mondoohq · preslavgerchev · Mar 20, 2026 · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026
diff --git a/providers/aws/resources/discovery.go b/providers/aws/resources/discovery.go
@@ -4,6 +4,8 @@
 package resources
 
 import (
+	"slices"
+
 	"github.com/aws/aws-sdk-go-v2/aws/arn"
 	"github.com/rs/zerolog/log"
 	"go.mondoo.com/mql/v13/llx"
@@ -20,7 +22,7 @@ const (
 	DiscoveryECR          = "ecr"
 	DiscoveryECS          = "ecs"
 
-	DiscoveryAll  = "all"  // resources, accounts, instances, ecr, ecs, everything
+	DiscoveryAll  = "all"  // all discovery targets
 	DiscoveryAuto = "auto" // account + resources
 
 	// API scan
@@ -59,18 +61,6 @@ const (
 	DiscoveryCloudfrontDistributions    = "cloudfront-distributions"
 )
 
-var All = []string{
-	DiscoveryAccounts,
-	DiscoveryInstances,
-	DiscoverySSMInstances,
-	DiscoveryECR,
-	DiscoveryECS,
-}
-
-func allDiscovery() []string {
-	return append(All, AllAPIResources...)
-}
-
 var Auto = []string{
 	DiscoveryAccounts,
 	DiscoveryS3Buckets,
@@ -134,6 +124,16 @@ var AllAPIResources = []string{
 	DiscoveryCloudfrontDistributions,
 }
 
+// All includes every discovery target: Auto plus OS-level instance discovery,
+// SSM instances, ECR, and ECS.
+var All = append(
+	slices.Clone(Auto),
+	DiscoveryInstances,
+	DiscoverySSMInstances,
+	DiscoveryECR,
+	DiscoveryECS,
+)
+
 func Discover(runtime *plugin.Runtime) (*inventory.Inventory, error) {
 	conn := runtime.Connection.(*connection.AwsConnection)
 	in := &inventory.Inventory{Spec: &inventory.InventorySpec{
@@ -163,8 +163,8 @@ func getDiscoveryTargets(config *inventory.Config) []string {
 	targets := config.GetDiscover().GetTargets()
 
 	if stringx.Contains(targets, DiscoveryAll) {
-		// return the All list + All Api Resources list
-		return allDiscovery()
+		// return all discovery targets
+		return All
 	}
 
 	// the targets we return.

diff --git a/providers/aws/resources/discovery_test.go b/providers/aws/resources/discovery_test.go
@@ -13,6 +13,76 @@ import (
 	"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"
 )
 
+func TestAllResolvedResources(t *testing.T) {
+	expected := []string{
+		DiscoveryAccounts,
+		DiscoveryS3Buckets,
+		DiscoveryEKSClusters,
+		DiscoveryCloudtrailTrails,
+		DiscoveryRdsDbInstances,
+		DiscoveryRdsDbClusters,
+		DiscoveryVPCs,
+		DiscoverySecurityGroups,
+		DiscoveryIAMUsers,
+		DiscoveryIAMGroups,
+		DiscoveryCloudwatchLoggroups,
+		DiscoveryLambdaFunctions,
+		DiscoveryDynamoDBTables,
+		DiscoveryDynamoDBGlobalTables,
+		DiscoveryRedshiftClusters,
+		DiscoveryVolumes,
+		DiscoverySnapshots,
+		DiscoveryEFSFilesystems,
+		DiscoveryAPIGatewayRestAPIs,
+		DiscoveryELBLoadBalancers,
+		DiscoveryESDomains,
+		DiscoveryOpenSearchDomains,
+		DiscoveryKMSKeys,
+		DiscoverySagemakerNotebookInstances,
+		DiscoverySecretsManagerSecrets,
+		DiscoveryElasticacheClusters,
+		DiscoveryCloudfrontDistributions,
+		DiscoveryInstances,
+		DiscoverySSMInstances,
+		DiscoveryECR,
+		DiscoveryECS,
+	}
+	require.ElementsMatch(t, expected, All)
+}
+
+func TestAutoResolvedResources(t *testing.T) {
+	expected := []string{
+		DiscoveryAccounts,
+		DiscoveryS3Buckets,
+		DiscoveryEKSClusters,
+		DiscoveryCloudtrailTrails,
+		DiscoveryRdsDbInstances,
+		DiscoveryRdsDbClusters,
+		DiscoveryVPCs,
+		DiscoverySecurityGroups,
+		DiscoveryIAMUsers,
+		DiscoveryIAMGroups,
+		DiscoveryCloudwatchLoggroups,
+		DiscoveryLambdaFunctions,
+		DiscoveryDynamoDBTables,
+		DiscoveryDynamoDBGlobalTables,
+		DiscoveryRedshiftClusters,
+		DiscoveryVolumes,
+		DiscoverySnapshots,
+		DiscoveryEFSFilesystems,
+		DiscoveryAPIGatewayRestAPIs,
+		DiscoveryELBLoadBalancers,
+		DiscoveryESDomains,
+		DiscoveryOpenSearchDomains,
+		DiscoveryKMSKeys,
+		DiscoverySagemakerNotebookInstances,
+		DiscoverySecretsManagerSecrets,
+		DiscoveryElasticacheClusters,
+		DiscoveryCloudfrontDistributions,
+	}
+	require.ElementsMatch(t, expected, Auto)
+}
+
 func TestAddConnInfoToEc2Instances(t *testing.T) {
 	info := instanceInfo{}
 	a := &inventory.Asset{}
@@ -278,7 +348,7 @@ func TestDiscoveryAndFilterPropagation(t *testing.T) {
 		}{
 			{"empty returns empty (ParseCLI sets default)", []string{}, []string{}},
 			{"auto keyword", []string{"auto"}, Auto},
-			{"all keyword", []string{"all"}, allDiscovery()},
+			{"all keyword", []string{"all"}, All},
 			{"resources keyword", []string{"resources"}, AllAPIResources},
 			{"explicit single", []string{"s3-buckets"}, []string{DiscoveryS3Buckets}},
 			{
@@ -287,7 +357,7 @@ func TestDiscoveryAndFilterPropagation(t *testing.T) {
 				[]string{DiscoveryS3Buckets, DiscoveryInstances, DiscoveryIAMUsers},
 			},
 			{"auto takes precedence", []string{"auto", "s3-buckets"}, Auto},
-			{"all takes precedence", []string{"all", "s3-buckets"}, allDiscovery()},
+			{"all takes precedence", []string{"all", "s3-buckets"}, All},
 		}
 
