github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/documentdb/adapt.go (about) 1 package documentdb 2 3 import ( 4 api "github.com/aws/aws-sdk-go-v2/service/docdb" 5 "github.com/aws/aws-sdk-go-v2/service/docdb/types" 6 "github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws" 7 "github.com/khulnasoft-lab/defsec/pkg/concurrency" 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/documentdb" 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 11 ) 12 13 type adapter struct { 14 *aws.RootAdapter 15 client *api.Client 16 } 17 18 func init() { 19 aws.RegisterServiceAdapter(&adapter{}) 20 } 21 22 func (a *adapter) Provider() string { 23 return "aws" 24 } 25 26 func (a *adapter) Name() string { 27 return "documentdb" 28 } 29 30 func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { 31 32 a.RootAdapter = root 33 a.client = api.NewFromConfig(root.SessionConfig()) 34 var err error 35 36 state.AWS.DocumentDB.Clusters, err = a.getClusters() 37 if err != nil { 38 return err 39 } 40 41 return nil 42 } 43 44 func (a *adapter) getClusters() ([]documentdb.Cluster, error) { 45 46 a.Tracker().SetServiceLabel("Discovering clusters...") 47 48 var apiClusters []types.DBCluster 49 var input api.DescribeDBClustersInput 50 for { 51 output, err := a.client.DescribeDBClusters(a.Context(), &input) 52 if err != nil { 53 return nil, err 54 } 55 apiClusters = append(apiClusters, output.DBClusters...) 56 a.Tracker().SetTotalResources(len(apiClusters)) 57 if output.Marker == nil { 58 break 59 } 60 input.Marker = output.Marker 61 } 62 63 a.Tracker().SetServiceLabel("Adapting clusters...") 64 return concurrency.Adapt(apiClusters, a.RootAdapter, a.adaptCluster), nil 65 } 66 67 func (a *adapter) adaptCluster(cluster types.DBCluster) (*documentdb.Cluster, error) { 68 69 metadata := a.CreateMetadataFromARN(*cluster.DBClusterArn) 70 71 var logExports []defsecTypes.StringValue 72 for _, export := range cluster.EnabledCloudwatchLogsExports { 73 logExports = append(logExports, defsecTypes.String(export, metadata)) 74 } 75 76 var kmsKeyId string 77 if cluster.KmsKeyId != nil { 78 kmsKeyId = *cluster.KmsKeyId 79 } 80 81 var identifier string 82 if cluster.DBClusterIdentifier != nil { 83 identifier = *cluster.DBClusterIdentifier 84 } 85 86 var instances []documentdb.Instance 87 for _, instance := range cluster.DBClusterMembers { 88 output, err := a.client.DescribeDBInstances(a.Context(), &api.DescribeDBInstancesInput{ 89 DBInstanceIdentifier: instance.DBInstanceIdentifier, 90 }) 91 if err != nil { 92 return nil, err 93 } 94 var kmsKeyId string 95 if output.DBInstances[0].KmsKeyId != nil { 96 kmsKeyId = *output.DBInstances[0].KmsKeyId 97 } 98 instances = append(instances, documentdb.Instance{ 99 Metadata: metadata, 100 KMSKeyID: defsecTypes.String(kmsKeyId, metadata), 101 }) 102 } 103 104 return &documentdb.Cluster{ 105 Metadata: metadata, 106 Identifier: defsecTypes.String(identifier, metadata), 107 EnabledLogExports: logExports, 108 Instances: instances, 109 StorageEncrypted: defsecTypes.Bool(cluster.StorageEncrypted, metadata), 110 KMSKeyID: defsecTypes.String(kmsKeyId, metadata), 111 BackupRetentionPeriod: defsecTypes.Int(int(*cluster.BackupRetentionPeriod), metadata), 112 }, nil 113 }