Revert "feat: post process AZAddSecret edges from roles instead of pr…

…incipals" (#545)

* Revert "feat: post process AZAddSecret edges from roles instead of principals…"

This reverts commit e1b3b8a.

* chore: keep cleanup changes

---------

Co-authored-by: Mistah J <[email protected]>

cmd/api/src/analysis/azure/azure_integration_test.go

@@ -21,7 +21,6 @@ package azure_test
 import (
 	"context"
 	schema "github.com/specterops/bloodhound/graphschema"
-	"slices"
 	"testing"
 
 	"github.com/specterops/bloodhound/graphschema/azure"
@@ -649,33 +648,6 @@ func TestRoleEntityDetails(t *testing.T) {
 	})
 }
 
-func TestRoleAddSecret(t *testing.T) {
-	testContext := integration.NewGraphTestContext(t, schema.DefaultGraphSchema())
-	testContext.ReadTransactionTestWithSetup(func(harness *integration.HarnessDetails) error {
-		harness.AZAddSecretHarness.Setup(testContext)
-		return nil
-	}, func(harness integration.HarnessDetails, tx graph.Transaction) {
-
-		postProcessingStats, err := azureanalysis.AppRoleAssignments(context.Background(), testContext.Graph.Database)
-		assert.Nil(t, err)
-		assert.NotNil(t, postProcessingStats.RelationshipsCreated[azure.AddSecret])
-		assert.Equal(t, 4, int(*postProcessingStats.RelationshipsCreated[azure.AddSecret]))
-
-		// Validate that the AZAddSecret edges were created
-		addSecretEdges, err := ops.FetchRelationships(tx.Relationships().Filterf(func() graph.Criteria {
-			return query.Kind(query.Relationship(), azure.AddSecret)
-		}))
-		assert.Nil(t, err)
-		assert.Len(t, addSecretEdges, 4)
-
-		for _, edge := range addSecretEdges {
-			assert.Equal(t, azure.AddSecret, edge.Kind)
-			assert.True(t, slices.Contains([]graph.ID{harness.AZAddSecretHarness.AppAdminRole.ID, harness.AZAddSecretHarness.CloudAppAdminRole.ID}, edge.StartID))
-			assert.True(t, slices.Contains([]graph.ID{harness.AZAddSecretHarness.AZApp.ID, harness.AZAddSecretHarness.AZServicePrincipal.ID}, edge.EndID))
-		}
-	})
-}
-
 func TestServicePrincipalEntityDetails(t *testing.T) {
 	testContext := integration.NewGraphTestContext(t, schema.DefaultGraphSchema())
 	testContext.ReadTransactionTestWithSetup(func(harness *integration.HarnessDetails) error {

cmd/api/src/analysis/azure/post.go

@@ -1,17 +1,17 @@
 // Copyright 2023 Specter Ops, Inc.
-//
+// 
 // Licensed under the Apache License, Version 2.0
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
-//
+// 
 //     http://www.apache.org/licenses/LICENSE-2.0
-//
+// 
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//
+// 
 // SPDX-License-Identifier: Apache-2.0
 
 package azure
@@ -31,13 +31,16 @@ func Post(ctx context.Context, db graph.Database) (*analysis.AtomicPostProcessin
 		return &aggregateStats, err
 	} else if userRoleStats, err := azureAnalysis.UserRoleAssignments(ctx, db); err != nil {
 		return &aggregateStats, err
+	} else if addSecretStats, err := azureAnalysis.AddSecret(ctx, db); err != nil {
+		return &aggregateStats, err
 	} else if executeCommandStats, err := azureAnalysis.ExecuteCommand(ctx, db); err != nil {
 		return &aggregateStats, err
 	} else if appRoleAssignmentStats, err := azureAnalysis.AppRoleAssignments(ctx, db); err != nil {
 		return &aggregateStats, err
 	} else {
 		aggregateStats.Merge(stats)
 		aggregateStats.Merge(userRoleStats)
+		aggregateStats.Merge(addSecretStats)
 		aggregateStats.Merge(executeCommandStats)
 		aggregateStats.Merge(appRoleAssignmentStats)
 		return &aggregateStats, nil

cmd/api/src/test/integration/harnesses.go

@@ -6280,30 +6280,6 @@ func (s *ESC4ECA) Setup(graphTestContext *GraphTestContext) {
 	graphTestContext.NewRelationship(s.Computer7, s.CertTemplate7, ad.GenericAll)
 }
 
-type AZAddSecretHarness struct {
-	AZApp              *graph.Node
-	AZServicePrincipal *graph.Node
-	AZTenant           *graph.Node
-	AppAdminRole       *graph.Node
-	CloudAppAdminRole  *graph.Node
-}
-
-func (s *AZAddSecretHarness) Setup(graphTestContext *GraphTestContext) {
-	tenantID := RandomObjectID(graphTestContext.testCtx)
-	s.AZTenant = graphTestContext.NewAzureTenant(tenantID)
-
-	s.AZApp = graphTestContext.NewAzureApplication("AZApp", RandomObjectID(graphTestContext.testCtx), tenantID)
-	s.AZServicePrincipal = graphTestContext.NewAzureServicePrincipal("AZServicePrincipal", RandomObjectID(graphTestContext.testCtx), tenantID)
-
-	s.AppAdminRole = graphTestContext.NewAzureRole("AppAdminRole", RandomObjectID(graphTestContext.testCtx), azure.ApplicationAdministratorRole, tenantID)
-	s.CloudAppAdminRole = graphTestContext.NewAzureRole("CloudAppAdminRole", RandomObjectID(graphTestContext.testCtx), azure.CloudApplicationAdministratorRole, tenantID)
-
-	graphTestContext.NewRelationship(s.AZTenant, s.AZApp, azure.Contains)
-	graphTestContext.NewRelationship(s.AZTenant, s.AZServicePrincipal, azure.Contains)
-	graphTestContext.NewRelationship(s.AZTenant, s.AppAdminRole, azure.Contains)
-	graphTestContext.NewRelationship(s.AZTenant, s.CloudAppAdminRole, azure.Contains)
-}
-
 type HarnessDetails struct {
 	RDP                                             RDPHarness
 	RDPB                                            RDPHarness2
@@ -6341,7 +6317,6 @@ type HarnessDetails struct {
 	TrustedForNTAuthHarness                         TrustedForNTAuthHarness
 	NumCollectedActiveDirectoryDomains              int
 	AZInboundControlHarness                         AZInboundControlHarness
-	AZAddSecretHarness                              AZAddSecretHarness
 	ESC3Harness1                                    ESC3Harness1
 	ESC3Harness2                                    ESC3Harness2
 	ESC3Harness3                                    ESC3Harness3