diff --git a/providers/ms365/resources/ms365.lr b/providers/ms365/resources/ms365.lr index f0d3b297d5..522c41e00c 100644 --- a/providers/ms365/resources/ms365.lr +++ b/providers/ms365/resources/ms365.lr @@ -20,6 +20,8 @@ microsoft { serviceprincipals() []microsoft.serviceprincipal // List of enterprise applications enterpriseApplications() []microsoft.serviceprincipal + // List of roles + roles() []microsoft.rolemanagement.roledefinition // Microsoft 365 settings settings() dict // The connected tenant's default domain name @@ -357,9 +359,9 @@ microsoft.policies { permissionGrantPolicies() []dict } -// Microsoft role management +// Deprecated: use `microsoft.roles` instead microsoft.rolemanagement { - // List of role definitions + // Deprecated: use `microsoft.roles` instead roleDefinitions() []microsoft.rolemanagement.roledefinition } diff --git a/providers/ms365/resources/ms365.lr.go b/providers/ms365/resources/ms365.lr.go index 46de74e12e..466f6e3ac7 100644 --- a/providers/ms365/resources/ms365.lr.go +++ b/providers/ms365/resources/ms365.lr.go @@ -231,6 +231,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "microsoft.enterpriseApplications": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlMicrosoft).GetEnterpriseApplications()).ToDataRes(types.Array(types.Resource("microsoft.serviceprincipal"))) }, + "microsoft.roles": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlMicrosoft).GetRoles()).ToDataRes(types.Array(types.Resource("microsoft.rolemanagement.roledefinition"))) + }, "microsoft.settings": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlMicrosoft).GetSettings()).ToDataRes(types.Dict) }, @@ -986,6 +989,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlMicrosoft).EnterpriseApplications, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return }, + "microsoft.roles": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlMicrosoft).Roles, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) + return + }, "microsoft.settings": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlMicrosoft).Settings, ok = plugin.RawToTValue[interface{}](v.Value, v.Error) return @@ -2090,6 +2097,7 @@ type mqlMicrosoft struct { Applications plugin.TValue[[]interface{}] Serviceprincipals plugin.TValue[[]interface{}] EnterpriseApplications plugin.TValue[[]interface{}] + Roles plugin.TValue[[]interface{}] Settings plugin.TValue[interface{}] TenantDomainName plugin.TValue[string] } @@ -2238,6 +2246,22 @@ func (c *mqlMicrosoft) GetEnterpriseApplications() *plugin.TValue[[]interface{}] }) } +func (c *mqlMicrosoft) GetRoles() *plugin.TValue[[]interface{}] { + return plugin.GetOrCompute[[]interface{}](&c.Roles, func() ([]interface{}, error) { + if c.MqlRuntime.HasRecording { + d, err := c.MqlRuntime.FieldResourceFromRecording("microsoft", c.__id, "roles") + if err != nil { + return nil, err + } + if d != nil { + return d.Value.([]interface{}), nil + } + } + + return c.roles() + }) +} + func (c *mqlMicrosoft) GetSettings() *plugin.TValue[interface{}] { return plugin.GetOrCompute[interface{}](&c.Settings, func() (interface{}, error) { return c.settings() diff --git a/providers/ms365/resources/ms365.lr.manifest.yaml b/providers/ms365/resources/ms365.lr.manifest.yaml index 3e0e04c1eb..0779acc394 100755 --- a/providers/ms365/resources/ms365.lr.manifest.yaml +++ b/providers/ms365/resources/ms365.lr.manifest.yaml @@ -10,6 +10,8 @@ resources: min_mondoo_version: latest groups: {} organizations: {} + roles: + min_mondoo_version: 9.0.0 serviceprincipals: {} settings: {} tenantDomainName: diff --git a/providers/ms365/resources/rolemanagement.go b/providers/ms365/resources/rolemanagement.go index 14188cec74..5cc2c9a9d0 100644 --- a/providers/ms365/resources/rolemanagement.go +++ b/providers/ms365/resources/rolemanagement.go @@ -5,6 +5,7 @@ package resources import ( "context" + "go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin" "github.com/microsoftgraph/msgraph-sdk-go/rolemanagement" "go.mondoo.com/cnquery/v11/llx" @@ -13,21 +14,14 @@ import ( "go.mondoo.com/cnquery/v11/types" ) -func (m *mqlMicrosoftRolemanagementRoledefinition) id() (string, error) { - return m.Id.Data, nil -} - -func (m *mqlMicrosoftRolemanagementRoleassignment) id() (string, error) { - return m.Id.Data, nil -} - -func (a *mqlMicrosoftRolemanagement) roleDefinitions() ([]interface{}, error) { - conn := a.MqlRuntime.Connection.(*connection.Ms365Connection) +func fetchRoles(runtime *plugin.Runtime) ([]interface{}, error) { + conn := runtime.Connection.(*connection.Ms365Connection) graphClient, err := conn.GraphClient() if err != nil { return nil, err } ctx := context.Background() + resp, err := graphClient.RoleManagement().Directory().RoleDefinitions().Get(ctx, &rolemanagement.DirectoryRoleDefinitionsRequestBuilderGetRequestConfiguration{}) if err != nil { return nil, transformError(err) @@ -40,7 +34,7 @@ func (a *mqlMicrosoftRolemanagement) roleDefinitions() ([]interface{}, error) { if err != nil { return nil, err } - mqlResource, err := CreateResource(a.MqlRuntime, "microsoft.rolemanagement.roledefinition", + mqlResource, err := CreateResource(runtime, "microsoft.rolemanagement.roledefinition", map[string]*llx.RawData{ "id": llx.StringDataPtr(role.GetId()), "description": llx.StringDataPtr(role.GetDescription()), @@ -60,6 +54,24 @@ func (a *mqlMicrosoftRolemanagement) roleDefinitions() ([]interface{}, error) { return res, nil } +func (a *mqlMicrosoft) roles() ([]interface{}, error) { + return fetchRoles(a.MqlRuntime) +} + +func (m *mqlMicrosoftRolemanagementRoledefinition) id() (string, error) { + return m.Id.Data, nil +} + +// Deprecated: use mqlMicrosoft roles() instead +func (m *mqlMicrosoftRolemanagementRoleassignment) id() (string, error) { + return m.Id.Data, nil +} + +// Deprecated: use mqlMicrosoft roles() instead +func (a *mqlMicrosoftRolemanagement) roleDefinitions() ([]interface{}, error) { + return fetchRoles(a.MqlRuntime) +} + func (a *mqlMicrosoftRolemanagementRoledefinition) assignments() ([]interface{}, error) { conn := a.MqlRuntime.Connection.(*connection.Ms365Connection) graphClient, err := conn.GraphClient()