github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/ecs/cluster.go (about) 1 package ecs 2 3 import ( 4 "github.com/aquasecurity/defsec/pkg/providers/aws/ecs" 5 "github.com/aquasecurity/defsec/pkg/types" 6 "github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/parser" 7 ) 8 9 func getClusters(ctx parser.FileContext) (clusters []ecs.Cluster) { 10 11 clusterResources := ctx.GetResourcesByType("AWS::ECS::Cluster") 12 13 for _, r := range clusterResources { 14 15 cluster := ecs.Cluster{ 16 Metadata: r.Metadata(), 17 Settings: getClusterSettings(r), 18 } 19 20 clusters = append(clusters, cluster) 21 22 } 23 24 return clusters 25 } 26 27 func getClusterSettings(r *parser.Resource) ecs.ClusterSettings { 28 29 clusterSettings := ecs.ClusterSettings{ 30 Metadata: r.Metadata(), 31 ContainerInsightsEnabled: types.BoolDefault(false, r.Metadata()), 32 } 33 34 clusterSettingMap := r.GetProperty("ClusterSettings") 35 if clusterSettingMap.IsNil() || clusterSettingMap.IsNotList() { 36 return clusterSettings 37 } 38 39 clusterSettings.Metadata = clusterSettingMap.Metadata() 40 41 for _, setting := range clusterSettingMap.AsList() { 42 checkProperty(setting, &clusterSettings) 43 } 44 45 return clusterSettings 46 } 47 48 func checkProperty(setting *parser.Property, clusterSettings *ecs.ClusterSettings) { 49 settingMap := setting.AsMap() 50 name := settingMap["Name"] 51 if name.IsNotNil() && name.EqualTo("containerInsights") { 52 value := settingMap["Value"] 53 if value.IsNotNil() && value.EqualTo("enabled") { 54 clusterSettings.ContainerInsightsEnabled = types.Bool(true, value.Metadata()) 55 } 56 } 57 }