Add support for nested groups

emiliensocchi · emiliensocchi · commit b87d15940e9f · 2024-07-02T08:09:48.000+02:00
diff --git a/categories/01-entra-users-groups.json b/categories/01-entra-users-groups.json
@@ -15,7 +15,7 @@
     "queryList": [
         {
             "final": true,
-            "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZUser)-[:AZHasRole|AZMemberOf*1..2]->(entra_roles_t0) RETURN p",
+            "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZUser)-[:AZHasRole|AZMemberOf*1..5]->(entra_roles_t0) RETURN p",
             "allowCollapse": true
         }
     ]
@@ -26,7 +26,7 @@
     "queryList": [
         {
             "final": true,
-            "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZUser)-[:AZHasRole|AZMemberOf*1..2]->(entra_roles_t1) RETURN p",
+            "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZUser)-[:AZHasRole|AZMemberOf*1..5]->(entra_roles_t1) RETURN p",
             "allowCollapse": true
         }
     ]
@@ -37,7 +37,7 @@
     "queryList": [
         {
             "final": true,
-            "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZGroup)-[:AZHasRole|AZMemberOf*1..2]->(entra_roles_t0) RETURN p",
+            "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZGroup)-[:AZHasRole|AZMemberOf*1..5]->(entra_roles_t0) RETURN p",
             "allowCollapse": true
         }
     ]
@@ -48,29 +48,7 @@
     "queryList": [
         {
             "final": true,
-            "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZGroup)-[:AZHasRole|AZMemberOf*1..2]->(entra_roles_t1) RETURN p",
-            "allowCollapse": true
-        }
-    ]
-}
-{
-    "name": "Find all dynamic groups with an active Tier-0 Entra role",
-    "category": "Entra ID - Users & Groups",
-    "queryList": [
-        {
-            "final": true,
-            "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZGroup {isassignabletorole: True})-[:AZHasRole|AZMemberOf*1..2]->(entra_roles_t0) RETURN p",
-            "allowCollapse": true
-        }
-    ]
-}
-{
-    "name": "Find all dynamic groups with an active Tier-1 Entra role",
-    "category": "Entra ID - Users & Groups",
-    "queryList": [
-        {
-            "final": true,
-            "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZGroup {isassignabletorole: True})-[:AZHasRole|AZMemberOf*1..2]->(entra_roles_t1) RETURN p",
+            "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZGroup)-[:AZHasRole|AZMemberOf*1..5]->(entra_roles_t1) RETURN p",
             "allowCollapse": true
         }
     ]
@@ -88,11 +66,11 @@
 }
 {
     "name": "Find all shortest paths to Tier-0 Entra roles",
-    "category": "Entra ID - Paths",
+    "category": "Entra ID - Users & Groups",
     "queryList": [
         {
             "final": true,
-            "query": "MATCH (all_principals_excluding_builtin) WHERE (all_principals_excluding_builtin:_VAR_all-security-principals-excluding-built-in) MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = allShortestPaths((all_principals_excluding_builtin)-[r*1..]->(entra_roles_t0))",
+            "query": "MATCH (all_principals_excluding_builtin) WHERE (all_principals_excluding_builtin:_VAR_all-security-principals-excluding-built-in) MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = allShortestPaths((all_principals_excluding_builtin)-[r*1..]->(entra_roles_t0)) RETURN p",
             "allowCollapse": true
         }
     ]
diff --git a/categories/03-hybrid-users-groups.json b/categories/03-hybrid-users-groups.json
@@ -15,7 +15,7 @@
     "queryList": [
         {
             "final": true,
-            "query": "MATCH (onprem_user) WHERE (onprem_user.onpremisesyncenabled = true) MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (onprem_user)-[:AZHasRole|AZMemberOf*1..2]->(entra_roles_t0) RETURN p",
+            "query": "MATCH (onprem_user) WHERE (onprem_user.onpremisesyncenabled = true) MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (onprem_user)-[:AZHasRole|AZMemberOf*1..5]->(entra_roles_t0) RETURN p",
             "allowCollapse": true
         }
     ]
@@ -26,7 +26,7 @@
     "queryList": [
