🐛 fix azure provider to use the right settings types (#5415)

* Fix for the azure provider to use the right settings types

* spelling fix

* 🧹 apply suggestions from code review

---------

Co-authored-by: Salim Afiune Maya <[email protected]>

Author: syrull

providers/azure/resources/azure.lr

@@ -1802,6 +1802,8 @@ private azure.subscription.cloudDefenderService.settings @defaults("name kind")
   kind string
   // The settings type
   type string
+  // The properties dict (enabled)
+  properties dict
 }
 
 // Microsoft Defender for Cloud security contact

providers/azure/resources/azure.lr.go

@@ -459,6 +459,7 @@ resources:
       id: {}
       kind: {}
       name: {}
+      properties: {}
       type: {}
     is_private: true
     min_mondoo_version: 9.0.0

providers/azure/resources/azure.lr.manifest.yaml

@@ -450,12 +450,15 @@ func (a *mqlAzureSubscriptionCloudDefenderService) defenderForContainers() (inte
 func (a *mqlAzureSubscriptionCloudDefenderService) settingsMCAS() (*mqlAzureSubscriptionCloudDefenderServiceSettings, error) {
 	return a.getSecuritySettingsFor(security.SettingNameAutoGeneratedMCAS)
 }
+
 func (a *mqlAzureSubscriptionCloudDefenderService) settingsWDATP() (*mqlAzureSubscriptionCloudDefenderServiceSettings, error) {
 	return a.getSecuritySettingsFor(security.SettingNameAutoGeneratedWDATP)
 }
+
 func (a *mqlAzureSubscriptionCloudDefenderService) settingsSentinel() (*mqlAzureSubscriptionCloudDefenderServiceSettings, error) {
 	return a.getSecuritySettingsFor(security.SettingNameAutoGeneratedSentinel)
 }
+
 func (a *mqlAzureSubscriptionCloudDefenderService) getSecuritySettingsFor(name security.SettingNameAutoGenerated) (*mqlAzureSubscriptionCloudDefenderServiceSettings, error) {
 	conn := a.MqlRuntime.Connection.(*connection.AzureConnection)
 	ctx := context.Background()
@@ -465,28 +468,69 @@ func (a *mqlAzureSubscriptionCloudDefenderService) getSecuritySettingsFor(name s
 	if err != nil {
 		return nil, err
 	}
-	response, err := clientFactory.NewSettingsClient().Get(ctx, name, nil)
+
+	settingResp, err := clientFactory.NewSettingsClient().Get(ctx, name, nil)
 	if err != nil {
 		return nil, err
 	}
-	settings := response.GetSetting()
-	if settings == nil {
-		return nil, fmt.Errorf("unable to get %s security settings, response was empty", name)
+
+	baseSetting := settingResp.SettingClassification.GetSetting()
+	if baseSetting == nil || baseSetting.Kind == nil {
+		return nil, fmt.Errorf("retrieved setting or its kind is nil for '%s'", name)
 	}
 
-	mqlMCAS, err := CreateResource(a.MqlRuntime,
-		"azure.subscription.cloudDefenderService.settings",
-		map[string]*llx.RawData{
-			"id":   llx.StringDataPtr(settings.ID),
-			"name": llx.StringDataPtr(settings.Name),
-			"kind": llx.StringDataPtr((*string)(settings.Kind)),
-			"type": llx.StringDataPtr(settings.Type),
-		},
-	)
-	if err != nil {
-		return nil, err
+	switch *baseSetting.Kind {
+	case armsecurity.SettingKindDataExportSettings:
+		// Handles MCAS and Sentinel
+		settings, ok := settingResp.SettingClassification.(*armsecurity.DataExportSettings)
+		if !ok {
+			return nil, fmt.Errorf("failed assertion to DataExportSettings for kind '%s', setting '%s'. Actual type: %T", *baseSetting.Kind, name, settingResp.SettingClassification)
+		}
+		properties, err := convert.JsonToDict(settings.Properties)
+		if err != nil {
+			return nil, err
+		}
+		resource, err := CreateResource(a.MqlRuntime,
+			"azure.subscription.cloudDefenderService.settings",
+			map[string]*llx.RawData{
+				"id":         llx.StringDataPtr(settings.ID),
+				"name":       llx.StringDataPtr(settings.Name),
+				"kind":       llx.StringDataPtr((*string)(settings.Kind)),
+				"type":       llx.StringDataPtr(settings.Type),
+				"properties": llx.DictData(properties),
+			},
+		)
+		if err != nil {
+			return nil, err
+		}
+		return resource.(*mqlAzureSubscriptionCloudDefenderServiceSettings), nil
+	case armsecurity.SettingKindAlertSyncSettings:
+		// Handles WDATP
+		settings, ok := settingResp.SettingClassification.(*armsecurity.AlertSyncSettings)
+		if !ok {
+			return nil, fmt.Errorf("failed assertion to AlertSyncSettings for kind '%s', setting '%s'. Actual type: %T", *baseSetting.Kind, name, settingResp.SettingClassification)
+		}
+		properties, err := convert.JsonToDict(settings.Properties)
+		if err != nil {
+			return nil, err
+		}
+		resource, err := CreateResource(a.MqlRuntime,
+			"azure.subscription.cloudDefenderService.settings",
+			map[string]*llx.RawData{
+				"id":         llx.StringDataPtr(settings.ID),
+				"name":       llx.StringDataPtr(settings.Name),
+				"kind":       llx.StringDataPtr((*string)(settings.Kind)),
+				"type":       llx.StringDataPtr(settings.Type),
+				"properties": llx.DictData(properties),
+			},
+		)
+		if err != nil {
+			return nil, err
+		}
+		return resource.(*mqlAzureSubscriptionCloudDefenderServiceSettings), nil
+	default:
+		return nil, fmt.Errorf("unsupported settings '%s' of kind '%s'", name, *baseSetting.Kind)
 	}
-	return mqlMCAS.(*mqlAzureSubscriptionCloudDefenderServiceSettings), nil
 }
 
 func (s *mqlAzureSubscriptionCloudDefenderServiceSettings) id() (string, error) {
@@ -527,6 +571,7 @@ func (a *mqlAzureSubscriptionCloudDefenderService) securityContacts() ([]interfa
 	}
 	return res, nil
 }
+
 func argsFromContactProperties(props *armsecurity.ContactProperties) map[string]*llx.RawData {
 	args := map[string]*llx.RawData{}
 	if props == nil {