diff --git a/cmd/list-automation-account-role-assignments.go b/cmd/list-automation-account-role-assignments.go
index a33dcd5..44e4bf5 100644
--- a/cmd/list-automation-account-role-assignments.go
+++ b/cmd/list-automation-account-role-assignments.go
@@ -127,7 +127,7 @@ func listAutomationAccountRoleAssignments(ctx context.Context, client client.Azu
go func() {
wg.Wait()
close(out)
- log.Info("finished listing all automation account owners")
+ log.Info("finished listing all automation account role assignments")
}()
return out
diff --git a/cmd/list-function-app-role-assignments.go b/cmd/list-function-app-role-assignments.go
index 408df91..96614ef 100644
--- a/cmd/list-function-app-role-assignments.go
+++ b/cmd/list-function-app-role-assignments.go
@@ -119,7 +119,7 @@ func listFunctionAppRoleAssignments(ctx context.Context, client client.AzureClie
Data: functionAppRoleAssignments,
},
}
- log.V(1).Info("finished listing function app owners", "functionAppId", id, "count", count)
+ log.V(1).Info("finished listing function app role assignments", "functionAppId", id, "count", count)
}
}()
}
@@ -127,7 +127,7 @@ func listFunctionAppRoleAssignments(ctx context.Context, client client.AzureClie
go func() {
wg.Wait()
close(out)
- log.Info("finished listing all function app owners")
+ log.Info("finished listing all function app role assignments")
}()
return out
diff --git a/cmd/list-storage-account-role-assignments.go b/cmd/list-storage-account-role-assignments.go
index b6ec9a1..90b8e64 100644
--- a/cmd/list-storage-account-role-assignments.go
+++ b/cmd/list-storage-account-role-assignments.go
@@ -27,7 +27,6 @@ import (
"time"
"github.com/bloodhoundad/azurehound/client"
- "github.com/bloodhoundad/azurehound/constants"
"github.com/bloodhoundad/azurehound/enums"
"github.com/bloodhoundad/azurehound/models"
"github.com/bloodhoundad/azurehound/pipeline"
@@ -93,20 +92,8 @@ func listStorageAccountRoleAssignments(ctx context.Context, client client.AzureC
defer wg.Done()
for id := range stream {
var (
- storageAccountOwners = models.StorageAccountOwners{
- StorageAccountId: id.(string),
- }
- storageAccountContributors = models.StorageAccountContributors{
- StorageAccountId: id.(string),
- }
- storageAccountDataReaders = models.StorageAccountDataReaders{
- StorageAccountId: id.(string),
- }
- storageAccountKeyOperators = models.StorageAccountKeyOperators{
- StorageAccountId: id.(string),
- }
- storageAccountUserAccessAdmins = models.StorageAccountUserAccessAdmins{
- StorageAccountId: id.(string),
+ storageAccountRoleAssignments = models.AzureRoleAssignments{
+ ObjectId: id.(string),
}
count = 0
)
@@ -116,80 +103,23 @@ func listStorageAccountRoleAssignments(ctx context.Context, client client.AzureC
} else {
roleDefinitionId := path.Base(item.Ok.Properties.RoleDefinitionId)
- if roleDefinitionId == constants.OwnerRoleID {
- storageAccountOwner := models.StorageAccountOwner{
- Owner: item.Ok,
- StorageAccountId: item.ParentId,
- }
- log.V(2).Info("found storage account owner", "storageAccountOwner", storageAccountOwner)
- count++
- storageAccountOwners.Owners = append(storageAccountOwners.Owners, storageAccountOwner)
- } else if (roleDefinitionId == constants.ContributorRoleID) ||
- (roleDefinitionId == constants.StorageAccountContributorRoleID) ||
- (roleDefinitionId == constants.StorageBlobDataContributorRoleID) ||
- (roleDefinitionId == constants.StorageQueueDataContributorRoleID) ||
- (roleDefinitionId == constants.StorageBlobDataOwnerRoleID) {
- storageAccountContributor := models.StorageAccountContributor{
- Contributor: item.Ok,
- StorageAccountId: item.ParentId,
- }
- log.V(2).Info("found storage account contributor", "storageAccountContributor", storageAccountContributor)
- count++
