✨ add application gateway WAF manifests

mondoohq · Sep 23, 2024 · 39ed746 · 39ed746
1 parent 1d8759b
commit 39ed746
Show file tree

Hide file tree

Showing 7 changed files with 224 additions and 1 deletion.
diff --git a/providers/azure/go.mod b/providers/azure/go.mod
@@ -57,6 +57,7 @@ require (
  github.com/99designs/keyring v1.2.2 // indirect
  github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect
  github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 // indirect
  github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 // indirect
  github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
  github.com/BurntSushi/toml v1.4.0 // indirect

diff --git a/providers/azure/go.sum b/providers/azure/go.sum
@@ -69,6 +69,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysqlflexibleserv
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysqlflexibleservers v1.2.0/go.mod h1:0mKVz3WT8oNjBunT1zD/HPwMleQ72QClMa7Gmsm+6Kc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0 h1:QM6sE5k2ZT/vI5BEe0r7mqjsUSnhVBFbOsVkEuaEfiA=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0/go.mod h1:243D9iHbcQXoFUtgHJwL7gl2zx1aDuDMjvBZVGr2uW0=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 h1:6gbgo57khn0HUCcozxGgDodl7HPH0wr9x3QPt1uJSMM=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0/go.mod h1:ulHyBFJOI0ONiRL4vcJTmS7rx18jQQlEPmAgo80cRdM=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresql v1.2.0 h1:0hXKrsbh2M6CQyW0TDC9Bsyd99vQmrOxiBTUfQHZjPA=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresql v1.2.0/go.mod h1:bvZZor36Jg9q9kouuMyfJ+ay77+qK+YUfThXH1FdXjU=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/postgresql/armpostgresqlflexibleservers v1.1.0 h1:HzqcSJWx32XQdr8KtxAu/SZJj0PqDo9tKf2YGPdynV0=

diff --git a/providers/azure/resources/azure.lr b/providers/azure/resources/azure.lr
@@ -71,7 +71,7 @@ azure.subscription @defaults ("name") {
 }
 
 // Azure function
-private azure.subscription.webService.function @defaults("name") {
+private azure.subscription.webService.function @defaults("name type") {
  // ID of the function
  id string
  // Name of the function
@@ -860,6 +860,22 @@ azure.subscription.networkService.applicationGateway @defaults("id name location
  properties dict
  // Gets the attached application firewall policy
  policy() azure.subscription.networkService.applicationFirewallPolicy
+ // WAF configurations
+ wafConfiguration() []azure.subscription.networkService.wafConfig
+}
+
+// Azure Application Firewall Config
+azure.subscription.networkService.wafConfig @defaults("id name type") {
+ // ID of the WAF configuration
+ id string
+ // Name of the WAF configuration
+ name string
+ // Type of WAF configuration
+ type string
+ // Kind of WAF configuration
+ kind string
+ // Properties for the WAF configuration
+ properties dict
 }
 
 // Azure Application Firewall Policy (WAF)

diff --git a/providers/azure/resources/azure.lr.go b/providers/azure/resources/azure.lr.go
diff --git a/providers/azure/resources/azure.lr.manifest.yaml b/providers/azure/resources/azure.lr.manifest.yaml
@@ -1483,6 +1483,10 @@ resources:
  properties: {}
  tags: {}
  type: {}
+ wafConfig:
+ min_mondoo_version: 9.0.0
+ wafConfiguration:
+ min_mondoo_version: 9.0.0
  min_mondoo_version: latest
  platform:
  name:
@@ -1988,6 +1992,17 @@ resources:
  refs:
  - title: Virtual Network documentation
  url: https://learn.microsoft.com/en-us/azure/virtual-network/
+ azure.subscription.networkService.wafConfig:
+ fields:
+ id: {}
+ kind: {}
+ name: {}
+ properties: {}
+ type: {}
+ min_mondoo_version: 9.0.0
+ platform:
+ name:
+ - azure
  azure.subscription.networkService.watcher:
  fields:
  etag: {}

diff --git a/providers/azure/resources/network.go b/providers/azure/resources/network.go
@@ -18,6 +18,7 @@ import (
  "go.mondoo.com/cnquery/v11/utils/stringx"
 
  network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
+ networkv6 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6"
 )
 
 func (a *mqlAzureSubscriptionNetworkService) id() (string, error) {
@@ -1066,6 +1067,57 @@ func (a *mqlAzureSubscriptionNetworkService) applicationGateways() ([]interface{
  return res, nil
 }
 
+func (a *mqlAzureSubscriptionNetworkServiceWafConfig) id() (string, error) {
+ return a.Id.Data, nil
+}
+
+func (a *mqlAzureSubscriptionNetworkServiceApplicationGateway) wafConfiguration() ([]interface{}, error) {
+ conn := a.MqlRuntime.Connection.(*connection.AzureConnection)
+ ctx := context.Background()
+ token := conn.Token()
+ id := a.Id.Data
+ resourceID, err := ParseResourceID(id)
+ if err != nil {
+ return nil, err
+ }
+ client, err := networkv6.NewClientFactory(resourceID.SubscriptionID, token, &arm.ClientOptions{
+ ClientOptions: conn.ClientOptions(),
+ })
+ if err != nil {
+ return nil, err
+ }
+ c := client.NewApplicationGatewayWafDynamicManifestsClient()
+
+ res := []interface{}{}
+ pager := c.NewGetPager(a.Location.Data, &networkv6.ApplicationGatewayWafDynamicManifestsClientGetOptions{})
+ for pager.More() {
+ page, err := pager.NextPage(ctx)
+ if err != nil {
+ return nil, err
+ }
+ for _, entry := range page.Value {
+ if entry != nil {
+ props, err := convert.JsonToDict(entry.Properties)
+ if err != nil {
+ return nil, err
+ }
+ mqlAzure, err := CreateResource(a.MqlRuntime, "azure.subscription.applicationGateway.wafconfig",
+ map[string]*llx.RawData{
+ "id": llx.StringDataPtr(entry.ID),
+ "name": llx.StringDataPtr(entry.Name),
+ "type": llx.StringDataPtr(entry.Type),
+ "properties": llx.AnyData(props),
+ })
+ if err != nil {
+ return nil, err
+ }
+ res = append(res, mqlAzure)
+ }
+ }
+ }
+ return res, nil
+}
+
 func (a *mqlAzureSubscriptionNetworkService) applicationFirewallPolicies() ([]interface{}, error) {
  conn := a.MqlRuntime.Connection.(*connection.AzureConnection)
  ctx := context.Background()

diff --git a/providers/azure/resources/web.go b/providers/azure/resources/web.go
@@ -414,6 +414,7 @@ func (a *mqlAzureSubscriptionWebServiceAppsite) functions() ([]interface{}, erro
  if err != nil {
  return nil, err
  }
+
  pager := client.NewListFunctionsPager(resourceID.ResourceGroup, site, &web.WebAppsClientListFunctionsOptions{})
  res := []interface{}{}