🧹 improve access to roles in Microsoft 365

mondoohq · Aug 15, 2024 · 696e2fd · 696e2fd
1 parent 29824b7
commit 696e2fd
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 13 deletions.
diff --git a/providers/ms365/resources/ms365.lr b/providers/ms365/resources/ms365.lr
@@ -20,6 +20,8 @@ microsoft {
  serviceprincipals() []microsoft.serviceprincipal
  // List of enterprise applications
  enterpriseApplications() []microsoft.serviceprincipal
+ // List of roles
+ roles() []microsoft.rolemanagement.roledefinition
  // Microsoft 365 settings
  settings() dict
  // The connected tenant's default domain name
@@ -357,9 +359,9 @@ microsoft.policies {
  permissionGrantPolicies() []dict
 }
 
-// Microsoft role management
+// Deprecated: use `microsoft.roles` instead
 microsoft.rolemanagement {
- // List of role definitions
+ // Deprecated: use `microsoft.roles` instead
  roleDefinitions() []microsoft.rolemanagement.roledefinition
 }
 

diff --git a/providers/ms365/resources/ms365.lr.go b/providers/ms365/resources/ms365.lr.go
diff --git a/providers/ms365/resources/ms365.lr.manifest.yaml b/providers/ms365/resources/ms365.lr.manifest.yaml
@@ -10,6 +10,8 @@ resources:
  min_mondoo_version: latest
  groups: {}
  organizations: {}
+ roles:
+ min_mondoo_version: 9.0.0
  serviceprincipals: {}
  settings: {}
  tenantDomainName:

diff --git a/providers/ms365/resources/rolemanagement.go b/providers/ms365/resources/rolemanagement.go
@@ -5,6 +5,7 @@ package resources
 
 import (
  "context"
+ "go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
 
  "github.com/microsoftgraph/msgraph-sdk-go/rolemanagement"
  "go.mondoo.com/cnquery/v11/llx"
@@ -13,21 +14,14 @@ import (
  "go.mondoo.com/cnquery/v11/types"
 )
 
-func (m *mqlMicrosoftRolemanagementRoledefinition) id() (string, error) {
- return m.Id.Data, nil
-}
-
-func (m *mqlMicrosoftRolemanagementRoleassignment) id() (string, error) {
- return m.Id.Data, nil
-}
-
-func (a *mqlMicrosoftRolemanagement) roleDefinitions() ([]interface{}, error) {
- conn := a.MqlRuntime.Connection.(*connection.Ms365Connection)
+func fetchRoles(runtime *plugin.Runtime) ([]interface{}, error) {
+ conn := runtime.Connection.(*connection.Ms365Connection)
  graphClient, err := conn.GraphClient()
  if err != nil {
  return nil, err
  }
  ctx := context.Background()
+
  resp, err := graphClient.RoleManagement().Directory().RoleDefinitions().Get(ctx, &rolemanagement.DirectoryRoleDefinitionsRequestBuilderGetRequestConfiguration{})
  if err != nil {
  return nil, transformError(err)
@@ -40,7 +34,7 @@ func (a *mqlMicrosoftRolemanagement) roleDefinitions() ([]interface{}, error) {
  if err != nil {
  return nil, err
  }
- mqlResource, err := CreateResource(a.MqlRuntime, "microsoft.rolemanagement.roledefinition",
+ mqlResource, err := CreateResource(runtime, "microsoft.rolemanagement.roledefinition",
  map[string]*llx.RawData{
  "id": llx.StringDataPtr(role.GetId()),
  "description": llx.StringDataPtr(role.GetDescription()),
@@ -60,6 +54,24 @@ func (a *mqlMicrosoftRolemanagement) roleDefinitions() ([]interface{}, error) {
  return res, nil
 }
 
+func (a *mqlMicrosoft) roles() ([]interface{}, error) {
+ return fetchRoles(a.MqlRuntime)
+}
+
+func (m *mqlMicrosoftRolemanagementRoledefinition) id() (string, error) {
+ return m.Id.Data, nil
+}
+
+// Deprecated: use mqlMicrosoft roles() instead
+func (m *mqlMicrosoftRolemanagementRoleassignment) id() (string, error) {
+ return m.Id.Data, nil
+}
+
+// Deprecated: use mqlMicrosoft roles() instead
+func (a *mqlMicrosoftRolemanagement) roleDefinitions() ([]interface{}, error) {
+ return fetchRoles(a.MqlRuntime)
+}
+
 func (a *mqlMicrosoftRolemanagementRoledefinition) assignments() ([]interface{}, error) {
  conn := a.MqlRuntime.Connection.(*connection.Ms365Connection)
  graphClient, err := conn.GraphClient()