- storageAccountContributors.Contributors = append(storageAccountContributors.Contributors, storageAccountContributor)
- } else if (roleDefinitionId == constants.ReaderandDataAccessRoleID) ||
- (roleDefinitionId == constants.StorageBlobDataReaderRoleID) ||
- (roleDefinitionId == constants.StorageQueueDataMessageProcessorRoleID) ||
- (roleDefinitionId == constants.StorageQueueDataReaderRoleID) ||
- (roleDefinitionId == constants.StorageTableDataReaderRoleID) {
- storageAccountDataReader := models.StorageAccountDataReader{
- DataReader: item.Ok,
- StorageAccountId: item.ParentId,
- }
- log.V(2).Info("found storage account data-reader", "storageAccountDataReader", storageAccountDataReader)
- count++
- storageAccountDataReaders.DataReaders = append(storageAccountDataReaders.DataReaders, storageAccountDataReader)
- } else if roleDefinitionId == constants.StorageAccountKeyOperatorServiceRoleID {
- storageAccountKeyOperator := models.StorageAccountKeyOperator{
- KeyOperator: item.Ok,
- StorageAccountId: item.ParentId,
- }
- log.V(2).Info("found storage account data-reader", "storageAccountKeyOperator", storageAccountKeyOperator)
- count++
- storageAccountKeyOperators.KeyOperators = append(storageAccountKeyOperators.KeyOperators, storageAccountKeyOperator)
- } else if roleDefinitionId == constants.UserAccessAdminRoleID {
- storageAccountUserAccessAdmin := models.StorageAccountUserAccessAdmin{
- UserAccessAdmin: item.Ok,
- StorageAccountId: item.ParentId,
- }
- log.V(2).Info("found storage account user access admin", "storageAccountUserAccessAdmin", storageAccountUserAccessAdmin)
- count++
- storageAccountUserAccessAdmins.UserAccessAdmins = append(storageAccountUserAccessAdmins.UserAccessAdmins, storageAccountUserAccessAdmin)
+ storageAccountRoleAssignment := models.AzureRoleAssignment{
+ Assignee: item.Ok,
+ ObjectId: item.ParentId,
+ RoleDefinitionId: roleDefinitionId,
}
+ log.V(2).Info("found storage account role assignment", "storageAccountRoleAssignment", storageAccountRoleAssignment)
+ count++
+ storageAccountRoleAssignments.RoleAssignments = append(storageAccountRoleAssignments.RoleAssignments, storageAccountRoleAssignment)
}
}
out <- []AzureWrapper{
{
- Kind: enums.KindAZStorageAccountOwner,
- Data: storageAccountOwners,
- },
- {
- Kind: enums.KindAZStorageAccountContributor,
- Data: storageAccountContributors,
- },
- {
- Kind: enums.KindAZStorageAccountDataReader,
- Data: storageAccountDataReaders,
- },
- {
- Kind: enums.KindAZStorageAccountKeyOperator,
- Data: storageAccountKeyOperators,
- },
- {
- Kind: enums.KindAZStorageAccountUserAccessAdmin,
- Data: storageAccountUserAccessAdmins,
+ Kind: enums.KindAZStorageAccountRoleAssignment,
+ Data: storageAccountRoleAssignments,
},
}
- log.V(1).Info("finished listing storage account owners", "storageAccountId", id, "count", count)
+ log.V(1).Info("finished listing storage account role assignments", "storageAccountId", id, "count", count)
}
}()
}
@@ -197,7 +127,7 @@ func listStorageAccountRoleAssignments(ctx context.Context, client client.AzureC
go func() {
wg.Wait()
close(out)
- log.Info("finished listing all storage account owners")
+ log.Info("finished listing all storage account role assignments")
}()
return out
diff --git a/enums/kind.go b/enums/kind.go
index 7ef17ce..69845e4 100644
--- a/enums/kind.go
+++ b/enums/kind.go
@@ -59,11 +59,7 @@ const (
KindAZVMVMContributor Kind = "AZVMVMContributor"
KindAZAppRoleAssignment Kind = "AZAppRoleAssignment"
KindAZStorageAccount Kind = "AZStorageAccount"
- KindAZStorageAccountContributor Kind = "AZSAContributor"
- KindAZStorageAccountOwner Kind = "AZSAOwner"
- KindAZStorageAccountDataReader Kind = "AZSADataReader"
- KindAZStorageAccountKeyOperator Kind = "AZSAKeyOperator"
- KindAZStorageAccountUserAccessAdmin Kind = "AZSAUserAccessAdmin"
+ KindAZStorageAccountRoleAssignment Kind = "AZStorageAccountRoleAssignment"
KindAZStorageContainer Kind = "AZStorageContainer"
KindAZAutomationAccount Kind = "AZAutomationAccount"
KindAZAutomationAccountRoleAssignment Kind = "AZAutomationAccountRoleAssignment"
diff --git a/models/storage-account-contributor.go b/models/storage-account-contributor.go
deleted file mode 100644
index 67a102c..0000000
--- a/models/storage-account-contributor.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2022 Specter Ops, Inc.
-//
-// This file is part of AzureHound.
-//
-// AzureHound is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// AzureHound is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see .
-
-package models
-
-import "github.com/bloodhoundad/azurehound/models/azure"
-
-type StorageAccountContributor struct {
- Contributor azure.RoleAssignment `json:"contributor"`
- StorageAccountId string `json:"storageAccountId"`
-}
-
-type StorageAccountContributors struct {
- Contributors []StorageAccountContributor `json:"contributors"`
- StorageAccountId string `json:"storageAccountId"`
-}
diff --git a/models/storage-account-data-reader.go b/models/storage-account-data-reader.go
deleted file mode 100644
index 0848fa2..0000000
--- a/models/storage-account-data-reader.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2022 Specter Ops, Inc.
-//
-// This file is part of AzureHound.
-//
-// AzureHound is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// AzureHound is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see .
-
-package models
-
-import "github.com/bloodhoundad/azurehound/models/azure"
-
-type StorageAccountDataReader struct {
- DataReader azure.RoleAssignment `json:"dataReader"`
- StorageAccountId string `json:"storageAccountId"`
-}
-
-type StorageAccountDataReaders struct {
- DataReaders []StorageAccountDataReader `json:"dataReaders"`
- StorageAccountId string `json:"storageAccountId"`
-}
diff --git a/models/storage-account-key-operator.go b/models/storage-account-key-operator.go
deleted file mode 100644
index 0ccd6e4..0000000
--- a/models/storage-account-key-operator.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2022 Specter Ops, Inc.
-//
-// This file is part of AzureHound.
-//
-// AzureHound is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// AzureHound is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see .
-
-package models
-
-import "github.com/bloodhoundad/azurehound/models/azure"
-
-type StorageAccountKeyOperator struct {
- KeyOperator azure.RoleAssignment `json:"keyOperator"`
- StorageAccountId string `json:"storageAccountId"`
-}
-
-type StorageAccountKeyOperators struct {
- KeyOperators []StorageAccountKeyOperator `json:"keyOperators"`
- StorageAccountId string `json:"storageAccountId"`
-}
diff --git a/models/storage-account-owner.go b/models/storage-account-owner.go
deleted file mode 100644
index c0320d6..0000000
--- a/models/storage-account-owner.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2022 Specter Ops, Inc.
-//
-// This file is part of AzureHound.
-//
-// AzureHound is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// AzureHound is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see .
-
-package models
-
-import "github.com/bloodhoundad/azurehound/models/azure"
-
-type StorageAccountOwner struct {
- Owner azure.RoleAssignment `json:"owner"`
- StorageAccountId string `json:"storageAccountId"`
-}
-
-type StorageAccountOwners struct {
- Owners []StorageAccountOwner `json:"owners"`
- StorageAccountId string `json:"storageAccountId"`
-}
diff --git a/models/storage-account-user-access-admin.go b/models/storage-account-user-access-admin.go
deleted file mode 100644
index f72c4fb..0000000
--- a/models/storage-account-user-access-admin.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2022 Specter Ops, Inc.
