From a8e1ea88d0f3cd9bcd8de0e5e9da389de4c27c9b Mon Sep 17 00:00:00 2001 From: Hossein Rouhani Date: Tue, 3 Sep 2024 12:55:28 +0200 Subject: [PATCH 1/3] =?UTF-8?q?=E2=AD=90=EF=B8=8F=20Adding=20the=20IoT=20r?= =?UTF-8?q?esources?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Hossein Rouhani --- providers/azure/go.mod | 1 + providers/azure/go.sum | 2 + providers/azure/resources/azure.lr | 10 ++++ .../azure/resources/azure.lr.manifest.yaml | 11 ++++ providers/azure/resources/iot.go | 59 +++++++++++++++++++ providers/azure/resources/subscription.go | 11 ++++ 6 files changed, 94 insertions(+) create mode 100644 providers/azure/resources/iot.go diff --git a/providers/azure/go.mod b/providers/azure/go.mod index 169a69cc07..8705a7222b 100644 --- a/providers/azure/go.mod +++ b/providers/azure/go.mod @@ -56,6 +56,7 @@ require ( github.com/99designs/keyring v1.2.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/iothub/armiothub v1.3.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/BurntSushi/toml v1.4.0 // indirect diff --git a/providers/azure/go.sum b/providers/azure/go.sum index b9fe4d7462..bdb4bb9720 100644 --- a/providers/azure/go.sum +++ b/providers/azure/go.sum @@ -51,6 +51,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFG github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0 h1:Kb8eVvjdP6kZqYnER5w/PiGCFp91yVgaxve3d7kCEpY= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0/go.mod h1:lYq15QkJyEsNegz5EhI/0SXQ6spvGfgwBH/Qyzkoc/s= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/iothub/armiothub v1.3.0 h1:NZP+oPbAVFy7PhQ4PTD3SuGWbEziNhp7lphGkkN707s= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/iothub/armiothub v1.3.0/go.mod h1:djbLk3ngutFfQ9fSOM29UzywAkcBI1YUsuUnxTQGsqU= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0 h1:HlZMUZW8S4P9oob1nCHxCCKrytxyLc+24nUJGssoEto= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0/go.mod h1:StGsLbuJh06Bd8IBfnAlIFV3fLb+gkczONWf15hpX2E= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/managementgroups/armmanagementgroups v1.0.0 h1:pPvTJ1dY0sA35JOeFq6TsY2xj6Z85Yo23Pj4wCCvu4o= diff --git a/providers/azure/resources/azure.lr b/providers/azure/resources/azure.lr index 4eba9feb25..cae170aad9 100644 --- a/providers/azure/resources/azure.lr +++ b/providers/azure/resources/azure.lr @@ -66,6 +66,8 @@ azure.subscription @defaults ("name") { advisor() azure.subscription.advisorService // Policy service in the subscription policy azure.subscription.policy + // IoT resources in the subscription + iot() azure.subscription.iotService } // Azure resource group @@ -1960,4 +1962,12 @@ private azure.subscription.policy.assignment @defaults("name enforcementMode") { description string // Policy enforcement Mode enforcementMode string +} + +// Azure IoT Hub Service +private azure.subscription.iotService { + // Subscription identifier + subscriptionId string + // List of IoT Hubs in the subscription + hubs() []dict } \ No newline at end of file diff --git a/providers/azure/resources/azure.lr.manifest.yaml b/providers/azure/resources/azure.lr.manifest.yaml index b072b269d8..b0bf6bad74 100644 --- a/providers/azure/resources/azure.lr.manifest.yaml +++ b/providers/azure/resources/azure.lr.manifest.yaml @@ -23,6 +23,8 @@ resources: iam: min_mondoo_version: 9.0.0 id: {} + iot: + min_mondoo_version: 9.0.0 keyVault: {} managedByTenants: {} mariaDb: {} @@ -602,6 +604,15 @@ resources: refs: - title: Azure Cosmos DB documentation url: https://learn.microsoft.com/en-us/azure/cosmos-db/ + azure.subscription.iotService: + fields: + hubs: {} + subscriptionId: {} + is_private: true + min_mondoo_version: 9.0.0 + platform: + name: + - azure azure.subscription.keyVault: fields: subscriptionId: {} diff --git a/providers/azure/resources/iot.go b/providers/azure/resources/iot.go new file mode 100644 index 