Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Query mode: Supports --arg-table and --arg-authorization-scope-filter #565

Merged
merged 4 commits into from
Sep 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions command_before_func.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@ package main
import (
"fmt"
"os"
"slices"
"strings"

"github.com/Azure/aztfexport/internal/utils"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph"
"github.com/hashicorp/terraform-config-inspect/tfconfig"
"github.com/urfave/cli/v2"
)
Expand Down Expand Up @@ -113,6 +115,12 @@ func commandBeforeFunc(fset *FlagSet, mode Mode) func(ctx *cli.Context) error {
return fmt.Errorf("`--name` can't be specified for multi-resource mode")
}
}
case ModeQuery:
if fset.flagARGAuthorizationScopeFilter != "" {
if !slices.Contains(armresourcegraph.PossibleAuthorizationScopeFilterValues(), armresourcegraph.AuthorizationScopeFilter(fset.flagARGAuthorizationScopeFilter)) {
return fmt.Errorf("invalid value of `--arg-authorization-scope-filter`")
}
}
}

// Initialize output directory
Expand Down
22 changes: 16 additions & 6 deletions flag.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,12 +87,16 @@ type FlagSet struct {
// flagRecursive
// flagIncludeRoleAssignment
// flagIncludeResourceGroup
flagPattern string
flagRecursive bool
flagResName string
flagResType string
flagIncludeRoleAssignment bool
flagIncludeResourceGroup bool
// flagARGTable
// flagARGAuthorizationScopeFilter
flagPattern string
flagRecursive bool
flagResName string
flagResType string
flagIncludeRoleAssignment bool
flagIncludeResourceGroup bool
flagARGTable string
flagARGAuthorizationScopeFilter string
}

type Mode string
Expand Down Expand Up @@ -251,6 +255,12 @@ func (flag FlagSet) DescribeCLI(mode Mode) string {
if flag.flagIncludeResourceGroup {
args = append(args, "--include-resource-group=true")
}
if flag.flagARGTable != "" {
args = append(args, "--arg-table="+flag.flagARGTable)
}
if flag.flagARGAuthorizationScopeFilter != "" {
args = append(args, "--arg-authorization-scope-filter="+flag.flagARGAuthorizationScopeFilter)
}
}
return "aztfexport " + strings.Join(args, " ")
}
Expand Down
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.0.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.6.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1
github.com/charmbracelet/bubbles v0.14.0
github.com/charmbracelet/bubbletea v0.22.1
Expand All @@ -21,7 +22,7 @@ require (
github.com/hashicorp/terraform-json v0.22.1
github.com/hexops/gotextdiff v1.0.3
github.com/magodo/armid v0.0.0-20240524082432-7ce06ae46c33
github.com/magodo/azlist v0.0.0-20240903084323-b329fe33ce23
github.com/magodo/azlist v0.0.0-20240926110356-8798310310af
github.com/magodo/aztft v0.3.1-0.20240823092950-b8a7f3cdf3ae
github.com/magodo/slog2hclog v0.0.0-20240614031327-090ebd72a033
github.com/magodo/spinner v0.0.0-20240524082745-3a2305db1bdc
Expand Down Expand Up @@ -78,7 +79,6 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/paloaltonetworksngfw/armpanngfw v1.0.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/recoveryservices/armrecoveryservicesbackup v1.0.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/recoveryservices/armrecoveryservicessiterecovery v1.1.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.6.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armdeploymentscripts v1.0.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/securityinsights/armsecurityinsights/v2 v2.0.0-beta.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.0.0 // indirect
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -231,8 +231,8 @@ github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69
github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
github.com/magodo/armid v0.0.0-20240524082432-7ce06ae46c33 h1:KmQ16pNsI7DaELU+CbqZKXVdvkE/YXqMH6LLkp6rw/Y=
github.com/magodo/armid v0.0.0-20240524082432-7ce06ae46c33/go.mod h1:rR8E7zfGMbmfnSQvrkFiWYdhrfTqsVSltelnZB09BwA=
github.com/magodo/azlist v0.0.0-20240903084323-b329fe33ce23 h1:99U0TtE+gi7EjXi3Lo6sKFReU2ID2f2wK2gCJSz8/Ow=
github.com/magodo/azlist v0.0.0-20240903084323-b329fe33ce23/go.mod h1:xefFDOxzRssOEjGoxvrO8jeTWlzHXbY6sCJYOt+Jh5k=
github.com/magodo/azlist v0.0.0-20240926110356-8798310310af h1:r55nPAyFztYNdXNVmZgNtDU6AbKbfdy/Cbg6xnOnidM=
github.com/magodo/azlist v0.0.0-20240926110356-8798310310af/go.mod h1:xefFDOxzRssOEjGoxvrO8jeTWlzHXbY6sCJYOt+Jh5k=
github.com/magodo/aztft v0.3.1-0.20240823092950-b8a7f3cdf3ae h1:+2PWj5sHws1EsOmStkdiMA5vjgchGGyasSfcNZ6Cbj4=
github.com/magodo/aztft v0.3.1-0.20240823092950-b8a7f3cdf3ae/go.mod h1:swhCPmbwehJXrVgu8SCr/XFb2e9tkgEp+Wnnv3K0ZsQ=
github.com/magodo/slog2hclog v0.0.0-20240614031327-090ebd72a033 h1:K2seYsMAzoICCLdDe7uU2WyaACLW+tvdTWG3QB+pyec=
Expand Down
45 changes: 26 additions & 19 deletions internal/meta/meta_query.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,20 @@ import (
"github.com/Azure/aztfexport/internal/resourceset"
"github.com/Azure/aztfexport/internal/tfaddr"
"github.com/Azure/aztfexport/pkg/config"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph"
"github.com/magodo/azlist/azlist"
)

