github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/authorization/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/authorization/adapt.go (about)

     1  package authorization
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/azure/authorization"
     5  	"github.com/khulnasoft-lab/defsec/pkg/scanners/azure"
     6  )
     7  
     8  func Adapt(deployment azure.Deployment) authorization.Authorization {
     9  	return authorization.Authorization{
    10  		RoleDefinitions: adaptRoleDefinitions(deployment),
    11  	}
    12  }
    13  
    14  func adaptRoleDefinitions(deployment azure.Deployment) (roleDefinitions []authorization.RoleDefinition) {
    15  	for _, resource := range deployment.GetResourcesByType("Microsoft.Authorization/roleDefinitions") {
    16  		roleDefinitions = append(roleDefinitions, adaptRoleDefinition(resource))
    17  	}
    18  	return roleDefinitions
    19  }
    20  
    21  func adaptRoleDefinition(resource azure.Resource) authorization.RoleDefinition {
    22  
    23  	return authorization.RoleDefinition{
    24  		Metadata:         resource.Metadata,
    25  		Permissions:      adaptPermissions(resource),
    26  		AssignableScopes: resource.Properties.GetMapValue("assignableScopes").AsStringValuesList(""),
    27  	}
    28  }
    29  
    30  func adaptPermissions(resource azure.Resource) (permissions []authorization.Permission) {
    31  	for _, permission := range resource.Properties.GetMapValue("permissions").AsList() {
    32  		permissions = append(permissions, authorization.Permission{
    33  			Metadata: resource.Metadata,
    34  			Actions:  permission.GetMapValue("actions").AsStringValuesList(""),
    35  		})
    36  	}
    37  	return permissions
    38  }