platform override, clear discovery after discovering assets

mondoohq · Sep 4, 2023 · d5ffb93 · d5ffb93
1 parent 3fdad96
commit d5ffb93
Show file tree

Hide file tree

Showing 7 changed files with 119 additions and 51 deletions.
diff --git a/apps/cnquery/cmd/shell.go b/apps/cnquery/cmd/shell.go
@@ -136,7 +136,6 @@ func StartShell(runtime *providers.Runtime, conf *ShellConfig) error {
 	if err != nil {
 		log.Fatal().Err(err).Msg("failed to connect to asset")
 	}
-
 	log.Info().Msgf("connected to %s", runtime.Provider.Connection.Asset.Platform.Title)
 
 	// when we close the shell, we need to close the backend and store the recording

diff --git a/providers/aws/connection/connection.go b/providers/aws/connection/connection.go
@@ -25,6 +25,7 @@ type AwsConnection struct {
 	clientcache      ClientsCache
 	awsConfigOptions []func(*config.LoadOptions) error
 	profile          string
+	PlatformOverride string
 }
 
 func NewAwsConnection(id uint32, asset *inventory.Asset, conf *inventory.Config) (*AwsConnection, error) {
@@ -44,10 +45,6 @@ func NewAwsConnection(id uint32, asset *inventory.Asset, conf *inventory.Config)
 		log.Info().Msg("no AWS region found, using us-east-1")
 		cfg.Region = "us-east-1" // in case the user has no region set, default to us-east-1
 	}
-	asset.Platform = &inventory.Platform{
-		Title: "aws",
-		Name:  "aws",
-	}
 	// gather information about the aws account
 	cfgCopy := cfg.Copy()
 	identity, err := CheckIam(cfgCopy)

diff --git a/providers/aws/connection/platform.go b/providers/aws/connection/platform.go
@@ -5,16 +5,15 @@ package connection
 
 import "go.mondoo.com/cnquery/providers-sdk/v1/inventory"
 
-func (a *AwsConnection) PlatformInfo(name string) *inventory.Platform {
-	// p.info.PlatformOverride
-	return getPlatformForObject(name)
+func (a *AwsConnection) PlatformInfo() *inventory.Platform {
+	return GetPlatformForObject(a.PlatformOverride)
 }
 
-func getPlatformForObject(platformName string) *inventory.Platform {
+func GetPlatformForObject(platformName string) *inventory.Platform {
 	if platformName != "aws" && platformName != "" {
 		return &inventory.Platform{
-			Name: platformName,
-			// Title:   getTitleForPlatformName(platformName),
+			Name:    platformName,
+			Title:   getTitleForPlatformName(platformName),
 			Kind:    "aws_object",
 			Runtime: "aws",
 		}
@@ -26,3 +25,55 @@ func getPlatformForObject(platformName string) *inventory.Platform {
 		Runtime: "aws",
 	}
 }
+
+func getTitleForPlatformName(name string) string {
+	switch name {
+	case "aws-s3-bucket":
+		return "AWS S3 Bucket"
+	case "aws-cloudtrail-trail":
+		return "AWS CloudTrail Trail"
+	case "aws-rds-dbinstance":
+		return "AWS RDS DB Instance"
+	case "aws-dynamodb-table":
+		return "AWS DynamoDB Table"
+	case "aws-redshift-cluster":
+		return "AWS Redshift Cluster"
+	case "aws-vpc":
+		return "AWS VPC"
+	case "aws-security-group":
+		return "AWS Security Group"
+	case "aws-ec2-volume":
+		return "AWS EC2 Volume"
+	case "aws-ec2-snapshot":
+		return "AWS EC2 Snapshot"
+	case "aws-iam-user":
+		return "AWS IAM User"
+	case "aws-iam-group":
+		return "AWS IAM Group"
+	case "aws-cloudwatch-loggroup":
+		return "AWS CloudWatch Log Group"
+	case "aws-lambda-function":
+		return "AWS Lambda Function"
+	case "aws-ecs-container":
+		return "AWS ECS Container"
+	case "aws-efs-filesystem":
+		return "AWS EFS Filesystem"
+	case "aws-gateway-restapi":
+		return "AWS Gateway REST API"
+	case "aws-elb-loadbalancer":
+		return "AWS ELB Load Balancer"
+	case "aws-es-domain":
+		return "AWS ES Domain"
+	case "aws-kms-key":
+		return "AWS KMS Key"
+	case "aws-sagemaker-notebookinstance":
+		return "AWS SageMaker Notebook Instance"
+	case "aws-ec2-instance":
+		return "AWS EC2 Instance"
+	case "aws-ssm-instance":
+		return "AWS SSM Instance"
+	case "aws-ecr-image":
+		return "AWS ECR Image"
+	}
+	return "Amazon Web Services"
+}
diff --git a/providers/aws/go.mod b/providers/aws/go.mod
@@ -100,6 +100,7 @@ require (
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-plugin v1.4.8 // indirect
 	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
+	github.com/hnakamur/go-scp v1.0.2 // indirect
 	github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect

diff --git a/providers/aws/go.sum b/providers/aws/go.sum
@@ -207,7 +207,9 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -354,6 +356,10 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/hnakamur/go-scp v1.0.2 h1:i2I0O0pjAaX4BXJFrp1blsIdjOBekc5QOaB0AbdO1d0=
+github.com/hnakamur/go-scp v1.0.2/go.mod h1:Dh9GtPFBkiDI1KY1nmf+W7eVCWWmRjJitkCYgvWv+Zc=
+github.com/hnakamur/go-sshd v0.0.0-20170228152141-dccc3399d26a h1:p8dbHRhXhPSwVZqk76FguLzyeCZuvCqFlaYSqXOzbyI=
+github.com/hnakamur/go-sshd v0.0.0-20170228152141-dccc3399d26a/go.mod h1:R+6I3EdoV6ofbNqJsArhT9+Pnu57DxtmDJAQfxkCbGo=
 github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f h1:7LYC+Yfkj3CTRcShK0KOL/w6iTiKyqqBA9a41Wnggw8=
 github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f/go.mod h1:pFlLw2CfqZiIBOx6BuCeRLCrfxBJipTY0nIOF/VbGcI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -402,6 +408,8 @@ github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NB
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
+github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
@@ -568,6 +576,7 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191227163750-53104e6ec876/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
@@ -709,6 +718,7 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200828081204-131dc92a58d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

diff --git a/providers/aws/provider/provider.go b/providers/aws/provider/provider.go
@@ -75,13 +75,21 @@ func (s *Service) Connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 		return nil, err
 	}
 
-	// // We only need to run the detection step when we don't have any asset information yet.
+	// We only need to run the detection step when we don't have any asset information yet.
 	if req.Asset.Platform == nil {
 		if err := s.detect(req.Asset, conn); err != nil {
 			return nil, err
 		}
 	}
-	inventory, err := s.discover(conn)
+	inventory := &inventory.Inventory{
+		Spec: &inventory.InventorySpec{
+			Assets: []*inventory.Asset{req.Asset},
+		},
+	}
+
+	conn.PlatformOverride = req.Asset.Platform.Name
+
+	inventory, err = s.discover(conn)
 	if err != nil {
 		return nil, err
 	}
@@ -135,7 +143,7 @@ func (s *Service) connect(req *plugin.ConnectReq, callback plugin.ProviderCallba
 func (s *Service) detect(asset *inventory.Asset, conn *connection.AwsConnection) error {
 	asset.Id = conn.Conf.Type + "://" + conn.AccountId()
 	asset.Name = conn.Conf.Host
-	asset.Platform = conn.PlatformInfo("aws")
+	asset.Platform = conn.PlatformInfo()
 	asset.PlatformIds = []string{"//platformid.api.mondoo.app/runtime/aws/accounts" + conn.AccountId()}
 
