⭐🌙 Cloudflare Provider

.github/actions/spelling/expect.txt

@@ -10,6 +10,7 @@ bytematchstatement
 cavium
 cdn
 certificatechains
+cloudflare
 Clusterwide
 cmek
 cnames

.github/dependabot.yml

@@ -253,6 +253,17 @@ updates:
           - patch
   - package-ecosystem: gomod
     directory: /providers/ansible/
+    schedule:
+      interval: weekly
+    groups:
+      gomodupdates:
+        patterns:
+          - "*"
+        update-types:
+          - minor
+          - patch
+  - package-ecosystem: gomod
+    directory: /providers/cloudflare/
     schedule:
       interval: weekly
     groups:

Makefile

@@ -212,7 +212,8 @@ providers/build: \
 	providers/build/shodan \
 	providers/build/ansible \
 	providers/build/snowflake \
-	providers/build/mondoo
+	providers/build/mondoo \
+	providers/build/cloudflare
 
 .PHONY: providers/install
 # Note we need \ to escape the target line into multiple lines
@@ -280,6 +281,11 @@ providers/build/github: providers/lr
 providers/install/github:
 	@$(call installProvider, providers/github)
 
+providers/build/cloudflare: providers/lr
+	@$(call buildProvider, providers/cloudflare)
+providers/install/cloudflare:
+	@$(call installProvider, providers/cloudflare)
+
 providers/build/gitlab: providers/lr
 	@$(call buildProvider, providers/gitlab)
 providers/install/gitlab:

providers/cloudflare/config/config.go

@@ -0,0 +1,37 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+package config
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v11/providers/cloudflare/connection"
+	"go.mondoo.com/cnquery/v11/providers/cloudflare/provider"
+)
+
+var Config = plugin.Provider{
+	Name:            "cloudflare",
+	ID:              "go.mondoo.com/cnquery/v11/providers/cloudflare",
+	Version:         "11.0.0",
+	ConnectionTypes: []string{provider.DefaultConnectionType},
+	Connectors: []plugin.Connector{
+		{
+			Name:  "cloudflare",
+			Use:   "cloudflare",
+			Short: "Cloudflare provider",
+			Discovery: []string{
+				connection.DiscoveryAll,
+				connection.DiscoveryAuto,
+				connection.DiscoveryZones,
+				connection.DiscoveryAccounts,
+			},
+			Flags: []plugin.Flag{
+				{
+					Long:    "token",
+					Type:    plugin.FlagType_String,
+					Default: "",
+					Desc:    "Cloudflare access token",
+				},
+			},
+		},
+	},
+}

providers/cloudflare/connection/connection.go

@@ -0,0 +1,57 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+package connection
+
+import (
+	"errors"
+	"os"
+
+	"github.com/cloudflare/cloudflare-go"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+)
+
+const (
+	OPTION_API_TOKEN = "api-token"
+)
+
+type CloudflareConnection struct {
+	plugin.Connection
+	Conf  *inventory.Config
+	asset *inventory.Asset
+
+	Cf *cloudflare.API
+}
+
+func NewCloudflareConnection(id uint32, asset *inventory.Asset, conf *inventory.Config) (*CloudflareConnection, error) {
+	conn := &CloudflareConnection{
+		Connection: plugin.NewConnection(id, asset),
+		Conf:       conf,
+		asset:      asset,
+	}
+
+	// initialize your connection here
+	token := conf.Options[OPTION_API_TOKEN]
+	if token == "" {
+		token = os.Getenv("CLOUDFLARE_TOKEN")
+		if token == "" {
+			return nil, errors.New("a valid Cloudflare authentication is required, pass --token '<yourtoken>', set CLOUDFLARE_TOKEN environment variable")
+		}
+	}
+
+	api, err := cloudflare.NewWithAPIToken(token)
+	if err != nil {
+		return nil, err
+	}
+	conn.Cf = api
+
+	return conn, nil
+}
+
+func (c *CloudflareConnection) Name() string {
+	return "cloudflare"
+}
+
+func (c *CloudflareConnection) Asset() *inventory.Asset {
+	return c.asset
+}

