github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/documentdb/cluster.go (about) 1 package documentdb 2 3 import ( 4 "github.com/aquasecurity/defsec/pkg/providers/aws/documentdb" 5 "github.com/aquasecurity/defsec/pkg/types" 6 "github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/parser" 7 ) 8 9 func getClusters(ctx parser.FileContext) (clusters []documentdb.Cluster) { 10 11 clusterResources := ctx.GetResourcesByType("AWS::DocDB::DBCluster") 12 13 for _, r := range clusterResources { 14 cluster := documentdb.Cluster{ 15 Metadata: r.Metadata(), 16 Identifier: r.GetStringProperty("DBClusterIdentifier"), 17 EnabledLogExports: getLogExports(r), 18 Instances: nil, 19 BackupRetentionPeriod: r.GetIntProperty("BackupRetentionPeriod", 1), 20 StorageEncrypted: r.GetBoolProperty("StorageEncrypted"), 21 KMSKeyID: r.GetStringProperty("KmsKeyId"), 22 } 23 24 updateInstancesOnCluster(&cluster, ctx) 25 26 clusters = append(clusters, cluster) 27 } 28 return clusters 29 } 30 31 func updateInstancesOnCluster(cluster *documentdb.Cluster, ctx parser.FileContext) { 32 33 instanceResources := ctx.GetResourcesByType("AWS::DocDB::DBInstance") 34 35 for _, r := range instanceResources { 36 clusterIdentifier := r.GetStringProperty("DBClusterIdentifier") 37 if clusterIdentifier == cluster.Identifier { 38 cluster.Instances = append(cluster.Instances, documentdb.Instance{ 39 Metadata: r.Metadata(), 40 KMSKeyID: cluster.KMSKeyID, 41 }) 42 } 43 } 44 } 45 46 func getLogExports(r *parser.Resource) (logExports []types.StringValue) { 47 48 exportsList := r.GetProperty("EnableCloudwatchLogsExports") 49 50 if exportsList.IsNil() || exportsList.IsNotList() { 51 return logExports 52 } 53 54 for _, export := range exportsList.AsList() { 55 logExports = append(logExports, export.AsStringValue()) 56 } 57 return logExports 58 }