From 7e21fd0bb0b7f0026838300fc98a694c5e87a4e1 Mon Sep 17 00:00:00 2001 From: jknudsen Date: Fri, 26 Apr 2024 12:40:33 +0200 Subject: [PATCH] feat: add RoleSeparationEnabled property --- cmd/ui/src/ducks/entityinfo/types.ts | 2 ++ packages/cue/bh/ad/ad.cue | 16 ++++++++++++++++ packages/go/ein/ad.go | 5 +++++ packages/go/ein/incoming_models.go | 6 ++++++ packages/go/graphschema/ad/ad.go | 16 +++++++++++++++- .../javascript/bh-shared-ui/src/graphSchema.ts | 6 ++++++ 6 files changed, 50 insertions(+), 1 deletion(-) diff --git a/cmd/ui/src/ducks/entityinfo/types.ts b/cmd/ui/src/ducks/entityinfo/types.ts index 85ad5bfd19..88941bb5b7 100644 --- a/cmd/ui/src/ducks/entityinfo/types.ts +++ b/cmd/ui/src/ducks/entityinfo/types.ts @@ -138,6 +138,8 @@ export interface EnterpriseCAInfo extends EntityInfo { hasenrollmentagentrestrictions?: boolean; isuserspecifiessanenabled?: boolean; isuserspecifiessanenabledcollected: boolean; + roleseparationenabled?: boolean; + roleseparationenabledcollected: boolean; description?: string; }; controllables: number; diff --git a/packages/cue/bh/ad/ad.cue b/packages/cue/bh/ad/ad.cue index dfabee909b..b9fdab398a 100644 --- a/packages/cue/bh/ad/ad.cue +++ b/packages/cue/bh/ad/ad.cue @@ -98,6 +98,20 @@ IsUserSpecifiesSanEnabledCollected: types.#StringEnum & { representation: "isuserspecifiessanenabledcollected" } +RoleSeparationEnabled: types.#StringEnum & { + symbol: "RoleSeparationEnabled" + schema: "ad" + name: "Role Separation Enabled" + representation: "roleseparationenabled" +} + +RoleSeparationEnabledCollected: types.#StringEnum & { + symbol: "RoleSeparationEnabledCollected" + schema: "ad" + name: "Role Separation Enabled Collected" + representation: "roleseparationenabledcollected" +} + HasBasicConstraints: types.#StringEnum & { symbol: "HasBasicConstraints" schema: "ad" @@ -565,6 +579,8 @@ Properties: [ EnrollmentAgentRestrictionsCollected, IsUserSpecifiesSanEnabled, IsUserSpecifiesSanEnabledCollected, + RoleSeparationEnabled, + RoleSeparationEnabledCollected, HasBasicConstraints, BasicConstraintPathLength, DNSHostname, diff --git a/packages/go/ein/ad.go b/packages/go/ein/ad.go index 6e4dce9f8f..f81394b717 100644 --- a/packages/go/ein/ad.go +++ b/packages/go/ein/ad.go @@ -441,6 +441,11 @@ func ParseCARegistryProperties(enterpriseCA EnterpriseCA) IngestibleNode { propMap[ad.IsUserSpecifiesSanEnabled.String()] = enterpriseCA.CARegistryData.IsUserSpecifiesSanEnabled.Value } + // RoleSeparationEnabled + if enterpriseCA.CARegistryData.RoleSeparationEnabled.Collected { + propMap[ad.RoleSeparationEnabled.String()] = enterpriseCA.CARegistryData.RoleSeparationEnabled.Value + } + return IngestibleNode{ ObjectID: enterpriseCA.ObjectIdentifier, PropertyMap: propMap, diff --git a/packages/go/ein/incoming_models.go b/packages/go/ein/incoming_models.go index c582cc83c1..15e768c6d2 100644 --- a/packages/go/ein/incoming_models.go +++ b/packages/go/ein/incoming_models.go @@ -120,10 +120,16 @@ type IsUserSpecifiesSanEnabled struct { Value bool } +type RoleSeparationEnabled struct { + APIResult + Value bool +} + type CARegistryData struct { CASecurity CASecurity EnrollmentAgentRestrictions EnrollmentAgentRestrictions IsUserSpecifiesSanEnabled