         {
             "final": true,
-            "query": "MATCH (onprem_user) WHERE (onprem_user.onpremisesyncenabled = true) MATCH (entra_roles_t1) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (onprem_user)-[:AZHasRole|AZMemberOf*1..2]->(entra_roles_t1) RETURN p",
+            "query": "MATCH (onprem_user) WHERE (onprem_user.onpremisesyncenabled = true) MATCH (entra_roles_t1) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (onprem_user)-[:AZHasRole|AZMemberOf*1..5]->(entra_roles_t1) RETURN p",
             "allowCollapse": true
         }
     ]

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@`
`15`	`15`	`"queryList": [`
`16`	`16`	`{`
`17`	`17`	`"final": true,`
`18`		`- "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZUser)-[:AZHasRole\|AZMemberOf*1..2]->(entra_roles_t0) RETURN p",`
	`18`	`+ "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZUser)-[:AZHasRole\|AZMemberOf*1..5]->(entra_roles_t0) RETURN p",`
`19`	`19`	`"allowCollapse": true`
`20`	`20`	`}`
`21`	`21`	`]`
`@@ -26,7 +26,7 @@`
`26`	`26`	`"queryList": [`
`27`	`27`	`{`
`28`	`28`	`"final": true,`
`29`		`- "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZUser)-[:AZHasRole\|AZMemberOf*1..2]->(entra_roles_t1) RETURN p",`
	`29`	`+ "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZUser)-[:AZHasRole\|AZMemberOf*1..5]->(entra_roles_t1) RETURN p",`
`30`	`30`	`"allowCollapse": true`
`31`	`31`	`}`
`32`	`32`	`]`
`@@ -37,7 +37,7 @@`
`37`	`37`	`"queryList": [`
`38`	`38`	`{`
`39`	`39`	`"final": true,`
`40`		`- "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZGroup)-[:AZHasRole\|AZMemberOf*1..2]->(entra_roles_t0) RETURN p",`
	`40`	`+ "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZGroup)-[:AZHasRole\|AZMemberOf*1..5]->(entra_roles_t0) RETURN p",`
`41`	`41`	`"allowCollapse": true`
`42`	`42`	`}`
`43`	`43`	`]`
`@@ -48,29 +48,7 @@`
`48`	`48`	`"queryList": [`
`49`	`49`	`{`
`50`	`50`	`"final": true,`
`51`		`- "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZGroup)-[:AZHasRole\|AZMemberOf*1..2]->(entra_roles_t1) RETURN p",`
`52`		`- "allowCollapse": true`
`53`		`- }`
`54`		`- ]`
`55`		`-}`
`56`		`-{`
`57`		`- "name": "Find all dynamic groups with an active Tier-0 Entra role",`
`58`		`- "category": "Entra ID - Users & Groups",`
`59`		`- "queryList": [`
`60`		`- {`
`61`		`- "final": true,`
`62`		`- "query": "MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = (:AZGroup {isassignabletorole: True})-[:AZHasRole\|AZMemberOf*1..2]->(entra_roles_t0) RETURN p",`
`63`		`- "allowCollapse": true`
`64`		`- }`
`65`		`- ]`
`66`		`-}`
`67`		`-{`
`68`		`- "name": "Find all dynamic groups with an active Tier-1 Entra role",`
`69`		`- "category": "Entra ID - Users & Groups",`
`70`		`- "queryList": [`
`71`		`- {`
`72`		`- "final": true,`
`73`		`- "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZGroup {isassignabletorole: True})-[:AZHasRole\|AZMemberOf*1..2]->(entra_roles_t1) RETURN p",`
	`51`	`+ "query": "MATCH (entra_roles_t1) WHERE (entra_roles_t1.displayname =~ '(?i)_VAR_all-entra-roles-in-t1') MATCH p = (:AZGroup)-[:AZHasRole\|AZMemberOf*1..5]->(entra_roles_t1) RETURN p",`
`74`	`52`	`"allowCollapse": true`
`75`	`53`	`}`
`76`	`54`	`]`
`@@ -88,11 +66,11 @@`
`88`	`66`	`}`
`89`	`67`	`{`
`90`	`68`	`"name": "Find all shortest paths to Tier-0 Entra roles",`
`91`		`- "category": "Entra ID - Paths",`
	`69`	`+ "category": "Entra ID - Users & Groups",`
`92`	`70`	`"queryList": [`
`93`	`71`	`{`
`94`	`72`	`"final": true,`
`95`		`- "query": "MATCH (all_principals_excluding_builtin) WHERE (all_principals_excluding_builtin:_VAR_all-security-principals-excluding-built-in) MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = allShortestPaths((all_principals_excluding_builtin)-[r*1..]->(entra_roles_t0))",`
	`73`	`+ "query": "MATCH (all_principals_excluding_builtin) WHERE (all_principals_excluding_builtin:_VAR_all-security-principals-excluding-built-in) MATCH (entra_roles_t0) WHERE (entra_roles_t0.displayname =~ '(?i)_VAR_all-entra-roles-in-t0') MATCH p = allShortestPaths((all_principals_excluding_builtin)-[r*1..]->(entra_roles_t0)) RETURN p",`
`96`	`74`	`"allowCollapse": true`
`97`	`75`	`}`
`98`	`76`	`]`