-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathManagedContainers.qll
More file actions
167 lines (113 loc) · 5.35 KB
/
ManagedContainers.qll
File metadata and controls
167 lines (113 loc) · 5.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
private import bicep
private import codeql.bicep.Concepts
module ManagedContainers {
/**
* Represents a Microsoft.ContainerService/managedClusters resource (AKS) in a Bicep file.
* See: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters
*/
class ManagedContainerResource extends Resource {
/**
* Constructs a ManagedContainerResource for Microsoft.ContainerService/managedClusters resources.
*/
ManagedContainerResource() {
this.getResourceType().regexpMatch("^Microsoft.ContainerService/managedClusters@.*")
}
/**
* Returns the properties object for the AKS resource.
*/
ManagedContainerProperties::Properties getProperties() {
result = this.getProperty("properties")
}
/**
* Returns the kubernetesVersion property.
*/
StringLiteral getKubernetesVersion() { result = this.getProperties().getKubernetesVersion() }
/**
* Returns the dnsPrefix property.
*/
StringLiteral getDnsPrefix() { result = this.getProperties().getDnsPrefix() }
/**
* Returns the agentPoolProfiles property.
*/
ManagedContainerProperties::AgentPoolProfiles getAgentPoolProfiles() {
result = this.getProperties().getAgentPoolProfiles()
}
/**
* Returns the networkProfile property.
*/
Network::NetworkProfile getNetworkProfile() {
result = this.getProperties().getNetworkProfile()
}
override string toString() { result = "ManagedContainerResource" }
}
module ManagedContainerProperties {
/**
* Represents the properties object for a Kubernetes (AKS) resource.
*/
class Properties extends Object {
private ManagedContainerResource resource;
Properties() { this = resource.getProperty("properties") }
ManagedContainerResource getManagedContainerResource() { result = resource }
StringLiteral getKubernetesVersion() { result = this.getProperty("kubernetesVersion") }
StringLiteral getDnsPrefix() { result = this.getProperty("dnsPrefix") }
AgentPoolProfiles getAgentPoolProfiles() {
result = this.getProperty("agentPoolProfiles").(Array).getElements()
}
Network::NetworkProfile getNetworkProfile() { result = this.getProperty("networkProfile") }
ApiServerAccessProfile getApiServerAccessProfile() {
result = this.getProperty("apiServerAccessProfile")
}
AddonProfiles getAddonProfiles() { result = this.getProperty("addonProfiles") }
Expr getIdentity() { result = this.getProperty("identity") }
Expr getLinuxProfile() { result = this.getProperty("linuxProfile") }
Expr getWindowsProfile() { result = this.getProperty("windowsProfile") }
Expr getServicePrincipalProfile() { result = this.getProperty("servicePrincipalProfile") }
Expr getAadProfile() { result = this.getProperty("aadProfile") }
Expr getAutoScalerProfile() { result = this.getProperty("autoScalerProfile") }
Expr getHttpProxyConfig() { result = this.getProperty("httpProxyConfig") }
Expr getPodIdentityProfile() { result = this.getProperty("podIdentityProfile") }
Expr getWorkloadAutoScalerProfile() { result = this.getProperty("workloadAutoScalerProfile") }
Expr getStorageProfile() { result = this.getProperty("storageProfile") }
Sku getSku() { result = this.getProperty("sku") }
Tags getTags() { result = this.getProperty("tags") }
string toString() { result = "ManagedContainerProperties" }
}
class AgentPoolProfiles extends Object {
private Properties properties;
AgentPoolProfiles() {
this = properties.getProperty("agentPoolProfiles").(Array).getElements()
}
StringLiteral getName() { result = this.getProperty("name") }
StringLiteral getVmSize() { result = this.getProperty("vmSize") }
Expr getCount() { result = this.getProperty("count") }
Expr getOsType() { result = this.getProperty("osType") }
Expr getMode() { result = this.getProperty("mode") }
string toString() { result = "AgentPoolProfiles" }
}
class ApiServerAccessProfile extends Object {
private Properties properties;
ApiServerAccessProfile() { this = properties.getProperty("apiServerAccessProfile") }
StringLiteral getEnablePrivateCluster() { result = this.getProperty("enablePrivateCluster") }
StringLiteral getPrivateDnsZone() { result = this.getProperty("privateDnsZone") }
string toString() { result = "ApiServerAccessProfile" }
}
class AddonProfiles extends Object {
private Properties properties;
AddonProfiles() { this = properties.getProperty("addonProfiles") }
AddonKubeDashboard getKubeDashboard() { result = this.getProperty("kubeDashboard") }
string toString() { result = "AddonProfiles" }
}
class AddonKubeDashboard extends Object {
private AddonProfiles profiles;
AddonKubeDashboard() { this = profiles.getProperty("kubeDashboard") }
Boolean getEnabled() { result = this.getProperty("enabled") }
string toString() { result = "AddonKubeDashboard" }
}
class AddonAzurePolicy extends Object {
private AddonProfiles profiles;
AddonAzurePolicy() { this = profiles.getProperty("azurePolicy") }
Boolean getEnabled() { result = this.getProperty("enabled") }
string toString() { result = "AddonAzurePolicy" }
}
}
}