrosoftConditionalAccess).GetNamedLocations()).ToDataRes(types.Array(types.Resource("microsoft.conditionalAccess.ipNamedLocation"))) }, + "microsoft.conditionalAccess.countryLocations": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlMicrosoftConditionalAccess).GetCountryLocations()).ToDataRes(types.Array(types.Resource("microsoft.conditionalAccess.countryNamedLocation"))) + }, "microsoft.conditionalAccess.ipNamedLocation.name": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlMicrosoftConditionalAccessIpNamedLocation).GetName()).ToDataRes(types.String) }, "microsoft.conditionalAccess.ipNamedLocation.trusted": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlMicrosoftConditionalAccessIpNamedLocation).GetTrusted()).ToDataRes(types.Bool) }, + "microsoft.conditionalAccess.countryNamedLocation.name": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlMicrosoftConditionalAccessCountryNamedLocation).GetName()).ToDataRes(types.String) + }, + "microsoft.conditionalAccess.countryNamedLocation.lookupMethod": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlMicrosoftConditionalAccessCountryNamedLocation).GetLookupMethod()).ToDataRes(types.String) + }, "microsoft.user.id": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlMicrosoftUser).GetId()).ToDataRes(types.String) }, @@ -1264,6 +1277,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlMicrosoftConditionalAccess).NamedLocations, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return }, + "microsoft.conditionalAccess.countryLocations": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlMicrosoftConditionalAccess).CountryLocations, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, "microsoft.conditionalAccess.ipNamedLocation.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlMicrosoftConditionalAccessIpNamedLocation).__id, ok = v.Value.(string) return @@ -1276,6 +1293,18 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlMicrosoftConditionalAccessIpNamedLocation).Trusted, ok = plugin.RawToTValue[bool](v.Value, v.Error) return }, + "microsoft.conditionalAccess.countryNamedLocation.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlMicrosoftConditionalAccessCountryNamedLocation).__id, ok = v.Value.(string) + return + }, + "microsoft.conditionalAccess.countryNamedLocation.name": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlMicrosoftConditionalAccessCountryNamedLocation).Name, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "microsoft.conditionalAccess.countryNamedLocation.lookupMethod": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlMicrosoftConditionalAccessCountryNamedLocation).LookupMethod, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "microsoft.user.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlMicrosoftUser).__id, ok = v.Value.(string) return @@ -2856,6 +2885,7 @@ type mqlMicrosoftConditionalAccess struct { __id string // optional: if you define mqlMicrosoftConditionalAccessInternal it will be used here NamedLocations plugin.TValue[[]interface{}] + CountryLocations plugin.TValue[[]interface{}] } // createMicrosoftConditionalAccess creates a new instance of this resource @@ -2906,6 +2936,22 @@ func (c *mqlMicrosoftConditionalAccess) GetNamedLocations() *plugin.TValue[[]int }) } +func (c *mqlMicrosoftConditionalAccess) GetCountryLocations() *plugin.TValue[[]interface{}] { + return plugin.GetOrCompute[[]interface{}](&c.CountryLocations, func() ([]interface{}, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("microsoft.conditionalAccess", c.__id, "countryLocations") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.