type MetaQuery struct {
baseMeta
argPredicate string
recursiveQuery bool
resourceNamePrefix string
resourceNameSuffix string
includeRoleAssignment bool
includeResourceGroup bool
argPredicate string
recursiveQuery bool
resourceNamePrefix string
resourceNameSuffix string
includeRoleAssignment bool
includeResourceGroup bool
argTable string
argAuthenticationScopeFilter armresourcegraph.AuthorizationScopeFilter
}

func NewMetaQuery(cfg config.Config) (*MetaQuery, error) {
Expand All @@ -28,11 +31,13 @@ func NewMetaQuery(cfg config.Config) (*MetaQuery, error) {
}

meta := &MetaQuery{
baseMeta: *baseMeta,
argPredicate: cfg.ARGPredicate,
recursiveQuery: cfg.RecursiveQuery,
includeRoleAssignment: cfg.IncludeRoleAssignment,
includeResourceGroup: cfg.IncludeResourceGroup,
baseMeta: *baseMeta,
argPredicate: cfg.ARGPredicate,
recursiveQuery: cfg.RecursiveQuery,
includeRoleAssignment: cfg.IncludeRoleAssignment,
includeResourceGroup: cfg.IncludeResourceGroup,
argTable: cfg.ARGTable,
argAuthenticationScopeFilter: armresourcegraph.AuthorizationScopeFilter(cfg.ARGAuthorizationScopeFilter),
}
meta.resourceNamePrefix, meta.resourceNameSuffix = resourceNamePattern(cfg.ResourceNamePattern)

Expand Down Expand Up @@ -99,14 +104,16 @@ func (meta *MetaQuery) ListResource(ctx context.Context) (ImportList, error) {

func (meta MetaQuery) queryResourceSet(ctx context.Context, predicate string, recursive bool) (*resourceset.AzureResourceSet, error) {
opt := azlist.Option{
Logger: meta.logger.WithGroup("azlist"),
SubscriptionId: meta.subscriptionId,
Cred: meta.azureSDKCred,
ClientOpt: meta.azureSDKClientOpt,
Parallelism: meta.parallelism,
Recursive: recursive,
ExtensionResourceTypes: extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(),
IncludeResourceGroup: meta.includeResourceGroup,
Logger: meta.logger.WithGroup("azlist"),
SubscriptionId: meta.subscriptionId,
Cred: meta.azureSDKCred,
ClientOpt: meta.azureSDKClientOpt,
Parallelism: meta.parallelism,
Recursive: recursive,
IncludeResourceGroup: meta.includeResourceGroup,
ExtensionResourceTypes: extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(),
ARGTable: meta.argTable,
ARGAuthorizationScopeFilter: meta.argAuthenticationScopeFilter,
}
lister, err := azlist.NewLister(opt)
if err != nil {
Expand Down
26 changes: 20 additions & 6 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,18 @@ func main() {
Usage: "Include the resource groups that the exported resources belong to",
Destination: &flagset.flagIncludeResourceGroup,
},
&cli.StringFlag{
Name: "arg-table",
EnvVars: []string{"AZTFEXPORT_ARG_TABLE"},
Usage: `The Azure Resource Graph table name. Defaults to "Resources".`,
Destination: &flagset.flagARGTable,
},
&cli.StringFlag{
Name: "arg-authorization-scope-filter",
EnvVars: []string{"AZTFEXPORT_ARG_AUTHORIZATION_SCOPE_FILTER"},
Usage: `The Azure Resource Graph Authorization Scope Filter parameter. Possible values are: "AtScopeAndBelow", "AtScopeAndAbove", "AtScopeAboveAndBelow" and "AtScopeExact"`,
Destination: &flagset.flagARGAuthorizationScopeFilter,
},
}, resourceGroupFlags...)

