refactor: simplify az network parsing

Signed-off-by: nikpivkin <[email protected]>

Author: nikpivkin

pkg/iac/adapters/arm/compute/adapt.go

@@ -106,19 +106,10 @@ func extractNetworkInterfaces(networkProfile azure.Value, metadata iacTypes.Meta
 			// EnableIPForwarding is not available from the VM's networkProfile, so it defaults to false
 			// Since we only have a reference to the network interface (not the full resource),
 			// we mark it as unmanaged so that Rego policies can skip it using isManaged() checks
-			unmanagedMetadata := iacTypes.NewUnmanagedMetadata()
-			networkInterface := network.NetworkInterface{
-				Metadata:           unmanagedMetadata,
-				EnableIPForwarding: iacTypes.BoolDefault(false, unmanagedMetadata),
-				SubnetID:           iacTypes.StringDefault("", unmanagedMetadata),
-				SecurityGroups:     nil,
-				HasPublicIP:        iacTypes.BoolDefault(false, unmanagedMetadata),
-				PublicIPAddress:    iacTypes.StringDefault("", unmanagedMetadata),
-				IPConfigurations:   nil,
-			}
-			networkInterfaces = append(networkInterfaces, networkInterface)
+			networkInterfaces = append(networkInterfaces, network.NetworkInterface{
+				Metadata: iacTypes.NewUnmanagedMetadata(),
+			})
 		}
 	}
-
 	return networkInterfaces
 }

pkg/iac/adapters/arm/network/adapt.go

@@ -43,7 +43,9 @@ func adaptSecurityGroupRules(deployment azure.Deployment) (rules []network.Secur
 
 func adaptSecurityGroupRule(resource azure.Resource) network.SecurityGroupRule {
 	sourceAddressPrefixes := resource.Properties.GetMapValue("sourceAddressPrefixes").AsStringValuesList("")
-	sourceAddressPrefixes = append(sourceAddressPrefixes, resource.Properties.GetMapValue("sourceAddressPrefix").AsStringValue("", resource.Metadata))
+	if prefix := resource.Properties.GetMapValue("sourceAddressPrefix").AsStringValue("", resource.Metadata); prefix.IsNotEmpty() {
+		sourceAddressPrefixes = append(sourceAddressPrefixes, prefix)
+	}
 
 	var sourcePortRanges []common.PortRange
 	for _, portRange := range resource.Properties.GetMapValue("sourcePortRanges").AsList() {
@@ -57,7 +59,9 @@ func adaptSecurityGroupRule(resource azure.Resource) network.SecurityGroupRule {
 	}
 
 	destinationAddressPrefixes := resource.Properties.GetMapValue("destinationAddressPrefixes").AsStringValuesList("")
-	destinationAddressPrefixes = append(destinationAddressPrefixes, resource.Properties.GetMapValue("destinationAddressPrefix").AsStringValue("", resource.Metadata))
+	if prefix := resource.Properties.GetMapValue("destinationAddressPrefix").AsStringValue("", resource.Metadata); prefix.IsNotEmpty() {
+		destinationAddressPrefixes = append(destinationAddressPrefixes, prefix)
+	}
 
 	var destinationPortRanges []common.PortRange
 	for _, portRange := range resource.Properties.GetMapValue("destinationPortRanges").AsList() {
@@ -115,12 +119,10 @@ func adaptNetworkWatcherFlowLog(resource azure.Resource) network.NetworkWatcherF
 }
 
 func adaptNetworkInterfaces(deployment azure.Deployment) []network.NetworkInterface {
-	var networkInterfaces = make([]network.NetworkInterface, 0)
-
+	var networkInterfaces []network.NetworkInterface
 	for _, resource := range deployment.GetResourcesByType("Microsoft.Network/networkInterfaces") {
 		networkInterfaces = append(networkInterfaces, adaptNetworkInterface(resource, deployment))
 	}
-
 	return networkInterfaces
 }
 
@@ -130,63 +132,29 @@ func adaptNetworkInterface(resource azure.Resource, _ azure.Deployment) network.
 		EnableIPForwarding: resource.Properties.GetMapValue("enableIPForwarding").AsBoolValue(false, resource.Metadata),
 		HasPublicIP:        iacTypes.BoolDefault(false, resource.Metadata),
 		PublicIPAddress:    iacTypes.StringDefault("", resource.Metadata),
-		SecurityGroups:     nil,
 		SubnetID:           iacTypes.StringDefault("", resource.Metadata),
 	}
 
 	ipConfigs := resource.Properties.GetMapValue("ipConfigurations").AsList()
 	ni.IPConfigurations = make([]network.IPConfiguration, 0, len(ipConfigs))
 
