github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/aws/kms.go (about) 1 // Copyright 2019 The Terraformer Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package aws 16 17 import ( 18 "context" 19 "log" 20 21 "github.com/GoogleCloudPlatform/terraformer/terraformutils" 22 "github.com/aws/aws-sdk-go-v2/service/kms" 23 "github.com/aws/aws-sdk-go-v2/service/kms/types" 24 ) 25 26 var kmsAllowEmptyValues = []string{"tags."} 27 28 type KmsGenerator struct { 29 AWSService 30 } 31 32 func (g *KmsGenerator) InitResources() error { 33 config, e := g.generateConfig() 34 if e != nil { 35 return e 36 } 37 client := kms.NewFromConfig(config) 38 39 err := g.addKeys(client) 40 if err != nil { 41 return err 42 } 43 err = g.addAliases(client) 44 return err 45 } 46 47 func (g *KmsGenerator) addKeys(client *kms.Client) error { 48 p := kms.NewListKeysPaginator(client, &kms.ListKeysInput{}) 49 for p.HasMorePages() { 50 page, err := p.NextPage(context.TODO()) 51 if err != nil { 52 return err 53 } 54 for _, key := range page.Keys { 55 keyDescription, err := client.DescribeKey(context.TODO(), &kms.DescribeKeyInput{ 56 KeyId: key.KeyId, 57 }) 58 if err != nil { 59 log.Println(err) 60 continue 61 } 62 if keyDescription.KeyMetadata.KeyManager == types.KeyManagerTypeCustomer { 63 resource := terraformutils.NewResource( 64 *key.KeyId, 65 *key.KeyId, 66 "aws_kms_key", 67 "aws", 68 map[string]string{ 69 "key_id": *key.KeyId, 70 }, 71 kmsAllowEmptyValues, 72 map[string]interface{}{}, 73 ) 74 resource.SlowQueryRequired = true 75 g.Resources = append(g.Resources, resource) 76 77 g.addGrants(key.KeyId, client) 78 } 79 } 80 } 81 return nil 82 } 83 84 func (g *KmsGenerator) addAliases(client *kms.Client) error { 85 p := kms.NewListAliasesPaginator(client, &kms.ListAliasesInput{}) 86 for p.HasMorePages() { 87 page, err := p.NextPage(context.TODO()) 88 if err != nil { 89 return err 90 } 91 for _, alias := range page.Aliases { 92 if alias.TargetKeyId == nil { 93 continue 94 } 95 keyDescription, err := client.DescribeKey(context.TODO(), &kms.DescribeKeyInput{ 96 KeyId: alias.TargetKeyId, 97 }) 98 if err != nil { 99 log.Println(err) 100 continue 101 } 102 if keyDescription.KeyMetadata.KeyManager == types.KeyManagerTypeCustomer { 103 resource := terraformutils.NewSimpleResource( 104 *alias.AliasName, 105 *alias.AliasName, 106 "aws_kms_alias", 107 "aws", 108 kmsAllowEmptyValues, 109 ) 110 resource.SlowQueryRequired = true 111 g.Resources = append(g.Resources, resource) 112 } 113 } 114 } 115 return nil 116 } 117 118 func (g *KmsGenerator) addGrants(keyID *string, client *kms.Client) { 119 p := kms.NewListGrantsPaginator(client, &kms.ListGrantsInput{ 120 KeyId: keyID, 121 }) 122 for p.HasMorePages() { 123 page, err := p.NextPage(context.TODO()) 124 if err != nil { 125 log.Println(err) 126 return 127 } 128 for _, grant := range page.Grants { 129 grantID := *grant.KeyId + ":" + *grant.GrantId 130 resource := terraformutils.NewSimpleResource( 131 grantID, 132 grantID, 133 "aws_kms_grant", 134 "aws", 135 kmsAllowEmptyValues, 136 ) 137 resource.SlowQueryRequired = true 138 g.Resources = append(g.Resources, resource) 139 } 140 } 141 }