0000000000..820828e806 --- /dev/null +++ b/providers/azure/resources/iot.go @@ -0,0 +1,59 @@ +package resources + +import ( + "context" + "fmt" + + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/iothub/armiothub" + "go.mondoo.com/cnquery/v11/llx" + "go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin" + "go.mondoo.com/cnquery/v11/providers-sdk/v1/util/convert" + "go.mondoo.com/cnquery/v11/providers/azure/connection" +) + +func initAzureSubscriptionIotService(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) { + if len(args) > 0 { + return args, nil, nil + } + + conn, ok := runtime.Connection.(*connection.AzureConnection) + if !ok { + return nil, nil, fmt.Errorf("invalid connection provided, it is not an Azure connection") + } + args["subscriptionId"] = llx.StringData(conn.SubId()) + + return args, nil, nil +} + +func (a *mqlAzureSubscriptionIotService) hubs() ([]interface{}, error) { + conn := a.MqlRuntime.Connection.(*connection.AzureConnection) + ctx := context.Background() + token := conn.Token() + + subscriptionID := a.SubscriptionId.Data + + clientFactory, err := armiothub.NewClientFactory(subscriptionID, token, nil) + if err != nil { + return nil, err + } + + client := clientFactory.NewResourceClient() + hubsPager := client.NewListBySubscriptionPager(nil) + var hubs []interface{} + + for hubsPager.More() { + page, err := hubsPager.NextPage(ctx) + if err != nil { + return nil, err + } + for _, hub := range page.Value { + hubData, err := convert.JsonToDict(hub) + if err != nil { + return nil, err + } + hubs = append(hubs, hubData) + } + } + + return hubs, nil +} diff --git a/providers/azure/resources/subscription.go b/providers/azure/resources/subscription.go index c6a52a93b0..2a7592ba16 100644 --- a/providers/azure/resources/subscription.go +++ b/providers/azure/resources/subscription.go @@ -230,3 +230,14 @@ func (a *mqlAzureSubscription) advisor() (*mqlAzureSubscriptionAdvisorService, e advisorSvc := svc.(*mqlAzureSubscriptionAdvisorService) return advisorSvc, nil } + +func (a *mqlAzureSubscription) iot() (*mqlAzureSubscriptionIotService, error) { + svc, err := NewResource(a.MqlRuntime, "azure.subscription.iotService", map[string]*llx.RawData{ + "subscriptionId": llx.StringData(a.SubscriptionId.Data), + }) + if err != nil { + return nil, err + } + iotSvc := svc.(*mqlAzureSubscriptionIotService) + return iotSvc, nil +} From 76371f75d71f6ff2559bcc7cf537819b8e7e655b Mon Sep 17 00:00:00 2001 From: Hossein Rouhani Date: Tue, 3 Sep 2024 12:59:34 +0200 Subject: [PATCH 2/3] adding license Signed-off-by: Hossein Rouhani --- providers/azure/resources/iot.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/providers/azure/resources/iot.go b/providers/azure/resources/iot.go index 820828e806..94d89d4c49 100644 --- a/providers/azure/resources/iot.go +++ b/providers/azure/resources/iot.go @@ -1,3 +1,6 @@ +// Copyright (c) Mondoo, Inc. +// SPDX-License-Identifier: BUSL-1.1 + package resources import ( From 07421744e847a7f65d5f3e6122f8faee6e5c47ec Mon Sep 17 00:00:00 2001 From: Hossein Rouhani <56231339+HRouhani@users.noreply.github.com> Date: Wed, 4 Sep 2024 14:33:05 +0200 Subject: [PATCH 3/3] Update providers/azure/resources/azure.lr Co-authored-by: Letha --- providers/azure/resources/azure.lr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/providers/azure/resources/azure.lr b/providers/azure/resources/azure.lr index cae170aad9..a3001388f0 100644 --- a/providers/azure/resources/azure.lr +++ b/providers/azure/resources/azure.lr @@ -1968,6 +1968,6 @@ private azure.subscription.policy.assignment @defaults("name enforcementMode") { private azure.subscription.iotService { // Subscription identifier subscriptionId string - // List of IoT Hubs in the subscription + // List of IoT hubs in the subscription hubs() []dict } \ No newline at end of file