github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/terraform/google/iam/folder_iam.go (about) 1 package iam 2 3 import ( 4 "github.com/aquasecurity/defsec/pkg/providers/google/iam" 5 "github.com/aquasecurity/defsec/pkg/types" 6 ) 7 8 // see https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_folder_iam 9 10 func (a *adapter) adaptFolderIAM() { 11 a.adaptFolderMembers() 12 a.adaptFolderBindings() 13 } 14 15 func (a *adapter) adaptFolderMembers() { 16 for _, iamBlock := range a.modules.GetResourcesByType("google_folder_iam_member") { 17 member := a.adaptMember(iamBlock) 18 folderAttr := iamBlock.GetAttribute("folder") 19 if refBlock, err := a.modules.GetReferencedBlock(folderAttr, iamBlock); err == nil { 20 if refBlock.TypeLabel() == "google_folder" { 21 var foundFolder bool 22 for i, folder := range a.folders { 23 if folder.blockID == refBlock.ID() { 24 folder.folder.Members = append(folder.folder.Members, member) 25 a.folders[i] = folder 26 foundFolder = true 27 break 28 } 29 } 30 if foundFolder { 31 continue 32 } 33 } 34 } 35 36 // we didn't find the folder - add an unmanaged one 37 a.folders = append(a.folders, parentedFolder{ 38 folder: iam.Folder{ 39 Metadata: types.NewUnmanagedMetadata(), 40 Members: []iam.Member{member}, 41 }, 42 }) 43 } 44 } 45 46 func (a *adapter) adaptFolderBindings() { 47 48 for _, iamBlock := range a.modules.GetResourcesByType("google_folder_iam_policy") { 49 50 policyAttr := iamBlock.GetAttribute("policy_data") 51 if policyAttr.IsNil() { 52 continue 53 } 54 policyBlock, err := a.modules.GetReferencedBlock(policyAttr, iamBlock) 55 if err != nil { 56 continue 57 } 58 bindings := ParsePolicyBlock(policyBlock) 59 folderAttr := iamBlock.GetAttribute("folder") 60 61 if refBlock, err := a.modules.GetReferencedBlock(folderAttr, iamBlock); err == nil { 62 if refBlock.TypeLabel() == "google_folder" { 63 var foundFolder bool 64 for i, folder := range a.folders { 65 if folder.blockID == refBlock.ID() { 66 folder.folder.Bindings = append(folder.folder.Bindings, bindings...) 67 a.folders[i] = folder 68 foundFolder = true 69 break 70 } 71 } 72 if foundFolder { 73 continue 74 } 75 76 } 77 } 78 79 // we didn't find the project - add an unmanaged one 80 a.folders = append(a.folders, parentedFolder{ 81 folder: iam.Folder{ 82 Metadata: types.NewUnmanagedMetadata(), 83 Bindings: bindings, 84 }, 85 }) 86 } 87 88 for _, iamBlock := range a.modules.GetResourcesByType("google_folder_iam_binding") { 89 binding := a.adaptBinding(iamBlock) 90 folderAttr := iamBlock.GetAttribute("folder") 91 if refBlock, err := a.modules.GetReferencedBlock(folderAttr, iamBlock); err == nil { 92 if refBlock.TypeLabel() == "google_folder" { 93 var foundFolder bool 94 for i, folder := range a.folders { 95 if folder.blockID == refBlock.ID() { 96 folder.folder.Bindings = append(folder.folder.Bindings, binding) 97 a.folders[i] = folder 98 foundFolder = true 99 break 100 } 101 } 102 if foundFolder { 103 continue 104 } 105 106 } 107 } 108 109 // we didn't find the folder - add an unmanaged one 110 a.folders = append(a.folders, parentedFolder{ 111 folder: iam.Folder{ 112 Metadata: types.NewUnmanagedMetadata(), 113 Bindings: []iam.Binding{binding}, 114 }, 115 }) 116 } 117 }