Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⭐️ allow and deny subscriptions scan VMs options #1477

Merged
merged 2 commits into from
Nov 13, 2024
Merged

⭐️ allow and deny subscriptions scan VMs options #1477

merged 2 commits into from
Nov 13, 2024

Conversation

afiune
Copy link
Contributor

@afiune afiune commented Nov 12, 2024
edited
Loading

This PR adds three more flags to the experimental command cnspec integrate azure.

--allow, --deny used to control the integration of subscriptions. By default, all subscriptions will be discovered and integrated for continuous scanning.

To choose the subscriptions to scan, pass the list of subscriptions using the --allow flag.

cnspec integrate azure --allow <subscription_id_1> --allow <subscription_id_2>

To scan all subscriptions expect those you specify, pass the list of subscriptions you don't
want Mondoo to scan using the --deny flag.

cnspec integrate azure --deny "<subscription_id_1>,<subscription_id_2>"

The new --scan-vms enables scanning VMs on Azure subscriptions via RunCommand.

NOTE that --allow and --deny are mutually exclusive and can't be use together.

Finally, I moved the onboarding code that is generic to its own package so that new integration commands like gcp or aws can leverage it.

@afiune
⭐️ allow and deny subscriptions scan VMs options
ce0a9a6 
This PR adds three more flags to the experimental command
`cnspec integrate azure`.

`--allow`, `--deny` used to control the integration of subscriptions.

`--scan-vms` that enables scanning VMs on Azure subscriptions via
RunCommand.

Additionally, I moved the `onboarding` code that is generic to its own
package so that new integration commands like `gcp` or `aws` can
leverage it.

Signed-off-by: Salim Afiune Maya <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 12, 2024
edited
Loading

Test Results

  1 files  ±0   26 suites  1   20s ⏱️ 3s
441 tests 3  440 ✅ 3  1 💤 ±0  0 ❌ ±0 
442 runs  3  441 ✅ 3  1 💤 ±0  0 ❌ ±0 

Results for commit 1b04ee8. ± Comparison against base commit 965688e.

♻️ This comment has been updated with latest results.

jaym
jaym reviewed Nov 13, 2024
View reviewed changes
internal/onboarding/exec.go Outdated
if err := TerraformExecApply(tf); err != nil {
return errors.New(provideGuidanceAfterFailure(err, tf.WorkingDir(), tf.ExecPath()))
}
vw.Close()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it an issue if these are not closed on error?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question.

There is no issue, but I think it is nice to clear the terminal since we are extracting the error and presenting it to the user, this way it won't be duplicate.

@afiune
🐛 close virtual terminal on error
1b04ee8 
Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune afiune merged commit 062031f into main Nov 13, 2024
14 checks passed
@afiune afiune deleted the afiune/integrate/azure-subscriptions-allow-deny branch November 13, 2024 15:39
@github-actions github-actions bot locked and limited conversation to collaborators Nov 13, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jaym jaym jaym approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@afiune @jaym