From fcad8e51591428fbbda283ea5ff813a9cb1a8580 Mon Sep 17 00:00:00 2001
From: ramanan-ravi <ramanan@deepfence.io>
Date: Fri, 14 Jun 2024 23:01:43 +0530
Subject: [PATCH] Azure multi-subscription cloud scanner support

---
 deepfence_server/model/cloud_node.go           | 18 ++++++++++++------
 .../reporters/scan/scan_reporters.go           |  2 +-
 deepfence_server/reporters/search/search.go    |  2 +-
 deepfence_worker/cronjobs/cloud_compliance.go  |  2 +-
 .../tasks/scans/delete_cloud_accounts.go       |  2 +-
 5 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/deepfence_server/model/cloud_node.go b/deepfence_server/model/cloud_node.go
index bdfa28d22f..ee2b990195 100644
--- a/deepfence_server/model/cloud_node.go
+++ b/deepfence_server/model/cloud_node.go
@@ -24,14 +24,16 @@ const (
 	PostureProviderGCP        = "gcp"
 	PostureProviderGCPOrg     = "gcp_org"
 	PostureProviderAzure      = "azure"
+	PostureProviderAzureOrg   = "azure_org"
 	PostureProviderLinux      = "linux"
 	PostureProviderKubernetes = "kubernetes"
 )
 
 var (
 	PostureProviderOrgMap = map[string]string{
-		PostureProviderAWS: PostureProviderAWSOrg,
-		PostureProviderGCP: PostureProviderGCPOrg,
+		PostureProviderAWS:   PostureProviderAWSOrg,
+		PostureProviderGCP:   PostureProviderGCPOrg,
+		PostureProviderAzure: PostureProviderAzureOrg,
 	}
 )
 
@@ -94,7 +96,7 @@ func (CloudNodeAccountInfo) ExtendedField() string {
 
 func (v CloudNodeAccountInfo) ScanType() utils.Neo4jScanType {
 	switch v.CloudProvider {
-	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg:
+	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg, PostureProviderGCPOrg, PostureProviderAzureOrg:
 		return utils.NEO4JCloudComplianceScan
 	case PostureProviderKubernetes, PostureProviderLinux:
 		return utils.NEO4JComplianceScan
@@ -109,7 +111,7 @@ func (v CloudNodeAccountInfo) LatestScanIDField() string {
 
 func (v CloudNodeAccountInfo) ScanResultType() string {
 	switch v.CloudProvider {
-	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg:
+	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg, PostureProviderGCPOrg, PostureProviderAzureOrg:
 		return "CloudCompliance"
 	case PostureProviderKubernetes, PostureProviderLinux:
 		return "Compliance"
@@ -120,7 +122,7 @@ func (v CloudNodeAccountInfo) ScanResultType() string {
 
