github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/ec2/volume.go (about) 1 package ec2 2 3 import ( 4 "fmt" 5 6 "github.com/khulnasoft-lab/defsec/pkg/concurrency" 7 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 8 9 "github.com/aws/aws-sdk-go-v2/service/ec2/types" 10 11 ec2api "github.com/aws/aws-sdk-go-v2/service/ec2" 12 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2" 13 ) 14 15 func (a *adapter) getVolumes() ([]ec2.Volume, error) { 16 17 a.Tracker().SetServiceLabel("Discovering volumes...") 18 19 var input ec2api.DescribeVolumesInput 20 21 var apiVolumes []types.Volume 22 for { 23 output, err := a.client.DescribeVolumes(a.Context(), &input) 24 if err != nil { 25 return nil, err 26 } 27 apiVolumes = append(apiVolumes, output.Volumes...) 28 a.Tracker().SetTotalResources(len(apiVolumes)) 29 if output.NextToken == nil { 30 break 31 } 32 input.NextToken = output.NextToken 33 } 34 35 a.Tracker().SetServiceLabel("Adapting volumes...") 36 return concurrency.Adapt(apiVolumes, a.RootAdapter, a.adaptVolume), nil 37 } 38 39 func (a *adapter) adaptVolume(volume types.Volume) (*ec2.Volume, error) { 40 41 metadata := a.CreateMetadata(fmt.Sprintf("volume/%s", *volume.VolumeId)) 42 43 encrypted := volume.Encrypted != nil && *volume.Encrypted 44 var kmsKeyId string 45 if volume.KmsKeyId != nil { 46 kmsKeyId = *volume.KmsKeyId 47 } 48 49 return &ec2.Volume{ 50 Metadata: metadata, 51 Encryption: ec2.Encryption{ 52 Metadata: metadata, 53 Enabled: defsecTypes.Bool(encrypted, metadata), 54 KMSKeyID: defsecTypes.String(kmsKeyId, metadata), 55 }, 56 }, nil 57 }