From de1a7acfbb76a339385ca8b0e211cb098c75bcf9 Mon Sep 17 00:00:00 2001
From: Manuel Weber <manuel@mondoo.com>
Date: Tue, 14 Jan 2025 15:48:28 +0100
Subject: [PATCH] changed: providers/azure/resources/armsecurity.go

Signed-off-by: Manuel Weber <manuel@mondoo.com>
---
 providers/azure/resources/armsecurity.go | 54 +++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/providers/azure/resources/armsecurity.go b/providers/azure/resources/armsecurity.go
index ee5f5ce84a..4599094316 100644
--- a/providers/azure/resources/armsecurity.go
+++ b/providers/azure/resources/armsecurity.go
@@ -81,7 +81,7 @@ func getPolicyAssignments(ctx context.Context, conn armSecurityConn) (PolicyAssi
 
 // the armsecurity.NewListPager is broken, see https://github.com/Azure/azure-sdk-for-go/issues/19740.
 // until it's fixed, we can fetch them manually
-func getSecurityContacts(ctx context.Context, conn armSecurityConn) ([]security.Contact, error) {
+func getSecurityContacts(ctx context.Context, conn armSecurityConn) ([], error) {
 	token, err := conn.GetToken()
 	if err != nil {
 		return []security.Contact{}, err
@@ -133,6 +133,58 @@ func getSecurityContacts(ctx context.Context, conn armSecurityConn) ([]security.
 	return result, err
 }
 
+func getSettingsClient(ctx context.Context, conn armSecurityConn) ([]security.SettingsClient, error) {
+	token, err := conn.GetToken()
+	if err != nil {
+		return []security.SettingsClient{}, err
+	}
+	urlPath := "/subscriptions/{subscriptionId}/providers/Microsoft.Security/settings"
+	urlPath = strings.ReplaceAll(urlPath, "{subscriptionId}", url.PathEscape(conn.subscriptionId))
+	urlPath = runtime.JoinPaths(conn.host, urlPath)
+	client := http.Client{}
+	req, err := http.NewRequest("GET", urlPath, nil)
+	if err != nil {
+		return []security.SettingsClient{}, err
+	}
+	q := req.URL.Query()
+	q.Set("api-version", "2021-06-01")
+	req.URL.RawQuery = q.Encode()
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.Token))
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return []security.SettingsClient{}, err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		return [][]security.SettingsClient{}, errors.New("failed to fetch security contacts from " + urlPath + ": " + resp.Status)
+	}
+
+	raw, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return [][]security.SettingsClient{}, err
+	}
+	result := [][]security.SettingsClient{}
+	err = json.Unmarshal(raw, &result)
+	if err != nil {
+		// fallback, try to unmarshal to ContactList
+		contactList := &security.SettingsList{}
+		err = json.Unmarshal(raw, contactList)
+		if err != nil {
+			return nil, err
+		}
+		for _, c := range contactList.Value {
+			if c != nil {
+				result = append(result, *c)
+			}
+		}
+	}
+
+	return result, err
+}
+
 func getServerVulnAssessmentSettings(ctx context.Context, conn armSecurityConn) (ServerVulnerabilityAssessmentsSettingsList, error) {
 	token, err := conn.GetToken()
 	if err != nil {