mondoohq
diff --git a/‎providers/ms365/resources/identity_and_access.go‎
Lines changed: 141 additions & 0 deletions b/‎providers/ms365/resources/identity_and_access.go‎
Lines changed: 141 additions & 0 deletions
diff --git a/‎providers/ms365/resources/ms365.lr‎
Lines changed: 49 additions & 0 deletions b/‎providers/ms365/resources/ms365.lr‎
Lines changed: 49 additions & 0 deletions
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"strings"
 
+	graphidentitygovernance "github.com/microsoftgraph/msgraph-sdk-go/identitygovernance"
 	"github.com/microsoftgraph/msgraph-sdk-go/models"
 	graphpolicies "github.com/microsoftgraph/msgraph-sdk-go/policies"
 	"go.mondoo.com/cnquery/v11/llx"
@@ -321,3 +322,143 @@ func (a *mqlMicrosoftIdentityAndAccessIdentityAndSignInPolicies) identitySecurit
 	}
 	return resource.(*mqlMicrosoftIdentityAndAccessIdentityAndSignInPoliciesIdentitySecurityDefaultsEnforcementPolicy), nil
 }
+
+// Needs the permission AccessReview.Read.All
+func (a *mqlMicrosoft) accessReviews() (*mqlMicrosoftIdentityAndAccessAccessReviews, error) {
+	mqlResource, err := CreateResource(a.MqlRuntime, "microsoft.identityAndAccess.accessReviews", map[string]*llx.RawData{})
+	return mqlResource.(*mqlMicrosoftIdentityAndAccessAccessReviews), err
+}
+
+// The $filter query parameter with the contains operator is supported on
+// the scope property of accessReviewScheduleDefinition. Use the following format for the request:
+// filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, '{object}')
+// The {object} can have one of the following values:
+// /groups: List every accessReviewScheduleDefinition on individual groups (excludes definitions scoped to all Microsoft 365 groups with guests).
+// /groups/{group_id}:	List every accessReviewScheduleDefinition on a specific group (excludes definitions scoped to all Microsoft 365 groups with guests).
+// ./members: List every accessReviewScheduleDefinition scoped to all Microsoft 365 groups with guests.
+// accessPackageAssignments:	List every accessReviewScheduleDefinition on an access package.
+// roleAssignmentScheduleInstances:	List every accessReviewScheduleDefinition for principals that are assigned to a privileged role.
+func (a *mqlMicrosoftIdentityAndAccessAccessReviews) list() ([]interface{}, error) {
+	conn := a.MqlRuntime.Connection.(*connection.Ms365Connection)
+	graphClient, err := conn.GraphClient()
+	if err != nil {
+		return nil, err
+	}
+
+	configuration := &graphidentitygovernance.AccessReviewsDefinitionsRequestBuilderGetRequestConfiguration{}
+
+	requestFilter := a.Filter.Data
+	if requestFilter != "" {
+		requestParameters := &graphidentitygovernance.AccessReviewsDefinitionsRequestBuilderGetQueryParameters{
+			Filter: &requestFilter,
+		}
+		configuration = &graphidentitygovernance.AccessReviewsDefinitionsRequestBuilderGetRequestConfiguration{
+			QueryParameters: requestParameters,
+		}
+	}
+
+	definitions, err := graphClient.
+		IdentityGovernance().
+		AccessReviews().
+		Definitions().
+		Get(context.Background(), configuration)
+	if err != nil {
+		return nil, transformError(err)
+	}
+
+	if definitions == nil {
+		return nil, nil
+	}
+
+	var accessReviewResources []interface{}
+	for _, accessReviewSchedule := range definitions.GetValue() {
+		if accessReviewSchedule.GetId() != nil {
+			reviewResource, err := newMqlAccessReviewDefinition(a.MqlRuntime, accessReviewSchedule)
+			if err != nil {
+				return nil, fmt.Errorf("failed to create MQL resource for access review ID %s: %w", *accessReviewSchedule.GetId(), err)
+			}
+			accessReviewResources = append(accessReviewResources, reviewResource)
+		}
+	}
+
+	return accessReviewResources, nil
+}
+
+func newMqlAccessReviewDefinition(runtime *plugin.Runtime, d models.AccessReviewScheduleDefinitionable) (*mqlMicrosoftIdentityAndAccessAccessReviewDefinition, error) {
+	reviewersDict := []interface{}{}
+	if d.GetReviewers() != nil {
+		for _, reviewer := range d.GetReviewers() {
+			reviewerDict := map[string]*llx.RawData{
+				"reviewer":  llx.StringDataPtr(reviewer.GetQuery()),
+				"queryType": llx.StringDataPtr(reviewer.GetQueryType()),
+				"queryRoot": llx.StringDataPtr(reviewer.GetQueryRoot()),
+			}
+
+			reviewersDict = append(reviewersDict, reviewerDict)
+		}
+	}
+
+	var mqlAccessReviewScheduleSettings plugin.Resource
+	var err error
+
+	if d.GetSettings() != nil {
+		settingsId := *d.GetId() + "_settings"
+
+		var patternDict map[string]interface{}
+		var rangeDict map[string]interface{}
+
+		if recurrence := d.GetSettings().GetRecurrence(); recurrence != nil {
+			if pattern := recurrence.GetPattern(); pattern != nil {
+				patternDict, err = convert.JsonToDict(pattern)
+				if err != nil {
+					return nil, err
+				}
+			}
+
+			if recurrenceRange := recurrence.GetRangeEscaped(); recurrenceRange != nil {
+				rangeDict, err = convert.JsonToDict(recurrenceRange)