([]interface{}), nil + } + } + + return c.countryLocations() + }) +} + // mqlMicrosoftConditionalAccessIpNamedLocation for the microsoft.conditionalAccess.ipNamedLocation resource type mqlMicrosoftConditionalAccessIpNamedLocation struct { MqlRuntime *plugin.Runtime @@ -2960,6 +3006,60 @@ func (c *mqlMicrosoftConditionalAccessIpNamedLocation) GetTrusted() *plugin.TVal return &c.Trusted } +// mqlMicrosoftConditionalAccessCountryNamedLocation for the microsoft.conditionalAccess.countryNamedLocation resource +type mqlMicrosoftConditionalAccessCountryNamedLocation struct { + MqlRuntime *plugin.Runtime + __id string + // optional: if you define mqlMicrosoftConditionalAccessCountryNamedLocationInternal it will be used here + Name plugin.TValue[string] + LookupMethod plugin.TValue[string] +} + +// createMicrosoftConditionalAccessCountryNamedLocation creates a new instance of this resource +func createMicrosoftConditionalAccessCountryNamedLocation(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlMicrosoftConditionalAccessCountryNamedLocation{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + if res.__id == "" { + res.__id, err = res.id() + if err != nil { + return nil, err + } + } + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("microsoft.conditionalAccess.countryNamedLocation", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlMicrosoftConditionalAccessCountryNamedLocation) MqlName() string { + return "microsoft.conditionalAccess.countryNamedLocation" +} + +func (c *mqlMicrosoftConditionalAccessCountryNamedLocation) MqlID() string { + return c.__id +} + +func (c *mqlMicrosoftConditionalAccessCountryNamedLocation) GetName() *plugin.TValue[string] { + return &c.Name +} + +func (c *mqlMicrosoftConditionalAccessCountryNamedLocation) GetLookupMethod() *plugin.TValue[string] { + return &c.LookupMethod +} + // mqlMicrosoftUser for the microsoft.user resource type mqlMicrosoftUser struct { MqlRuntime *plugin.Runtime diff --git a/providers/ms365/resources/ms365.lr.manifest.yaml b/providers/ms365/resources/ms365.lr.manifest.yaml index 7e0e9d72d8..833fc2a0c8 100755 --- a/providers/ms365/resources/ms365.lr.manifest.yaml +++ b/providers/ms365/resources/ms365.lr.manifest.yaml @@ -122,10 +122,16 @@ resources: min_mondoo_version: 9.0.0 microsoft.conditionalAccess: fields: + countryLocations: {} name: {} namedLocations: {} trusted: {} min_mondoo_version: 9.0.0 + microsoft.conditionalAccess.countryNamedLocation: + fields: + lookupMethod: {} + name: {} + min_mondoo_version: 9.0.0 microsoft.conditionalAccess.ipNamedLocation: fields: name: {} From 949203010c43d136c140ed2890cc6e30ff47821f Mon Sep 17 00:00:00 2001 From: Hossein Rouhani Date: Wed, 13 Nov 2024 12:08:53 +0100 Subject: [PATCH 2/4] improving the resources Signed-off-by: Hossein Rouhani --- .../ms365/resources/conditional-access.go | 12 +-- providers/ms365/resources/ms365.lr | 12 ++- providers/ms365/resources/ms365.lr.go | 87 ++++++++++++++++--- .../ms365/resources/ms365.lr.manifest.yaml | 9 +- 4 files changed, 86 insertions(+), 34 deletions(-) diff --git a/providers/ms365/resources/conditional-access.go b/providers/ms365/resources/conditional-access.go index f046cabd91..6c0740141e 100644 --- a/providers/ms365/resources/conditional-access.go +++ b/providers/ms365/resources/conditional-access.go @@ -11,10 +11,6 @@ import ( "go.mondoo.com/cnquery/v11/providers/ms365/connection" ) -func (m *mqlMicrosoftConditionalAccessIpNamedLocation) id() (string, error) { - return m.Name.Data, nil -} - func (a *mqlMicrosoftConditionalAccess) namedLocations() ([]interface{}, error) { conn := a.MqlRuntime.Connection.(*connection.Ms365Connection) graphClient, err := conn.GraphClient() @@ -24,9 +20,6 @@ func (a *mqlMicrosoftConditionalAccess) namedLocations() ([]interface{}, error) ctx := context.Background() namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Get(ctx, nil) - if err != nil { - return nil, transformError(err) - } var locationDetails []interface{} for _, location := range namedLocations.GetValue() { @@ -64,7 +57,7 @@ func (m *mqlMicrosoftConditionalAccessCountryNamedLocation) id() (string, error) return m.Name.Data, nil } -func (a *mqlMicrosoftConditionalAccess) countryLocations() ([]interface{}, error) { +func (a *mqlMicrosoftConditionalAccessNamedLocations) countryLocations() ([]interface{}, error) { conn := a.MqlRuntime.Connection.