IsUserSpecifiesSanEnabled + RoleSeparationEnabled RoleSeparationEnabled } type DCRegistryData struct { diff --git a/packages/go/graphschema/ad/ad.go b/packages/go/graphschema/ad/ad.go index a91646af8d..5723d959d2 100644 --- a/packages/go/graphschema/ad/ad.go +++ b/packages/go/graphschema/ad/ad.go @@ -126,6 +126,8 @@ const ( EnrollmentAgentRestrictionsCollected Property = "enrollmentagentrestrictionscollected" IsUserSpecifiesSanEnabled Property = "isuserspecifiessanenabled" IsUserSpecifiesSanEnabledCollected Property = "isuserspecifiessanenabledcollected" + RoleSeparationEnabled Property = "roleseparationenabled" + RoleSeparationEnabledCollected Property = "roleseparationenabledcollected" HasBasicConstraints Property = "hasbasicconstraints" BasicConstraintPathLength Property = "basicconstraintpathlength" DNSHostname Property = "dnshostname" @@ -193,7 +195,7 @@ const ( ) func AllProperties() []Property { - return []Property{AdminCount, CASecurityCollected, CAName, CertChain, CertName, CertThumbprint, CertThumbprints, HasEnrollmentAgentRestrictions, EnrollmentAgentRestrictionsCollected, IsUserSpecifiesSanEnabled, IsUserSpecifiesSanEnabledCollected, HasBasicConstraints, BasicConstraintPathLength, DNSHostname, CrossCertificatePair, DistinguishedName, DomainFQDN, DomainSID, Sensitive, HighValue, BlocksInheritance, IsACL, IsACLProtected, IsDeleted, Enforced, Department, HasCrossCertificatePair, HasSPN, UnconstrainedDelegation, LastLogon, LastLogonTimestamp, IsPrimaryGroup, HasLAPS, DontRequirePreAuth, LogonType, HasURA, PasswordNeverExpires, PasswordNotRequired, FunctionalLevel, TrustType, SidFiltering, TrustedToAuth, SamAccountName, CertificateMappingMethodsRaw, CertificateMappingMethods, StrongCertificateBindingEnforcementRaw, StrongCertificateBindingEnforcement, EKUs, SubjectAltRequireUPN, SubjectAltRequireDNS, SubjectAltRequireDomainDNS, SubjectAltRequireEmail, SubjectAltRequireSPN, SubjectRequireEmail, AuthorizedSignatures, ApplicationPolicies, IssuancePolicies, SchemaVersion, RequiresManagerApproval, AuthenticationEnabled, EnrolleeSuppliesSubject, CertificateApplicationPolicy, CertificateNameFlag, EffectiveEKUs, EnrollmentFlag, Flags, NoSecurityExtension, RenewalPeriod, ValidityPeriod, OID, HomeDirectory, CertificatePolicy, CertTemplateOID, GroupLinkID, ObjectGUID} + return []Property{AdminCount, CASecurityCollected, CAName, CertChain, CertName, CertThumbprint, CertThumbprints, HasEnrollmentAgentRestrictions, EnrollmentAgentRestrictionsCollected, IsUserSpecifiesSanEnabled, IsUserSpecifiesSanEnabledCollected, RoleSeparationEnabled, RoleSeparationEnabledCollected, HasBasicConstraints, BasicConstraintPathLength, DNSHostname, CrossCertificatePair, DistinguishedName, DomainFQDN, DomainSID, Sensitive, HighValue, BlocksInheritance, IsACL, IsACLProtected, IsDeleted, Enforced, Department, HasCrossCertificatePair, HasSPN, UnconstrainedDelegation, LastLogon, LastLogonTimestamp, IsPrimaryGroup, HasLAPS, DontRequirePreAuth, LogonType, HasURA, PasswordNeverExpires, PasswordNotRequired, FunctionalLevel, TrustType, SidFiltering, TrustedToAuth, SamAccountName, CertificateMappingMethodsRaw, CertificateMappingMethods, StrongCertificateBindingEnforcementRaw, StrongCertificateBindingEnforcement, EKUs, SubjectAltRequireUPN, SubjectAltRequireDNS, SubjectAltRequireDomainDNS, SubjectAltRequireEmail, SubjectAltRequireSPN, SubjectRequireEmail, AuthorizedSignatures, ApplicationPolicies, IssuancePolicies, SchemaVersion, RequiresManagerApproval, AuthenticationEnabled, EnrolleeSuppliesSubject, CertificateApplicationPolicy, CertificateNameFlag, EffectiveEKUs, EnrollmentFlag, Flags, NoSecurityExtension, RenewalPeriod, ValidityPeriod, OID, HomeDirectory, CertificatePolicy, CertTemplateOID, GroupLinkID, ObjectGUID} } func ParseProperty(source string) (Property, error) { switch source { @@ -219,6 +221,10 @@ func ParseProperty(source string) (Property, error) { return IsUserSpecifiesSanEnabled, nil case "isuserspecifiessanenabledcollected": return IsUserSpecifiesSanEnabledCollected, nil + case "roleseparationenabled": + return RoleSeparationEnabled, nil + case "roleseparationenabledcollected": + return RoleSeparationEnabledCollected, nil case "hasbasicconstraints": return HasBasicConstraints, nil case "basicconstraintpathlength": @@ -375,6 +381,10 @@ func (s Property) String() string { return string(IsUserSpecifiesSanEnabled) case IsUserSpecifiesSanEnabledCollected: return string(IsUserSpecifiesSanEnabledCollected) + case RoleSeparationEnabled: + return string(RoleSeparationEnabled) + case RoleSeparationEnabledCollected: + return string(RoleSeparationEnabledCollected) case HasBasicConstraints: return string(HasBasicConstraints) case BasicConstraintPathLength: @@ -531,6 +541,10 @@ func (s Property) Name() string { return "Is User Specifies San Enabled" case IsUserSpecifiesSanEnabledCollected: return "Is User Specifies San Enabled Collected" + case RoleSeparationEnabled: + return "Role Separation Enabled" + case RoleSeparationEnabledCollected: + return "Role Separation Enabled Collected" case HasBasicConstraints: return "Has Basic Constraints" case BasicConstraintPathLength: diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index 8495ba71dc..945a4b50fe 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -311,6 +311,8 @@ export enum ActiveDirectoryKindProperties { EnrollmentAgentRestrictionsCollected = 'enrollmentagentrestrictionscollected', IsUserSpecifiesSanEnabled = 'isuserspecifiessanenabled', IsUserSpecifiesSanEnabledCollected = 'isuserspecifiessanenabledcollected', + RoleSeparationEnabled = 'roleseparationenabled', + RoleSeparationEnabledCollected = 'roleseparationenabledcollected', HasBasicConstraints = 'hasbasicconstraints', BasicConstraintPathLength = 'basicconstraintpathlength', DNSHostname = 'dnshostname', @@ -400,6 +402,10 @@ export function ActiveDirectoryKindPropertiesToDisplay(value: ActiveDirectoryKin return 'Is User Specifies San Enabled'; case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabledCollected: return 'Is User Specifies San Enabled Collected'; + case ActiveDirectoryKindProperties.RoleSeparationEnabled: + return 'Role Separation Enabled'; + case ActiveDirectoryKindProperties.RoleSeparationEnabledCollected: + return 'Role Separation Enabled Collected'; case ActiveDirectoryKindProperties.HasBasicConstraints: return 'Has Basic Constraints'; case ActiveDirectoryKindProperties.BasicConstraintPathLength: