BED-5023-missing-contributor-edges

[StranDutton]

Ticket

https://specterops.atlassian.net/browse/BED-5023?atlOrigin=eyJpIjoiNjVhYmU5MzQ3ODgyNDY5ZWI0NzY0ZGVkYmIyMDIzNDkiLCJwIjoiaiJ9

Background

AzureHound already collects AZContributor edges for KeyVaults and VirtualMachines, and collects AZOwner and AZUserAccessAdministrator edges for Management Groups, Resource Groups, and Subscriptions. However, AZContributor was never collected for Management Groups, Resource Groups, or Subscriptions, meaning these edges were completely absent from the graph. This was reported as a bug (missing AZContributor edges), but was actually a missing feature across both the collection and ingestion layers.

Changes

• New Kind enums (enums/kind.go):
  • KindAZManagementGroupContributor
  • KindAZResourceGroupContributor
  • KindAZSubscriptionContributor
• New models (models/):
  • ManagementGroupContributor
  • ResourceGroupContributor
  • SubscriptionContributor
• New list commands (cmd/):
  • list-management-group-contributors.go
  • list-resource-group-contributors.go
  • list-subscription-contributors.go
  • Each filters role assignments by ContributorRoleID and outputs the new Kind
• Pipeline wiring (cmd/list-azure-rm.go): Added the 3 new contributor streams to the Tee fan-out for each scope (using the existing role assignment channels) and merged them into the final output
• Tests (cmd/): Added happy-path and negative-filter tests for all three new list commands
• Bug fix (cmd/list-resource-group-user-access-admins.go): Fixed a copy-paste bug where the UAA filter was incorrectly using OwnerRoleID instead of UserAccessAdminRoleID

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 897b7b2a-3d2e-448a-900f-fb1fde2f9e05

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch BED-5023-missing-contributor-edges

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}