github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/authorization/adapt.go (about) 1 package authorization 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/azure/authorization" 5 "github.com/khulnasoft-lab/defsec/pkg/scanners/azure" 6 ) 7 8 func Adapt(deployment azure.Deployment) authorization.Authorization { 9 return authorization.Authorization{ 10 RoleDefinitions: adaptRoleDefinitions(deployment), 11 } 12 } 13 14 func adaptRoleDefinitions(deployment azure.Deployment) (roleDefinitions []authorization.RoleDefinition) { 15 for _, resource := range deployment.GetResourcesByType("Microsoft.Authorization/roleDefinitions") { 16 roleDefinitions = append(roleDefinitions, adaptRoleDefinition(resource)) 17 } 18 return roleDefinitions 19 } 20 21 func adaptRoleDefinition(resource azure.Resource) authorization.RoleDefinition { 22 23 return authorization.RoleDefinition{ 24 Metadata: resource.Metadata, 25 Permissions: adaptPermissions(resource), 26 AssignableScopes: resource.Properties.GetMapValue("assignableScopes").AsStringValuesList(""), 27 } 28 } 29 30 func adaptPermissions(resource azure.Resource) (permissions []authorization.Permission) { 31 for _, permission := range resource.Properties.GetMapValue("permissions").AsList() { 32 permissions = append(permissions, authorization.Permission{ 33 Metadata: resource.Metadata, 34 Actions: permission.GetMapValue("actions").AsStringValuesList(""), 35 }) 36 } 37 return permissions 38 }