New option: --include-managed-resource to allow export managed resources

flag.go

@@ -82,15 +82,19 @@ type FlagSet struct {
 	// flagResName (for single resource)
 	// flagResType (for single resource)
 	// flagPattern (for multi resources)
+	// flagIncludeRoleAssignment
+	// flagIncludeManagedResource
 	//
 	// rg:
 	// flagPattern
 	// flagIncludeRoleAssignment
+	// flagIncludeManagedResource
 	//
 	// query:
 	// flagPattern
 	// flagRecursive
 	// flagIncludeRoleAssignment
+	// flagIncludeManagedResource
 	// flagIncludeResourceGroup
 	// flagARGTable
 	// flagARGAuthorizationScopeFilter
@@ -99,6 +103,7 @@ type FlagSet struct {
 	flagResName                     string
 	flagResType                     string
 	flagIncludeRoleAssignment       bool
+	flagIncludeManagedResource      bool
 	flagIncludeResourceGroup        bool
 	flagARGTable                    string
 	flagARGAuthorizationScopeFilter string
@@ -231,6 +236,9 @@ func (flag FlagSet) DescribeCLI(mode Mode) string {
 	if flag.flagIncludeRoleAssignment {
 		args = append(args, "--include-role-assignment=true")
 	}
+	if flag.flagIncludeManagedResource {
+		args = append(args, "--include-managed-resource=true")
+	}
 
 	switch mode {
 	case ModeResource:

internal/meta/meta_query.go

@@ -18,6 +18,7 @@ type MetaQuery struct {
 	resourceNamePrefix           string
 	resourceNameSuffix           string
 	includeRoleAssignment        bool
+	includeManagedResource       bool
 	includeResourceGroup         bool
 	argTable                     string
 	argAuthenticationScopeFilter armresourcegraph.AuthorizationScopeFilter
@@ -35,6 +36,7 @@ func NewMetaQuery(cfg config.Config) (*MetaQuery, error) {
 		argPredicate:                 cfg.ARGPredicate,
 		recursiveQuery:               cfg.RecursiveQuery,
 		includeRoleAssignment:        cfg.IncludeRoleAssignment,
+		includeManagedResource:       cfg.IncludeManagedResource,
 		includeResourceGroup:         cfg.IncludeResourceGroup,
 		argTable:                     cfg.ARGTable,
 		argAuthenticationScopeFilter: armresourcegraph.AuthorizationScopeFilter(cfg.ARGAuthorizationScopeFilter),
@@ -115,6 +117,7 @@ func (meta MetaQuery) queryResourceSet(ctx context.Context, predicate string, re
 		Recursive:                   recursive,
 		IncludeResourceGroup:        meta.includeResourceGroup,
 		ExtensionResourceTypes:      extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(),
+		IncludeManaged:              meta.includeManagedResource,
 		ARGTable:                    meta.argTable,
 		ARGAuthorizationScopeFilter: meta.argAuthenticationScopeFilter,
 	}

internal/meta/meta_res.go

@@ -14,12 +14,13 @@ import (
 
 type MetaResource struct {
 	baseMeta
-	AzureIds              []armid.ResourceId
-	ResourceName          string
-	ResourceType          string
-	resourceNamePrefix    string
-	resourceNameSuffix    string
-	includeRoleAssignment bool
+	AzureIds               []armid.ResourceId
+	ResourceName           string
+	ResourceType           string
+	resourceNamePrefix     string
+	resourceNameSuffix     string
+	includeRoleAssignment  bool
+	includeManagedResource bool
 }
 
 func NewMetaResource(cfg config.Config) (*MetaResource, error) {
@@ -40,11 +41,12 @@ func NewMetaResource(cfg config.Config) (*MetaResource, error) {
 	}
 
 	meta := &MetaResource{
-		baseMeta:              *baseMeta,
-		AzureIds:              ids,
-		ResourceName:          cfg.TFResourceName,
-		ResourceType:          cfg.TFResourceType,
-		includeRoleAssignment: cfg.IncludeRoleAssignment,
+		baseMeta:               *baseMeta,
+		AzureIds:               ids,
+		ResourceName:           cfg.TFResourceName,
+		ResourceType:           cfg.TFResourceType,
+		includeRoleAssignment:  cfg.IncludeRoleAssignment,
+		includeManagedResource: cfg.IncludeManagedResource,
 	}
 
 	meta.resourceNamePrefix, meta.resourceNameSuffix = resourceNamePattern(cfg.ResourceNamePattern)
@@ -183,6 +185,7 @@ func (meta MetaResource) listByIds(ctx context.Context, resources []resourceset.
 		ClientOpt:              meta.azureSDKClientOpt,
 		Parallelism:            meta.parallelism,
 		ExtensionResourceTypes: extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(),
+		IncludeManaged:         meta.includeManagedResource,
 	}
 
 	lister, err := azlist.NewLister(opt)

internal/meta/meta_rg.go

@@ -12,10 +12,11 @@ import (
 
 type MetaResourceGroup struct {
 	baseMeta
-	resourceGroup         string
-	resourceNamePrefix    string
-	resourceNameSuffix    string
-	includeRoleAssignment bool
+	resourceGroup          string
+	resourceNamePrefix     string
+	resourceNameSuffix     string
+	includeRoleAssignment  bool
+	includeManagedResource bool
 }
 
 func NewMetaResourceGroup(cfg config.Config) (*MetaResourceGroup, error) {
@@ -26,9 +27,10 @@ func NewMetaResourceGroup(cfg config.Config) (*MetaResourceGroup, error) {
 	}
 
 	meta := &MetaResourceGroup{
-		baseMeta:              *baseMeta,
-		resourceGroup:         cfg.ResourceGroupName,
-		includeRoleAssignment: cfg.IncludeRoleAssignment,
+		baseMeta:               *baseMeta,
+		resourceGroup:          cfg.ResourceGroupName,
+		includeRoleAssignment:  cfg.IncludeRoleAssignment,
+		includeManagedResource: cfg.IncludeManagedResource,
 	}
 	meta.resourceNamePrefix, meta.resourceNameSuffix = resourceNamePattern(cfg.ResourceNamePattern)
 
