🧹 clean up azure fine grained assets

Author: vjeffrey

providers/azure/provider/provider.go

@@ -7,7 +7,6 @@ import (
 	"context"
 	"errors"
 
-	"go.mondoo.com/cnquery/v12"
 	"go.mondoo.com/cnquery/v12/llx"
 	"go.mondoo.com/cnquery/v12/providers-sdk/v1/inventory"
 	"go.mondoo.com/cnquery/v12/providers-sdk/v1/plugin"
@@ -140,11 +139,6 @@ func (s *Service) Connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 		return nil, errors.New("no connection data provided")
 	}
 
-	// If we get 1 connection that enables fine-grained assets, enable it globally for the provider
-	if cnquery.Features(req.Features).IsActive(cnquery.FineGrainedAssets) {
-		resources.ENABLE_FINE_GRAINED_ASSETS = true
-	}
-
 	conn, err := s.connect(req, callback)
 	if err != nil {
 		return nil, err

providers/azure/resources/discovery.go

@@ -6,6 +6,7 @@ package resources
 import (
 	"errors"
 	"fmt"
+	"slices"
 	"strings"
 
 	"go.mondoo.com/cnquery/v12/llx"
@@ -17,8 +18,6 @@ import (
 	subscriptions "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armsubscriptions"
 )
 
-var ENABLE_FINE_GRAINED_ASSETS = false
-
 const (
 	SubscriptionLabel  = "azure.mondoo.com/subscription"
 	ResourceGroupLabel = "azure.mondoo.com/resourcegroup"
@@ -44,6 +43,31 @@ const (
 	DiscoverySecurityGroups          = "security-groups"
 )
 
+var All = []string{
+	DiscoverySubscriptions,
+	DiscoveryInstances,
+}
+
+var Auto = []string{DiscoverySubscriptions}
+
+func allDiscovery() []string {
+	return append(All, AllAPIResources...)
+}
+
+var AllAPIResources = []string{
+	DiscoveryInstancesApi,
+	DiscoverySqlServers,
+	DiscoveryPostgresServers,
+	DiscoveryPostgresFlexibleServers,
+	DiscoveryMySqlServers,
+	DiscoveryMySqlFlexibleServers,
+	DiscoveryMariaDbServers,
+	DiscoveryStorageAccounts,
+	DiscoveryStorageContainers,
+	DiscoveryKeyVaults,
+	DiscoverySecurityGroups,
+}
+
 type azureObject struct {
 	subscription string
 	tenant       *string
@@ -73,13 +97,35 @@ func MondooAzureInstanceID(instanceID string) string {
 	return "//platformid.api.mondoo.app/runtime/azure" + instanceID
 }
 
+func getDiscoveryTargets(config *inventory.Config) []string {
+	targets := config.Discover.Targets
+	if len(targets) == 0 {
+		return Auto
+	}
+	if stringx.ContainsAnyOf(targets, DiscoveryAll) {
+		// return the All list + All Api Resources list
+		return allDiscovery()
+	}
+	if stringx.ContainsAnyOf(targets, DiscoveryAuto) {
+		for i, target := range targets {
+			if target == DiscoveryAuto {
+				// remove the auto keyword
+				targets = slices.Delete(targets, i, i+1)
+			}
+		}
+		// add in the required discovery targets
+		return append(targets, Auto...)
+	}
+	// random assortment of targets
+	return targets
+}
+
 func Discover(runtime *plugin.Runtime, rootConf *inventory.Config) (*inventory.Inventory, error) {
 	conn, ok := runtime.Connection.(*connection.AzureConnection)
 	if !ok {
 		return nil, errors.New("invalid connection provided, it is not an Azure connection")
 	}
 	assets := []*inventory.Asset{}
-	targets := rootConf.GetDiscover().GetTargets()
 	subsToInclude := rootConf.Options["subscriptions"]
 	subsToExclude := rootConf.Options["subscriptions-exclude"]
 	filter := connection.SubscriptionsFilter{}
@@ -101,16 +147,15 @@ func Discover(runtime *plugin.Runtime, rootConf *inventory.Config) (*inventory.I
 		subsWithConfigs[i] = subWithConfig{sub: sub, conf: getSubConfig(conn.Conf, sub)}
 	}
 
-	if stringx.ContainsAnyOf(targets, DiscoverySubscriptions, DiscoveryAll, DiscoveryAuto) {
+	targets := getDiscoveryTargets(rootConf)
+
+	if stringx.ContainsAnyOf(targets, DiscoverySubscriptions) {
 		// we've already discovered those, simply add them as assets
 		for _, s := range subsWithConfigs {
 			assets = append(assets, subToAsset(s))
 		}
 	}
-	matchingTargets := []string{DiscoveryAll}
-	if ENABLE_FINE_GRAINED_ASSETS {
-		matchingTargets = append(matchingTargets, DiscoveryAuto)
-	}
+
 	// FIXME: do not discover instances as OSes right now, only discover as API representations.
 	if stringx.ContainsAnyOf(targets, DiscoveryInstances) {
 		vms, err := discoverInstances(runtime, subsWithConfigs)
@@ -119,60 +164,60 @@ func Discover(runtime *plugin.Runtime, rootConf *inventory.Config) (*inventory.I
 		}
 		assets = append(assets, vms...)
 	}
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoveryInstancesApi)...) {
+	if stringx.ContainsAnyOf(targets, DiscoveryInstancesApi) {
 		vms, err := discoverInstancesApi(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
 		}
 		assets = append(assets, vms...)
 	}
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoverySqlServers)...) {
+	if stringx.ContainsAnyOf(targets, DiscoverySqlServers) {
 		sqlServers, err := discoverSqlServers(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
 		}
 		assets = append(assets, sqlServers...)
 	}
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoveryMySqlServers)...) {
+	if stringx.ContainsAnyOf(targets, DiscoveryMySqlServers) {
 		mySqlServers, err := discoverMySqlServers(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
 		}
 		assets = append(assets, mySqlServers...)
 	}
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoveryMySqlFlexibleServers)...) {
+	if stringx.ContainsAnyOf(targets, DiscoveryMySqlFlexibleServers) {
 		flexibleServers, err := discoverMySqlFlexibleServers(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
 		}
 		assets = append(assets, flexibleServers...)
 	}
 
