Merge pull request #45 from cloudgraphdev/feature/CG-901-support-waf

feat(CG-901): add application gateway support

Author: tyler-dunkel

README.md

@@ -43,6 +43,7 @@ CloudGraph needs read permissions in order to ingest your data. To keep things e
 | adServicePrincipal                          | adApplication, authRoleAssignment                                             |
 | adUser                                      | adApplication, authRoleAssignment                                             |
 | aksManagedCluster                           | resourceGroup, virtualMachineScaleSet                                         |
+| applicationGateway                          | resourceGroup                                                                 |
 | appInsights                                 | resourceGroup                                                                 |
 | appServiceEnvironment                       | resourceGroup, virtualNetwork                                                 |
 | appServicePlan                              | resourceGroup, appServiceWebApp                                               |

src/enums/schemasMap.ts

@@ -14,6 +14,7 @@ export default {
   [services.adServicePrincipal]: 'azureADServicePrincipal',
   [services.adUser]: 'azureADUser',
   [services.aksManagedCluster]: 'azureAksManagedCluster',
+  [services.applicationGateway]: 'azureApplicationGateway',
   [services.appServiceEnvironment]: 'azureAppServiceEnvironment',
   // [services.appServiceKubeEnvironment]: 'azureAppServiceKubeEnvironment',
   [services.appInsights]: 'azureAppInsights',

src/enums/serviceAliases.ts

@@ -4,6 +4,7 @@ export default {
   [services.actionGroup]: 'actionGroups',
   [services.activityLogAlerts]: 'activityLogAlerts',
   [services.aksManagedCluster]: 'aksManagedClusters',
+  [services.applicationGateway]: 'applicationGateways',
   [services.appServiceEnvironment]: 'appServiceEnvironments',
   [services.appInsights]: 'appInsights',
   [services.appServicePlan]: 'appServicePlans',

src/enums/serviceMap.ts

@@ -8,6 +8,7 @@ import AzureADServicePrincipal from '../services/adServicePrincipal'
 import AzureADUser from '../services/adUser'
 import AzureAksManagedCluster from '../services/aksManagedCluster'
 import AzureMetricAlert from '../services/metricAlert'
+import AzureApplicationGateway from '../services/applicationGateway'
 import AzureAppServiceEnvironment from '../services/appServiceEnvironment'
 // import AzureAppServiceKubeEnvironment from '../services/appServiceKubeEnvironment'
 import AzureAppServicePlan from '../services/appServicePlan'
@@ -104,6 +105,7 @@ export default {
   [services.adUser]: AzureADUser,
   [services.aksManagedCluster]: AzureAksManagedCluster,
   [services.metricAlert]: AzureMetricAlert,
+  [services.applicationGateway]: AzureApplicationGateway,
   [services.appServiceEnvironment]: AzureAppServiceEnvironment,
   // [services.appServiceKubeEnvironment]: AzureAppServiceKubeEnvironment,
   [services.appInsights]: AzureAppInsights,

src/enums/services.ts

@@ -8,6 +8,7 @@ export default {
   adServicePrincipal: 'adServicePrincipal',
   adUser: 'adUser',
   aksManagedCluster: 'aksManagedCluster',
+  applicationGateway: 'applicationGateway',
   appServiceEnvironment: 'appServiceEnvironment',
   // appServiceKubeEnvironment: 'appServiceKubeEnvironment',
   appInsights: 'appInsights',

src/properties/logger.ts

@@ -19,6 +19,8 @@ export default {
   // AKS Managed Clusters
   foundAKSManagedClusters: (num: number): string =>
     `Found ${num} AKS managed clusters`,
+  /* App Gateway */
+  foundApplicationGateway: (num: number): string => `Found ${num} Application Gateways`,
   /* App Service */
   foundAppServiceEnvironments: (num: number): string =>
     `Found ${num} app service environments`,

src/services/applicationGateway/data.ts

@@ -0,0 +1,76 @@
+import { ApplicationGateway, NetworkManagementClient } from '@azure/arm-network'
+import { PagedAsyncIterableIterator } from '@azure/core-paging'
+import CloudGraph from '@cloudgraph/sdk'
+
+import azureLoggerText from '../../properties/logger'
+import { AzureServiceInput, TagMap } from '../../types'
+import { tryCatchWrapper } from '../../utils'
+import { lowerCaseLocation } from '../../utils/format'
+import { getResourceGroupFromEntity } from '../../utils/idParserUtils'
+
+const { logger } = CloudGraph
+const lt = { ...azureLoggerText }
+const serviceName = 'ApplicationGateway'
+
+export interface RawAzureApplicationGateway
+  extends Omit<ApplicationGateway, 'tags' | 'location'> {
+  region: string
+  resourceGroupId: string
+  Tags: TagMap
+}
+
+export default async ({
+  regions,
+  config,
+}: AzureServiceInput): Promise<{
+  [property: string]: RawAzureApplicationGateway[]
+}> => {
+  try {
+    const { tokenCredentials, subscriptionId } = config
+    const client = new NetworkManagementClient(tokenCredentials, subscriptionId)
+
+    const applicationGatewayData: ApplicationGateway[] = []
+    await tryCatchWrapper(
+      async () => {
+        const applicationGatewayIterable: PagedAsyncIterableIterator<ApplicationGateway> =
+          client.applicationGateways.listAll()
+        for await (const applicationGateway of applicationGatewayIterable) {
+          applicationGateway && applicationGatewayData.push(applicationGateway)
+        }
+      },
+      {
+        service: serviceName,
+        client,
+        scope: 'applicationGateway',
+        operation: 'listAll'
+      }
+    )
+
+    const result: {
+      [property: string]: RawAzureApplicationGateway[]
+    } = {}
+    let numOfGroups = 0
+    applicationGatewayData.map(({ tags, location, ...rest }) => {
+      const region = lowerCaseLocation(location)
+      if (regions.includes(region)) {
+        if (!result[region]) {
+          result[region] = []
+        }
+        const resourceGroupId = getResourceGroupFromEntity(rest)
+        result[region].push({
+          ...rest,
+          region,
+          resourceGroupId,
+          Tags: tags || {},
+        })
+        numOfGroups += 1
+      }
+    })
+    logger.debug(lt.foundApplicationGateway(numOfGroups))
+
+    return result
+  } catch (e) {
+    logger.error(e)
+    return {}
+  }
+}