Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure cloud resource crawling: Multiple resources are not being merged into single snapshot file based on masterSnapshotId array at master-compliance-test.json #459

Open
rezoan opened this issue Jan 27, 2022 · 2 comments
Open

Azure cloud resource crawling: Multiple resources are not being merged into single snapshot file based on masterSnapshotId array at master-compliance-test.json #459

rezoan opened this issue Jan 27, 2022 · 2 comments
Assignees
@farchide @vatsalgit5118

Comments

@rezoan
Copy link

rezoan commented Jan 27, 2022
edited
Loading

example: PR-AZR-CLD-KV-009, PR-AZR-CLD-FRD-001, PR-AZR-CLD-AFW-001
@rezoan rezoan changed the title Azure cloud resource crawling: Multiple resources are not being merged into single snapshot file based on masterSnapshotId array in master-compliance-test.json Azure cloud resource crawling: Multiple resources are not being merged into single snapshot file based on masterSnapshotId array at master-compliance-test.json Jan 27, 2022
@jaiminswan
Copy link
Contributor

Yet to start

@rezoan
Copy link
Author

rezoan commented Dec 28, 2022
edited
Loading

@vatsalgit5118 seems the issue still exist but in a differet way:

For example, PR-AZR-CLD-KV-009 we have said it has masterSnapshotId: "AZRSNP_228", "AZRSNP_500" in compliance-test.json which is a merge request of both into a single file.

original resource template: https://portal.azure.com/#@prancerenterprise.com/resource/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/farshid-test/providers/Microsoft.KeyVault/vaults/prancerkv0001/overview

when running the test, i did saw it generates snapshot of AZRSNP_228 into a seperate file as

{
  "structure": "azure",
  "reference": "Prancer Sandbox",
  "contentType": "json",
  "source": "azureConnector",
  "path": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/farshid-test/providers/Microsoft.KeyVault/vaults/prancerkv0001",
  "timestamp": 1672206915928,
  "queryuser": "whitekite-spn-shahin",
  "checksum": "be35cd3b4cac3663580cdfdbb141e80d",
  "node": {
    "masterSnapshotId": [
      "AZRSNP_228"
    ],
    "type": "Microsoft.KeyVault/vaults",
    "collection": "Microsoft.KeyVault",
    "version": "2021-06-01-preview",
    "snapshotId": "AZRSNP_228123",
    "path": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/farshid-test/providers/Microsoft.KeyVault/vaults/prancerkv0001",
    "validate": true,
    "status": "active"
  },
  "snapshotId": "AZRSNP_228123",
  "mastersnapshot": false,
  "masterSnapshotId": null,
  "collection": "microsoftkeyvault",
  "region": "eastus2",
  "session_id": "session_1672234362172",
  "json": {
    "resources": [
      {
        "id": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/farshid-test/providers/Microsoft.KeyVault/vaults/prancerkv0001",
        "name": "prancerkv0001",
        "type": "Microsoft.KeyVault/vaults",
        "location": "eastus2",
        "tags": {},
        "properties": {
          "sku": {
            "family": "A",
            "name": "Standard"
          },
          "tenantId": "2367bdec-cf51-44b1-a8db-3677de1acc38",
          "privateEndpointConnections": [
            {
              "id": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/farshid-test/providers/Microsoft.KeyVault/vaults/prancerkv0001/privateEndpointConnections/test-pe",
              "properties": {
                "provisioningState": "Succeeded",
                "privateEndpoint": {
                  "id": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/farshid-test/providers/Microsoft.Network/privateEndpoints/test-pe"
                },
                "privateLinkServiceConnectionState": {
                  "status": "Approved",
                  "actionsRequired": "None"
                }
              }
            }
          ],
          "accessPolicies": [
            {
              "tenantId": "2367bdec-cf51-44b1-a8db-3677de1acc38",
              "objectId": "142c515d-7900-46df-86dd-9f81a541867e",
              "permissions": {
                "keys": [
                  "Get",
                  "List",
                  "Update",
                  "Create",
                  "Import",
                  "Delete",
                  "Recover",
                  "Backup",
                  "Restore",
                  "GetRotationPolicy",
                  "SetRotationPolicy",
                  "Rotate"
                ],
                "secrets": [
                  "Get",
                  "List",
                  "Set",
                  "Delete",
                  "Recover",
                  "Backup",
                  "Restore"
                ],
                "certificates": [
                  "Get",
                  "List",
                  "Update",
                  "Create",
                  "Import",
                  "Delete",
                  "Recover",
                  "Backup",
                  "Restore",
                  "ManageContacts",
                  "ManageIssuers",
                  "GetIssuers",
                  "ListIssuers",
                  "SetIssuers",
                  "DeleteIssuers"
                ]
              }
            },
            {
              "tenantId": "2367bdec-cf51-44b1-a8db-3677de1acc38",
              "objectId": "5dc43473-afe0-47ec-93ab-2244a2396a85",
              "permissions": {
                "keys": [],
                "secrets": [
                  "Get",
                  "List"
                ],
                "certificates": []
              }
            },
            {
              "tenantId": "2367bdec-cf51-44b1-a8db-3677de1acc38",
              "objectId": "2b07db87-1fe6-4ca7-ad29-a5e39d35b19e",
              "permissions": {
                "keys": [
                  "Get",
                  "List",
                  "Update",
                  "Create",
                  "Import",
                  "Delete",
                  "Recover",
                  "Backup",
                  "Restore"
                ],
                "secrets": [
                  "Get",
                  "List",
                  "Set",
                  "Delete",
                  "Recover",
                  "Backup",
                  "Restore"
                ],
                "certificates": [
                  "Get",
                  "List",
                  "Update",
                  "Create",
                  "Import",
                  "Delete",
                  "Recover",
                  "Backup",
                  "Restore",
                  "ManageContacts",
                  "ManageIssuers",
                  "GetIssuers",
                  "ListIssuers",
                  "SetIssuers",
                  "DeleteIssuers"
                ]
              }
            }
          ],
          "enabledForDeployment": false,
          "enabledForDiskEncryption": false,
          "enabledForTemplateDeployment": false,
          "enableSoftDelete": true,
          "softDeleteRetentionInDays": 90,
          "enableRbacAuthorization": false,
          "vaultUri": "https://prancerkv0001.vault.azure.net/",
          "provisioningState": "Succeeded",
          "publicNetworkAccess": "Enabled"
        }
      }
    ],
    "subscription_id": "a6941677-4c37-42fb-960c-dad8f25060a3",
    "resource_group": "farshid-test"
  }
}

