Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Azure fetchers and asset provider #1310

Merged
merged 20 commits into from
Sep 21, 2023
Merged

Implement Azure fetchers and asset provider #1310

merged 20 commits into from
Sep 21, 2023

Conversation

jeniawhite
Copy link
Contributor

@jeniawhite jeniawhite commented Sep 3, 2023
edited by orestisfl
Loading

Summary of your changes

Implementation of assets provider using ARG and Azure fetcher in order to fetch resources for evaluation.

Related Issues

Checklist

  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary README/documentation (if appropriate)

@jeniawhite jeniawhite requested a review from a team as a code owner September 3, 2023 14:25
@mergify
Copy link

mergify bot commented Sep 3, 2023

This pull request does not have a backport label. Could you fix it @jeniawhite? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit
    NOTE: backport-skip has been added to this pull request.

@mergify mergify bot added the backport-skip label Sep 3, 2023
@github-actions
Copy link

github-actions bot commented Sep 3, 2023
edited
Loading

📊 Allure Report - 💚 No failures were reported.

Result Count
🟥 Failed 0
🟩 Passed 39
⬜ Skipped 1

@jeniawhite jeniawhite mentioned this pull request Sep 3, 2023
Merged
2 tasks
@jeniawhite jeniawhite marked this pull request as draft September 5, 2023 12:01
@jeniawhite jeniawhite marked this pull request as ready for review September 5, 2023 16:59
@mergify
Copy link

mergify bot commented Sep 11, 2023

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b evgb-AzureFetchers upstream/evgb-AzureFetchers
git merge upstream/main
git push upstream evgb-AzureFetchers

@orestisfl orestisfl self-assigned this Sep 18, 2023
@mergify
Copy link

mergify bot commented Sep 19, 2023

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b evgb-AzureFetchers upstream/evgb-AzureFetchers
git merge upstream/main
git push upstream evgb-AzureFetchers

orestisfl
orestisfl requested changes Sep 19, 2023
View reviewed changes
Copy link
Contributor

@orestisfl orestisfl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can merge this after some tests and resolving the TODOs

resources/providers/azurelib/inventory/provider.go
Comment on lines +88 to +89
// TODO: Populate from config or query (not sensitive but still don't want to commit)
to.Ptr(os.Getenv("AZURE_SUBSCRIPTION_ID"))},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, this will be handled in a follow-up ticket

resources/fetching/fetcher.go Outdated
Comment on lines 76 to 79
AzureNetworkInterface = "azure-network-interface"
AzureApplicationService = "azure-application-service"
AzureLoggingAndMonitoring = "azure-logging-and-monitoring"
AzureDatabaseService = "azure-database-service"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
AzureNetworkInterface = "azure-network-interface"
AzureApplicationService = "azure-application-service"
AzureLoggingAndMonitoring = "azure-logging-and-monitoring"
AzureDatabaseService = "azure-database-service"

Let's add these one by one as we implement the rules. We can merge this PR without them.

resources/fetching/fetchers/azure/assets_fetcher.go

func (f *AzureAssetsFetcher) Fetch(ctx context.Context, cMetadata fetching.CycleMetadata) error {
f.log.Info("Starting AzureAssetsFetcher.Fetch")
// TODO: Maybe we should use a query per type instead of listing all assets in a single query
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// TODO: Maybe we should use a query per type instead of listing all assets in a single query

Is there any benefit to that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume that it might help us If we will need to collect multiple resource types to evaluate a single rule.

resources/fetching/fetchers/azure/assets_fetcher.go Outdated
TenantId string `json:"tenant_id,omitempty"`
}

// TODO: Implement other types
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// TODO: Implement other types

Can we track this in a new issue?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is basically the other piece of work regarding the comment above:
Let's add these one by one as we implement the rules. We can merge this PR without them

@orestisfl orestisfl removed their assignment Sep 19, 2023
@jeniawhite jeniawhite enabled auto-merge (squash) September 19, 2023 12:45
orestisfl
orestisfl reviewed Sep 19, 2023
View reviewed changes
Copy link
Contributor

@orestisfl orestisfl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's try to merge this relatively clean in main unless if it's blocking more important work

I left comments on TODOs and we should definitely guard the casting or avoid casting alltogether

resources/fetching/fetchers/azure/assets_fetcher.go Outdated
Asset AzureAssetInfo `json:"asset,omitempty"`
}

// TODO: Fill this struct with the required fields
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this done?

