github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/google/dns/adapt.go

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/google/dns/adapt.go (about)

     1  package dns
     2  
     3  import (
     4  	"github.com/aquasecurity/defsec/pkg/providers/google/dns"
     5  	"github.com/aquasecurity/defsec/pkg/terraform"
     6  	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(modules terraform.Modules) dns.DNS {
    10  	return dns.DNS{
    11  		ManagedZones: adaptManagedZones(modules),
    12  	}
    13  }
    14  
    15  func adaptManagedZones(modules terraform.Modules) []dns.ManagedZone {
    16  	var managedZones []dns.ManagedZone
    17  	for _, module := range modules {
    18  		for _, resource := range module.GetResourcesByType("google_dns_managed_zone") {
    19  			managedZones = append(managedZones, adaptManagedZone(resource))
    20  		}
    21  	}
    22  	return managedZones
    23  }
    24  
    25  func adaptManagedZone(resource *terraform.Block) dns.ManagedZone {
    26  	zone := dns.ManagedZone{
    27  		Metadata:   resource.GetMetadata(),
    28  		Visibility: resource.GetAttribute("visibility").AsStringValueOrDefault("public", resource),
    29  		DNSSec:     adaptDNSSec(resource),
    30  	}
    31  	return zone
    32  }
    33  
    34  func adaptDNSSec(b *terraform.Block) dns.DNSSec {
    35  	DNSSecBlock := b.GetBlock("dnssec_config")
    36  	if DNSSecBlock.IsNil() {
    37  		return dns.DNSSec{
    38  			Metadata: b.GetMetadata(),
    39  			Enabled:  defsecTypes.BoolDefault(false, b.GetMetadata()),
    40  		}
    41  	}
    42  
    43  	stateAttr := DNSSecBlock.GetAttribute("state")
    44  
    45  	DNSSec := dns.DNSSec{
    46  		Metadata:        DNSSecBlock.GetMetadata(),
    47  		Enabled:         defsecTypes.Bool(stateAttr.Equals("on"), stateAttr.GetMetadata()),
    48  		DefaultKeySpecs: adaptKeySpecs(DNSSecBlock),
    49  	}
    50  
    51  	return DNSSec
    52  }
    53  
    54  func adaptKeySpecs(b *terraform.Block) []dns.KeySpecs {
    55  	var keySpecs []dns.KeySpecs
    56  	for _, keySpecsBlock := range b.GetBlocks("default_key_specs") {
    57  		keySpecs = append(keySpecs, dns.KeySpecs{
    58  			Metadata:  keySpecsBlock.GetMetadata(),
    59  			Algorithm: keySpecsBlock.GetAttribute("algorithm").AsStringValueOrDefault("", keySpecsBlock),
    60  			KeyType:   keySpecsBlock.GetAttribute("key_type").AsStringValueOrDefault("", keySpecsBlock),
    61  		})
    62  	}
    63  	return keySpecs
    64  }