It has privateEndpointConnections as property (which is wrong as keyvault does not have such property on its own) instead of separate related resource type (this is the issue.)

if we look at the snapshot of AZRSNP_500 it generates like:

{
  "structure": "azure",
  "reference": "Prancer Sandbox",
  "contentType": "json",
  "source": "azureConnector",
  "path": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/farshid-test/providers/Microsoft.Network/privateEndpoints/test-pe",
  "timestamp": 1672207123368,
  "queryuser": "whitekite-spn-shahin",
  "checksum": "99914b932bd37a50b983c5e7c90ae93b",
  "node": {
    "masterSnapshotId": [
      "AZRSNP_500"
    ],
    "type": "Microsoft.Network/privateEndpoints",
    "collection": "Microsoft.Network",
    "version": "2021-05-01",
    "snapshotId": "AZRSNP_500130",
    "path": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/farshid-test/providers/Microsoft.Network/privateEndpoints/test-pe",
    "validate": true,
    "status": "active"
  },
  "snapshotId": "AZRSNP_500130",
  "mastersnapshot": false,
  "masterSnapshotId": null,
  "collection": "microsoftnetwork",
  "region": "",
  "session_id": "session_1672234362172",
  "json": {
    "resources": [
      {
        "type": "Microsoft.Network/privateEndpoints",
        "apiVersion": "2022-05-01",
        "name": "test-pe",
        "location": "eastus",
        "properties": {
          "privateLinkServiceConnections": [
            {
              "name": "test-pe",
              "id": "Microsoft.Network/privateEndpoints/test-pe/privateLinkServiceConnections/test-pe",
              "properties": {
                "privateLinkServiceId": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/farshid-test/providers/Microsoft.KeyVault/vaults/prancerkv0001",
                "groupIds": [
                  "vault"
                ],
                "privateLinkServiceConnectionState": {
                  "status": "Approved",
                  "actionsRequired": "None"
                }
              }
            }
          ],
          "manualPrivateLinkServiceConnections": [],
          "subnet": {
            "id": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/dev-rezoan/providers/Microsoft.Network/virtualNetworks/dev-rezoan-vnet/subnets/default"
          },
          "ipConfigurations": [],
          "customDnsConfigs": []
        }
      },
      {
        "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
        "apiVersion": "2022-05-01",
        "name": "test-pe/default",
        "dependsOn": [
          "Microsoft.Network/privateEndpoints/test-pe"
        ],
        "properties": {
          "privateDnsZoneConfigs": [
            {
              "name": "privatelink-vaultcore-azure-net",
              "properties": {
                "privateDnsZoneId": "/subscriptions/a6941677-4c37-42fb-960c-dad8f25060a3/resourceGroups/cloud-shell-storage-centralindia/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
              }
            }
          ]
        }
      }
    ],
    "subscription_id": "a6941677-4c37-42fb-960c-dad8f25060a3",
    "resource_group": "farshid-test"
  }
}

Idea was to merge both 2 file into a single one without introducing any new property to any resource type which does not exist in original resource template.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@farchide farchide

@vatsalgit5118 vatsalgit5118

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rezoan @farchide @vatsalgit5118 @jaiminswan