🧹 ability to configure azure client (#2798)

mondoohq · Dec 12, 2023 · 6d06b18 · 6d06b18
1 parent 1de204f
commit 6d06b18
Show file tree

Hide file tree

Showing 21 changed files with 333 additions and 125 deletions.
diff --git a/providers/azure/resources/subscriptions.go → .../azure/connection/client_subscriptions.go b/providers/azure/resources/subscriptions.go → .../azure/connection/client_subscriptions.go
@@ -1,33 +1,38 @@
 // Copyright (c) Mondoo, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 
-package resources
+package connection
 
 import (
 	"context"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	subscriptions "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armsubscriptions"
 )
 
-type subscriptionsClient struct {
-	token azcore.TokenCredential
+type SubscriptionsFilter struct {
+	Exclude []string
+	Include []string
 }
 
-type subscriptionsFilter struct {
-	exclude []string
-	include []string
+type subscriptionsClient struct {
+	token         azcore.TokenCredential
+	clientOptions policy.ClientOptions
 }
 
-func NewSubscriptionsClient(token azcore.TokenCredential) *subscriptionsClient {
+func NewSubscriptionsClient(token azcore.TokenCredential, clientOptions policy.ClientOptions) *subscriptionsClient {
 	return &subscriptionsClient{
-		token: token,
+		token:         token,
+		clientOptions: clientOptions,
 	}
 }
 
-func (client *subscriptionsClient) GetSubscriptions(filter subscriptionsFilter) ([]subscriptions.Subscription, error) {
-	subscriptionsC, err := subscriptions.NewClient(client.token, &arm.ClientOptions{})
+func (client *subscriptionsClient) GetSubscriptions(filter SubscriptionsFilter) ([]subscriptions.Subscription, error) {
+	subscriptionsC, err := subscriptions.NewClient(client.token, &arm.ClientOptions{
+		ClientOptions: client.clientOptions,
+	})
 
 	ctx := context.Background()
 	subs := []subscriptions.Subscription{}
@@ -49,10 +54,10 @@ func (client *subscriptionsClient) GetSubscriptions(filter subscriptionsFilter)
 	return subs, nil
 }
 
-func skipSub(sub *subscriptions.Subscription, filter subscriptionsFilter) bool {
+func skipSub(sub *subscriptions.Subscription, filter SubscriptionsFilter) bool {
 	// anything explicitly specified in the list of includes means accept only from that list
-	if len(filter.include) > 0 {
-		for _, s := range filter.include {
+	if len(filter.Include) > 0 {
+		for _, s := range filter.Include {
 			if s == *sub.SubscriptionID {
 				return false
 			}
@@ -63,8 +68,8 @@ func skipSub(sub *subscriptions.Subscription, filter subscriptionsFilter) bool {
 
 	// if nothing explicitly meant to be included, then check whether
 	// it should be excluded
-	if len(filter.exclude) > 0 {
-		for _, s := range filter.exclude {
+	if len(filter.Exclude) > 0 {
+		for _, s := range filter.Exclude {
 			if s == *sub.SubscriptionID {
 				return true
 			}

diff --git a/providers/azure/connection/connection.go b/providers/azure/connection/connection.go
@@ -5,6 +5,7 @@ package connection
 
 import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/pkg/errors"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/inventory"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/vault"
@@ -25,6 +26,7 @@ type AzureConnection struct {
 	token azcore.TokenCredential
 	// note: in the future, we might make this optional if we have a tenant-level asset.
 	subscriptionId string
+	clientOptions  policy.ClientOptions
 }
 
 func NewAzureConnection(id uint32, asset *inventory.Asset, conf *inventory.Config) (*AzureConnection, error) {
@@ -73,3 +75,7 @@ func (p *AzureConnection) Token() azcore.TokenCredential {
 func (p *AzureConnection) PlatformId() string {
 	return "//platformid.api.mondoo.app/runtime/azure/subscriptions/" + p.subscriptionId
 }
+
+func (p *AzureConnection) ClientOptions() policy.ClientOptions {
+	return p.clientOptions
+}
diff --git a/providers/azure/resources/advisor.go b/providers/azure/resources/advisor.go
@@ -14,16 +14,16 @@ import (
 	"strings"
 	"time"
 
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
+	advisor "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/advisor/armadvisor"
 	"go.mondoo.com/cnquery/v9/llx"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/plugin"
 	"go.mondoo.com/cnquery/v9/providers-sdk/v1/util/convert"
 	"go.mondoo.com/cnquery/v9/providers/azure/connection"
 	"go.mondoo.com/cnquery/v9/types"
-
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
-	"github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime"
-	advisor "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/advisor/armadvisor"
 )
 
 func initAzureSubscriptionAdvisorService(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) {
@@ -42,7 +42,9 @@ func (a *mqlAzureSubscriptionAdvisorService) recommendations() ([]interface{}, e
 	ctx := context.Background()
 	token := conn.Token()
 	subId := a.SubscriptionId.Data
-	client, err := advisor.NewRecommendationsClient(subId, token, nil)
+	client, err := advisor.NewRecommendationsClient(subId, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}

