⭐️ allow filtering of query packs by short mrns (#1145)

This change adds support to filter the query packs available in https://mondoo.com/registry by short mrns: ``` cnquery scan okta --organization dev-12345.okta.com --token $OKTA_TOKEN --querypack mondoohq/mondoo-okta-incident-response ```
mondoohq · Apr 11, 2023 · 175c10c · 175c10c
1 parent 04a6590
commit 175c10c
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 2 deletions.
diff --git a/explorer/query_hub.go b/explorer/query_hub.go
@@ -4,6 +4,9 @@ import (
 	"context"
 	"errors"
 	"os"
+	"path"
+
+	"go.mondoo.com/cnquery/mrn"
 
 	"go.mondoo.com/ranger-rpc"
 
@@ -13,10 +16,23 @@ import (
 	"go.opentelemetry.io/otel"
 )
 
-const defaultRegistryUrl = "https://registry.api.mondoo.com"
+const (
+	defaultRegistryUrl     = "https://registry.api.mondoo.com"
+	RegistryServiceName    = "registry.mondoo.com"
+	CollectionIDNamespace  = "namespace"
+	CollectionIDQueryPacks = "querypacks"
+)
 
 var tracer = otel.Tracer("go.mondoo.com/cnquery/explorer")
 
+func NewQueryPackMrn(namespace string, uid string) string {
+	m := &mrn.MRN{
+		ServiceName:          RegistryServiceName,
+		RelativeResourceName: path.Join(CollectionIDNamespace, namespace, CollectionIDQueryPacks, uid),
+	}
+	return m.String()
+}
+
 // ValidateBundle and check queries, relationships, MRNs, and versions
 func (s *LocalServices) ValidateBundle(ctx context.Context, bundle *Bundle) (*Empty, error) {
 	_, err := bundle.Compile(ctx)

diff --git a/explorer/query_hub_test.go b/explorer/query_hub_test.go
@@ -0,0 +1,19 @@
+package explorer
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestQueryPackMrn(t *testing.T) {
+	// given
+	namespace := "test-namespace"
+	uid := "test-uid"
+
+	// when
+	mrn := NewQueryPackMrn(namespace, uid)
+
+	// then
+	assert.Equal(t, "//registry.mondoo.com/namespace/test-namespace/querypacks/test-uid", mrn)
+}
diff --git a/explorer/scan/local_scanner.go b/explorer/scan/local_scanner.go
@@ -127,6 +127,27 @@ func (s *LocalScanner) RunIncognito(ctx context.Context, job *Job) (*explorer.Re
 	return reports, nil
 }
 
+// preprocessPolicyFilters expends short registry mrns into full mrns
+func preprocessQueryPackFilters(filters []string) []string {
+	res := make([]string, len(filters))
+	for i := range filters {
+		f := filters[i]
+		if strings.HasPrefix(f, "//") {
+			res[i] = f
+			continue
+		}
+
+		// expand short registry mrns
+		m := strings.Split(f, "/")
+		if len(m) == 2 {
+			res[i] = explorer.NewQueryPackMrn(m[0], m[1])
+		} else {
+			res[i] = f
+		}
+	}
+	return res
+}
+
 func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstreamConfig resources.UpstreamConfig) (*explorer.ReportCollection, bool, error) {
 	log.Info().Msgf("discover related assets for %d asset(s)", len(job.Inventory.Spec.Assets))
 	im, err := inventory.New(inventory.WithInventory(job.Inventory))
@@ -246,7 +267,7 @@ func (s *LocalScanner) distributeJob(job *Job, ctx context.Context, upstreamConf
 				Asset:            asset,
 				Bundle:           job.Bundle,
 				Props:            job.Props,
-				QueryPackFilters: job.QueryPackFilters,
+				QueryPackFilters: preprocessQueryPackFilters(job.QueryPackFilters),
 				Ctx:              ctx,
 				CredsResolver:    im.GetCredsResolver(),
 				Reporter:         reporter,

diff --git a/explorer/scan/local_scanner_test.go b/explorer/scan/local_scanner_test.go
@@ -0,0 +1,26 @@
+package scan
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFilterPreprocess(t *testing.T) {
+	// given
+	filters := []string{
+		"namespace1/pack1",
+		"namespace2/pack2",
+		"//registry.mondoo.com/namespace/namespace3/querypacks/pack3",
+	}
+
+	// when
+	preprocessed := preprocessQueryPackFilters(filters)
+
+	// then
+	assert.Equal(t, []string{
+		"//registry.mondoo.com/namespace/namespace1/querypacks/pack1",
+		"//registry.mondoo.com/namespace/namespace2/querypacks/pack2",
+		"//registry.mondoo.com/namespace/namespace3/querypacks/pack3",
+	}, preprocessed)
+}