github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/aws/iam/users.go (about) 1 package iam 2 3 import ( 4 "github.com/aquasecurity/defsec/pkg/providers/aws/iam" 5 "github.com/aquasecurity/defsec/pkg/terraform" 6 defsecTypes "github.com/aquasecurity/defsec/pkg/types" 7 ) 8 9 func adaptUsers(modules terraform.Modules) []iam.User { 10 var users []iam.User 11 12 for _, userBlock := range modules.GetResourcesByType("aws_iam_user") { 13 user := iam.User{ 14 Metadata: userBlock.GetMetadata(), 15 Name: userBlock.GetAttribute("name").AsStringValueOrDefault("", userBlock), 16 LastAccess: defsecTypes.TimeUnresolvable(userBlock.GetMetadata()), 17 } 18 19 if policy, ok := applyForDependentResource( 20 modules, userBlock.ID(), "name", "aws_iam_user_policy", "user", findPolicy(modules), 21 ); ok && policy != nil { 22 user.Policies = append(user.Policies, *policy) 23 } 24 25 if policy, ok := applyForDependentResource( 26 modules, userBlock.ID(), "name", "aws_iam_user_policy_attachment", "user", findAttachmentPolicy(modules), 27 ); ok && policy != nil { 28 user.Policies = append(user.Policies, *policy) 29 } 30 31 if accessKey, ok := applyForDependentResource( 32 modules, userBlock.ID(), "name", "aws_iam_access_key", "user", adaptAccessKey, 33 ); ok { 34 user.AccessKeys = append(user.AccessKeys, accessKey) 35 } 36 37 users = append(users, user) 38 } 39 return users 40 41 } 42 43 func adaptAccessKey(block *terraform.Block) iam.AccessKey { 44 45 active := defsecTypes.BoolDefault(true, block.GetMetadata()) 46 if activeAttr := block.GetAttribute("status"); activeAttr.IsString() { 47 active = defsecTypes.Bool(activeAttr.Equals("Active"), activeAttr.GetMetadata()) 48 } 49 return iam.AccessKey{ 50 Metadata: block.GetMetadata(), 51 AccessKeyId: defsecTypes.StringUnresolvable(block.GetMetadata()), 52 CreationDate: defsecTypes.TimeUnresolvable(block.GetMetadata()), 53 LastAccess: defsecTypes.TimeUnresolvable(block.GetMetadata()), 54 Active: active, 55 } 56 }