⭐️ add api examples

mondoohq · May 29, 2024 · 201e655 · 201e655
1 parent e1afc7f
commit 201e655
Show file tree

Hide file tree

Showing 15 changed files with 461 additions and 0 deletions.
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
@@ -1,5 +1,6 @@
 akic
 baf
+bru
 cgrp
 chronos
 Ckxomxaar

diff --git a/README.md b/README.md
@@ -13,6 +13,7 @@ Welcome to our comprehensive security scanning repository! In our ongoing effort
   - [Scanning an AWS EC2 Instance with cnspec using EC2 Instance Connect](#scanning-an-aws-ec2-instance-with-cnspec-using-ec2-instance-connect)
 - [GitHub](#github)
   - [Performing CIS GitHub Supply Chain Benchmark with cnspec](#performing-cis-github-supply-chain-benchmark-with-cnspec)
+- [GraphQL API Examples](#graphql-api-examples)
 - [Hack Lab](#hack-lab)
   - [Demonstrating Container Escape in Kubernetes](#demonstrating-container-escape-in-kubernetes)
 - [Playing with AWS EC2 Instances](#playing-with-aws-ec2-instances)
@@ -72,6 +73,10 @@ This guide provides an example on how to execute the CIS (Center for Internet Se
 
 - [Instructions](./github/cis-supply-chain/)
 
+## GraphQL API Examples
+
+The [examples](./graphql-api) demonstrate how to query and interact with Mondoo Platform using GraphQL.
+
 ## Hack Lab
 
 The Hack Lab is a collection of vulnerable systems that can be used to learn and practice security concepts. The Hack Lab is a great way to get started with security scanning and learn how to use `cnspec` and `cnquery` to identify and resolve security issues.

