🧹 refactor ms365 (#3192)

* 🧹 refactor ms365 provider * 🧹 simplify implementation * 🐛 fix credential resolution for run subcommand * 🧹 ensure we return earl * 🧹 cover extended linting recommendation
mondoohq · Feb 4, 2024 · b873c33 · b873c33
1 parent 8a04578
commit b873c33
Show file tree

Hide file tree

Showing 15 changed files with 1,029 additions and 780 deletions.
diff --git a/apps/cnquery/cmd/plugin.go b/apps/cnquery/cmd/plugin.go
@@ -19,6 +19,7 @@ import (
 	"go.mondoo.com/cnquery/v10/mqlc"
 	"go.mondoo.com/cnquery/v10/mqlc/parser"
 	"go.mondoo.com/cnquery/v10/providers"
+	"go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory/manager"
 	pp "go.mondoo.com/cnquery/v10/providers-sdk/v1/plugin"
 	"go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream"
 	"go.mondoo.com/cnquery/v10/shared"
@@ -110,34 +111,32 @@ func (c *cnqueryPlugin) RunQuery(conf *run.RunQueryConfig, runtime *providers.Ru
 		}
 	}
 
-	err := runtime.Connect(&pp.ConnectReq{
-		Features: config.Features,
-		Asset:    conf.Inventory.Spec.Assets[0],
-		Upstream: upstreamConfig,
-	})
+	// resolve asset and secret
+	im, err := manager.NewManager(manager.WithInventory(conf.Inventory, providers.DefaultRuntime()))
 	if err != nil {
-		return err
+		return errors.New("failed to resolve inventory for connection")
 	}
+	assetList := im.GetAssets()
 
 	if conf.Format == "json" {
 		out.WriteString("[")
 	}
 
-	assets, err := providers.ProcessAssetCandidates(runtime, runtime.Provider.Connection, upstreamConfig, conf.PlatformId)
-	if err != nil {
-		return err
-	}
+	for i := range assetList {
+		asset := assetList[i]
+		resolvedAsset, err := im.ResolveAsset(asset)
+		if err != nil {
+			return err
+		}
 
-	for i := range assets {
-		connectAsset := assets[i]
-		connectAssetRuntime, err := providers.Coordinator.RuntimeFor(connectAsset, runtime)
+		connectAssetRuntime, err := providers.Coordinator.RuntimeFor(asset, runtime)
 		if err != nil {
 			return err
 		}
 
 		err = connectAssetRuntime.Connect(&pp.ConnectReq{
 			Features: config.Features,
-			Asset:    connectAsset,
+			Asset:    resolvedAsset,
 			Upstream: upstreamConfig,
 		})
 		if err != nil {
@@ -209,7 +208,7 @@ func (c *cnqueryPlugin) RunQuery(conf *run.RunQueryConfig, runtime *providers.Ru
 			sh.PrintResults(code, results)
 		} else {
 			reporter.BundleResultsToJSON(code, results, out)
-			if len(assets) != i+1 {
+			if len(assetList) != i+1 {
 				out.WriteString(",")
 			}
 		}

diff --git a/apps/cnquery/cmd/run.go b/apps/cnquery/cmd/run.go
@@ -61,16 +61,22 @@ var RunCmdRun = func(cmd *cobra.Command, runtime *providers.Runtime, cliRes *plu
 		conf.Input = llx
 	}
 	conf.PlatformId, _ = cmd.Flags().GetString("platform-id")
-	conf.Inventory = &inventory.Inventory{
+	in := &inventory.Inventory{
 		Spec: &inventory.InventorySpec{
 			Assets: []*inventory.Asset{cliRes.Asset},
 		},
 	}
+	err := in.PreProcess() // required to resolve secrets
+	if err != nil {
+		log.Fatal().Err(err).Msg("failed to resolve inventory")
+	}
+
+	conf.Inventory = in
 	conf.Incognito, _ = cmd.Flags().GetBool("incognito")
 
 	x := cnqueryPlugin{}
 	w := shared.IOWriter{Writer: os.Stdout}
-	err := x.RunQuery(&conf, runtime, &w)
+	err = x.RunQuery(&conf, runtime, &w)
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to run query")
 	}

diff --git a/providers/ms365/connection/adapter.go b/providers/ms365/connection/adapter.go
@@ -4,13 +4,15 @@
 package connection
 
 import (
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
-	"github.com/cockroachdb/errors"
+	azcore "github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	errors "github.com/cockroachdb/errors"
 	"github.com/microsoft/kiota-abstractions-go/authentication"
 	a "github.com/microsoft/kiota-authentication-azure-go"
 	msgraphsdkgo "github.com/microsoftgraph/msgraph-sdk-go"
 )
 
