From c1ed95556edc123a8ea2261e6af8d3522eaa7c50 Mon Sep 17 00:00:00 2001 From: magodo Date: Fri, 8 Aug 2025 10:49:48 +1000 Subject: [PATCH 1/3] New option: `--include-managed-resource` --- flag.go | 4 ++++ internal/meta/meta_query.go | 3 +++ internal/meta/meta_res.go | 25 ++++++++++++++----------- internal/meta/meta_rg.go | 18 +++++++++++------- main.go | 31 ++++++++++++++++++++----------- pkg/config/config.go | 3 +++ 6 files changed, 55 insertions(+), 29 deletions(-) diff --git a/flag.go b/flag.go index b7b67abf..f5dc1dce 100644 --- a/flag.go +++ b/flag.go @@ -99,6 +99,7 @@ type FlagSet struct { flagResName string flagResType string flagIncludeRoleAssignment bool + flagIncludeManagedResource bool flagIncludeResourceGroup bool flagARGTable string flagARGAuthorizationScopeFilter string @@ -231,6 +232,9 @@ func (flag FlagSet) DescribeCLI(mode Mode) string { if flag.flagIncludeRoleAssignment { args = append(args, "--include-role-assignment=true") } + if flag.flagIncludeManagedResource { + args = append(args, "--include-managed-resource=true") + } switch mode { case ModeResource: diff --git a/internal/meta/meta_query.go b/internal/meta/meta_query.go index a19e03b8..5bf16a6b 100644 --- a/internal/meta/meta_query.go +++ b/internal/meta/meta_query.go @@ -18,6 +18,7 @@ type MetaQuery struct { resourceNamePrefix string resourceNameSuffix string includeRoleAssignment bool + includeManagedResource bool includeResourceGroup bool argTable string argAuthenticationScopeFilter armresourcegraph.AuthorizationScopeFilter @@ -35,6 +36,7 @@ func NewMetaQuery(cfg config.Config) (*MetaQuery, error) { argPredicate: cfg.ARGPredicate, recursiveQuery: cfg.RecursiveQuery, includeRoleAssignment: cfg.IncludeRoleAssignment, + includeManagedResource: cfg.IncludeManagedResource, includeResourceGroup: cfg.IncludeResourceGroup, argTable: cfg.ARGTable, argAuthenticationScopeFilter: armresourcegraph.AuthorizationScopeFilter(cfg.ARGAuthorizationScopeFilter), @@ -115,6 +117,7 @@ func (meta MetaQuery) queryResourceSet(ctx context.Context, predicate string, re Recursive: recursive, IncludeResourceGroup: meta.includeResourceGroup, ExtensionResourceTypes: extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(), + IncludeManaged: meta.includeManagedResource, ARGTable: meta.argTable, ARGAuthorizationScopeFilter: meta.argAuthenticationScopeFilter, } diff --git a/internal/meta/meta_res.go b/internal/meta/meta_res.go index b98bcc4b..4d999446 100644 --- a/internal/meta/meta_res.go +++ b/internal/meta/meta_res.go @@ -15,12 +15,13 @@ import ( type MetaResource struct { baseMeta - AzureIds []armid.ResourceId - ResourceName string - ResourceType string - resourceNamePrefix string - resourceNameSuffix string - includeRoleAssignment bool + AzureIds []armid.ResourceId + ResourceName string + ResourceType string + resourceNamePrefix string + resourceNameSuffix string + includeRoleAssignment bool + includeManagedResource bool } func NewMetaResource(cfg config.Config) (*MetaResource, error) { @@ -41,11 +42,12 @@ func NewMetaResource(cfg config.Config) (*MetaResource, error) { } meta := &MetaResource{ - baseMeta: *baseMeta, - AzureIds: ids, - ResourceName: cfg.TFResourceName, - ResourceType: cfg.TFResourceType, - includeRoleAssignment: cfg.IncludeRoleAssignment, + baseMeta: *baseMeta, + AzureIds: ids, + ResourceName: cfg.TFResourceName, + ResourceType: cfg.TFResourceType, + includeRoleAssignment: cfg.IncludeRoleAssignment, + includeManagedResource: cfg.IncludeManagedResource, } meta.resourceNamePrefix, meta.resourceNameSuffix = resourceNamePattern(cfg.ResourceNamePattern) @@ -178,6 +180,7 @@ func (meta