-//
-// This file is part of AzureHound.
-//
-// AzureHound is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// AzureHound is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see .
-
-package models
-
-import "github.com/bloodhoundad/azurehound/models/azure"
-
-type StorageAccountUserAccessAdmin struct {
- UserAccessAdmin azure.RoleAssignment `json:"userAccessAdmin"`
- StorageAccountId string `json:"storageAccountId"`
-}
-
-type StorageAccountUserAccessAdmins struct {
- UserAccessAdmins []StorageAccountUserAccessAdmin `json:"userAccessAdmins"`
- StorageAccountId string `json:"storageAccountId"`
-}
diff --git a/models/storage-container-contributor.go b/models/storage-container-contributor.go
deleted file mode 100644
index fd82ce7..0000000
--- a/models/storage-container-contributor.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2022 Specter Ops, Inc.
-//
-// This file is part of AzureHound.
-//
-// AzureHound is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// AzureHound is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see .
-
-package models
-
-import "github.com/bloodhoundad/azurehound/models/azure"
-
-type StorageContainerContributor struct {
- Contributor azure.RoleAssignment `json:"contributor"`
- StorageContainerId string `json:"storageContainerId"`
-}
-
-type StorageContainerContributors struct {
- Contributors []StorageContainerContributor `json:"contributors"`
- StorageContainerId string `json:"storageContainerId"`
-}
diff --git a/models/storage-container-data-reader.go b/models/storage-container-data-reader.go
deleted file mode 100644
index 7e09841..0000000
--- a/models/storage-container-data-reader.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2022 Specter Ops, Inc.
-//
-// This file is part of AzureHound.
-//
-// AzureHound is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// AzureHound is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see .
-
-package models
-
-import "github.com/bloodhoundad/azurehound/models/azure"
-
-type StorageContainerDataReader struct {
- DataReader azure.RoleAssignment `json:"dataReader"`
- StorageContainerId string `json:"storageContainerId"`
-}
-
-type StorageContainerDataReaders struct {
- DataReaders []StorageContainerDataReader `json:"dataReaders"`
- StorageContainerId string `json:"storageContainerId"`
-}
diff --git a/models/storage-container-owner.go b/models/storage-container-owner.go
deleted file mode 100644
index 5b0b828..0000000
--- a/models/storage-container-owner.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2022 Specter Ops, Inc.
-//
-// This file is part of AzureHound.
-//
-// AzureHound is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// AzureHound is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see .
-
-package models
-
-import "github.com/bloodhoundad/azurehound/models/azure"
-
-type StorageContainerOwner struct {
- Owner azure.RoleAssignment `json:"owner"`
- StorageContainerId string `json:"storageContainerId"`
-}
-
-type StorageContainerOwners struct {
- Owners []StorageContainerOwner `json:"owners"`
- StorageContainerId string `json:"storageContainerId"`
-}
diff --git a/models/storage-container-user-access-admin.go b/models/storage-container-user-access-admin.go
deleted file mode 100644
index 81c8b9c..0000000
--- a/models/storage-container-user-access-admin.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2022 Specter Ops, Inc.
-//
-// This file is part of AzureHound.
-//
-// AzureHound is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// AzureHound is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with this program. If not, see .
-
-package models
-
-import "github.com/bloodhoundad/azurehound/models/azure"
-
-type StorageContainerUserAccessAdmin struct {
- UserAccessAdmin azure.RoleAssignment `json:"userAccessAdmin"`
- StorageContainerId string `json:"storageContainerId"`
-}
-
-type StorageContainerUserAccessAdmins struct {
- UserAccessAdmins []StorageContainerUserAccessAdmin `json:"userAccessAdmins"`
- StorageContainerId string `json:"storageContainerId"`
-}