 		for _, tc := range cases {
@@ -392,7 +462,7 @@ func TestGetDiscoveryTargets(t *testing.T) {
 		{
 			name:    "all",
 			targets: []string{"all"},
-			want:    allDiscovery(),
+			want:    All,
 		},
 		{
 			name:    "auto",
@@ -412,12 +482,12 @@ func TestGetDiscoveryTargets(t *testing.T) {
 		{
 			name:    "all and resources",
 			targets: []string{"all", "resources"},
-			want:    allDiscovery(),
+			want:    All,
 		},
 		{
 			name:    "all, auto and resources",
 			targets: []string{"all", "resources"},
-			want:    allDiscovery(),
+			want:    All,
 		},
 		{
 			name:    "random",

diff --git a/providers/azure/resources/discovery.go b/providers/azure/resources/discovery.go
@@ -48,11 +48,6 @@ const (
 	DiscoveryVirtualNetworks         = "virtual-networks"
 )
 
-var All = []string{
-	DiscoverySubscriptions,
-	DiscoveryInstances,
-}
-
 // Auto includes all API resources except storage containers (which require
 // additional permissions and can be very numerous). Defined in terms of
 // AllAPIResources so the two lists don't drift apart.
@@ -63,9 +58,13 @@ var Auto = append(
 	})...,
 )
 
-func allDiscovery() []string {
-	return append(All, AllAPIResources...)
-}
+// All includes every discovery target: Auto plus OS-level instance discovery
+// and storage containers.
+var All = append(
+	slices.Clone(Auto),
+	DiscoveryInstances,
+	DiscoveryStorageContainers,
+)
 
 var AllAPIResources = []string{
 	DiscoveryInstancesApi,
@@ -121,8 +120,8 @@ func getDiscoveryTargets(config *inventory.Config) []string {
 		return Auto
 	}
 	if stringx.ContainsAnyOf(targets, DiscoveryAll) {
-		// return the All list + All Api Resources list
-		return allDiscovery()
+		// return all discovery targets
+		return All
 	}
 	if stringx.ContainsAnyOf(targets, DiscoveryAuto) {
 		for i, target := range targets {

diff --git a/providers/azure/resources/discovery_test.go b/providers/azure/resources/discovery_test.go
@@ -4,40 +4,106 @@
 package resources
 
 import (
-	"sort"
+	"slices"
 	"testing"
 
 	"github.com/stretchr/testify/require"
 	"go.mondoo.com/mql/v13/providers-sdk/v1/inventory"
 )
 
