From f0a67a1d5a93ca6bf57201a148299f1eaa0b775a Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Wed, 4 Feb 2026 09:41:22 -0800 Subject: [PATCH 1/2] Improve the resource docs Comment updates to improve the generated docs Signed-off-by: Tim Smith --- providers/aws/resources/aws.lr | 6 +- providers/azure/resources/azure.lr | 32 ++--- providers/cloudflare/resources/cloudflare.lr | 2 +- providers/core/resources/core.lr | 2 +- providers/gcp/resources/gcp.lr | 132 +++++++++--------- providers/github/resources/github.lr | 4 +- .../resources/google-workspace.lr | 2 +- providers/k8s/resources/k8s.lr | 8 +- providers/ms365/resources/ms365.lr | 28 ++-- providers/network/resources/network.lr | 2 +- providers/opcua/resources/opcua.lr | 2 +- providers/os/resources/os.lr | 68 ++++----- providers/terraform/resources/terraform.lr | 2 +- providers/vsphere/resources/vsphere.lr | 6 +- 14 files changed, 148 insertions(+), 148 deletions(-) diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr index 02734b0b09..85f139b182 100644 --- a/providers/aws/resources/aws.lr +++ b/providers/aws/resources/aws.lr @@ -273,7 +273,7 @@ private aws.waf.rulegroup @defaults("name") { // Amazon WAF rule private aws.waf.rule @defaults("name") { - // arn of the acl/ruleGroup + the name of the rule + // ARN of the ACL/rule group combined with the rule name id string // Name of the rule name string @@ -2421,7 +2421,7 @@ private aws.s3.bucket.corsrule @defaults("name") { name string // List of allowed headers allowedHeaders []string - // List of allowed methods GET, POST, PUT, and so on + // List of allowed methods: GET, POST, PUT, and so on allowedMethods []string // List of origins from which the bucket can be accessed allowedOrigins []string @@ -2835,7 +2835,7 @@ aws.rds { // Amazon RDS Backup Setting private aws.rds.backupsetting { - // Target fot the backup setting + // Target for the backup setting target string // Retention period for the backup setting retentionPeriod int diff --git a/providers/azure/resources/azure.lr b/providers/azure/resources/azure.lr index ea71924874..eb3ab04436 100644 --- a/providers/azure/resources/azure.lr +++ b/providers/azure/resources/azure.lr @@ -276,7 +276,7 @@ azure.subscription.batchService.account.pool @defaults("id name") { etag string // Pool identity configuration identity dict - // Pool properties + // Pool configuration settings including scale, network, and task scheduling options properties dict // Pool provisioning state provisioningState string @@ -1110,11 +1110,11 @@ private azure.subscription.storageService.account.fileProperties.protocolSetting private azure.subscription.storageService.account.service.properties @defaults("id") { // ID of the service id string - // Hourly metrics properties + // Hourly metrics collection settings hourMetrics azure.subscription.storageService.account.service.properties.metrics - // Minute metrics properties + // Minute metrics collection settings minuteMetrics azure.subscription.storageService.account.service.properties.metrics - // Logging properties + // Storage analytics logging configuration (read, write, delete operations) logging azure.subscription.storageService.account.service.properties.logging } @@ -1122,11 +1122,11 @@ private azure.subscription.storageService.account.service.properties @defaults(" private azure.subscription.storageService.account.service.blobProperties @defaults("id") { // ID of the service id string - // Hourly metrics properties + // Hourly metrics collection settings hourMetrics azure.subscription.storageService.account.service.properties.metrics - // Minute metrics properties + // Minute metrics collection settings minuteMetrics azure.subscription.storageService.account.service.properties.metrics - // Logging properties + // Storage analytics logging configuration (read, write, delete operations) logging azure.subscription.storageService.account.service.properties.logging // Whether versioning is enabled for blobs isVersioningEnabled bool @@ -1378,25 +1378,25 @@ private azure.subscription.webService.appsiteconfig @defaults("id name") { // Azure App Service Hosting Environment private azure.subscription.webService.hostingEnvironment @defaults("id name") { - // environment ID + // Environment ID id string - // environment name + // Environment name name string - // environment type + // Environment type type string // Kind of resource (e.g., "app,linux,container") kind string - // environment location + // Environment location location string - // environment tags + // Environment tags tags map[string]string - // environment properties + // Environment properties properties dict // Provisioning state of the environment provisioningState string - // status of the environment + // Status of the environment status string - // true if the environment is suspended + // Whether the environment is suspended suspended bool // DNS suffix of the environment dnsSuffix string @@ -2391,7 +2391,7 @@ private azure.subscription.advisorService.recommendation @defaults("name categor category string // Recommendation risk risk string - // Recommendation risk + // Recommendation impact impact string // Recommendation description description string diff --git a/providers/cloudflare/resources/cloudflare.lr b/providers/cloudflare/resources/cloudflare.lr index fbaabdf997..aa97de1573 100644 --- a/providers/cloudflare/resources/cloudflare.lr +++ b/providers/cloudflare/resources/cloudflare.lr @@ -150,7 +150,7 @@ private cloudflare.streams.liveInput @defaults("uid name") { // Cloudflare videos and recordings private cloudflare.streams.video @defaults("name id") { - // cnquery resource id + // cnquery resource ID id string // Unique identifier diff --git a/providers/core/resources/core.lr b/providers/core/resources/core.lr index 5d5b6aa60b..d8a8a4e9e5 100644 --- a/providers/core/resources/core.lr +++ b/providers/core/resources/core.lr @@ -147,7 +147,7 @@ cpe @defaults("uri") { targetSw() string // Target hardware of the CPE targetHw() string - // Other of the CPE + // Additional CPE attributes not covered by other fields other() string } diff --git a/providers/gcp/resources/gcp.lr b/providers/gcp/resources/gcp.lr index c29c75ba08..d49e049e2e 100644 --- a/providers/gcp/resources/gcp.lr +++ b/providers/gcp/resources/gcp.lr @@ -106,9 +106,9 @@ private gcp.project.redisService.instance @defaults("name") { replicaCount int // Info per node nodes []gcp.project.redisService.instance.nodeInfo - // Hostname or IP address of the exposed readonly Redis endpoint + // Hostname or IP address of the exposed read-only Redis endpoint readEndpoint string - // The port number of the exposed readonly redis endpoint + // The port number of the exposed read-only Redis endpoint readEndpointPort int // The KMS key reference that the customer provides when trying to create the instance customerManagedKey string @@ -269,7 +269,7 @@ gcp.recommendation { // Google Cloud (GCP) Resource Manager binding private gcp.resourcemanager.binding { - // Internal ID + // Internal ID for this resource id string // Principals requesting access for a Google Cloud resource members []string @@ -451,7 +451,7 @@ private gcp.project.computeService.machineType @defaults("name") { projectId string // Name of the resource name string - // Resource Description + // Resource description description string // Number of virtual CPUs that are available to the instance guestCpus int @@ -477,7 +477,7 @@ private gcp.project.computeService.instance @defaults("name") { projectId string // User-friendly name for this instance name string - // User-friendly name for this instance + // Optional description for this instance description string // Confidential instance configuration confidentialInstanceConfig dict @@ -507,7 +507,7 @@ private gcp.project.computeService.instance @defaults("name") { lastStopTimestamp time // Last suspended timestamp lastSuspendedTimestamp time - // Instance metadata + // Custom key-value pairs assigned to the instance metadata map[string]string // Minimum CPU platform for the VM instance minCpuPlatform string @@ -521,7 +521,7 @@ private gcp.project.computeService.instance @defaults("name") { resourcePolicies []string // Resource status for physical host physicalHostResourceStatus string - // Scheduling options + // Scheduling options including preemptibility, automatic restart, and maintenance behavior scheduling dict // Whether Shielded Instance integrity monitoring is enabled enableIntegrityMonitoring bool @@ -569,7 +569,7 @@ private gcp.project.computeService.disk @defaults("name") { architecture string // Optional description description string - // Features to enable on the guest operating + // Features to enable on the guest operating system guestOsFeatures []string // Labels to apply to this disk labels map[string]string @@ -615,7 +615,7 @@ private gcp.project.computeService.attachedDisk { diskSizeGb int // Whether to force attach the regional disk forceAttach bool - // Features to enable on the guest operating + // Features to enable on the guest operating system guestOsFeatures []string // Index to this disk index int @@ -623,11 +623,11 @@ private gcp.project.computeService.attachedDisk { interface string // Publicly visible licenses licenses []string - // Mode in which to the disk is attached + // Mode in which the disk is attached mode string // Attached Persistent Disk resource source() gcp.project.computeService.disk - // Disk Type + // Disk type type string } @@ -657,9 +657,9 @@ private gcp.project.computeService.snapshot @defaults("name") { storageBytesStatus string // Snapshot type snapshotType string - // Public visible licenses + // Publicly visible licenses licenses []string - // Snapshot Labels + // Snapshot labels labels map[string]string // Creation timestamp created time @@ -677,7 +677,7 @@ private gcp.project.computeService.image @defaults("id name") { name string // Optional description description string - // Architecture of the snapshot + // Architecture of the image architecture string // Size of the image tar.gz archive stored in Google Cloud Storage (in bytes) archiveSizeBytes int @@ -685,9 +685,9 @@ private gcp.project.computeService.image @defaults("id name") { diskSizeGb int // The name of the image family to which this image belongs family string - // Public visible licenses + // Publicly visible licenses licenses []string - // Snapshot Labels + // Image labels labels map[string]string // Creation timestamp created time @@ -707,7 +707,7 @@ private gcp.project.computeService.firewall @defaults("name") { description string // Priority for this rule priority int - // Direction of traffic + // Direction of traffic direction string // Whether the firewall rule is disabled disabled bool @@ -813,7 +813,7 @@ private gcp.project.computeService.subnetwork @defaults("name") { // Google