diff --git a/providers/azure/resources/aks.go b/providers/azure/resources/aks.go
@@ -40,7 +40,9 @@ func (a *mqlAzureSubscriptionAksService) clusters() ([]interface{}, error) {
 	ctx := context.Background()
 	token := conn.Token()
 	subId := a.SubscriptionId.Data
-	client, err := clusters.NewManagedClustersClient(subId, token, &arm.ClientOptions{})
+	client, err := clusters.NewManagedClustersClient(subId, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}

diff --git a/providers/azure/resources/authorization.go b/providers/azure/resources/authorization.go
@@ -45,7 +45,9 @@ func (a *mqlAzureSubscriptionAuthorizationService) roleDefinitions() ([]interfac
 	ctx := context.Background()
 	token := conn.Token()
 	subId := a.SubscriptionId.Data
-	client, err := authorization.NewRoleDefinitionsClient(token, &arm.ClientOptions{})
+	client, err := authorization.NewRoleDefinitionsClient(token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}

diff --git a/providers/azure/resources/cloud_defender.go b/providers/azure/resources/cloud_defender.go
@@ -106,7 +106,9 @@ func (a *mqlAzureSubscriptionCloudDefenderService) monitoringAgentAutoProvision(
 	token := conn.Token()
 	subId := a.SubscriptionId.Data
 
-	client, err := security.NewAutoProvisioningSettingsClient(subId, token, &arm.ClientOptions{})
+	client, err := security.NewAutoProvisioningSettingsClient(subId, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return false, err
 	}

diff --git a/providers/azure/resources/compute.go b/providers/azure/resources/compute.go
@@ -7,7 +7,6 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
-
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/arm"
 	compute "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute"
 	network "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork"
@@ -41,7 +40,9 @@ func (a *mqlAzureSubscriptionComputeService) vms() ([]interface{}, error) {
 	subId := a.SubscriptionId.Data
 
 	// list compute instances
-	vmClient, err := compute.NewVirtualMachinesClient(subId, token, &arm.ClientOptions{})
+	vmClient, err := compute.NewVirtualMachinesClient(subId, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -97,7 +98,9 @@ func (a *mqlAzureSubscriptionComputeServiceVm) extensions() ([]interface{}, erro
 		return nil, err
 	}
 
-	client, err := compute.NewVirtualMachineExtensionsClient(resourceID.SubscriptionID, token, &arm.ClientOptions{})
+	client, err := compute.NewVirtualMachineExtensionsClient(resourceID.SubscriptionID, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -135,7 +138,9 @@ func (a *mqlAzureSubscriptionComputeService) disks() ([]interface{}, error) {
 	token := conn.Token()
 	subId := a.SubscriptionId.Data
 
-	client, err := compute.NewDisksClient(subId, token, &arm.ClientOptions{})
+	client, err := compute.NewDisksClient(subId, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -237,7 +242,9 @@ func (a *mqlAzureSubscriptionComputeServiceVm) osDisk() (*mqlAzureSubscriptionCo
 	ctx := context.Background()
 	token := conn.Token()
 
-	client, err := compute.NewDisksClient(resourceID.SubscriptionID, token, &arm.ClientOptions{})
+	client, err := compute.NewDisksClient(resourceID.SubscriptionID, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -288,7 +295,9 @@ func (a *mqlAzureSubscriptionComputeServiceVm) dataDisks() ([]interface{}, error
 			return nil, err
 		}
 
-		client, err := compute.NewDisksClient(resourceID.SubscriptionID, token, &arm.ClientOptions{})
+		client, err := compute.NewDisksClient(resourceID.SubscriptionID, token, &arm.ClientOptions{
+			ClientOptions: conn.ClientOptions(),
+		})
 		if err != nil {
 			return nil, err
 		}
@@ -347,11 +356,15 @@ func (a *mqlAzureSubscriptionComputeServiceVm) publicIpAddresses() ([]interface{
 	res := []interface{}{}
 
 	ctx := context.Background()
-	nicClient, err := network.NewInterfacesClient(subId, token, &arm.ClientOptions{})
+	nicClient, err := network.NewInterfacesClient(subId, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
-	ipClient, err := network.NewPublicIPAddressesClient(subId, token, &arm.ClientOptions{})
+	ipClient, err := network.NewPublicIPAddressesClient(subId, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}

diff --git a/providers/azure/resources/cosmosdb.go b/providers/azure/resources/cosmosdb.go
@@ -41,7 +41,9 @@ func (a *mqlAzureSubscriptionCosmosDbService) accounts() ([]interface{}, error)
 	token := conn.Token()
 	subId := a.SubscriptionId.Data
 
