🧹 initialize microsoft.application

mondoohq · Aug 9, 2024 · 8418a8c · 8418a8c
1 parent f076cd5
commit 8418a8c
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 18 deletions.
diff --git a/providers/ms365/resources/applications.go b/providers/ms365/resources/applications.go
@@ -6,6 +6,9 @@ package resources
 import (
 	"context"
 	"encoding/base64"
+	"errors"
+	"fmt"
+	"net/url"
 	"time"
 
 	"github.com/microsoftgraph/msgraph-sdk-go/applications"
@@ -42,8 +45,57 @@ func (a *mqlMicrosoft) applications() ([]interface{}, error) {
 	return res, nil
 }
 
-// expiredCredentials returns true if any of the credentials of the application are expired
-func (a *mqlMicrosoftApplication) expiredCredentials() (bool, error) {
+func initMicrosoftApplication(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) {
+	// we only look up the package, if we have been supplied by its name and nothing else
+	raw, ok := args["name"]
+	if !ok || len(args) != 1 {
+		return args, nil, nil
+	}
+	name := raw.Value.(string)
+
+	conn := runtime.Connection.(*connection.Ms365Connection)
+	graphClient, err := conn.GraphClient()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// https://graph.microsoft.com/v1.0/servicePrincipals?$count=true&$search="displayName:teams"&$select=id,displayName
+	filter := fmt.Sprintf("displayName eq '%s'", url.QueryEscape(name))
+	ctx := context.Background()
+	resp, err := graphClient.Applications().Get(ctx, &applications.ApplicationsRequestBuilderGetRequestConfiguration{
+		QueryParameters: &applications.ApplicationsRequestBuilderGetQueryParameters{
+			Filter: &filter,
+		},
+	})
+	if err != nil {
+		return nil, nil, transformError(err)
+	}
+
+	val := resp.GetValue()
+	if len(val) == 0 {
+		return nil, nil, errors.New("application not found")
+	}
+
+	applicationId := val[0].GetId()
+	if applicationId == nil {
+		return nil, nil, errors.New("application id not found")
+	}
+
+	// https://graph.microsoft.com/v1.0/applications/{application-id}
+	app, err := graphClient.Applications().ByApplicationId(*applicationId).Get(ctx, &applications.ApplicationItemRequestBuilderGetRequestConfiguration{})
+	if err != nil {
+		return nil, nil, transformError(err)
+	}
+	mqlMsApp, err := newMqlMicrosoftApplication(runtime, app)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return nil, mqlMsApp, nil
+}
+
+// hasExpiredCredentials returns true if any of the credentials of the application are expired
+func (a *mqlMicrosoftApplication) hasExpiredCredentials() (bool, error) {
 	certificates := a.GetCertificates()
 	for _, val := range certificates.Data {
 		cert := val.(*mqlMicrosoftKeyCredential)
@@ -62,8 +114,8 @@ func (a *mqlMicrosoftApplication) expiredCredentials() (bool, error) {
 	return false, nil
 }
 
+// newMqlMicrosoftApplication creates a new mqlMicrosoftApplication resource
 func newMqlMicrosoftApplication(runtime *plugin.Runtime, app models.Applicationable) (*mqlMicrosoftApplication, error) {
-
 	info, _ := convert.JsonToDictSlice(app.GetInfo())
 
 	// certificates
@@ -95,6 +147,7 @@ func newMqlMicrosoftApplication(runtime *plugin.Runtime, app models.Applicationa
 			"createdDateTime": llx.TimeDataPtr(app.GetCreatedDateTime()),
 			"createdAt":       llx.TimeDataPtr(app.GetCreatedDateTime()),
 			"displayName":     llx.StringDataPtr(app.GetDisplayName()),
+			"name":            llx.StringDataPtr(app.GetDisplayName()),
 			"description":     llx.StringDataPtr(app.GetDescription()),
 			"notes":           llx.StringDataPtr(app.GetNotes()),
 			"publisherDomain": llx.StringDataPtr(app.GetPublisherDomain()),
@@ -111,6 +164,7 @@ func newMqlMicrosoftApplication(runtime *plugin.Runtime, app models.Applicationa
 	return mqlResource.(*mqlMicrosoftApplication), nil
 }
 
+// newMqlMicrosoftKeyCredential creates a new mqlMicrosoftKeyCredential resource
 func newMqlMicrosoftKeyCredential(runtime *plugin.Runtime, app models.KeyCredentialable) (*mqlMicrosoftKeyCredential, error) {
 	endDate := app.GetEndDateTime()
 	expired := true
@@ -135,6 +189,7 @@ func newMqlMicrosoftKeyCredential(runtime *plugin.Runtime, app models.KeyCredent
 	return mqlResource.(*mqlMicrosoftKeyCredential), nil
 }
 
+// newMqlMicrosoftPasswordCredential creates a new mqlMicrosoftPasswordCredential resource
 func newMqlMicrosoftPasswordCredential(runtime *plugin.Runtime, app models.PasswordCredentialable) (*mqlMicrosoftPasswordCredential, error) {
 	endDate := app.GetEndDateTime()
 	expired := true

diff --git a/providers/ms365/resources/ms365.lr b/providers/ms365/resources/ms365.lr
@@ -163,12 +163,15 @@ private microsoft.domaindnsrecord @defaults("id label") {
 }
 
 // Microsoft application
-private microsoft.application @defaults("id displayName expiredCredentials") {
+microsoft.application @defaults("id displayName hasExpiredCredentials") {
+  init(name string)
   // Application ID
   id string
   // Application app ID
   appId string
   // Application display name
+  name string
+  // Deprecated: Application display name use `name` instead
   displayName string
   // Description
   description string
@@ -193,7 +196,7 @@ private microsoft.application @defaults("id displayName expiredCredentials") {
   // Certificates
   certificates []microsoft.keyCredential
   // Indicates assigned expired credentials
-  expiredCredentials() bool
+  hasExpiredCredentials() bool
 }
 
 // Certificate Secret
@@ -210,7 +213,7 @@ private microsoft.keyCredential @defaults("thumbprint description expires keyId"
   usage string
   // Certificate expiration date
   expires time
-  // Indicates if the secret is expired
+  // Indicates expired secret
   expired bool
 }
 
@@ -224,7 +227,7 @@ private microsoft.passwordCredential @defaults("description expires keyId") {
   hint string
   // Secret expiration date
   expires time
-  // Indicates if the secret is expired
+  // Indicates expired secret
   expired bool
 }
 

diff --git a/providers/ms365/resources/ms365.lr.go b/providers/ms365/resources/ms365.lr.go
diff --git a/providers/ms365/resources/ms365.lr.manifest.yaml b/providers/ms365/resources/ms365.lr.manifest.yaml
@@ -27,12 +27,14 @@ resources:
       description:
         min_mondoo_version: 9.0.0
       displayName: {}
-      expiredCredentials:
+      hasExpiredCredentials:
         min_mondoo_version: 9.0.0
       id: {}
       identifierUris: {}
       info:
         min_mondoo_version: 9.0.0
+      name:
+        min_mondoo_version: 9.0.0
       notes:
         min_mondoo_version: 9.0.0
       publisherDomain: {}
@@ -41,7 +43,6 @@ resources:
       signInAudience: {}
       tags:
         min_mondoo_version: 9.0.0
-    is_private: true
     min_mondoo_version: 5.15.0
   microsoft.devicemanagement:
     fields: