github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/aws/kms/adapt.go

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/aws/kms/adapt.go (about)

     1  package kms
     2  
     3  import (
     4  	"github.com/aquasecurity/defsec/pkg/providers/aws/kms"
     5  	"github.com/aquasecurity/defsec/pkg/terraform"
     6  )
     7  
     8  func Adapt(modules terraform.Modules) kms.KMS {
     9  	return kms.KMS{
    10  		Keys: adaptKeys(modules),
    11  	}
    12  }
    13  
    14  func adaptKeys(modules terraform.Modules) []kms.Key {
    15  	var keys []kms.Key
    16  	for _, module := range modules {
    17  		for _, resource := range module.GetResourcesByType("aws_kms_key") {
    18  			keys = append(keys, adaptKey(resource))
    19  		}
    20  	}
    21  	return keys
    22  }
    23  
    24  func adaptKey(resource *terraform.Block) kms.Key {
    25  	usageAttr := resource.GetAttribute("key_usage")
    26  	usageVal := usageAttr.AsStringValueOrDefault("ENCRYPT_DECRYPT", resource)
    27  
    28  	enableKeyRotationAttr := resource.GetAttribute("enable_key_rotation")
    29  	enableKeyRotationVal := enableKeyRotationAttr.AsBoolValueOrDefault(false, resource)
    30  
    31  	return kms.Key{
    32  		Metadata:        resource.GetMetadata(),
    33  		Usage:           usageVal,
    34  		RotationEnabled: enableKeyRotationVal,
    35  	}
    36  }