diff --git a/providers/azure/resources/armsecurity.go b/providers/azure/resources/armsecurity.go index e8be3b81e0..ee5f5ce84a 100644 --- a/providers/azure/resources/armsecurity.go +++ b/providers/azure/resources/armsecurity.go @@ -195,6 +195,12 @@ type PolicyAssignment struct { AllowedSkus struct { Value string `json:"value"` } `json:"allowedSkus"` + Effect struct { + Value string `json:"value"` + } `json:"effect"` + ApprovedExtensions struct { + Value []string `json:"value"` + } `json:"approvedExtensions"` } `json:"parameters"` Scope string `json:"scope"` NotScopes []interface{} `json:"notScopes"` diff --git a/providers/azure/resources/azure.lr b/providers/azure/resources/azure.lr index 66b416cd07..f24bbae5f9 100644 --- a/providers/azure/resources/azure.lr +++ b/providers/azure/resources/azure.lr @@ -2006,6 +2006,8 @@ private azure.subscription.policy.assignment @defaults("name enforcementMode") { description string // Policy enforcement Mode enforcementMode string + // Policy parameters + parameters dict } // Azure IoT Hub Service diff --git a/providers/azure/resources/azure.lr.go b/providers/azure/resources/azure.lr.go index 25a9d894db..5ac5fa8cff 100644 --- a/providers/azure/resources/azure.lr.go +++ b/providers/azure/resources/azure.lr.go @@ -2907,6 +2907,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "azure.subscription.policy.assignment.enforcementMode": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAzureSubscriptionPolicyAssignment).GetEnforcementMode()).ToDataRes(types.String) }, + "azure.subscription.policy.assignment.parameters": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlAzureSubscriptionPolicyAssignment).GetParameters()).ToDataRes(types.Dict) + }, "azure.subscription.iotService.subscriptionId": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlAzureSubscriptionIotService).GetSubscriptionId()).ToDataRes(types.String) }, @@ -6541,6 +6544,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlAzureSubscriptionPolicyAssignment).EnforcementMode, ok = plugin.RawToTValue[string](v.Value, v.Error) return }, + "azure.subscription.policy.assignment.parameters": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlAzureSubscriptionPolicyAssignment).Parameters, ok = plugin.RawToTValue[interface{}](v.Value, v.Error) + return + }, "azure.subscription.iotService.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlAzureSubscriptionIotService).__id, ok = v.Value.(string) return @@ -16613,6 +16620,7 @@ type mqlAzureSubscriptionPolicyAssignment struct { Scope plugin.TValue[string] Description plugin.TValue[string] EnforcementMode plugin.TValue[string] + Parameters plugin.TValue[interface{}] } // createAzureSubscriptionPolicyAssignment creates a new instance of this resource @@ -16667,6 +16675,10 @@ func (c *mqlAzureSubscriptionPolicyAssignment) GetEnforcementMode() *plugin.TVal return &c.EnforcementMode } +func (c *mqlAzureSubscriptionPolicyAssignment) GetParameters() *plugin.TValue[interface{}] { + return &c.Parameters +} + // mqlAzureSubscriptionIotService for the azure.subscription.iotService resource type mqlAzureSubscriptionIotService struct { MqlRuntime *plugin.Runtime diff --git a/providers/azure/resources/azure.lr.manifest.yaml b/providers/azure/resources/azure.lr.manifest.yaml index e6065cc9c5..114859fe0c 100644 --- a/providers/azure/resources/azure.lr.manifest.yaml +++ b/providers/azure/resources/azure.lr.manifest.yaml @@ -2060,6 +2060,7 @@ resources: enforcementMode: {} id: {} name: {} + parameters: {} scope: {} is_private: true min_mondoo_version: 9.0.0 diff --git a/providers/azure/resources/policy.go b/providers/azure/resources/policy.go index 3b1c7bdc1c..ea64181973 100644 --- a/providers/azure/resources/policy.go +++ b/providers/azure/resources/policy.go @@ -7,8 +7,10 @@ import ( "context" "errors" "fmt" + "go.mondoo.com/cnquery/v11/llx" "go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin" + "go.mondoo.com/cnquery/v11/providers-sdk/v1/util/convert" "go.mondoo.com/cnquery/v11/providers/azure/connection" ) @@ -43,6 +45,11 @@ func (a *mqlAzureSubscriptionPolicy) assignments() ([]interface{}, error) { res := []interface{}{} for _, assignment := range pas.PolicyAssignments { + parameters, err := convert.JsonToDict(assignment.Properties.Parameters) + if err != nil { + return nil, err + } + assignmentData := map[string]*llx.RawData{ "__id": llx.StringData(fmt.Sprintf("azure.subscription.policy/%s/%s", assignment.Properties.Scope, assignment.Properties.DisplayName)), "id": llx.StringData(assignment.Properties.PolicyDefinitionID), @@ -50,6 +57,7 @@ func (a *mqlAzureSubscriptionPolicy) assignments() ([]interface{}, error) { "scope": llx.StringData(assignment.Properties.Scope), "description": llx.StringData(assignment.Properties.Description), "enforcementMode": llx.StringData(assignment.Properties.EnforcementMode), + "parameters": llx.DictData(parameters), } mqlAssignment, err := CreateResource(a.MqlRuntime, "azure.subscription.policy.assignment", assignmentData)