Cloud (GCP) Compute VPC network partitioning log configuration private gcp.project.computeService.subnetwork.logConfig @defaults("enable") { - // Internal ID + // Internal ID for this resource id string // Toggles the aggregation interval for collecting flow logs aggregationInterval string @@ -909,7 +909,7 @@ private gcp.project.computeService.backendService @defaults("name") { regionUrl string // Security policy URL securityPolicyUrl string - // Security settings + // Client TLS policy and subject alternative names for the backend service securitySettings dict // Service binding URLs serviceBindingUrls []string @@ -921,7 +921,7 @@ private gcp.project.computeService.backendService @defaults("name") { // Google Cloud (GCP) Compute backend service backend private gcp.project.computeService.backendService.backend @defaults("description") { - // Internal ID + // Internal ID for this resource id string // How to determine whether the backend of a load balancer can handle additional traffic or is fully loaded balancingMode string @@ -951,7 +951,7 @@ private gcp.project.computeService.backendService.backend @defaults("description // Google Cloud (GCP) Compute backend service CDN policy private gcp.project.computeService.backendService.cdnPolicy { - // Internal ID + // Internal ID for this resource id string // Bypass the cache when the specified request headers are matched bypassCacheOnRequestHeaders []dict @@ -1113,7 +1113,7 @@ private gcp.project.sqlService.instance @defaults("name") { connectionName string // Creation timestamp created time - // Deprecated + // Deprecated: This field is no longer used currentDiskSize int // Current database version running on the instance databaseInstalledVersion string @@ -1173,7 +1173,7 @@ private gcp.project.sqlService.instance.database @defaults("name") { // Google Cloud (GCP) SQL instance IP mapping private gcp.project.sqlService.instance.ipMapping @defaults("ipAddress") { - // Internal ID + // Internal ID for this resource id string // Assigned IP address ipAddress string @@ -1247,7 +1247,7 @@ private gcp.project.sqlService.instance.settings { // Google Cloud (GCP) SQL instance settings backup configuration private gcp.project.sqlService.instance.settings.backupconfiguration { - // Internal ID + // Internal ID for this resource id string // Backup retention settings backupRetentionSettings dict @@ -1267,7 +1267,7 @@ private gcp.project.sqlService.instance.settings.backupconfiguration { // Google Cloud (GCP) SQL instance settings deny maintenance period private gcp.project.sqlService.instance.settings.denyMaintenancePeriod @defaults("startDate endDate") { - // Internal ID + // Internal ID for this resource id string // Deny maintenance period end date endDate string @@ -1279,7 +1279,7 @@ private gcp.project.sqlService.instance.settings.denyMaintenancePeriod @defaults // Google Cloud (GCP) SQL instance settings IP configuration private gcp.project.sqlService.instance.settings.ipConfiguration { - // Internal ID + // Internal ID for this resource id string // Name of the allocated IP range for the private IP Cloud SQL instance allocatedIpRange string @@ -1299,7 +1299,7 @@ private gcp.project.sqlService.instance.settings.ipConfiguration { // Google Cloud (GCP) SQL instance settings maintenance window private gcp.project.sqlService.instance.settings.maintenanceWindow @defaults("day hour") { - // Internal ID + // Internal ID for this resource id string // Day of week (1-7, 1 is Monday) day int @@ -1311,7 +1311,7 @@ private gcp.project.sqlService.instance.settings.maintenanceWindow @defaults("da // Google Cloud (GCP) SQL instance settings password validation policy private gcp.project.sqlService.instance.settings.passwordValidationPolicy @defaults("enabledPasswordPolicy") { - // Internal ID + // Internal ID for this resource id string // Password complexity complexity string @@ -1369,7 +1369,7 @@ private gcp.project.bigqueryService.dataset @defaults("id name") { // Google Cloud (GCP) BigQuery dataset access entry private gcp.project.bigqueryService.dataset.accessEntry @defaults("role entity entityType") { - // Internal ID + // Internal ID for this resource id string // Dataset ID datasetId string @@ -1417,7 +1417,7 @@ private gcp.project.bigqueryService.table @defaults("id") { numLongTermBytes int // Number of rows of data in this table numRows int - // Table Type + // Table type type string // Time when this table expires expirationTime time @@ -1461,7 +1461,7 @@ private gcp.project.bigqueryService.model @defaults("id") { created time // Modified timestamp modified time - // Type of the mode + // Type of the model type string // Expiration time of the model expirationTime time @@ -1651,7 +1651,7 @@ private gcp.project.gkeService.cluster @defaults("name description zone status c // Google Kubernetes Engine (GKE) cluster addons config private gcp.project.gkeService.cluster.addonsConfig { - // Internal ID + // Internal ID for this resource id string // Configuration for the HTTP (L7) load balancing controller addon httpLoadBalancing dict @@ -1681,7 +1681,7 @@ private gcp.project.gkeService.cluster.addonsConfig { // Google Kubernetes Engine (GKE) cluster IP allocation policy private gcp.project.gkeService.cluster.ipAllocationPolicy { - // Internal ID + // Internal ID for this resource id string // Whether alias IPs are used for pod IPs in the cluster useIpAliases bool @@ -1711,7 +1711,7 @@ private gcp.project.gkeService.cluster.ipAllocationPolicy { // Google Kubernetes Engine (GKE) cluster network config private gcp.project.gkeService.cluster.networkConfig @defaults("networkPath") { - // Internal ID + // Internal ID for this resource id string // Relative path of the network to which the cluster is connected networkPath string @@ -1745,7 +1745,7 @@ private gcp.project.gkeService.cluster.networkConfig @defaults("networkPath") { // Google Kubernetes Engine (GKE) cluster node pool private gcp.project.gkeService.cluster.nodepool @defaults("name") { - // Internal ID + // Internal ID for this resource id string // The name of the node pool name string @@ -1794,7 +1794,7 @@ private gcp.project.gkeService.cluster.nodepool.autoscaling @defaults( "enabled" // Google Kubernetes Engine (GKE) node pool-Level network configuration private gcp.project.gkeService.cluster.nodepool.networkConfig @defaults("podRange podIpv4CidrBlock") { - // Internal ID + // Internal ID for this resource id string // The ID of the secondary range for pod IPs podRange string @@ -1806,7 +1806,7 @@ private gcp.project.gkeService.cluster.nodepool.networkConfig @defaults("podRang // Google Kubernetes Engine (GKE) node pool network performance configuration private gcp.project.gkeService.cluster.nodepool.networkConfig.performanceConfig @defaults("totalEgressBandwidthTier") { - // Internal ID + // Internal ID for this resource id string // Specifies the total network bandwidth tier for the node pool totalEgressBandwidthTier string @@ -1814,7 +1814,7 @@ private gcp.project.gkeService.cluster.nodepool.networkConfig.performanceConfig // Google Kubernetes Engine (GKE) node pool configuration private gcp.project.gkeService.cluster.nodepool.config @defaults("machineType diskSizeGb") { - // Internal ID + // Internal ID for this resource id string // Project ID projectId string @@ -1874,7 +1874,7 @@ private gcp.project.gkeService.cluster.nodepool.config @defaults("machineType di // Google Kubernetes Engine (GKE) node pool hardware accelerators configuration private gcp.project.gkeService.cluster.nodepool.config.accelerator @defaults("type count") { - // Internal ID + // Internal ID for this resource id string // The number of the accelerator cards exposed to an instance count int @@ -1888,7 +1888,7 @@ private gcp.project.gkeService.cluster.nodepool.config.accelerator @defaults("ty // Google Kubernetes Engine (GKE) GPU sharing configuration private gcp.project.gkeService.cluster.nodepool.config.accelerator.gpuSharingConfig @defaults("strategy") { - // Internal ID + // Internal ID for this resource id string // The max number of containers that can share a GPU maxSharedClientsPerGpu int @@ -1898,7 +1898,7 @@ private gcp.project.gkeService.cluster.nodepool.config.accelerator.gpuSharingCon // Google Kubernetes Engine (GKE) Kubernetes node taint private gcp.project.gkeService.cluster.nodepool.config.nodeTaint @defaults("key value effect") { - // Internal ID + // Internal ID for this resource id string // Key for the taint key string @@ -1910,7 +1910,7 @@ private gcp.project.gkeService.cluster.nodepool.config.nodeTaint @defaults("key // Google Kubernetes Engine (GKE) node pool sandbox configuration private gcp.project.gkeService.cluster.nodepool.config.sandboxConfig @defaults("type") { - // Internal ID + // Internal ID for this resource id string // Type of the sandbox to use for this node type string @@ -1918,7 +1918,7 @@ private gcp.project.gkeService.cluster.nodepool.config.sandboxConfig @defaults(" // Google Kubernetes Engine (GKE) node pool shielded instance configuration private gcp.project.gkeService.cluster.nodepool.config.shieldedInstanceConfig @defaults("enableSecureBoot enableIntegrityMonitoring") { - // Internal ID + // Internal ID for this resource id string // Whether the instance has Secure Boot enabled enableSecureBoot bool @@ -1928,7 +1928,7 @@ private gcp.project.gkeService.cluster.nodepool.config.shieldedInstanceConfig @d // Google Kubernetes Engine (GKE) node pool parameters that can be configured on Linux nodes private gcp.project.gkeService.cluster.nodepool.config.linuxNodeConfig @defaults("sysctls") { - // Internal ID + // Internal ID for this resource id string // The Linux kernel parameters to apply to the nodes and all pods running on them sysctls map[string]string @@ -1936,7 +1936,7 @@ private gcp.project.gkeService.cluster.nodepool.config.linuxNodeConfig @defaults // Google Kubernetes Engine (GKE) Node Pool kubelet configuration private gcp.project.gkeService.cluster.nodepool.config.kubeletConfig @defaults("cpuManagerPolicy podPidsLimit") { - // Internal ID + // Internal ID for this resource id string // Control the CPU management policy on the node cpuManagerPolicy string @@ -1948,7 +1948,7 @@ private gcp.project.gkeService.cluster.nodepool.config.kubeletConfig @defaults(" // Google Kubernetes Engine (GKE) node pool GCFS configuration private gcp.project.gkeService.cluster.nodepool.config.gcfsConfig @defaults("enabled") { - // Internal ID + // Internal ID for this resource id string // Whether to use GCFS enabled bool @@ -1956,7 +1956,7 @@ private gcp.project.gkeService.cluster.nodepool.config.gcfsConfig @defaults("ena // Google Kubernetes Engine (GKE) node pool advanced machine features configuration private gcp.project.gkeService.cluster.nodepool.config.advancedMachineFeatures @defaults("threadsPerCore") { - // Internal ID + // Internal ID for this resource id string // Number of threads per physical core (if unset, assumes the maximum number of threads supported per core by the underlying processor) threadsPerCore int @@ -1964,7 +1964,7 @@ private gcp.project.gkeService.cluster.nodepool.config.advancedMachineFeatures @ // Google Kubernetes Engine (GKE) node pool gVNIC configuration private gcp.project.gkeService.cluster.nodepool.config.gvnicConfig @defaults("enabled") { - // Internal ID + // Internal ID for this resource id string // Whether to use gVNIC enabled bool @@ -1972,7 +1972,7 @@ private gcp.project.gkeService.cluster.nodepool.config.gvnicConfig @defaults("en // Google Kubernetes Engine (GKE) node pool confidential nodes configuration private gcp.project.gkeService.cluster.nodepool.config.confidentialNodes @defaults("enabled") { - // Internal ID + // Internal ID for this resource id string // Whether to use confidential nodes enabled bool @@ -2070,7 +2070,7 @@ private gcp.project.pubsubService.snapshot @defaults("name") { projectId string // Subscription name name string - // The topic for which the snapshot is + // The topic associated with the snapshot topic gcp.project.pubsubService.topic // When the snapshot expires expiration time @@ -2287,7 +2287,7 @@ private gcp.project.loggingservice.bucket @defaults("name") { name string // Log entry field paths that are denied access in this bucket restrictedFields []string - // Amount of time for which logs will be retained by default, after which they're' automatically deleted + // Amount of time for which logs will be retained by default, after which they're automatically deleted retentionDays int // Last update timestamp of the bucket updated time @@ -2295,7 +2295,7 @@ private gcp.project.loggingservice.bucket @defaults("name") { // Google Cloud (GCP) Logging bucket index config private gcp.project.loggingservice.bucket.indexConfig @defaults("id") { - // Internal ID + // Internal ID for this resource id string // Creation timestamp created time @@ -2527,7 +2527,7 @@ private gcp.project.dataprocService.cluster.config { // Google Cloud (GCP) Dataproc cluster endpoint config private gcp.project.dataprocService.cluster.config.gceCluster { - // Internal ID + // Internal ID for this resource id string // Project ID projectId string @@ -2563,7 +2563,7 @@ private gcp.project.dataprocService.cluster.config.gceCluster { // Google Cloud (GCP) Dataproc cluster GCE cluster reservation affinity config private gcp.project.dataprocService.cluster.config.gceCluster.reservationAffinity { - // Internal ID + // Internal ID for this resource id string // Type of reservation to consume consumeReservationType string @@ -2575,7 +2575,7 @@ private gcp.project.dataprocService.cluster.config.gceCluster.reservationAffinit // Google Cloud (GCP) Dataproc cluster GCE cluster shielded instance config private gcp.project.dataprocService.cluster.config.gceCluster.shieldedInstanceConfig { - // Internal ID + // Internal ID for this resource id string // Whether the instances have integrity monitoring enabled enableIntegrityMonitoring bool @@ -2587,7 +2587,7 @@ private gcp.project.dataprocService.cluster.config.gceCluster.shieldedInstanceCo // Google Cloud (GCP) Dataproc cluster GKE cluster config private gcp.project.dataprocService.cluster.config.gkeCluster { - // Internal ID + // Internal ID for this resource id string // Target GKE cluster gkeClusterTarget string @@ -2597,7 +2597,7 @@ private gcp.project.dataprocService.cluster.config.gkeCluster { // Google Cloud (GCP) Dataproc cluster lifecycle config private gcp.project.dataprocService.cluster.config.lifecycle { - // Internal ID + // Internal ID for this resource id string // Time when the cluster will be auto-deleted autoDeleteTime string @@ -2611,7 +2611,7 @@ private gcp.project.dataprocService.cluster.config.lifecycle { // Google Cloud (GCP) Dataproc cluster instance config private gcp.project.dataprocService.cluster.config.instance { - // Internal ID + // Internal ID for this resource id string // Compute Engine accelerators accelerators []dict @@ -2639,7 +2639,7 @@ private gcp.project.dataprocService.cluster.config.instance { // Google Cloud (GCP) Dataproc cluster instance disk config private gcp.project.dataprocService.cluster.config.instance.diskConfig { - // Internal ID + // Internal ID for this resource id string // Size in GB of the boot disk bootDiskSizeGb int @@ -2653,7 +2653,7 @@ private gcp.project.dataprocService.cluster.config.instance.diskConfig { // Google Cloud (GCP) Dataproc cluster status private gcp.project.dataprocService.cluster.status @defaults("state") { - // Internal ID + // Internal ID for this resource id string // Details of the cluster's state detail string @@ -2758,7 +2758,7 @@ private gcp.project.cloudRunService.service @defaults("name") { // Google Cloud (GCP) Run service revision template private gcp.project.cloudRunService.service.revisionTemplate @defaults("name") { - // Internal ID + // Internal ID for this resource id string // Project ID projectId string @@ -2792,7 +2792,7 @@ private gcp.project.cloudRunService.service.revisionTemplate @defaults("name") { // Google Cloud (GCP) Run service revision template container private gcp.project.cloudRunService.container @defaults("name image") { - // Internal ID + // Internal ID for this resource id string // Container name name string @@ -2821,7 +2821,7 @@ private gcp.project.cloudRunService.container @defaults("name image") { // Google Cloud (GCP) Run service revision template container probe private gcp.project.cloudRunService.container.probe { - // Internal ID + // Internal ID for this resource id string // Number of seconds after the container has started before the probe is initiated initialDelaySeconds int @@ -2839,7 +2839,7 @@ private gcp.project.cloudRunService.container.probe { // Google Cloud (GCP) Run condition private gcp.project.cloudRunService.condition @defaults("type state message") { - // Internal ID + // Internal ID for this resource id string // Status of the reconciliation process type string @@ -2903,7 +2903,7 @@ private gcp.project.cloudRunService.job { // Google Cloud (GCP) Run job execution template private gcp.project.cloudRunService.job.executionTemplate { - // Internal ID + // Internal ID for this resource id string // User-defined labels labels map[string]string @@ -2919,7 +2919,7 @@ private gcp.project.cloudRunService.job.executionTemplate { // Google Cloud (GCP) Run job execution template task template private gcp.project.cloudRunService.job.executionTemplate.taskTemplate { - // Internal ID + // Internal ID for this resource id string // Project ID projectId string diff --git a/providers/github/resources/github.lr b/providers/github/resources/github.lr index 7135bf6505..a8b739f717 100644 --- a/providers/github/resources/github.lr +++ b/providers/github/resources/github.lr @@ -462,7 +462,7 @@ private github.file @defaults("name type") { // GitHub release private github.release @defaults("name tagName") { - // Release url + // Release URL url string // Release name name string @@ -488,7 +488,7 @@ private github.webhook @defaults("id name") { url string // List of events for the webhook events []string - // Webhook config + // Webhook configuration including content type, secret, and SSL verification settings config dict // Whether the webhook is active active bool diff --git a/providers/google-workspace/resources/google-workspace.lr b/providers/google-workspace/resources/google-workspace.lr index 92d5a5f431..642b718aa2 100644 --- a/providers/google-workspace/resources/google-workspace.lr +++ b/providers/google-workspace/resources/google-workspace.lr @@ -110,7 +110,7 @@ private googleworkspace.user @defaults("primaryEmail") { isMailboxSetup bool // User's last login time lastLoginTime time - // User's account creation time + // User's account creation time creationTime time // Retrieves latest report for the user usageReport() googleworkspace.report.usage diff --git a/providers/k8s/resources/k8s.lr b/providers/k8s/resources/k8s.lr index 43a357716e..92aeef2fe8 100644 --- a/providers/k8s/resources/k8s.lr +++ b/providers/k8s/resources/k8s.lr @@ -373,7 +373,7 @@ private k8s.container @defaults("name") { workingDir string // Whether this container should allocate a TTY for itself tty bool - // env variables + // Environment variables env dict // envFrom settings envFrom dict @@ -423,7 +423,7 @@ private k8s.initContainer @defaults("name") { workingDir string // Whether this container should allocate a TTY for itself tty bool - // env variables + // Environment variables env dict // envFrom settings envFrom dict @@ -455,7 +455,7 @@ private k8s.ephemeralContainer @defaults("name") { workingDir string // Whether this container should allocate a TTY for itself tty bool - // env variables + // Environment variables env dict // envFrom settings envFrom dict @@ -511,7 +511,7 @@ private k8s.configmap @defaults("namespace name created") { created time // Full resource manifest manifest() dict - // Configuration data + // Key-value pairs containing the configuration data data map[string]string } diff --git a/providers/ms365/resources/ms365.lr b/providers/ms365/resources/ms365.lr index 03bd49495f..6241f5837e 100644 --- a/providers/ms365/resources/ms365.lr +++ b/providers/ms365/resources/ms365.lr @@ -6,7 +6,7 @@ option go_package = "go.mondoo.com/cnquery/v12/providers/ms365/resources" alias microsoft.organization = microsoft.tenant -// Microsoft +// Microsoft 365 services and resources microsoft { // Deprecated: use `microsoft.tenant` instead organizations() []microsoft.tenant @@ -42,7 +42,7 @@ microsoft { microsoft.identityAndAccess.accessReviews { []microsoft.identityAndAccess.accessReviewDefinition init(filter? string) - // filter access review definitions. e.g., "contains(scope/microsoft.graph.accessReviewQueryScope/query, './members')" + // Filter access review definitions, e.g., "contains(scope/microsoft.graph.accessReviewQueryScope/query, './members')" filter string } @@ -129,7 +129,7 @@ microsoft.applications { length() int } -// Microsoft Entra tenant +// Microsoft Entra tenant microsoft.tenant @defaults("name") { // Organization ID id string @@ -234,8 +234,8 @@ microsoft.users { microsoft.identityAndAccess { []microsoft.identityAndAccess.policy init(filter? string) - // filter by scopeId and scopeType - // scopeId eq '/' and scopeType eq 'Directory' + // Filter by scopeId and scopeType + // e.g., "scopeId eq '/' and scopeType eq 'Directory'" filter string // Get the instances of role eligibilities @@ -659,13 +659,13 @@ private microsoft.user @defaults("id displayName userPrincipalName") { userPrincipalName string // User type userType string - // User settings + // User's mailbox and contribution settings settings() dict - // Job information + // User's job title, department, company name, and office location job() dict - // Contact information + // User's business phones, mobile phone, and other contact details contact() dict - // Authentication information + // User's configured authentication methods (passwords, MFA, security keys, etc.) authMethods() microsoft.user.authenticationMethods // Whether MFA is enabled for the user mfaEnabled() bool @@ -1003,7 +1003,7 @@ microsoft.application @defaults("id displayName hasExpiredCredentials") { samlMetadataUrl string // Default redirect URI defaultRedirectUri string - // Certification metadata + // App certification details including compliance status and certifier certification dict // Optional claims optionalClaims dict @@ -1205,9 +1205,9 @@ microsoft.security.riskyUser @defaults("principalName riskLevel riskState lastUp user() microsoft.user // Risk detail riskDetail string - // Risk level + // Risk level (low, medium, high, hidden, none, unknownFutureValue) riskLevel string - // Risk state + // Risk state (none, confirmedSafe, remediated, dismissed, atRisk, confirmedCompromised, unknownFutureValue) riskState string // Risk last updated lastUpdatedAt time @@ -1375,9 +1375,9 @@ private microsoft.policies.crossTenantAccessPolicyDefault @defaults("isServiceDe // Automatic user consent settings for cross-tenant access policy private microsoft.policies.crossTenantAccessPolicyDefault.automaticUserConsentSettings @defaults("inboundAllowed outboundAllowed") { - // if automatic consent for inbound collaboration is enabled. + // Whether automatic consent for inbound collaboration is enabled inboundAllowed bool - // if automatic consent for outbound collaboration is enabled. + // Whether automatic consent for outbound collaboration is enabled outboundAllowed bool } diff --git a/providers/network/resources/network.lr b/providers/network/resources/network.lr index c0ec56db76..829a4743d8 100644 --- a/providers/network/resources/network.lr +++ b/providers/network/resources/network.lr @@ -367,7 +367,7 @@ dns.record @defaults("name type") { class string // DNS type type string - // Resource data + // DNS record response data (IP addresses, hostnames, or other values depending on record type) rdata []string } diff --git a/providers/opcua/resources/opcua.lr b/providers/opcua/resources/opcua.lr index 78700f48e8..1c19bab3c9 100644 --- a/providers/opcua/resources/opcua.lr +++ b/providers/opcua/resources/opcua.lr @@ -24,7 +24,7 @@ opcua.server { currentTime time // Time when the server started startTime time - // Server state + // Server state (e.g., Running, Failed, NoConfiguration, Suspended, Shutdown) state string } diff --git a/providers/os/resources/os.lr b/providers/os/resources/os.lr index dfa45f4a3e..6381a1d3e0 100644 --- a/providers/os/resources/os.lr +++ b/providers/os/resources/os.lr @@ -20,7 +20,7 @@ extend asset { // Common Platform Enumeration (CPE) for the asset cpes() []core.cpe // Advisory & vulnerability report - // Deprecated; will be removed in version 12.0 (use vulnmgmt instead) + // Deprecated; will be removed in version 13.0 (use vulnmgmt instead) vulnerabilityReport() dict // Platform URL in the package URL format (as opposed to the CPE format) purl() string @@ -45,7 +45,7 @@ private mondoo.eol { date() time } -// Deprecated; will be removed in version 12.0 +// Deprecated; will be removed in version 13.0 // Use asset.eol instead. platform.eol @defaults("date") { // Documentation URL @@ -57,8 +57,8 @@ platform.eol @defaults("date") { } platform { - // Deprecated; will be removed in version 12.0 - // use vulnmgmt instead + // Deprecated; will be removed in version 13.0 + // Use vulnmgmt instead vulnerabilityReport() dict } @@ -430,7 +430,7 @@ files.find { []file // Sets the starting point for the search operation from string - // Whether other devices to search + // Whether to search across other devices xdev bool // What types of files to list (directories, files, devices, etc) type string @@ -592,7 +592,7 @@ authorizedkeys.entry @defaults("key") { key string // Key label label string - // Key options + // SSH key options (e.g., command restrictions, source IP limits) options []string // Key file file file @@ -619,7 +619,7 @@ groups { // Package on the platform or OS package @defaults("name version") { // May be initialized with the name only, in which case it will look up - // the package with the given name on the system. + // The package with the given name on the system. init(name string) // Name of the package @@ -757,13 +757,13 @@ auditd.config { // auditd (Linux Audit Daemon) rules aggregated on disk // via /etc/audit/audit.rules by default auditd.rules { - // path to folder to look up rules + // Path to folder to look up rules path() string - // all controls for auditd + // All controls for auditd controls(path) []auditd.rule.control - // all file rules + // All file rules files(path) []auditd.rule.file - // all syscall rules + // All syscall rules syscalls(path) []auditd.rule.syscall } @@ -776,9 +776,9 @@ private auditd.rule {} // eg: -b 8192 => {flag: "-b", value: "8192"} // eg: -D => {flag: "-D", value: nil} private auditd.rule.control @defaults("flag value") { - // the flag used for this control, i.e. the first part of the control including any leading `-` + // The flag used for this control, i.e. the first part of the control including any leading `-` flag string - // the value of the control which may be specified + // The value of the control, which may be specified value string } @@ -786,11 +786,11 @@ private auditd.rule.control @defaults("flag value") { // eg: -w /etc/shadow -p rw -k shadow_access // => {path: "/etc/shadow", permissions: "rw", keyname: "shadow_access"} private auditd.rule.file @defaults("path permissions") { - // the path this rule matches as specified by -w + // The path this rule matches as specified by -w path string - // the permissions specified by this rule via -p + // The permissions specified by this rule via -p permissions string - // the key name for related rules as specified by -k + // The key name for related rules as specified by -k keyname string } @@ -808,17 +808,17 @@ private auditd.rule.file @defaults("path permissions") { // keyname: nil, // } private auditd.rule.syscall @defaults("action list") { - // the action specified by -a + // The action specified by -a action string - // the list, the second value specified by -a + // The list, the second value specified by -a list string - // the list of syscalls that this rule matches specified by -S + // The list of syscalls that this rule matches, specified by -S syscalls []string - // all field entries as raw values as specified by -F + // All field entries as raw values, as specified by -F fields []dict - // all inter-field comparisons as specified by -C + // All inter-field comparisons as specified by -C comparisons []dict - // the key name for related rules as specified by -k + // The key name for related rules as specified by -k keyname string } @@ -859,7 +859,7 @@ service @defaults("name running enabled type") { running bool // Whether the service is enabled (start at boot) enabled bool - // Type information + // Service type (e.g., simple, forking, oneshot, notify) type string // Whether the service is masked masked bool @@ -1038,7 +1038,7 @@ docker.container @defaults("names.first status"){ imageid string // Container names names []string - // Container state + // Container state (e.g., created, running, paused, restarting, exited, dead) state string // Status message status string @@ -1587,7 +1587,7 @@ npm.packages { // Files used to determine the packages files() []pkgFileInfo - // scripts defined in package json + // Scripts defined in package.json scripts() map[string]string } @@ -1660,7 +1660,7 @@ macos.alf { globalState int // Whether alf.log is used loggingEnabled int - // Logging flags + // Logging option flags (0=disabled, 1=detail, 2=brief, 3=throttled) loggingOption int // Whether the firewall service is in stealth mode stealthEnabled int @@ -2039,19 +2039,19 @@ private windows.security.product { // Health of the Windows security provider windows.security.health { - // Firewall information + // Windows Firewall status and configuration firewall dict - // Automatic update information + // Windows Update automatic update settings autoUpdate dict - // Antivirus information + // Installed antivirus software status and details antiVirus dict - // Spyware information + // Anti-spyware protection status and details antiSpyware dict // Internet settings information internetSettings dict - // User account control information + // User Account Control (UAC) configuration uac dict - // Security Center service information + // Windows Security Center service status securityCenterService dict } @@ -2123,11 +2123,11 @@ private networkInterface @defaults("name mac active") { // Collection of routing table entries on the system. private networkRoutes { []networkRoute - // default routes found on the machine + // Default routes found on the machine defaults() []networkRoute } -// information on the network routes +// Network route information private networkRoute @defaults("destination flags"){ // Destination network or destination subnet for this route destination string diff --git a/providers/terraform/resources/terraform.lr b/providers/terraform/resources/terraform.lr index c2f6dd1c80..7bcee73dd1 100644 --- a/providers/terraform/resources/terraform.lr +++ b/providers/terraform/resources/terraform.lr @@ -82,7 +82,7 @@ terraform.module @defaults("key source") { source string // Module version version string - // Path to the directory where the module is stored + // Path to the directory where the module is stored dir string // Block (including the configuration) diff --git a/providers/vsphere/resources/vsphere.lr b/providers/vsphere/resources/vsphere.lr index 9d3a43eae6..f233daa7c3 100644 --- a/providers/vsphere/resources/vsphere.lr +++ b/providers/vsphere/resources/vsphere.lr @@ -11,8 +11,8 @@ extend asset { // Common Platform Enumeration (CPE) for the asset cpes() []core.cpe // Advisory & vulnerability report - // Will be deprecated in version 12.0; Full advisory & vulnerability report - // use vulnmgmt instead + // Deprecated: will be removed in version 13.0; Full advisory & vulnerability report + // Use vulnmgmt instead vulnerabilityReport() dict } @@ -281,7 +281,7 @@ private esxi.vib @defaults("id name") { id string // Bundle name name string - // Acceptance level + // Acceptance level (VMwareCertified, VMwareAccepted, PartnerSupported, CommunitySupported) acceptanceLevel string // Creation date creationDate time From e8e1b7942514386aa988a4b8e2fb7d2706867243 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 4 Feb 2026 18:11:47 +0000 Subject: [PATCH 2/2] Initial plan