-func TestGetDiscoveryTargets(t *testing.T) {
-	config := &inventory.Config{
-		Discover: &inventory.Discovery{
-			Targets: []string{},
-		},
+func TestAllResolvedResources(t *testing.T) {
+	expected := []string{
+		DiscoverySubscriptions,
+		DiscoveryInstancesApi,
+		DiscoverySqlServers,
+		DiscoveryPostgresServers,
+		DiscoveryPostgresFlexibleServers,
+		DiscoveryMySqlServers,
+		DiscoveryMySqlFlexibleServers,
+		DiscoveryAksClusters,
+		DiscoveryAppServiceApps,
+		DiscoveryCacheRedis,
+		DiscoveryBatchAccounts,
+		DiscoveryStorageAccounts,
+		DiscoveryKeyVaults,
+		DiscoverySecurityGroups,
+		DiscoveryCosmosDb,
+		DiscoveryVirtualNetworks,
+		DiscoveryInstances,
+		DiscoveryStorageContainers,
 	}
-	// test all with other stuff
-	config.Discover.Targets = []string{"all", "projects", "instances"}
-	require.Equal(t, allDiscovery(), getDiscoveryTargets(config))
-
-	// test just all
-	config.Discover.Targets = []string{"all"}
-	require.Equal(t, allDiscovery(), getDiscoveryTargets(config))
+	require.ElementsMatch(t, expected, All)
+}
 
-	// test auto with other stuff
-	config.Discover.Targets = []string{"auto", "postgres-servers", "keyvaults-vaults"}
-	res := append(Auto, []string{DiscoveryPostgresServers, DiscoveryKeyVaults}...)
-	sort.Strings(res)
-	targets := getDiscoveryTargets(config)
-	sort.Strings(targets)
-	require.Equal(t, res, targets)
+func TestAutoResolvedResources(t *testing.T) {
+	expected := []string{
+		DiscoverySubscriptions,
+		DiscoveryInstancesApi,
+		DiscoverySqlServers,
+		DiscoveryPostgresServers,
+		DiscoveryPostgresFlexibleServers,
+		DiscoveryMySqlServers,
+		DiscoveryMySqlFlexibleServers,
+		DiscoveryAksClusters,
+		DiscoveryAppServiceApps,
+		DiscoveryCacheRedis,
+		DiscoveryBatchAccounts,
+		DiscoveryStorageAccounts,
+		DiscoveryKeyVaults,
+		DiscoverySecurityGroups,
+		DiscoveryCosmosDb,
+		DiscoveryVirtualNetworks,
+	}
+	require.ElementsMatch(t, expected, Auto)
+}
 
-	// test just auto
-	config.Discover.Targets = []string{"auto"}
-	require.Equal(t, Auto, getDiscoveryTargets(config))
+func TestGetDiscoveryTargets(t *testing.T) {
+	cases := []struct {
+		name    string
+		targets []string
+		want    []string
+	}{
+		{
+			name:    "empty defaults to Auto",
+			targets: []string{},
+			want:    Auto,
+		},
+		{
+			name:    "all",
+			targets: []string{"all"},
+			want:    All,
+		},
+		{
+			name:    "all with extras",
+			targets: []string{"all", "projects", "instances"},
+			want:    All,
+		},
+		{
+			name:    "auto",
+			targets: []string{"auto"},
+			want:    Auto,
+		},
+		{
+			name:    "auto with extras",
+			targets: []string{"auto", "postgres-servers", "keyvaults-vaults"},
+			want:    append(slices.Clone(Auto), DiscoveryPostgresServers, DiscoveryKeyVaults),
+		},
+		{
+			name:    "explicit targets",
+			targets: []string{"postgres-servers", "keyvaults-vaults", "instances"},
+			want:    []string{DiscoveryPostgresServers, DiscoveryKeyVaults, DiscoveryInstances},
+		},
+	}
 
-	// test random
-	config.Discover.Targets = []string{"postgres-servers", "keyvaults-vaults", "instances"}
-	require.Equal(t, []string{DiscoveryPostgresServers, DiscoveryKeyVaults, DiscoveryInstances}, getDiscoveryTargets(config))
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			config := &inventory.Config{
+				Discover: &inventory.Discovery{
+					Targets: tc.targets,
+				},
+			}
+			got := getDiscoveryTargets(config)
+			require.ElementsMatch(t, tc.want, got)
+		})
+	}
 }
diff --git a/providers/gcp/resources/discovery.go b/providers/gcp/resources/discovery.go
@@ -60,15 +60,8 @@ const (
 	DiscoverIamServiceAccounts      = "iam-service-accounts"
 )
 
-var All = []string{
-	DiscoveryOrganization,
-	DiscoveryFolders,
-	DiscoveryProjects,
-}
-
-func allDiscovery() []string {
-	return append(All, AllAPIResources...)
-}
+// All includes every discovery target: Auto covers all of them for GCP.
+var All = slices.Clone(Auto)
 
 var Auto = []string{
 	DiscoveryOrganization,
@@ -142,8 +135,8 @@ func getDiscoveryTargets(config *inventory.Config) []string {
 	}
 
 	if stringx.ContainsAnyOf(targets, DiscoveryAll) {
-		// return the All list + All Api Resources list
-		return allDiscovery()
+		// return all discovery targets
+		return All
 	}
 	if stringx.ContainsAnyOf(targets, DiscoveryAuto) {
 		for i, target := range targets {