github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/digitalocean/compute/adapt.go (about) 1 package compute 2 3 import ( 4 "github.com/aquasecurity/defsec/pkg/providers/digitalocean/compute" 5 "github.com/aquasecurity/defsec/pkg/terraform" 6 ) 7 8 func Adapt(modules terraform.Modules) compute.Compute { 9 return compute.Compute{ 10 Droplets: adaptDroplets(modules), 11 Firewalls: adaptFirewalls(modules), 12 LoadBalancers: adaptLoadBalancers(modules), 13 KubernetesClusters: adaptKubernetesClusters(modules), 14 } 15 } 16 17 func adaptDroplets(module terraform.Modules) []compute.Droplet { 18 var droplets []compute.Droplet 19 20 for _, module := range module { 21 for _, block := range module.GetResourcesByType("digitalocean_droplet") { 22 droplet := compute.Droplet{ 23 Metadata: block.GetMetadata(), 24 SSHKeys: nil, 25 } 26 sshKeys := block.GetAttribute("ssh_keys") 27 if sshKeys != nil { 28 droplet.SSHKeys = sshKeys.AsStringValues() 29 } 30 31 droplets = append(droplets, droplet) 32 } 33 } 34 return droplets 35 } 36 37 func adaptFirewalls(module terraform.Modules) []compute.Firewall { 38 var firewalls []compute.Firewall 39 40 for _, block := range module.GetResourcesByType("digitalocean_firewall") { 41 inboundRules := block.GetBlocks("inbound_rule") 42 outboundRules := block.GetBlocks("outbound_rule") 43 44 inboundFirewallRules := []compute.InboundFirewallRule{} 45 for _, inBoundRule := range inboundRules { 46 inboundFirewallRule := compute.InboundFirewallRule{ 47 Metadata: inBoundRule.GetMetadata(), 48 } 49 if ibSourceAddresses := inBoundRule.GetAttribute("source_addresses"); ibSourceAddresses != nil { 50 inboundFirewallRule.SourceAddresses = ibSourceAddresses.AsStringValues() 51 } 52 inboundFirewallRules = append(inboundFirewallRules, inboundFirewallRule) 53 } 54 55 outboundFirewallRules := []compute.OutboundFirewallRule{} 56 for _, outBoundRule := range outboundRules { 57 outboundFirewallRule := compute.OutboundFirewallRule{ 58 Metadata: outBoundRule.GetMetadata(), 59 } 60 if obDestinationAddresses := outBoundRule.GetAttribute("destination_addresses"); obDestinationAddresses != nil { 61 outboundFirewallRule.DestinationAddresses = obDestinationAddresses.AsStringValues() 62 } 63 outboundFirewallRules = append(outboundFirewallRules, outboundFirewallRule) 64 } 65 firewalls = append(firewalls, compute.Firewall{ 66 Metadata: block.GetMetadata(), 67 InboundRules: inboundFirewallRules, 68 OutboundRules: outboundFirewallRules, 69 }) 70 } 71 72 return firewalls 73 } 74 75 func adaptLoadBalancers(module terraform.Modules) (loadBalancers []compute.LoadBalancer) { 76 77 for _, block := range module.GetResourcesByType("digitalocean_loadbalancer") { 78 forwardingRules := block.GetBlocks("forwarding_rule") 79 var fRules []compute.ForwardingRule 80 81 for _, fRule := range forwardingRules { 82 rule := compute.ForwardingRule{ 83 Metadata: fRule.GetMetadata(), 84 EntryProtocol: fRule.GetAttribute("entry_protocol").AsStringValueOrDefault("", fRule), 85 } 86 fRules = append(fRules, rule) 87 } 88 loadBalancers = append(loadBalancers, compute.LoadBalancer{ 89 Metadata: block.GetMetadata(), 90 RedirectHttpToHttps: block.GetAttribute("redirect_http_to_https").AsBoolValueOrDefault(false, block), 91 ForwardingRules: fRules, 92 }) 93 } 94 95 return loadBalancers 96 } 97 98 func adaptKubernetesClusters(module terraform.Modules) (kubernetesClusters []compute.KubernetesCluster) { 99 for _, block := range module.GetResourcesByType("digitalocean_kubernetes_cluster") { 100 kubernetesClusters = append(kubernetesClusters, compute.KubernetesCluster{ 101 Metadata: block.GetMetadata(), 102 AutoUpgrade: block.GetAttribute("auto_upgrade").AsBoolValueOrDefault(false, block), 103 SurgeUpgrade: block.GetAttribute("surge_upgrade").AsBoolValueOrDefault(false, block), 104 }) 105 } 106 return kubernetesClusters 107 }