@@ -101,6 +103,7 @@ func (meta MetaResourceGroup) queryResourceSet(ctx context.Context, rg string) (
 		ClientOpt:              meta.azureSDKClientOpt,
 		Parallelism:            meta.parallelism,
 		ExtensionResourceTypes: extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(),
+		IncludeManaged:         meta.includeManagedResource,
 		ARGTable:               "ResourceContainers",
 	}
 	lister, err := azlist.NewLister(opt)
@@ -132,6 +135,7 @@ func (meta MetaResourceGroup) queryResourceSet(ctx context.Context, rg string) (
 		ClientOpt:              meta.azureSDKClientOpt,
 		Parallelism:            meta.parallelism,
 		ExtensionResourceTypes: extBuilder{includeRoleAssignment: meta.includeRoleAssignment}.Build(),
+		IncludeManaged:         meta.includeManagedResource,
 		Recursive:              true,
 	}
 	lister, err = azlist.NewLister(opt)

main.go

@@ -264,6 +264,12 @@ func main() {
 			Usage:       `Whether to include role assignments assigned to the resources exported`,
 			Destination: &flagset.flagIncludeRoleAssignment,
 		},
+		&cli.BoolFlag{
+			Name:        "include-managed-resource",
+			EnvVars:     []string{"AZTFEXPORT_INCLUDE_MANAGED_RESOURCE"},
+			Usage:       `Whether to allow resources managed by service team/3rd party to be exported`,
+			Destination: &flagset.flagIncludeManagedResource,
+		},
 
 		// Common flags (auth)
 		&cli.StringFlag{
@@ -577,12 +583,13 @@ func main() {
 
 					// Initialize the config
 					cfg := config.Config{
-						CommonConfig:          commonConfig,
-						ResourceIds:           resIds,
-						TFResourceName:        flagset.flagResName,
-						TFResourceType:        flagset.flagResType,
-						ResourceNamePattern:   flagset.flagPattern,
-						IncludeRoleAssignment: flagset.flagIncludeRoleAssignment,
+						CommonConfig:           commonConfig,
+						ResourceIds:            resIds,
+						TFResourceName:         flagset.flagResName,
+						TFResourceType:         flagset.flagResType,
+						ResourceNamePattern:    flagset.flagPattern,
+						IncludeRoleAssignment:  flagset.flagIncludeRoleAssignment,
+						IncludeManagedResource: flagset.flagIncludeManagedResource,
 					}
 
 					return realMain(c.Context, cfg, flagset.flagNonInteractive, flagset.hflagMockClient, flagset.flagPlainUI, flagset.flagGenerateMappingFile, flagset.hflagProfile, flagset.DescribeCLI(ModeResource), flagset.hflagTFClientPluginPath)
@@ -612,11 +619,12 @@ func main() {
 
 					// Initialize the config
 					cfg := config.Config{
-						CommonConfig:          commonConfig,
-						ResourceGroupName:     rg,
-						ResourceNamePattern:   flagset.flagPattern,
-						RecursiveQuery:        true,
-						IncludeRoleAssignment: flagset.flagIncludeRoleAssignment,
+						CommonConfig:           commonConfig,
+						ResourceGroupName:      rg,
+						ResourceNamePattern:    flagset.flagPattern,
+						RecursiveQuery:         true,
+						IncludeRoleAssignment:  flagset.flagIncludeRoleAssignment,
+						IncludeManagedResource: flagset.flagIncludeManagedResource,
 					}
 
 					return realMain(c.Context, cfg, flagset.flagNonInteractive, flagset.hflagMockClient, flagset.flagPlainUI, flagset.flagGenerateMappingFile, flagset.hflagProfile, flagset.DescribeCLI(ModeResourceGroup), flagset.hflagTFClientPluginPath)
@@ -650,6 +658,7 @@ func main() {
 						ResourceNamePattern:         flagset.flagPattern,
 						RecursiveQuery:              flagset.flagRecursive,
 						IncludeRoleAssignment:       flagset.flagIncludeRoleAssignment,
+						IncludeManagedResource:      flagset.flagIncludeManagedResource,
 						IncludeResourceGroup:        flagset.flagIncludeResourceGroup,
 						ARGTable:                    flagset.flagARGTable,
 						ARGAuthorizationScopeFilter: flagset.flagARGAuthorizationScopeFilter,

pkg/config/config.go

@@ -119,6 +119,9 @@ type Config struct {
 	// IncludeRoleAssignment specifies whether to include the role assignments assigned to the exported resources
 	IncludeRoleAssignment bool
 
+	// IncludeManagedResource specifies whether to allow service team/3rd party managed resources to be exported
+	IncludeManagedResource bool
+
 	/////////////////////////
 	// Scope: rg, res (multi), query