 	return nil

diff --git a/providers/aws/resources/discovery_conversion.go b/providers/aws/resources/discovery_conversion.go
@@ -49,9 +49,9 @@ func MqlObjectToAsset(account string, mqlObject mqlObject, conn *connection.AwsC
 		log.Error().Err(err).Msg("missing values in mql object to asset translation")
 		return nil
 	}
-	info, err := getTitleFamily(mqlObject.awsObject)
-	if err != nil {
-		log.Error().Err(err).Msg("missing runtime info")
+	platformName := getPlatformName(mqlObject.awsObject)
+	if platformName == "" {
+		log.Error().Err(errors.New("could not fetch platform info for object")).Msg("missing runtime info")
 		return nil
 	}
 	platformid := MondooObjectID(mqlObject.awsObject)
@@ -60,17 +60,19 @@ func MqlObjectToAsset(account string, mqlObject mqlObject, conn *connection.AwsC
 	return &inventory.Asset{
 		PlatformIds: []string{platformid, mqlObject.awsObject.arn},
 		Name:        mqlObject.name,
-		Platform: &inventory.Platform{
-			Name:    info.Name,
-			Title:   info.Title,
-			Kind:    "aws-object",
-			Runtime: "AWS",
-		},
+		Platform:    connection.GetPlatformForObject(platformName),
 		Labels:      mqlObject.labels,
-		Connections: []*inventory.Config{conn.Conf},
+		Connections: []*inventory.Config{cloneInventoryConf(conn.Conf)},
 	}
 }
 
+func cloneInventoryConf(invConf *inventory.Config) *inventory.Config {
+	invConfClone := invConf.Clone()
+	// We do not want to run discovery again for the already discovered assets
+	invConfClone.Discover = &inventory.Discovery{}
+	return invConfClone
+}
+
 func validate(m mqlObject) error {
 	if m.name == "" {
 		return errors.New("name required for mql aws object to asset translation")
@@ -90,100 +92,100 @@ func validate(m mqlObject) error {
 	return nil
 }
 
-func getTitleFamily(awsObject awsObject) (*inventory.Platform, error) {
+func getPlatformName(awsObject awsObject) string {
 	switch awsObject.service {
 	case "s3":
 		if awsObject.objectType == "bucket" {
-			return &inventory.Platform{Title: "AWS S3 Bucket", Name: "aws-s3-bucket"}, nil
+			return "aws-s3-bucket"
 		}
 	case "cloudtrail":
 		if awsObject.objectType == "trail" {
-			return &inventory.Platform{Title: "AWS CloudTrail Trail", Name: "aws-cloudtrail-trail"}, nil
+			return "aws-cloudtrail-trail"
 		}
 	case "rds":
 		if awsObject.objectType == "dbinstance" {
-			return &inventory.Platform{Title: "AWS RDS DB Instance", Name: "aws-rds-dbinstance"}, nil
+			return "aws-rds-dbinstance"
 		}
 	case "dynamodb":
 		if awsObject.objectType == "table" {
-			return &inventory.Platform{Title: "AWS DynamoDB Table", Name: "aws-dynamodb-table"}, nil
+			return "aws-dynamodb-table"
 		}
 	case "redshift":
 		if awsObject.objectType == "cluster" {
-			return &inventory.Platform{Title: "AWS Redshift Cluster", Name: "aws-redshift-cluster"}, nil
+			return "aws-redshift-cluster"
 		}
 	case "vpc":
 		if awsObject.objectType == "vpc" {
-			return &inventory.Platform{Title: "AWS VPC", Name: "aws-vpc"}, nil
+			return "aws-vpc"
 		}
 	case "ec2":
 		switch awsObject.objectType {
 		case "securitygroup":
-			return &inventory.Platform{Title: "AWS Security Group", Name: "aws-security-group"}, nil
+			return "aws-security-group"
 		case "volume":
-			return &inventory.Platform{Title: "AWS EC2 Volume", Name: "aws-ec2-volume"}, nil
+			return "aws-ec2-volume"
 		case "snapshot":
-			return &inventory.Platform{Title: "AWS EC2 Snapshot", Name: "aws-ec2-snapshot"}, nil
+			return "aws-ec2-snapshot"
 		case "instance":
-			return &inventory.Platform{Title: "AWS EC2 Instance", Name: "aws-ec2-instance"}, nil
+			return "aws-ec2-instance"
 		}
 	case "iam":
 		switch awsObject.objectType {
 		case "user":
-			return &inventory.Platform{Title: "AWS IAM User", Name: "aws-iam-user"}, nil
+			return "aws-iam-user"
 