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoveryPostgresServers)...) {
+	if stringx.ContainsAnyOf(targets, DiscoveryPostgresServers) {
 		postgresServers, err := discoverPostgresqlServers(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
 		}
 		assets = append(assets, postgresServers...)
 	}
 
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoveryPostgresFlexibleServers)...) {
+	if stringx.ContainsAnyOf(targets, DiscoveryPostgresFlexibleServers) {
 		flexibleServers, err := discoverPostgresqlFlexibleServers(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
 		}
 		assets = append(assets, flexibleServers...)
 	}
 
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoveryMariaDbServers)...) {
+	if stringx.ContainsAnyOf(targets, DiscoveryMariaDbServers) {
 		mariaDbServers, err := discoverMariadbServers(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
 		}
 		assets = append(assets, mariaDbServers...)
 	}
 
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoveryStorageAccounts)...) {
+	if stringx.ContainsAnyOf(targets, DiscoveryStorageAccounts) {
 		accs, err := discoverStorageAccounts(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
@@ -181,21 +226,21 @@ func Discover(runtime *plugin.Runtime, rootConf *inventory.Config) (*inventory.I
 	}
 
 	// FIXME: bring back the storage containers as as part of FF scanning once we can do parallel scanning
-	if stringx.ContainsAnyOf(targets, DiscoveryAll, DiscoveryStorageContainers) {
+	if stringx.ContainsAnyOf(targets, DiscoveryStorageContainers) {
 		containers, err := discoverStorageAccountsContainers(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
 		}
 		assets = append(assets, containers...)
 	}
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoverySecurityGroups)...) {
+	if stringx.ContainsAnyOf(targets, DiscoverySecurityGroups) {
 		secGrps, err := discoverSecurityGroups(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err
 		}
 		assets = append(assets, secGrps...)
 	}
-	if stringx.ContainsAnyOf(targets, append(matchingTargets, DiscoveryKeyVaults)...) {
+	if stringx.ContainsAnyOf(targets, DiscoveryKeyVaults) {
 		kvs, err := discoverVaults(runtime, subsWithConfigs)
 		if err != nil {
 			return nil, err

providers/azure/resources/discovery_test.go

@@ -0,0 +1,40 @@
+package resources
+
+import (
+	"sort"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"go.mondoo.com/cnquery/v12/providers-sdk/v1/inventory"
+)
+
+func TestGetDiscoveryTargets(t *testing.T) {
+	config := &inventory.Config{
+		Discover: &inventory.Discovery{
+			Targets: []string{},
+		},
+	}
+	// test all with other stuff
+	config.Discover.Targets = []string{"all", "projects", "instances"}
+	require.Equal(t, allDiscovery(), getDiscoveryTargets(config))
+
+	// test just all
+	config.Discover.Targets = []string{"all"}
+	require.Equal(t, allDiscovery(), getDiscoveryTargets(config))
+
+	// test auto with other stuff
+	config.Discover.Targets = []string{"auto", "postgres-servers", "keyvaults-vaults"}
+	res := append(Auto, []string{DiscoveryPostgresServers, DiscoveryKeyVaults}...)
+	sort.Strings(res)
+	targets := getDiscoveryTargets(config)
+	sort.Strings(targets)
+	require.Equal(t, res, targets)
+
+	// test just auto
+	config.Discover.Targets = []string{"auto"}
+	require.Equal(t, Auto, getDiscoveryTargets(config))
+
+	// test random
+	config.Discover.Targets = []string{"postgres-servers", "keyvaults-vaults", "instances"}
+	require.Equal(t, []string{DiscoveryPostgresServers, DiscoveryKeyVaults, DiscoveryInstances}, getDiscoveryTargets(config))
+}

providers/gcp/provider/provider.go

@@ -14,7 +14,6 @@ import (
 	"go.mondoo.com/ranger-rpc/codes"
 	"go.mondoo.com/ranger-rpc/status"
 
-	"go.mondoo.com/cnquery/v12"
 	"go.mondoo.com/cnquery/v12/llx"
 	"go.mondoo.com/cnquery/v12/providers-sdk/v1/inventory"
 	"go.mondoo.com/cnquery/v12/providers-sdk/v1/plugin"
@@ -188,11 +187,6 @@ func (s *Service) Connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 		return nil, errors.New("no connection data provided")
 	}
 
-	// If we get 1 connection that enables fine-grained assets, enable it globally for the provider
-	if cnquery.Features(req.Features).IsActive(cnquery.FineGrainedAssets) {
-		resources.ENABLE_FINE_GRAINED_ASSETS = true
-	}
-
 	conn, err := s.connect(req, callback)
 	if err != nil {
 		return nil, err

providers/gcp/resources/discovery.go

@@ -21,8 +21,6 @@ import (
 	"google.golang.org/api/cloudresourcemanager/v3"
 )
 
-var ENABLE_FINE_GRAINED_ASSETS = false
-
 const (
 	// Discovery flags
 	DiscoveryAuto = "auto"