diff --git a/graphql-api/.gitignore b/graphql-api/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/graphql-api/README.md b/graphql-api/README.md
@@ -0,0 +1,35 @@
+# Mondoo GraphQL API Samples
+
+This repository contains sample queries for the Mondoo GraphQL API. The queries are written in GraphQL and can be executed using the [Bruno](https://docs.usebruno.com/).
+
+## Getting Started
+
+- Clone this repository
+- Install Bruno
+- Setup .env file with your Mondoo API key
+
+
+## API Key
+
+To get started with the Mondoo API, you need to create an API key. You can create an API key in the Mondoo console. Then create a `.env` file in the root of the repository with the following content:
+
+```
+MONDOO_API_TOKEN=your-api-key
+MONDOO_ENDPOINT=us.api.mondoo.com
+SPACE_MRN=//captain.api.mondoo.app/spaces/mystifying-jennings-299629
+ORG_MRN=//captain.api.mondoo.app/organizations/lunalectric
+```
+
+> NOTE: While not technically required, it is recommended to use a organization API token with editor permissions to sure all samples work.
+
+## CLI
+
+Follow the installation instructions[https://docs.usebruno.com/bru-cli/overview].
+
+```
+bru run search/search.bru --env Mondoo
+```
+
+## APP
+
+Follow the installation instructions[https://www.usebruno.com/downloads]. Then you open the collection and run the queries.
diff --git a/graphql-api/asset_inventory/list_assets_in_space.bru b/graphql-api/asset_inventory/list_assets_in_space.bru
@@ -0,0 +1,40 @@
+meta {
+  name: list_assets_in_space
+  type: graphql
+  seq: 1
+}
+
+post {
+  url: https://{{endpoint}}/query
+  body: graphql
+  auth: bearer
+}
+
+auth:bearer {
+  token: {{MONDOO_API_TOKEN}}
+}
+
+body:graphql {
+  query Assets {
+      assets(spaceMrn: "{{spaceMrn}}") {
+          totalCount
+          edges {
+              cursor
+              node {
+                  id
+                  mrn
+                  state
+                  name
+                  updatedAt
+                  referenceIDs
+                  asset_type
+                  score {
+                      grade
+                      value
+                  }
+              }
+          }
+      }
+  }
+
+}
diff --git a/graphql-api/bruno.json b/graphql-api/bruno.json
@@ -0,0 +1,9 @@
+{
+  "version": "1",
+  "name": "Mondoo GraphQL API Requests",
+  "type": "collection",
+  "ignore": [
+    "node_modules",
+    ".git"
+  ]
+}
diff --git a/graphql-api/environments/Mondoo.bru b/graphql-api/environments/Mondoo.bru
@@ -0,0 +1,6 @@
+vars {
+  endpoint: {{process.env.MONDOO_ENDPOINT}}
+  spaceMrn: {{process.env.SPACE_MRN}}
+  orgMrn: {{process.env.ORG_MRN}}
+  MONDOO_API_TOKEN: {{process.env.MONDOO_API_TOKEN}}
+}
diff --git a/graphql-api/organization/list_members.bru b/graphql-api/organization/list_members.bru
@@ -0,0 +1,38 @@
+meta {
+  name: list_members
+  type: graphql
+  seq: 2
+}
+
+post {
+  url: https://{{endpoint}}/query
+  body: graphql
+  auth: bearer
+}
+
+auth:bearer {
+  token: {{MONDOO_API_TOKEN}}
+}
+
+body:graphql {
+  query LoadOrganizationMembers {
+      organization(mrn: "{{orgMrn}}") {
+          id
+          mrn
+          members {
+              edges {
+                  node {
+                      user {
+                          email
+                          name
+                      }
+                      roles {
+                          title
+                      }
+                  }
+              }
+          }
+      }
+  }
+
+}
diff --git a/graphql-api/organization/list_service_accounts.bru b/graphql-api/organization/list_service_accounts.bru
@@ -0,0 +1,86 @@
+meta {
+  name: list_service_accounts
+  type: graphql
+  seq: 3
+}
+
+post {
+  url: https://{{endpoint}}/query
+  body: graphql
+  auth: bearer
+}
+
+auth:bearer {
+  token: {{MONDOO_API_TOKEN}}
+}
+
+body:graphql {
+  # To list all service accounts, the API Token needs Editor permissions
+  query ServiceAccounts(
+      $scopeMrn: String
+      $first: Int
+      $after: String
+      $query: String
+      $queryTerms: [String!]
+      $orderBy: ServiceAccountOrder
+  ) {
+      serviceAccounts(
+          scopeMrn: $scopeMrn
+          first: $first
+          after: $after
+          query: $query
+          queryTerms: $queryTerms
+          orderBy: $orderBy
+      ) {
+          ...ServiceAccountFields
+          __typename
+      }
+  }
+  fragment ServiceAccountFields on ServiceAccountConnection {
+      totalCount
+      edges {
+          cursor
+          node {
+              id
+              mrn
+              name
+              description
+              roles {
+                  mrn
+                  title
+                  __typename
+              }
+              createdAt
+              lastUsed
+              labels {
+                  key
+                  value
+                  __typename
+              }
+              creator {
+                  mrn
+                  email
+                  service
+                  __typename
+              }
+              notes
+              __typename
+          }
+          __typename
+      }
+      pageInfo {
+          startCursor
+          endCursor
+          hasNextPage
+          __typename
+      }
+      __typename
+  }
+
+}
+
+body:graphql:vars {
+  {
+      "scopeMrn": "{{spaceMrn}}"
+  }
+}
diff --git a/graphql-api/organization/list_spaces.bru b/graphql-api/organization/list_spaces.bru
@@ -0,0 +1,29 @@
+meta {
+  name: list_spaces
+  type: graphql
+  seq: 1
+}
+
+post {
+  url: https://{{endpoint}}/query
+  body: graphql
+  auth: bearer
+}
+
+auth:bearer {
+  token: {{MONDOO_API_TOKEN}}
+}
+
+body:graphql {
+  query OrganizationOverview {
+      organizationOverview(
+          input: { organizationMrn: "{{orgMrn}}" }
+      ) {
+          organizationMrn
+          spacesOverview {
+              spaceMrn
+              spaceName
+          }
+      }
+  }
+}
diff --git a/graphql-api/policies_querypacks/enable_policy.bru b/graphql-api/policies_querypacks/enable_policy.bru
@@ -0,0 +1,28 @@
+meta {
+  name: enable_policy
+  type: graphql
+  seq: 2
+}
+
+post {
+  url: https://{{endpoint}}/query
+  body: graphql
+  auth: bearer
+}
+
+auth:bearer {
+  token: {{MONDOO_API_TOKEN}}
+}
+
+body:graphql {
+  mutation {
+      assignPolicy(
+          input: {
+              assetMrn: "{{spaceMrn}}"
+              policyMrn: "//policy.api.mondoo.app/policies/mondoo-dns-security"
+              action: ACTIVE
+          } 
+      )
+  }
+
+}
diff --git a/graphql-api/policies_querypacks/list_active_policies.bru b/graphql-api/policies_querypacks/list_active_policies.bru
@@ -0,0 +1,51 @@
+meta {
+  name: list_active_policies
+  type: graphql
+  seq: 4
+}
+
+post {
+  url: https://{{endpoint}}/query
+  body: graphql
+  auth: bearer
+}
+
+auth:bearer {
+  token: {{MONDOO_API_TOKEN}}
+}
+
+body:graphql {
+  query SpaceReport($input: SpaceReportInput!) {
+    spaceReport(input: $input) {
+      ... on SpaceReport {
+        spaceMrn
+        policyReportSummaries {
+          totalCount
+          edges {
+            cursor
+            node {
+              policy {
+                mrn
+                name
+                assigned
+                action
+                version
+                isPublic
+                createdAt
+                updatedAt
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+body:graphql:vars {
+  {
+    "input" : {
+      "spaceMrn" : "{{spaceMrn}}"
+    }
+  }
+}
diff --git a/graphql-api/policies_querypacks/list_available_policies_query_packs.bru b/graphql-api/policies_querypacks/list_available_policies_query_packs.bru
@@ -0,0 +1,34 @@
+meta {
+  name: list_available_policies_query_packs
+  type: graphql
+  seq: 3
+}
+
+post {
+  url: https://{{endpoint}}/query
+  body: graphql
+  auth: bearer
+}
+
+auth:bearer {
+  token: {{MONDOO_API_TOKEN}}
+}
+
+body:graphql {
+  {
+      content(
+          input: { scopeMrn: "{{spaceMrn}}", catalogType: ALL, assignedOnly: true }
+      ) {
+          totalCount
+          edges {
+              node {
+                  __typename
+                  ... on Policy {
+                      name
+                  }
+              }
+          }
+      }
+  }
+
+}