 func (v CloudNodeAccountInfo) GetPassStatus() []string {
 	switch v.CloudProvider {
-	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg, PostureProviderKubernetes:
+	case PostureProviderAWS, PostureProviderGCP, PostureProviderAzure, PostureProviderAWSOrg, PostureProviderGCPOrg, PostureProviderAzureOrg, PostureProviderKubernetes:
 		return []string{"ok", "info", "skip"}
 	case PostureProviderLinux:
 		return []string{"warn", "pass"}
@@ -292,6 +294,7 @@ func GetCloudProvidersList(ctx context.Context) ([]PostureProvider, error) {
 		{Name: PostureProviderGCP, NodeLabel: "Accounts"},
 		// {Name: PostureProviderGCPOrg, NodeLabel: "Organizations"},
 		{Name: PostureProviderAzure, NodeLabel: "Accounts"},
+		// {Name: PostureProviderAzureOrg, NodeLabel: "Organizations"},
 		{Name: PostureProviderLinux, NodeLabel: "Hosts"},
 		{Name: PostureProviderKubernetes, NodeLabel: "Clusters"},
 	}
@@ -352,7 +355,7 @@ func GetCloudProvidersList(ctx context.Context) ([]PostureProvider, error) {
 		if err == nil {
 			for _, record := range records {
 				provider := record.Values[0].(string)
-				if slices.Contains([]string{PostureProviderAWSOrg, PostureProviderGCPOrg}, provider) {
+				if slices.Contains([]string{PostureProviderAWSOrg, PostureProviderGCPOrg, PostureProviderAzureOrg}, provider) {
 					continue
 				}
 				if record.Values[1].(bool) {
@@ -397,6 +400,9 @@ func GetCloudComplianceNodesList(ctx context.Context, cloudProvider string, fw F
 	case PostureProviderGCPOrg:
 		cloudProvider = PostureProviderGCP
 		isOrgListing = true
+	case PostureProviderAzureOrg:
+		cloudProvider = PostureProviderAzure
+		isOrgListing = true
 	case PostureProviderKubernetes:
 		neo4jNodeType = "KubernetesCluster"
 	case PostureProviderLinux:
diff --git a/deepfence_server/reporters/scan/scan_reporters.go b/deepfence_server/reporters/scan/scan_reporters.go
index b2c57055d3..c2a759b303 100644
--- a/deepfence_server/reporters/scan/scan_reporters.go
+++ b/deepfence_server/reporters/scan/scan_reporters.go
@@ -434,7 +434,7 @@ func GetCloudAccountIDs(ctx context.Context, cloudProviderIds []model.NodeIdenti
 	orgNodeIds := []string{}
 	for _, rec := range recs {
 		cloudProvider := rec.Values[1].(string)
-		if cloudProvider == model.PostureProviderAWSOrg || cloudProvider == model.PostureProviderGCPOrg {
+		if cloudProvider == model.PostureProviderAWSOrg || cloudProvider == model.PostureProviderGCPOrg || cloudProvider == model.PostureProviderAzureOrg {
 			orgNodeIds = append(orgNodeIds, rec.Values[0].(string))
 			continue
 		}
diff --git a/deepfence_server/reporters/search/search.go b/deepfence_server/reporters/search/search.go
index 02f567f66b..3092b59365 100644
--- a/deepfence_server/reporters/search/search.go
+++ b/deepfence_server/reporters/search/search.go
@@ -432,7 +432,7 @@ func searchCloudNode(ctx context.Context, filter SearchFilter, fw model.FetchWin
 		}
 		var node model.CloudNodeAccountInfo
 		utils.FromMap(nodeMap, &node)
-		if node.CloudProvider == model.PostureProviderAWSOrg || node.CloudProvider == model.PostureProviderGCPOrg {
+		if node.CloudProvider == model.PostureProviderAWSOrg || node.CloudProvider == model.PostureProviderGCPOrg || node.CloudProvider == model.PostureProviderAzureOrg {
 			node.ScanStatusMap, err = getScanStatusMap(ctx, node.NodeID, node.CloudProvider)
 			if err != nil {
 				log.Error().Msgf("Error in populating status of org %v", err)
diff --git a/deepfence_worker/cronjobs/cloud_compliance.go b/deepfence_worker/cronjobs/cloud_compliance.go
index 34891dd4d1..77202e206a 100644
--- a/deepfence_worker/cronjobs/cloud_compliance.go
+++ b/deepfence_worker/cronjobs/cloud_compliance.go
@@ -317,7 +317,7 @@ func CachePostureProviders(ctx context.Context, task *asynq.Task) error {
 			MATCH (m) -[:DETECTED] -> (c:Compliance)
 			RETURN count(distinct c)`
 
-		} else if postureProviderName == model.PostureProviderAWSOrg || postureProviderName == model.PostureProviderGCPOrg {
+		} else if postureProviderName == model.PostureProviderAWSOrg || postureProviderName == model.PostureProviderGCPOrg || postureProviderName == model.PostureProviderAzureOrg {
 			postureProvider.NodeLabel = "Organizations"
 
 			account_count_query = `
diff --git a/deepfence_worker/tasks/scans/delete_cloud_accounts.go b/deepfence_worker/tasks/scans/delete_cloud_accounts.go
index 4b2b45fe6d..7215316b95 100644
--- a/deepfence_worker/tasks/scans/delete_cloud_accounts.go
+++ b/deepfence_worker/tasks/scans/delete_cloud_accounts.go
@@ -227,7 +227,7 @@ func isOrgAccount(ctx context.Context, accountID string) (bool, error) {
 	}
 
 	switch cp.(string) {
-	case model.PostureProviderAWSOrg, model.PostureProviderGCPOrg:
+	case model.PostureProviderAWSOrg, model.PostureProviderGCPOrg, model.PostureProviderAzureOrg:
 		return true, nil
 	default:
 		return false, nil