github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/keyvault/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/arm/keyvault/adapt.go (about)

     1  package keyvault
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/azure/keyvault"
     5  	"github.com/khulnasoft-lab/defsec/pkg/scanners/azure"
     6  )
     7  
     8  func Adapt(deployment azure.Deployment) keyvault.KeyVault {
     9  	return keyvault.KeyVault{
    10  		Vaults: adaptVaults(deployment),
    11  	}
    12  }
    13  
    14  func adaptVaults(deployment azure.Deployment) (vaults []keyvault.Vault) {
    15  	for _, resource := range deployment.GetResourcesByType("Microsoft.KeyVault/vaults") {
    16  		vaults = append(vaults, adaptVault(resource, deployment))
    17  	}
    18  
    19  	return vaults
    20  }
    21  
    22  func adaptVault(resource azure.Resource, deployment azure.Deployment) keyvault.Vault {
    23  	return keyvault.Vault{
    24  		Metadata:                resource.Metadata,
    25  		Secrets:                 adaptSecrets(resource, deployment),
    26  		Keys:                    adaptKeys(resource, deployment),
    27  		EnablePurgeProtection:   resource.Properties.GetMapValue("enablePurgeProtection").AsBoolValue(false, resource.Metadata),
    28  		SoftDeleteRetentionDays: resource.Properties.GetMapValue("softDeleteRetentionInDays").AsIntValue(7, resource.Metadata),
    29  		NetworkACLs: keyvault.NetworkACLs{
    30  			Metadata:      resource.Metadata,
    31  			DefaultAction: resource.Properties.GetMapValue("properties").GetMapValue("networkAcls").GetMapValue("defaultAction").AsStringValue("", resource.Metadata),
    32  		},
    33  	}
    34  }
    35  
    36  func adaptKeys(resource azure.Resource, deployment azure.Deployment) (keys []keyvault.Key) {
    37  	for _, resource := range deployment.GetResourcesByType("Microsoft.KeyVault/vaults/keys") {
    38  		keys = append(keys, adaptKey(resource))
    39  	}
    40  
    41  	return keys
    42  }
    43  
    44  func adaptKey(resource azure.Resource) keyvault.Key {
    45  	return keyvault.Key{
    46  		Metadata:   resource.Metadata,
    47  		ExpiryDate: resource.Properties.GetMapValue("attributes").GetMapValue("exp").AsTimeValue(resource.Metadata),
    48  	}
    49  }
    50  
    51  func adaptSecrets(resource azure.Resource, deployment azure.Deployment) (secrets []keyvault.Secret) {
    52  	for _, resource := range deployment.GetResourcesByType("Microsoft.KeyVault/vaults/secrets") {
    53  		secrets = append(secrets, adaptSecret(resource))
    54  	}
    55  	return secrets
    56  }
    57  
    58  func adaptSecret(resource azure.Resource) keyvault.Secret {
    59  	return keyvault.Secret{
    60  		Metadata:    resource.Metadata,
    61  		ContentType: resource.Properties.GetMapValue("contentType").AsStringValue("", resource.Metadata),
    62  		ExpiryDate:  resource.Properties.GetMapValue("attributes").GetMapValue("exp").AsTimeValue(resource.Metadata),
    63  	}
    64  }