MetaResource) queryResourceSet(ctx context.Context, resources []resou ClientOpt: meta.azureSDKClientOpt, Parallelism: meta.parallelism, ExtensionResourceTypes: extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(), + IncludeManaged: meta.includeManagedResource, } lister, err := azlist.NewLister(opt) diff --git a/internal/meta/meta_rg.go b/internal/meta/meta_rg.go index e61c8022..006f1233 100644 --- a/internal/meta/meta_rg.go +++ b/internal/meta/meta_rg.go @@ -12,10 +12,11 @@ import ( type MetaResourceGroup struct { baseMeta - resourceGroup string - resourceNamePrefix string - resourceNameSuffix string - includeRoleAssignment bool + resourceGroup string + resourceNamePrefix string + resourceNameSuffix string + includeRoleAssignment bool + includeManagedResource bool } func NewMetaResourceGroup(cfg config.Config) (*MetaResourceGroup, error) { @@ -26,9 +27,10 @@ func NewMetaResourceGroup(cfg config.Config) (*MetaResourceGroup, error) { } meta := &MetaResourceGroup{ - baseMeta: *baseMeta, - resourceGroup: cfg.ResourceGroupName, - includeRoleAssignment: cfg.IncludeRoleAssignment, + baseMeta: *baseMeta, + resourceGroup: cfg.ResourceGroupName, + includeRoleAssignment: cfg.IncludeRoleAssignment, + includeManagedResource: cfg.IncludeManagedResource, } meta.resourceNamePrefix, meta.resourceNameSuffix = resourceNamePattern(cfg.ResourceNamePattern) @@ -101,6 +103,7 @@ func (meta MetaResourceGroup) queryResourceSet(ctx context.Context, rg string) ( ClientOpt: meta.azureSDKClientOpt, Parallelism: meta.parallelism, ExtensionResourceTypes: extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(), + IncludeManaged: meta.includeManagedResource, ARGTable: "ResourceContainers", } lister, err := azlist.NewLister(opt) @@ -132,6 +135,7 @@ func (meta MetaResourceGroup) queryResourceSet(ctx context.Context, rg string) ( ClientOpt: meta.azureSDKClientOpt, Parallelism: meta.parallelism, ExtensionResourceTypes: extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(), + IncludeManaged: meta.includeManagedResource, Recursive: true, } lister, err = azlist.NewLister(opt) diff --git a/main.go b/main.go index 7b4dcb9d..59aa6317 100644 --- a/main.go +++ b/main.go @@ -264,6 +264,12 @@ func main() { Usage: `Whether to include role assignments assigned to the resources exported`, Destination: &flagset.flagIncludeRoleAssignment, }, + &cli.BoolFlag{ + Name: "include-managed-resource", + EnvVars: []string{"AZTFEXPORT_INCLUDE_MANAGED_RESOURCE"}, + Usage: `Whether to allow resources managed by service team/3rd party to be exported`, + Destination: &flagset.flagIncludeManagedResource, + }, // Common flags (auth) &cli.StringFlag{ @@ -577,12 +583,13 @@ func main() { // Initialize the config cfg := config.Config{ - CommonConfig: commonConfig, - ResourceIds: resIds, - TFResourceName: flagset.flagResName, - TFResourceType: flagset.flagResType, - ResourceNamePattern: flagset.flagPattern, - IncludeRoleAssignment: flagset.flagIncludeRoleAssignment, + CommonConfig: commonConfig, + ResourceIds: resIds, + TFResourceName: flagset.flagResName, + TFResourceType: flagset.flagResType, + ResourceNamePattern: flagset.flagPattern, + IncludeRoleAssignment: flagset.flagIncludeRoleAssignment, + IncludeManagedResource: flagset.flagIncludeManagedResource, } return realMain(c.Context, cfg, flagset.flagNonInteractive, flagset.hflagMockClient, flagset.flagPlainUI, flagset.flagGenerateMappingFile, flagset.hflagProfile, flagset.DescribeCLI(ModeResource), flagset.hflagTFClientPluginPath) @@ -612,11 +619,12 @@ func main() { // Initialize the config cfg := config.Config{ - CommonConfig: commonConfig, - ResourceGroupName: rg, - ResourceNamePattern: flagset.flagPattern, - RecursiveQuery: true, - IncludeRoleAssignment: flagset.flagIncludeRoleAssignment, + CommonConfig: commonConfig, + ResourceGroupName: rg, + ResourceNamePattern: flagset.flagPattern, + RecursiveQuery: true, + IncludeRoleAssignment: flagset.flagIncludeRoleAssignment, + IncludeManagedResource: flagset.flagIncludeManagedResource, } return realMain(c.Context, cfg, flagset.flagNonInteractive, flagset.hflagMockClient, flagset.flagPlainUI, flagset.flagGenerateMappingFile, flagset.hflagProfile, flagset.DescribeCLI(ModeResourceGroup), flagset.hflagTFClientPluginPath) @@ -650,6 +658,7 @@ func main() { ResourceNamePattern: flagset.flagPattern, RecursiveQuery: flagset.flagRecursive, IncludeRoleAssignment: flagset.flagIncludeRoleAssignment, + IncludeManagedResource: flagset.flagIncludeManagedResource, IncludeResourceGroup: flagset.flagIncludeResourceGroup, ARGTable: flagset.flagARGTable, ARGAuthorizationScopeFilter: flagset.flagARGAuthorizationScopeFilter, diff --git a/pkg/config/config.go b/pkg/config/config.go index d5bd7d26..9f93fa7d 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -119,6 +119,9 @@ type Config struct { // IncludeRoleAssignment specifies whether to include the role assignments assigned to the exported resources IncludeRoleAssignment bool + // IncludeManagedResource specifies whether to allow service team/3rd party managed resources to be exported + IncludeManagedResource bool + ///////////////////////// // Scope: rg, res (multi), query From 632b2066a4c1c45861b5d1effa16dc3e74381341 Mon Sep 17 00:00:00 2001 From: magodo Date: Fri, 8 Aug 2025 12:27:44 +1000 Subject: [PATCH 2/3] comment --- flag.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/flag.go b/flag.go index f5dc1dce..eafca163 100644 --- a/flag.go +++ b/flag.go @@ -82,15 +82,19 @@ type FlagSet struct { // flagResName (for single resource) // flagResType (for single resource) // flagPattern (for multi resources) + // flagIncludeRoleAssignment + // flagIncludeManagedResource // // rg: // flagPattern // flagIncludeRoleAssignment + // flagIncludeManagedResource // // query: // flagPattern // flagRecursive // flagIncludeRoleAssignment + // flagIncludeManagedResource // flagIncludeResourceGroup // flagARGTable // flagARGAuthorizationScopeFilter From e690b7b0bd4af5b5631bafd87d55dc0a5165d3b6 Mon Sep 17 00:00:00 2001 From: magodo Date: Fri, 8 Aug 2025 12:59:59 +1000 Subject: [PATCH 3/3] update description --- main.go | 2 +- pkg/config/config.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/main.go b/main.go index 59aa6317..e40d7edb 100644 --- a/main.go +++ b/main.go @@ -267,7 +267,7 @@ func main() { &cli.BoolFlag{ Name: "include-managed-resource", EnvVars: []string{"AZTFEXPORT_INCLUDE_MANAGED_RESOURCE"}, - Usage: `Whether to allow resources managed by service team/3rd party to be exported`, + Usage: `Whether to include internal resources managed by Azure in the exported configuration`, Destination: &flagset.flagIncludeManagedResource, }, diff --git a/pkg/config/config.go b/pkg/config/config.go index 9f93fa7d..dfb2b190 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -119,7 +119,7 @@ type Config struct { // IncludeRoleAssignment specifies whether to include the role assignments assigned to the exported resources IncludeRoleAssignment bool - // IncludeManagedResource specifies whether to allow service team/3rd party managed resources to be exported + // IncludeManagedResource specifies Whether to include internal resources managed by Azure in the exported configuration IncludeManagedResource bool /////////////////////////