⭐️ ansible provider (#4118)

* ⭐️ ansible provider

* Add missing ansible.lr.manifest.yaml file

Signed-off-by: Tim Smith <[email protected]>

---------

Signed-off-by: Tim Smith <[email protected]>
Co-authored-by: Tim Smith <[email protected]>

.github/dependabot.yml

@@ -8,11 +8,11 @@ updates:
   - package-ecosystem: docker
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
   - package-ecosystem: gomod
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -23,7 +23,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/opcua/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -34,7 +34,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/arista/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -45,7 +45,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/atlassian/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -56,7 +56,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/okta/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -67,7 +67,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/ms365/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -78,7 +78,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/google-workspace/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -89,7 +89,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/equinix/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -100,7 +100,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/vsphere/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -111,7 +111,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/gitlab/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -122,7 +122,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/gcp/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -133,7 +133,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/ipmi/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -144,7 +144,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/github/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -155,7 +155,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/vcd/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -166,7 +166,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/azure/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -177,7 +177,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/terraform/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -188,7 +188,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/slack/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -199,7 +199,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/oci/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -210,7 +210,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/aws/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -221,7 +221,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/k8s/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -232,7 +232,7 @@ updates:
   - package-ecosystem: gomod
     directory: /providers/cloudformation/
     schedule:
-      interval: daily
+      interval: weekly
     groups:
       gomodupdates:
         patterns:
@@ -242,6 +242,17 @@ updates:
           - patch
   - package-ecosystem: gomod
     directory: /providers/shodan/
+    schedule:
+      interval: weekly
+    groups:
+      gomodupdates:
+        patterns:
+          - "*"
+        update-types:
+          - minor
+          - patch
+  - package-ecosystem: gomod
+    directory: /providers/ansible/
     schedule:
       interval: weekly
     groups:

Makefile

@@ -205,7 +205,8 @@ providers/build: \
 	providers/build/aws \
 	providers/build/atlassian \
 	providers/build/cloudformation \
-	providers/build/shodan
+	providers/build/shodan \
+	providers/build/ansible
 
 .PHONY: providers/install
 # Note we need \ to escape the target line into multiple lines
@@ -232,7 +233,8 @@ providers/install: \
 	providers/install/atlassian \
 	providers/install/aws \
 	providers/install/cloudformation \
-	providers/install/shodan
+	providers/install/shodan \
+	providers/install/ansible
 
 providers/build/mock: providers/lr
 	./lr go providers-sdk/v1/testutils/mockprovider/resources/mockprovider.lr
@@ -355,6 +357,11 @@ providers/build/shodan: providers/lr
 providers/install/shodan:
 	@$(call installProvider, providers/shodan)
 
+providers/build/ansible: providers/lr
+	@$(call buildProvider, providers/ansible)
+providers/install/ansible:
+	@$(call installProvider, providers/ansible)
+
 providers/dist:
 	@$(call buildProviderDist, providers/network)
 	@$(call buildProviderDist, providers/os)
@@ -379,6 +386,7 @@ providers/dist:
 	@$(call buildProviderDist, providers/atlassian)
 	@$(call buildProviderDist, providers/cloudformation)
 	@$(call buildProviderDist, providers/shodan)
+	@$(call buildProviderDist, providers/ansible)
 
 providers/bundle:
 	@$(call bundleProvider, providers/network)
@@ -404,6 +412,7 @@ providers/bundle:
 	@$(call bundleProvider, providers/atlassian)
 	@$(call bundleProvider, providers/cloudformation)
 	@$(call bundleProvider, providers/shodan)
+	@$(call bundleProvider, providers/ansible)
 
 providers/test:
 	@$(call testProvider, providers/core)
@@ -430,6 +439,7 @@ providers/test:
 	@$(call testGoModProvider, providers/atlassian)
 	@$(call testGoModProvider, providers/cloudformation)
 	@$(call testGoModProvider, providers/shodan)
+	@$(call testGoModProvider, providers/ansible)
 
 lr/test:
 	go test ./resources/lr/...
@@ -443,6 +453,11 @@ lr/docs/serve:
 # TODO: migrate
 .PHONY: lr/docs/markdown
 lr/docs/markdown: providers/lr
+	./lr markdown providers/ansible/resources/ansible.lr \
+		--pack-name "Ansible" \
+		--description "The Ansible resource pack lets you use MQL to query and assess the security of your Ansible playbooks." \
+		--docs-file providers/ansible/resources/ansible.lr.manifest.yaml \
+		--output ../docs/docs/mql/resources/ansible-pack
 	./lr markdown providers/arista/resources/arista.lr \
 		--pack-name "Arista EOS" \
 		--description "The Arista EOS resource pack lets you use MQL to query and assess the security of your Arista EOS network devices." \

docs/development.md

@@ -188,6 +188,7 @@ go 1.22
 
 use (
    ./cnquery
+   ./cnquery/providers/ansible
    ./cnquery/providers/arista
    ./cnquery/providers/atlassian
    ./cnquery/providers/aws

providers/ansible/config/config.go

@@ -0,0 +1,27 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package config
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v11/providers/ansible/provider"
+)
+
+var Config = plugin.Provider{
+	Name:            "ansible",
+	ID:              "go.mondoo.com/cnquery/v11/providers/ansible",
+	Version:         "10.0.0",
+	ConnectionTypes: []string{provider.DefaultConnectionType},
+	Connectors: []plugin.Connector{
+		{
+			Name:      "ansible",
+			Use:       "ansible PATH",
+			Short:     "an Ansible playbook",
+			MinArgs:   1,
+			MaxArgs:   1,
+			Discovery: []string{},
+			Flags:     []plugin.Flag{},
+		},
+	},
+}

providers/ansible/connection/connection.go

@@ -0,0 +1,67 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package connection
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v11/providers/ansible/play"
+	"io"
+	"os"
+)
+
+var _ plugin.Connection = (*AnsibleConnection)(nil)
+
+type AnsibleConnection struct {
+	plugin.Connection
+	Conf  *inventory.Config
+	asset *inventory.Asset
+	// Add custom connection fields here
+	path     string
+	playbook play.Playbook
+}
+
+func NewAnsibleConnection(id uint32, asset *inventory.Asset, conf *inventory.Config) (*AnsibleConnection, error) {
+	conn := &AnsibleConnection{
+		Connection: plugin.NewConnection(id, asset),
+		Conf:       conf,
+		asset:      asset,
+	}
+
+	// initialize your connection here
+	cc := asset.Connections[0]
+	path := cc.Options["path"]
+	conn.path = path
+
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	data, err := io.ReadAll(f)
+	if err != nil {
+		return nil, err
+	}
+
+	playbook, err := play.DecodePlaybook(data)
+	if err != nil {
+		return nil, err
+	}
+	conn.playbook = playbook
+
+	return conn, nil
+}
+
+func (c *AnsibleConnection) Name() string {
+	return "ansible"
+}
+
+func (c *AnsibleConnection) Asset() *inventory.Asset {
+	return c.asset
+}
+
+func (c *AnsibleConnection) Playbook() play.Playbook {
+	return c.playbook
+}

providers/ansible/gen/main.go

@@ -0,0 +1,13 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package main
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin/gen"
+	"go.mondoo.com/cnquery/v11/providers/ansible/config"
+)
+
+func main() {
+	gen.CLI(&config.Config)
+}