Skip to content

Commit

Permalink
🧹 Adding Country location to NamedLocation under conditional access -…
Browse files Browse the repository at this point in the history 
… MS365 (#4848)

* 🧹 Adding Country location to NamedLocation under confitional access - MS365

Signed-off-by: Hossein Rouhani <[email protected]>

* improving the resources

Signed-off-by: Hossein Rouhani <[email protected]>

* improving the errors

Signed-off-by: Hossein Rouhani <[email protected]>

* rebase

Signed-off-by: Hossein Rouhani <[email protected]>

---------

Signed-off-by: Hossein Rouhani <[email protected]>
  • Loading branch information
@HRouhani
HRouhani authored Nov 13, 2024
1 parent a4e4356 commit 7748bcf
Show file tree
Hide file tree
Showing 4 changed files with 243 additions and 15 deletions.
52 changes: 51 additions & 1 deletion providers/ms365/resources/conditional-access.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ func (m *mqlMicrosoftConditionalAccessIpNamedLocation) id() (string, error) {
return m.Name.Data, nil
}

func (a *mqlMicrosoftConditionalAccess) namedLocations() ([]interface{}, error) {
func (a *mqlMicrosoftConditionalAccessNamedLocations) ipLocations() ([]interface{}, error) {
conn := a.MqlRuntime.Connection.(*connection.Ms365Connection)
graphClient, err := conn.GraphClient()
if err != nil {
Expand Down Expand Up @@ -59,3 +59,53 @@ func (a *mqlMicrosoftConditionalAccess) namedLocations() ([]interface{}, error)

return locationDetails, nil
}

func (m *mqlMicrosoftConditionalAccessCountryNamedLocation) id() (string, error) {
return m.Name.Data, nil
}

func (a *mqlMicrosoftConditionalAccessNamedLocations) countryLocations() ([]interface{}, error) {
conn := a.MqlRuntime.Connection.(*connection.Ms365Connection)
graphClient, err := conn.GraphClient()
if err != nil {
return nil, err
}

ctx := context.Background()
namedLocations, err := graphClient.Identity().ConditionalAccess().NamedLocations().Get(ctx, nil)
if err != nil {
return nil, transformError(err)
}

var locationDetails []interface{}
for _, location := range namedLocations.GetValue() {
if countryLocation, ok := location.(*models.CountryNamedLocation); ok {
displayName := countryLocation.GetDisplayName()
countryLookupMethod := countryLocation.GetCountryLookupMethod()

var lookupMethodStr *string
if countryLookupMethod != nil {
method := countryLookupMethod.String()
lookupMethodStr = &method
}

if displayName != nil && lookupMethodStr != nil {
locationInfo, err := CreateResource(a.MqlRuntime, "microsoft.conditionalAccess.countryNamedLocation",
map[string]*llx.RawData{
"name": llx.StringDataPtr(displayName),
"lookupMethod": llx.StringDataPtr(lookupMethodStr),
})
if err != nil {
return nil, err
}
locationDetails = append(locationDetails, locationInfo)
}
}
}

if len(locationDetails) == 0 {
return nil, nil
}

return locationDetails, nil
}
20 changes: 18 additions & 2 deletions providers/ms365/resources/ms365.lr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,16 @@ microsoft.tenant @defaults("name") {

// Microsoft Conditional Access Policies
microsoft.conditionalAccess {
// IP named location
namedLocations() []microsoft.conditionalAccess.ipNamedLocation
// Named locations container
namedLocations microsoft.conditionalAccess.namedLocations
}

// Container for Microsoft Conditional Access Named Locations
microsoft.conditionalAccess.namedLocations {
// IP-based named locations
ipLocations() []microsoft.conditionalAccess.ipNamedLocation
// Country-based named locations
countryLocations() []microsoft.conditionalAccess.countryNamedLocation
}

// Microsoft Conditional Access IP named location
Expand All @@ -70,6 +78,14 @@ microsoft.conditionalAccess.ipNamedLocation @defaults("name trusted") {
trusted bool
}

// Microsoft Conditional Access Country named location
microsoft.conditionalAccess.countryNamedLocation @defaults("name lookupMethod") {
// Named location name
name string
// Method to determine the country location
lookupMethod string
}

// Microsoft Entra ID user
private microsoft.user @defaults("id displayName userPrincipalName") {
// User Object ID
Expand Down
173 changes: 166 additions & 7 deletions providers/ms365/resources/ms365.lr.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 8 additions & 5 deletions providers/ms365/resources/ms365.lr.manifest.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,20 +122,23 @@ resources:
min_mondoo_version: 9.0.0
microsoft.conditionalAccess:
fields:
name: {}
namedLocations: {}
trusted: {}
min_mondoo_version: 9.0.0
microsoft.conditionalAccess.ipNamedLocation:
microsoft.conditionalAccess.countryNamedLocation:
fields:
lookupMethod: {}
name: {}
trusted: {}
min_mondoo_version: 9.0.0
microsoft.conditionalAccess.namedLocation:
microsoft.conditionalAccess.ipNamedLocation:
fields:
name: {}
trusted: {}
min_mondoo_version: 9.0.0
microsoft.conditionalAccess.namedLocations:
fields:
countryLocations: {}
ipLocations: {}
min_mondoo_version: 9.0.0
microsoft.devicemanagement:
fields:
deviceCompliancePolicies: {}
Expand Down

0 comments on commit 7748bcf

Please sign in to comment.