github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/aws/iam/roles.go

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/aws/iam/roles.go (about)

     1  package iam
     2  
     3  import (
     4  	"github.com/aquasecurity/defsec/pkg/providers/aws/iam"
     5  	"github.com/aquasecurity/defsec/pkg/terraform"
     6  )
     7  
     8  func adaptRoles(modules terraform.Modules) []iam.Role {
     9  	var roles []iam.Role
    10  	for _, roleBlock := range modules.GetResourcesByType("aws_iam_role") {
    11  		role := iam.Role{
    12  			Metadata: roleBlock.GetMetadata(),
    13  			Name:     roleBlock.GetAttribute("name").AsStringValueOrDefault("", roleBlock),
    14  		}
    15  
    16  		if inlineBlock := roleBlock.GetBlock("inline_policy"); inlineBlock.IsNotNil() {
    17  			if policy, err := parsePolicy(inlineBlock, modules); err == nil {
    18  				role.Policies = append(role.Policies, policy)
    19  			}
    20  		}
    21  
    22  		if policy, ok := applyForDependentResource(
    23  			modules, roleBlock.ID(), "name", "aws_iam_role_policy", "role", findPolicy(modules),
    24  		); ok && policy != nil {
    25  			role.Policies = append(role.Policies, *policy)
    26  		}
    27  
    28  		if policy, ok := applyForDependentResource(
    29  			modules, roleBlock.ID(), "name", "aws_iam_role_policy_attachment", "role", findAttachmentPolicy(modules),
    30  		); ok && policy != nil {
    31  			role.Policies = append(role.Policies, *policy)
    32  		}
    33  
    34  		roles = append(roles, role)
    35  	}
    36  
    37  	return roles
    38  }