(*connection.Ms365Connection) graphClient, err := conn.GraphClient() if err != nil { @@ -73,9 +66,6 @@ func (a *mqlMicrosoftConditionalAccess) countryLocations() ([]interface{}, error ctx := context.Background() namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Get(ctx, nil) - if err != nil { - return nil, transformError(err) - } var locationDetails []interface{} for _, location := range namedLocations.GetValue() { diff --git a/providers/ms365/resources/ms365.lr b/providers/ms365/resources/ms365.lr index e2152f5c11..63b2a468a7 100644 --- a/providers/ms365/resources/ms365.lr +++ b/providers/ms365/resources/ms365.lr @@ -58,9 +58,15 @@ microsoft.tenant @defaults("name") { // Microsoft Conditional Access Policies microsoft.conditionalAccess { - // IP named location - namedLocations() []microsoft.conditionalAccess.ipNamedLocation - // Country-based named location + // Named locations container + namedLocations microsoft.conditionalAccess.namedLocations +} + +// Container for Microsoft Conditional Access Named Locations +microsoft.conditionalAccess.namedLocations { + // IP-based named locations + ipLocations() []microsoft.conditionalAccess.ipNamedLocation + // Country-based named locations countryLocations() []microsoft.conditionalAccess.countryNamedLocation } diff --git a/providers/ms365/resources/ms365.lr.go b/providers/ms365/resources/ms365.lr.go index 4581a3cb44..9755e5006b 100644 --- a/providers/ms365/resources/ms365.lr.go +++ b/providers/ms365/resources/ms365.lr.go @@ -30,6 +30,10 @@ func init() { // to override args, implement: initMicrosoftConditionalAccess(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createMicrosoftConditionalAccess, }, + "microsoft.conditionalAccess.namedLocations": { + // to override args, implement: initMicrosoftConditionalAccessNamedLocations(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createMicrosoftConditionalAccessNamedLocations, + }, "microsoft.conditionalAccess.ipNamedLocation": { // to override args, implement: initMicrosoftConditionalAccessIpNamedLocation(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createMicrosoftConditionalAccessIpNamedLocation, @@ -302,10 +306,13 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ return (r.(*mqlMicrosoftTenant).GetSubscriptions()).ToDataRes(types.Array(types.Dict)) }, "microsoft.conditionalAccess.namedLocations": func(r plugin.Resource) *plugin.DataRes { - return (r.(*mqlMicrosoftConditionalAccess).GetNamedLocations()).ToDataRes(types.Array(types.Resource("microsoft.conditionalAccess.ipNamedLocation"))) + return (r.(*mqlMicrosoftConditionalAccess).GetNamedLocations()).ToDataRes(types.Resource("microsoft.conditionalAccess.namedLocations")) + }, + "microsoft.conditionalAccess.namedLocations.ipLocations": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlMicrosoftConditionalAccessNamedLocations).GetIpLocations()).ToDataRes(types.Array(types.Resource("microsoft.conditionalAccess.ipNamedLocation"))) }, - "microsoft.conditionalAccess.countryLocations": func(r plugin.Resource) *plugin.DataRes { - return (r.(*mqlMicrosoftConditionalAccess).GetCountryLocations()).ToDataRes(types.Array(types.Resource("microsoft.conditionalAccess.countryNamedLocation"))) + "microsoft.conditionalAccess.namedLocations.countryLocations": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlMicrosoftConditionalAccessNamedLocations).GetCountryLocations()).ToDataRes(types.Array(types.Resource("microsoft.conditionalAccess.countryNamedLocation"))) }, "microsoft.conditionalAccess.ipNamedLocation.name": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlMicrosoftConditionalAccessIpNamedLocation).GetName()).ToDataRes(types.String) @@ -1274,11 +1281,19 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { return }, "microsoft.conditionalAccess.namedLocations": func(r plugin.Resource, v *llx.RawData) (ok bool) { - r.