Suggested change
// TODO: Fill this struct with the required fields

resources/fetching/fetchers/azure/assets_fetcher.go Outdated
case f.resourceCh <- fetching.ResourceInfo{
CycleMetadata: cMetadata,
// TODO: Safe guard this conversion
Resource: getAssetFromData(asset.(map[string]any)),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't ListAllAssetTypesByName return the correct type / handle the casting instead of the caller?

resources/fetching/fetchers/azure/assets_fetcher.go Outdated
return value
}

// TODO: Handle this function
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's resolve the TODOs, is this relevant?

resources/fetching/fetchers/azure/assets_fetcher.go Outdated

func (r *AzureAsset) GetElasticCommonData() (map[string]any, error) { return nil, nil }

// TODO: Implement this function
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the significance of this? Is it a blocker?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not a blocker because we did not decide on the subTypes yet.
As of current we only utilize the resource type and do not look at subTypes in the policies.
Future implementation of additional rules might change that, this is why it is left blank as of current.

resources/providers/azurelib/inventory/provider.go Outdated
return resourceAssets, nil
}

// TODO: Handle this function
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same

orestisfl
orestisfl reviewed Sep 21, 2023
View reviewed changes
resources/fetching/fetchers/azure/assets_fetcher_test.go
Comment on lines +111 to +114
s.NoError(err)
s.NotNil(meta)
s.NoError(err)
s.NotEmpty(meta)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
s.NoError(err)
s.NotNil(meta)
s.NoError(err)
s.NotEmpty(meta)
require.NoError(s.T(), err)
s.NotEmpty(meta)

orestisfl
orestisfl reviewed Sep 21, 2023
View reviewed changes
resources/fetching/fetchers/azure/assets_fetcher_test.go
Comment on lines +115 to +119
s.Equal(mockAssets[index].Id, meta.ID)
s.Equal(AzureResourceTypes[mockAssets[index].Type], meta.Type)
s.Equal("", meta.SubType)
s.Equal(mockAssets[index].Name, meta.Name)
s.Equal(mockAssets[index].Location, meta.Region)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
s.Equal(mockAssets[index].Id, meta.ID)
s.Equal(AzureResourceTypes[mockAssets[index].Type], meta.Type)
s.Equal("", meta.SubType)
s.Equal(mockAssets[index].Name, meta.Name)
s.Equal(mockAssets[index].Location, meta.Region)
s.Equal(mockAssets[index].Id, meta.ID)
s.Equal(AzureResourceTypes[mockAssets[index].Type], meta.Type)
s.Equal("", meta.SubType)
s.Equal(mockAssets[index].Name, meta.Name)
s.Equal(mockAssets[index].Location, meta.Region)

I would construct an expected meta object and compare it using the Equal function, this produces a better diff and it is more feature-proof as we can catch cases where we forget to use new field if we combine it with exhauststruct.

orestisfl
orestisfl approved these changes Sep 21, 2023
View reviewed changes
Copy link
Contributor

@orestisfl orestisfl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but the coverails still fails

@jeniawhite jeniawhite merged commit 83fa2d8 into elastic:main Sep 21, 2023
orestisfl added a commit to orestisfl/cloudbeat that referenced this pull request Sep 25, 2023
@orestisfl
Azure fetchers: Improve tests
6c248a1 
Apply suggestions from elastic#1310

- Reduce code
- Protect from panics via `Require()`
- Compare objects directly
@orestisfl orestisfl mentioned this pull request Sep 25, 2023
Merged
2 tasks
orestisfl added a commit that referenced this pull request Sep 27, 2023
@orestisfl
Azure fetchers: Improve tests (#1365)
2fd7f71 
Apply suggestions from #1310

- Reduce code
- Protect from panics via `Require()`
- Compare objects directly
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orestisfl orestisfl orestisfl approved these changes

Assignees

@jeniawhite jeniawhite

Labels
backport-skip
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[CIS Azure] Asset inventory / fetchers
2 participants
@jeniawhite @orestisfl