+const DefaultMSGraphScope = "https://graph.microsoft.com/.default"
+
 var DefaultMSGraphScopes = []string{DefaultMSGraphScope}
 
 func newGraphRequestAdapterWithFn(providerFn func() (authentication.AuthenticationProvider, error)) (*msgraphsdkgo.GraphRequestAdapter, error) {

diff --git a/providers/ms365/connection/connection.go b/providers/ms365/connection/connection.go
@@ -6,11 +6,10 @@ package connection
 import (
 	"context"
 	"fmt"
-	"github.com/cockroachdb/errors"
 	"runtime"
-	"sync"
 
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	azcore "github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	errors "github.com/cockroachdb/errors"
 	msgrapgh_org "github.com/microsoftgraph/msgraph-sdk-go/organization"
 	"go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory"
 	"go.mondoo.com/cnquery/v10/providers-sdk/v1/vault"
@@ -35,13 +34,6 @@ type Ms365Connection struct {
 	clientId      string
 	organization  string
 	sharepointUrl string
-	// TODO: move those to MQL resources caching once it makes sense to do so
-	exchangeReport     *ExchangeOnlineReport
-	exchangeReportLock sync.Mutex
-	teamsReport        *MsTeamsReport
-	teamsReportLock    sync.Mutex
-	sharepointReport   *SharepointOnlineReport
-	sharepointLock     sync.Mutex
 }
 
 func NewMs365Connection(id uint32, asset *inventory.Asset, conf *inventory.Config) (*Ms365Connection, error) {
@@ -104,6 +96,10 @@ func (p *Ms365Connection) TenantId() string {
 	return p.tenantId
 }
 
+func (p *Ms365Connection) ClientId() string {
+	return p.clientId
+}
+
 func (p *Ms365Connection) PlatformId() string {
 	return "//platformid.api.mondoo.app/runtime/ms365/tenant/" + p.tenantId
 }
@@ -121,18 +117,17 @@ func (p *Ms365Connection) IsCertProvided() bool {
 	return len(p.Conf.Credentials) > 0 && p.Conf.Credentials[0].Type == vault.CredentialType_pkcs12
 }
 
-// TODO: use LocalConnection here for running cmds?
-func (p *Ms365Connection) runPowershellScript(script string) (*shared.Command, error) {
+func (p *Ms365Connection) RunPowershellScript(script string) (*shared.Command, error) {
 	var encodedCmd string
 	if runtime.GOOS == "windows" {
 		encodedCmd = powershell.Encode(script)
 	} else {
 		encodedCmd = powershell.EncodeUnix(script)
 	}
-	return p.runCmd(encodedCmd)
+	return p.RunCmd(encodedCmd)
 }
 
-func (p *Ms365Connection) runCmd(cmd string) (*shared.Command, error) {
+func (p *Ms365Connection) RunCmd(cmd string) (*shared.Command, error) {
 	cmdR := local.CommandRunner{}
 	if runtime.GOOS == "windows" {
 		cmdR.Shell = []string{"powershell", "-c"}
@@ -142,28 +137,28 @@ func (p *Ms365Connection) runCmd(cmd string) (*shared.Command, error) {
 	return cmdR.Exec(cmd, []string{})
 }
 
-func (p *Ms365Connection) checkPowershellAvailable() (bool, error) {
+func (p *Ms365Connection) CheckPowershellAvailable() (bool, error) {
 	if runtime.GOOS == "windows" {
 		// assume powershell is always present on windows
 		return true, nil
 	}
 	// for unix, we need to check if pwsh is available
 	cmd := "which pwsh"
-	res, err := p.runCmd(cmd)
+	res, err := p.RunCmd(cmd)
 	if err != nil {
 		return false, err
 	}
 
 	return res.ExitStatus == 0, nil
 }
 
-func (p *Ms365Connection) checkAndRunPowershellScript(script string) (*shared.Command, error) {
-	pwshAvailable, err := p.checkPowershellAvailable()
+func (p *Ms365Connection) CheckAndRunPowershellScript(script string) (*shared.Command, error) {
+	pwshAvailable, err := p.CheckPowershellAvailable()
 	if err != nil {
 		return nil, err
 	}
 	if !pwshAvailable {
 		return nil, fmt.Errorf("powershell is not available")
 	}
-	return p.runPowershellScript(script)
+	return p.RunPowershellScript(script)
 }
diff --git a/providers/ms365/connection/exchange_report.go b/providers/ms365/connection/exchange_report.go
diff --git a/providers/ms365/connection/scopes.go b/providers/ms365/connection/scopes.go
@@ -2,9 +2,3 @@
 // SPDX-License-Identifier: BUSL-1.1
 
 package connection
-
-const (
-	DefaultMSGraphScope = "https://graph.microsoft.com/.default"
-	TeamsScope          = "48ac35b8-9aa8-4d74-927d-1f4a14a0b239/.default"
-	OutlookScope        = "https://outlook.office.com/.default"
-)