(*mqlMicrosoftConditionalAccess).NamedLocations, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + r.(*mqlMicrosoftConditionalAccess).NamedLocations, ok = plugin.RawToTValue[*mqlMicrosoftConditionalAccessNamedLocations](v.Value, v.Error) + return + }, + "microsoft.conditionalAccess.namedLocations.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlMicrosoftConditionalAccessNamedLocations).__id, ok = v.Value.(string) + return + }, + "microsoft.conditionalAccess.namedLocations.ipLocations": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlMicrosoftConditionalAccessNamedLocations).IpLocations, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return }, - "microsoft.conditionalAccess.countryLocations": func(r plugin.Resource, v *llx.RawData) (ok bool) { - r.(*mqlMicrosoftConditionalAccess).CountryLocations, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + "microsoft.conditionalAccess.namedLocations.countryLocations": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlMicrosoftConditionalAccessNamedLocations).CountryLocations, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return }, "microsoft.conditionalAccess.ipNamedLocation.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { @@ -2884,8 +2899,7 @@ type mqlMicrosoftConditionalAccess struct { MqlRuntime *plugin.Runtime __id string // optional: if you define mqlMicrosoftConditionalAccessInternal it will be used here - NamedLocations plugin.TValue[[]interface{}] - CountryLocations plugin.TValue[[]interface{}] + NamedLocations plugin.TValue[*mqlMicrosoftConditionalAccessNamedLocations] } // createMicrosoftConditionalAccess creates a new instance of this resource @@ -2920,10 +2934,55 @@ func (c *mqlMicrosoftConditionalAccess) MqlID() string { return c.__id } -func (c *mqlMicrosoftConditionalAccess) GetNamedLocations() *plugin.TValue[[]interface{}] { - return plugin.GetOrCompute[[]interface{}](&c.NamedLocations, func() ([]interface{}, error) { +func (c *mqlMicrosoftConditionalAccess) GetNamedLocations() *plugin.TValue[*mqlMicrosoftConditionalAccessNamedLocations] { + return &c.NamedLocations +} + +// mqlMicrosoftConditionalAccessNamedLocations for the microsoft.conditionalAccess.namedLocations resource +type mqlMicrosoftConditionalAccessNamedLocations struct { + MqlRuntime *plugin.Runtime + __id string + // optional: if you define mqlMicrosoftConditionalAccessNamedLocationsInternal it will be used here + IpLocations plugin.TValue[[]interface{}] + CountryLocations plugin.TValue[[]interface{}] +} + +// createMicrosoftConditionalAccessNamedLocations creates a new instance of this resource +func createMicrosoftConditionalAccessNamedLocations(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlMicrosoftConditionalAccessNamedLocations{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + // to override __id implement: id() (string, error) + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("microsoft.conditionalAccess.namedLocations", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlMicrosoftConditionalAccessNamedLocations) MqlName() string { + return "microsoft.conditionalAccess.namedLocations" +} + +func (c *mqlMicrosoftConditionalAccessNamedLocations) MqlID() string { + return c.__id +} + +func (c *mqlMicrosoftConditionalAccessNamedLocations) GetIpLocations() *plugin.TValue[[]interface{}] { + return plugin.GetOrCompute[[]interface{}](&c.IpLocations, func() ([]interface{}, error) { if c.MqlRuntime.HasRecording { - d, err := c.MqlRuntime.FieldResourceFromRecording("microsoft.conditionalAccess", c.__id, "namedLocations") + d, err := c.MqlRuntime.FieldResourceFromRecording("microsoft.conditionalAccess.namedLocations", c.