 		case "group":
-			return &inventory.Platform{Title: "AWS IAM Group", Name: "aws-iam-group"}, nil
+			return "aws-iam-group"
 		}
 	case "cloudwatch":
 		if awsObject.objectType == "loggroup" {
-			return &inventory.Platform{Title: "AWS CloudWatch Log Group", Name: "aws-cloudwatch-loggroup"}, nil
+			return "aws-cloudwatch-loggroup"
 		}
 	case "lambda":
 		if awsObject.objectType == "function" {
-			return &inventory.Platform{Title: "AWS Lambda Function", Name: "aws-lambda-function"}, nil
+			return "aws-lambda-function"
 		}
 	case "ecs":
 		if awsObject.objectType == "container" {
-			return &inventory.Platform{Title: "AWS ECS Container", Name: "aws-ecs-container"}, nil
+			return "aws-ecs-container"
 		}
 		if awsObject.objectType == "instance" {
-			return &inventory.Platform{Title: "AWS ECS Container Instance", Name: "aws-ecs-instance"}, nil
+			return "aws-ecs-instance"
 		}
 	case "efs":
 		if awsObject.objectType == "filesystem" {
-			return &inventory.Platform{Title: "AWS EFS Filesystem", Name: "aws-efs-filesystem"}, nil
+			return "aws-efs-filesystem"
 		}
 	case "gateway":
 		if awsObject.objectType == "restapi" {
-			return &inventory.Platform{Title: "AWS Gateway REST API", Name: "aws-gateway-restapi"}, nil
+			return "aws-gateway-restapi"
 		}
 	case "elb":
 		if awsObject.objectType == "loadbalancer" {
-			return &inventory.Platform{Title: "AWS ELB Load Balancer", Name: "aws-elb-loadbalancer"}, nil
+			return "aws-elb-loadbalancer"
 		}
 	case "es":
 		if awsObject.objectType == "domain" {
-			return &inventory.Platform{Title: "AWS ES Domain", Name: "aws-es-domain"}, nil
+			return "aws-es-domain"
 		}
 	case "kms":
 		if awsObject.objectType == "key" {
-			return &inventory.Platform{Title: "AWS KMS Key", Name: "aws-kms-key"}, nil
+			return "aws-kms-key"
 		}
 	case "sagemaker":
 		if awsObject.objectType == "notebookinstance" {
-			return &inventory.Platform{Title: "AWS SageMaker Notebook Instance", Name: "aws-sagemaker-notebookinstance"}, nil
+			return "aws-sagemaker-notebookinstance"
 		}
 	case "ssm":
 		if awsObject.objectType == "instance" {
-			return &inventory.Platform{Title: "AWS SSM Instance", Name: "aws-ssm-instance"}, nil
+			return "aws-ssm-instance"
 		}
 	case "ecr":
 		if awsObject.objectType == "image" {
-			return &inventory.Platform{Title: "AWS ECR Image", Name: "aws-ecr-image"}, nil
+			return "aws-ecr-image"
 		}
 	}
-	return nil, errors.Newf("missing runtime info for aws object service %s type %s", awsObject.service, awsObject.objectType)
+	return ""
 }
 
 func accountAsset(conn *connection.AwsConnection, awsAccount *mqlAwsAccount) *inventory.Asset {
@@ -199,7 +201,7 @@ func accountAsset(conn *connection.AwsConnection, awsAccount *mqlAwsAccount) *in
 	return &inventory.Asset{
 		PlatformIds: []string{id},
 		Name:        name,
-		Platform:    &inventory.Platform{Name: "aws", Runtime: "aws"},
+		Platform:    connection.GetPlatformForObject(""),
 		Connections: []*inventory.Config{conn.Conf},
 	}
 }