-	var primaryConfigSet bool
-
 	for _, ipConfig := range ipConfigs {
 		if ipConfig.IsNull() {
 			continue
 		}
-
-		ipConfigMeta := resource.Metadata
-		subnetID := ipConfig.GetMapValue("subnet").GetMapValue("id").AsStringValue("", resource.Metadata)
-		publicIP := ipConfig.GetMapValue("publicIPAddress")
-		hasPublicIP := iacTypes.BoolDefault(false, ipConfigMeta)
-		publicIPAddress := iacTypes.StringDefault("", ipConfigMeta)
-		primary := ipConfig.GetMapValue("primary").AsBoolValue(false, ipConfigMeta)
-
-		if !publicIP.IsNull() {
-			hasPublicIP = iacTypes.Bool(true, ipConfigMeta)
-			if publicIPID := publicIP.GetMapValue("id").AsStringValue("", resource.Metadata); publicIPID.Value() != "" {
-				publicIPAddress = publicIPID
-			}
-		}
-
-		ipConfiguration := network.IPConfiguration{
-			Metadata:        ipConfigMeta,
-			HasPublicIP:     hasPublicIP,
-			PublicIPAddress: publicIPAddress,
-			SubnetID:        subnetID,
-			Primary:         primary,
-		}
-
-		ni.IPConfigurations = append(ni.IPConfigurations, ipConfiguration)
-
-		// For backward compatibility, populate the single-value fields with the primary configuration
-		// If no primary is set, use the first configuration
-		isPrimary := primary.Value() || (len(ni.IPConfigurations) == 1 && !primaryConfigSet && primary.GetMetadata().IsDefault())
-		if isPrimary && !primaryConfigSet {
-			if subnetID.Value() != "" {
-				ni.SubnetID = subnetID
-			}
-			if hasPublicIP.Value() {
-				ni.HasPublicIP = hasPublicIP
-				if publicIPAddress.Value() != "" {
-					ni.PublicIPAddress = publicIPAddress
-				}
-			}
-			primaryConfigSet = true
-		}
+		ipConfigProps := ipConfig.GetMapValue("properties")
+		ni.IPConfigurations = append(ni.IPConfigurations, network.IPConfiguration{
+			Metadata: resource.Metadata,
+			PublicIPAddress: ipConfigProps.GetMapValue("publicIPAddress").
+				GetMapValue("id").AsStringValue("", resource.Metadata),
+			SubnetID: ipConfigProps.GetMapValue("subnet").
+				GetMapValue("id").AsStringValue("", resource.Metadata),
+			Primary: ipConfigProps.GetMapValue("primary").AsBoolValue(false, resource.Metadata),
+		})
 	}
+	ni.Setup()
 
 	// Note: SecurityGroups are not resolved for ARM templates as related resource search
 	// is not yet implemented for ARM (parser cannot evaluate expressions/references)
-
 	return ni
 }