+				if err != nil {
+					return nil, err
+				}
+			}
+		}
+
+		recurrenceDict := map[string]*llx.RawData{
+			"pattern": llx.DictData(patternDict),
+			"range":   llx.DictData(rangeDict),
+		}
+
+		targetData := map[string]*llx.RawData{
+			"__id":                                 llx.StringData(settingsId),
+			"autoApplyDecisionsEnabled":            llx.BoolDataPtr(d.GetSettings().GetAutoApplyDecisionsEnabled()),
+			"decisionHistoriesForReviewersEnabled": llx.BoolDataPtr(d.GetSettings().GetDecisionHistoriesForReviewersEnabled()),
+			"defaultDecision":                      llx.StringDataPtr(d.GetSettings().GetDefaultDecision()),
+			"defaultDecisionEnabled":               llx.BoolDataPtr(d.GetSettings().GetDefaultDecisionEnabled()),
+			"instanceDurationInDays":               llx.IntDataPtr(d.GetSettings().GetInstanceDurationInDays()),
+			"justificationRequiredOnApproval":      llx.BoolDataPtr(d.GetSettings().GetJustificationRequiredOnApproval()),
+			"mailNotificationsEnabled":             llx.BoolDataPtr(d.GetSettings().GetMailNotificationsEnabled()),
+			"recommendationsEnabled":               llx.BoolDataPtr(d.GetSettings().GetRecommendationsEnabled()),
+			"recurrence":                           llx.DictData(recurrenceDict),
+		}
+
+		mqlAccessReviewScheduleSettings, err = CreateResource(runtime, "microsoft.identityAndAccess.accessReviewDefinition.accessReviewScheduleSettings", targetData)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	resource, err := CreateResource(runtime, "microsoft.identityAndAccess.accessReviewDefinition",
+		map[string]*llx.RawData{
+			"__id":        llx.StringDataPtr(d.GetId()),
+			"id":          llx.StringDataPtr(d.GetId()),
+			"displayName": llx.StringDataPtr(d.GetDisplayName()),
+			"status":      llx.StringDataPtr(d.GetStatus()),
+			"reviewers":   llx.DictData(reviewersDict),
+			"settings":    llx.ResourceData(mqlAccessReviewScheduleSettings, "microsoft.identityAndAccess.accessReviewDefinition.accessReviewScheduleSettings"),
+		})
+	if err != nil {
+		return nil, err
+	}
+
+	return resource.(*mqlMicrosoftIdentityAndAccessAccessReviewDefinition), nil
+}
@@ -32,6 +32,55 @@ microsoft {
   tenantDomainName() string
   // Identity and Access policies
   identityAndAccess() microsoft.identityAndAccess
+  // Access review definitions
+  accessReviews() microsoft.identityAndAccess.accessReviews
+}
+
+// A filterable list of access review definitions
+microsoft.identityAndAccess.accessReviews {
+  []microsoft.identityAndAccess.accessReviewDefinition
+  init(filter? string)
+  // filter access review definitions. e.g., "contains(scope/microsoft.graph.accessReviewQueryScope/query, './members')"
+  filter string
+}
+
+// Defines a recurring access review schedule and its properties in Microsoft Entra ID.
+private microsoft.identityAndAccess.accessReviewDefinition @defaults("id displayName status") {
+  // The unique identifier for the access review
+  id string
+  // The display name for the access review
+  displayName string
+  // The status of the access review. Possible values are:
+  // Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed
+  status string
+  // This collection of access review scopes is used to define who are the reviewers
+  reviewers dict
+  // The settings for an access review series, see type definition below
+  settings microsoft.identityAndAccess.accessReviewDefinition.accessReviewScheduleSettings
+}
+
+// Configures the recurrence, notifications, and decision-handling for an access review series.
+private microsoft.identityAndAccess.accessReviewDefinition.accessReviewScheduleSettings @defaults("mailNotificationsEnabled reminderNotificationsEnabled defaultDecision defaultDecisionEnabled") {
+  // True if decisions are automatically applied
+  autoApplyDecisionsEnabled bool
+  // True if decisions on previous access review stages are available for reviewers on an accessReviewInstance with multiple subsequent stages
+  decisionHistoriesForReviewersEnabled bool
+  // Decision chosen if defaultDecisionEnabled is enabled. Can be one of Approve, Deny, or Recommendation
+  defaultDecision string
+  // True if the default decision is enabled or disabled when reviewers do not respond
+  defaultDecisionEnabled bool
+  // Duration of an access review instance in days
+  instanceDurationInDays int
+  // True if reminders are enabled or disabled
+  reminderNotificationsEnabled bool
+  // True if reviewers are required to provide justification with their decision
+  justificationRequiredOnApproval bool
+  // True if emails are enabled or disabled
+  mailNotificationsEnabled bool
+  // True if decision recommendations are enabled or disabled
+  recommendationsEnabled bool
+  // Detailed settings for recurrence using the standard Outlook recurrence object
+  recurrence dict
 }
 
 // Microsoft groups