providers/cloudflare/connection/platform.go

@@ -0,0 +1,69 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+package connection
+
+import (
+	"errors"
+
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
+)
+
+const (
+	DiscoveryAll      = "all"
+	DiscoveryAuto     = "auto"
+	DiscoveryZones    = "zones"
+	DiscoveryAccounts = "accounts"
+)
+
+var (
+	PlatformIdCloudflareZone    = "//platformid.api.mondoo.app/runtime/cloudflare/zone/"
+	PlatformIdCloudflareAccount = "//platformid.api.mondoo.app/runtime/cloudflare/account/"
+)
+
+var CloudflareZonePlatform = inventory.Platform{
+	Name:    "cloudflare-zone",
+	Title:   "Cloudflare Zone",
+	Family:  []string{"cloudflare"},
+	Kind:    "api",
+	Runtime: "cloudflare",
+}
+
+var CloudflareAccountPlatform = inventory.Platform{
+	Name:    "cloudflare-account",
+	Title:   "Cloudflare Account",
+	Family:  []string{"cloudflare"},
+	Kind:    "api",
+	Runtime: "cloudflare",
+}
+
+func (c *CloudflareConnection) PlatformInfo() (*inventory.Platform, error) {
+	conf := c.asset.Connections[0]
+	if zoneName := conf.Options["zone"]; zoneName != "" {
+		return NewCloudflareZonePlatform(zoneName), nil
+	}
+	if accountName := conf.Options["account"]; accountName != "" {
+		return NewCloudflareAccountPlatform(accountName), nil
+	}
+
+	return nil, errors.New("could not detect Cloudflare asset type")
+}
+
+func NewCloudflareZonePlatform(zoneId string) *inventory.Platform {
+	pf := CloudflareZonePlatform
+	pf.TechnologyUrlSegments = []string{"saas", "cloudflare", "zone", zoneId}
+	return &pf
+}
+
+func NewCloudflareAccountPlatform(accountId string) *inventory.Platform {
+	pf := CloudflareAccountPlatform
+	pf.TechnologyUrlSegments = []string{"saas", "cloudflare", "account", accountId}
+	return &pf
+}
+
+func NewCloudflareZoneIdentifier(zoneId string) string {
+	return PlatformIdCloudflareZone + zoneId
+}
+
+func NewCloudflareAccountIdentifier(accountId string) string {
+	return PlatformIdCloudflareAccount + accountId
+}

providers/cloudflare/gen/main.go

@@ -0,0 +1,12 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+package main
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin/gen"
+	"go.mondoo.com/cnquery/v11/providers/cloudflare/config"
+)
+
+func main() {
+	gen.CLI(&config.Config)
+}

providers/cloudflare/go.mod

@@ -0,0 +1,146 @@
+module go.mondoo.com/cnquery/v11/providers/cloudflare
+
+go 1.23.0
+
+require (
+	github.com/cloudflare/cloudflare-go v0.104.0
+	go.mondoo.com/cnquery/v11 v11.22.0
+)
+
+require (
+	cloud.google.com/go v0.115.1 // indirect
+	cloud.google.com/go/auth v0.9.4 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/compute/metadata v0.5.1 // indirect
+	cloud.google.com/go/iam v1.2.1 // indirect
+	cloud.google.com/go/kms v1.19.1 // indirect
+	cloud.google.com/go/longrunning v0.6.1 // indirect
+	cloud.google.com/go/secretmanager v1.14.1 // indirect
+	cloud.google.com/go/storage v1.43.0 // indirect
+	dario.cat/mergo v1.0.1 // indirect
+	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
+	github.com/99designs/keyring v1.2.2 // indirect
+	github.com/GoogleCloudPlatform/berglas v1.0.3 // indirect
+	github.com/Masterminds/semver v1.5.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.33 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.32 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.52.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 // indirect
+	github.com/aws/smithy-go v1.20.4 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cloudflare/circl v1.4.0 // indirect
+	github.com/cockroachdb/errors v1.11.3 // indirect
+	github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b // indirect
+	github.com/cockroachdb/redact v1.1.5 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.2 // indirect
+	github.com/danieljoos/wincred v1.2.2 // indirect
+	github.com/dvsekhvalnov/jose2go v1.7.0 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/fatih/color v1.17.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/getsentry/sentry-go v0.29.0 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-git/go-git/v5 v5.12.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
+	github.com/gofrs/uuid v4.4.0+incompatible // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
+	github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-hclog v1.6.3 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-plugin v1.6.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.6 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/vault/api v1.15.0 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mtibben/percent v0.2.1 // indirect
+	github.com/muesli/termenv v0.15.2 // indirect
+	github.com/oklog/run v1.1.0 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
+	github.com/rs/zerolog v1.33.0 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
+	github.com/segmentio/fasthash v1.0.3 // indirect
+	github.com/segmentio/ksuid v1.0.4 // indirect
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
+	github.com/sethvargo/go-retry v0.3.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/skeema/knownhosts v1.3.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	go.mondoo.com/ranger-rpc v0.6.3 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect
+	go.opentelemetry.io/otel v1.30.0 // indirect
+	go.opentelemetry.io/otel/metric v1.30.0 // indirect
+	go.opentelemetry.io/otel/trace v1.30.0 // indirect
+	go.uber.org/mock v0.4.0 // indirect
+	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/mod v0.21.0 // indirect
+	golang.org/x/net v0.29.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/term v0.24.0 // indirect
+	golang.org/x/text v0.18.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
+	golang.org/x/tools v0.25.0 // indirect
+	google.golang.org/api v0.197.0 // indirect
+	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/grpc v1.66.2 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	moul.io/http2curl v1.0.0 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
+)