pkg/iac/adapters/arm/network/adapt_test.go

@@ -35,19 +35,11 @@ func TestAdapt(t *testing.T) {
 }`,
 			expected: network.Network{
 				NetworkWatcherFlowLogs: []network.NetworkWatcherFlowLog{{
-					Enabled: types.BoolTest(false),
-					RetentionPolicy: network.RetentionPolicy{
-						Days:    types.IntTest(0),
-						Enabled: types.BoolTest(false),
-					},
+					RetentionPolicy: network.RetentionPolicy{},
 				}},
 				SecurityGroups: []network.SecurityGroup{{
-					Rules: []network.SecurityGroupRule{{
-						DestinationAddresses: []types.StringValue{types.StringTest("")},
-						SourceAddresses:      []types.StringValue{types.StringTest("")},
-					}},
+					Rules: []network.SecurityGroupRule{{}},
 				}},
-				NetworkInterfaces: []network.NetworkInterface{},
 			},
 		},
 		{
@@ -98,7 +90,6 @@ func TestAdapt(t *testing.T) {
 }`,
 			expected: network.Network{
 				NetworkWatcherFlowLogs: []network.NetworkWatcherFlowLog{{
-					Enabled: types.BoolTest(false),
 					RetentionPolicy: network.RetentionPolicy{
 						Days:    types.IntTest(100),
 						Enabled: types.BoolTest(true),
@@ -148,7 +139,71 @@ func TestAdapt(t *testing.T) {
 						},
 					}},
 				}},
-				NetworkInterfaces: []network.NetworkInterface{},
+			},
+		},
+		{
+			name: "network interface with ip configurations",
+			source: `{
+			"resources": [
+				{
+					"type": "Microsoft.Network/networkInterfaces",
+					"properties": {
+						"enableIPForwarding": true,
+						"ipConfigurations": [
+							{
+								"name": "primary-ip",
+								"properties": {
+									"primary": true,
+									"subnet": {
+										"id": "/subscriptions/abc/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/vnet/subnets/subnet-primary"
+									},
+									"publicIPAddress": {
+										"id": "/subscriptions/abc/resourceGroups/rg/providers/Microsoft.Network/publicIPAddresses/pip-primary"
+									}
+								}
+							},
+							{
+								"name": "secondary-ip",
+								"properties": {
+									"primary": false,
+									"subnet": {
+										"id": "/subscriptions/abc/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/vnet/subnets/subnet-secondary"
+									}
+								}
+							}
+						]
+					}
+				}
+			]
+		}`,
+			expected: network.Network{
+				NetworkInterfaces: []network.NetworkInterface{
+					{
+						EnableIPForwarding: types.BoolTest(true),
+
+						// backward compatibility — filled from primary config
+						SubnetID:        types.StringTest("/subscriptions/abc/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/vnet/subnets/subnet-primary"),
+						HasPublicIP:     types.BoolTest(true),
+						PublicIPAddress: types.StringTest("/subscriptions/abc/resourceGroups/rg/providers/Microsoft.Network/publicIPAddresses/pip-primary"),
+
+						IPConfigurations: []network.IPConfiguration{
+							{
+								Primary: types.BoolTest(true),
+								SubnetID: types.StringTest(
+									"/subscriptions/abc/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/vnet/subnets/subnet-primary",
+								),
+								HasPublicIP:     types.BoolTest(true),
+								PublicIPAddress: types.StringTest("/subscriptions/abc/resourceGroups/rg/providers/Microsoft.Network/publicIPAddresses/pip-primary"),
+							},
+							{
+								Primary:         types.BoolTest(false),
+								SubnetID:        types.StringTest("/subscriptions/abc/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/vnet/subnets/subnet-secondary"),
+								HasPublicIP:     types.BoolTest(false),
+								PublicIPAddress: types.StringTest(""),
+							},
+						},
+					},
+				},
 			},
 		},
 	}

pkg/iac/adapters/terraform/azure/compute/adapt.go

@@ -143,13 +143,12 @@ func adaptWindowsVM(resource *terraform.Block, modules terraform.Modules) comput
 }
 
 func resolveNetworkInterfaces(resource *terraform.Block, modules terraform.Modules) []network.NetworkInterface {
-	var networkInterfaces []network.NetworkInterface
-
 	nicIDsAttr := resource.GetAttribute("network_interface_ids")
 	if nicIDsAttr.IsNil() {
-		return networkInterfaces
+		return nil
 	}
 
+	var networkInterfaces []network.NetworkInterface
 	for _, nicIDVal := range nicIDsAttr.AsStringValues() {
 		if referencedNIC, err := modules.GetReferencedBlock(nicIDsAttr, resource); err == nil {
 			ni := anetwork.AdaptNetworkInterface(referencedNIC, modules)
@@ -161,10 +160,8 @@ func resolveNetworkInterfaces(resource *terraform.Block, modules terraform.Modul
 			Metadata:           iacTypes.NewUnmanagedMetadata(),
 			EnableIPForwarding: iacTypes.BoolDefault(false, nicIDVal.GetMetadata()),
 			SubnetID:           iacTypes.StringDefault("", nicIDVal.GetMetadata()),
-			SecurityGroups:     nil,
 			HasPublicIP:        iacTypes.BoolDefault(false, nicIDVal.GetMetadata()),
 			PublicIPAddress:    iacTypes.StringDefault("", nicIDVal.GetMetadata()),
-			IPConfigurations:   nil,
 		})
 	}