mappingFileFlags := append([]cli.Flag{}, commonFlags...)
Expand Down Expand Up @@ -608,12 +620,14 @@ func main() {

// Initialize the config
cfg := config.Config{
CommonConfig: commonConfig,
ARGPredicate: predicate,
ResourceNamePattern: flagset.flagPattern,
RecursiveQuery: flagset.flagRecursive,
IncludeRoleAssignment: flagset.flagIncludeRoleAssignment,
IncludeResourceGroup: flagset.flagIncludeResourceGroup,
CommonConfig: commonConfig,
ARGPredicate: predicate,
ResourceNamePattern: flagset.flagPattern,
RecursiveQuery: flagset.flagRecursive,
IncludeRoleAssignment: flagset.flagIncludeRoleAssignment,
IncludeResourceGroup: flagset.flagIncludeResourceGroup,
ARGTable: flagset.flagARGTable,
ARGAuthorizationScopeFilter: flagset.flagARGAuthorizationScopeFilter,
}

return realMain(c.Context, cfg, flagset.flagNonInteractive, flagset.hflagMockClient, flagset.flagPlainUI, flagset.flagGenerateMappingFile, flagset.hflagProfile, flagset.DescribeCLI(ModeQuery), flagset.hflagTFClientPluginPath)
Expand Down
31 changes: 23 additions & 8 deletions pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -112,20 +112,35 @@ type Config struct {
// MappingFile specifies the path of mapping file, this indicates the map file mode.
MappingFile string

// ResourceNamePattern specifies the resource name pattern, this only applies to resource group mode, query mode and multi-resource mode.
/////////////////////////
// Scope: rg, res (multi), query

// ResourceNamePattern specifies the resource name pattern
ResourceNamePattern string

// RecursiveQuery specifies whether to recursively list the child/proxy resources of the ARG resulted resource list, this only applies to query mode.
RecursiveQuery bool
/////////////////////////
// Scope: rg, query

// IncludeRoleAssignment specifies whether to include the role assginments assigned to the exported resources
IncludeRoleAssignment bool

// TFResourceName specifies the TF resource name, this only applies to resource mode.
/////////////////////////
// Scope: res (single)

// TFResourceName specifies the TF resource name
TFResourceName string
// TFResourceName specifies the TF resource type (if empty, will try to deduce the type), this only applies to resource mode.
// TFResourceName specifies the TF resource type (if empty, will try to deduce the type)
TFResourceType string

// IncludeRoleAssignment specifies whether to include the role assginments assigned to the exported resources, this only applies to rg and query mode
IncludeRoleAssignment bool
/////////////////////////
// Scope: query

// IncludeResourceGroup specifies whether to include the resource groups that the exported resources belong to, this only applies to query mode
// RecursiveQuery specifies whether to recursively list the child/proxy resources of the ARG resulted resource list
RecursiveQuery bool
// IncludeResourceGroup specifies whether to include the resource groups that the exported resources belong to
IncludeResourceGroup bool
// ARGTable specifies the ARG table name, which defaults to the "Resources" table
ARGTable string
// ARGAuthorizationScopeFilter specifies the AuthorizationScopeFilter parameter. Possible values are: "AtScopeAndBelow", "AtScopeAndAbove", "AtScopeAboveAndBelow" and "AtScopeExact"
ARGAuthorizationScopeFilter string
}
Loading