-	accClient, err := cosmosdb.NewDatabaseAccountsClient(subId, token, &arm.ClientOptions{})
+	accClient, err := cosmosdb.NewDatabaseAccountsClient(subId, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}

diff --git a/providers/azure/resources/discovery.go b/providers/azure/resources/discovery.go
@@ -68,12 +68,12 @@ func Discover(runtime *plugin.Runtime, rootConf *inventory.Config) (*inventory.I
 	targets := rootConf.GetDiscover().GetTargets()
 	subsToInclude := rootConf.Options["subscriptions"]
 	subsToExclude := rootConf.Options["subscriptions-exclude"]
-	filter := subscriptionsFilter{}
+	filter := connection.SubscriptionsFilter{}
 	if len(subsToInclude) > 0 {
-		filter.include = strings.Split(subsToInclude, ",")
+		filter.Include = strings.Split(subsToInclude, ",")
 	}
 	if len(subsToExclude) > 0 {
-		filter.exclude = strings.Split(subsToExclude, ",")
+		filter.Exclude = strings.Split(subsToExclude, ",")
 	}
 	// note: we always need the subscriptions, either to return them as assets or discover resources inside the subs
 	subs, err := discoverSubscriptions(conn, filter)
@@ -603,8 +603,8 @@ func getInstancesLabels(vm *mqlAzureSubscriptionComputeServiceVm) (map[string]st
 	return labels, nil
 }
 
-func discoverSubscriptions(conn *connection.AzureConnection, filter subscriptionsFilter) ([]subscriptions.Subscription, error) {
-	subsClient := NewSubscriptionsClient(conn.Token())
+func discoverSubscriptions(conn *connection.AzureConnection, filter connection.SubscriptionsFilter) ([]subscriptions.Subscription, error) {
+	subsClient := connection.NewSubscriptionsClient(conn.Token(), conn.ClientOptions())
 	subs, err := subsClient.GetSubscriptions(filter)
 	if err != nil {
 		return nil, err

diff --git a/providers/azure/resources/keyvault.go b/providers/azure/resources/keyvault.go
@@ -86,7 +86,9 @@ func (a *mqlAzureSubscriptionKeyVaultService) vaults() ([]interface{}, error) {
 	token := conn.Token()
 	subId := a.SubscriptionId.Data
 
-	client, err := keyvault.NewVaultsClient(subId, token, &arm.ClientOptions{})
+	client, err := keyvault.NewVaultsClient(subId, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -137,7 +139,9 @@ func (a *mqlAzureSubscriptionKeyVaultServiceVault) properties() (interface{}, er
 	if err != nil {
 		return nil, err
 	}
-	client, err := keyvault.NewVaultsClient(resourceID.SubscriptionID, token, &arm.ClientOptions{})
+	client, err := keyvault.NewVaultsClient(resourceID.SubscriptionID, token, &arm.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -167,7 +171,9 @@ func (a *mqlAzureSubscriptionKeyVaultServiceVault) keys() ([]interface{}, error)
 	ctx := context.Background()
 	token := conn.Token()
 	vaultUri := a.GetVaultUri()
-	client, err := azkeys.NewClient(vaultUri.Data, token, &azkeys.ClientOptions{})
+	client, err := azkeys.NewClient(vaultUri.Data, token, &azkeys.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -207,7 +213,9 @@ func (a *mqlAzureSubscriptionKeyVaultServiceVault) secrets() ([]interface{}, err
 	ctx := context.Background()
 	token := conn.Token()
 	vaultUri := a.GetVaultUri()
-	client, err := azsecrets.NewClient(vaultUri.Data, token, &azsecrets.ClientOptions{})
+	client, err := azsecrets.NewClient(vaultUri.Data, token, &azsecrets.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -247,7 +255,9 @@ func (a *mqlAzureSubscriptionKeyVaultServiceVault) certificates() ([]interface{}
 	ctx := context.Background()
 	token := conn.Token()
 	vaultUri := a.GetVaultUri()
-	client, err := azcertificates.NewClient(vaultUri.Data, token, &azcertificates.ClientOptions{})
+	client, err := azcertificates.NewClient(vaultUri.Data, token, &azcertificates.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -322,7 +332,9 @@ func (a *mqlAzureSubscriptionKeyVaultServiceKey) versions() ([]interface{}, erro
 		return nil, errors.New("only key ids are supported")
 	}
 
-	client, err := azkeys.NewClient(kvid.BaseUrl, conn.Token(), &azkeys.ClientOptions{})
+	client, err := azkeys.NewClient(kvid.BaseUrl, conn.Token(), &azkeys.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -395,7 +407,9 @@ func (a *mqlAzureSubscriptionKeyVaultServiceCertificate) versions() ([]interface
 
 	vaultUrl := kvid.BaseUrl
 	name := kvid.Name
-	client, err := azcertificates.NewClient(vaultUrl, conn.Token(), &azcertificates.ClientOptions{})
+	client, err := azcertificates.NewClient(vaultUrl, conn.Token(), &azcertificates.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -469,7 +483,9 @@ func (a *mqlAzureSubscriptionKeyVaultServiceSecret) versions() ([]interface{}, e
 	name := kvid.Name
 
 	ctx := context.Background()
-	client, err := azsecrets.NewClient(vaultUrl, conn.Token(), &azsecrets.ClientOptions{})
+	client, err := azsecrets.NewClient(vaultUrl, conn.Token(), &azsecrets.ClientOptions{
+		ClientOptions: conn.ClientOptions(),
+	})
 	if err != nil {
 		return nil, err
 	}