__id, "ipLocations") if err != nil { return nil, err } @@ -2932,14 +2991,14 @@ func (c *mqlMicrosoftConditionalAccess) GetNamedLocations() *plugin.TValue[[]int } } - return c.namedLocations() + return c.ipLocations() }) } -func (c *mqlMicrosoftConditionalAccess) GetCountryLocations() *plugin.TValue[[]interface{}] { +func (c *mqlMicrosoftConditionalAccessNamedLocations) GetCountryLocations() *plugin.TValue[[]interface{}] { return plugin.GetOrCompute[[]interface{}](&c.CountryLocations, func() ([]interface{}, error) { if c.MqlRuntime.HasRecording { - d, err := c.MqlRuntime.FieldResourceFromRecording("microsoft.conditionalAccess", c.__id, "countryLocations") + d, err := c.MqlRuntime.FieldResourceFromRecording("microsoft.conditionalAccess.namedLocations", c.__id, "countryLocations") if err != nil { return nil, err } diff --git a/providers/ms365/resources/ms365.lr.manifest.yaml b/providers/ms365/resources/ms365.lr.manifest.yaml index 833fc2a0c8..e88149de7d 100755 --- a/providers/ms365/resources/ms365.lr.manifest.yaml +++ b/providers/ms365/resources/ms365.lr.manifest.yaml @@ -122,10 +122,7 @@ resources: min_mondoo_version: 9.0.0 microsoft.conditionalAccess: fields: - countryLocations: {} - name: {} namedLocations: {} - trusted: {} min_mondoo_version: 9.0.0 microsoft.conditionalAccess.countryNamedLocation: fields: @@ -137,10 +134,10 @@ resources: name: {} trusted: {} min_mondoo_version: 9.0.0 - microsoft.conditionalAccess.namedLocation: + microsoft.conditionalAccess.namedLocations: fields: - name: {} - trusted: {} + countryLocations: {} + ipLocations: {} min_mondoo_version: 9.0.0 microsoft.devicemanagement: fields: From be6772b479d167de68372e6dcffd2d8062e22550 Mon Sep 17 00:00:00 2001 From: Hossein Rouhani Date: Wed, 13 Nov 2024 13:54:35 +0100 Subject: [PATCH 3/4] improving the errors Signed-off-by: Hossein Rouhani --- providers/ms365/resources/conditional-access.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/providers/ms365/resources/conditional-access.go b/providers/ms365/resources/conditional-access.go index 6c0740141e..2844c17c28 100644 --- a/providers/ms365/resources/conditional-access.go +++ b/providers/ms365/resources/conditional-access.go @@ -20,6 +20,9 @@ func (a *mqlMicrosoftConditionalAccess) namedLocations() ([]interface{}, error) ctx := context.Background() namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Get(ctx, nil) + if err != nil { + return nil, transformError(err) + } var locationDetails []interface{} for _, location := range namedLocations.GetValue() { @@ -66,6 +69,9 @@ func (a *mqlMicrosoftConditionalAccessNamedLocations) countryLocations() ([]inte ctx := context.Background() namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Get(ctx, nil) + if err != nil { + return nil, transformError(err) + } var locationDetails []interface{} for _, location := range namedLocations.GetValue() { From 88ca6ba1107c0efd191593848458bc50b66b5a22 Mon Sep 17 00:00:00 2001 From: Hossein Rouhani Date: Wed, 13 Nov 2024 15:53:20 +0100 Subject: [PATCH 4/4] rebase Signed-off-by: Hossein Rouhani --- providers/ms365/resources/conditional-access.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/providers/ms365/resources/conditional-access.go b/providers/ms365/resources/conditional-access.go index 2844c17c28..a8bbaf8fb4 100644 --- a/providers/ms365/resources/conditional-access.go +++ b/providers/ms365/resources/conditional-access.go @@ -11,7 +11,11 @@ import ( "go.mondoo.com/cnquery/v11/providers/ms365/connection" ) -func (a *mqlMicrosoftConditionalAccess) namedLocations() ([]interface{}, error) { +func (m *mqlMicrosoftConditionalAccessIpNamedLocation) id() (string, error) { + return m.Name.Data, nil +} + +func (a *mqlMicrosoftConditionalAccessNamedLocations) ipLocations() ([]interface{}, error) { conn := a.MqlRuntime.Connection.(*connection.Ms365Connection) graphClient, err := conn.GraphClient() if err != nil {