github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/emr/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/emr/adapt.go (about)

     1  package emr
     2  
     3  import (
     4  	api "github.com/aws/aws-sdk-go-v2/service/emr"
     5  	"github.com/aws/aws-sdk-go-v2/service/emr/types"
     6  	"github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws"
     7  	"github.com/khulnasoft-lab/defsec/pkg/concurrency"
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/emr"
     9  	"github.com/khulnasoft-lab/defsec/pkg/state"
    10  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
    11  )
    12  
    13  type adapter struct {
    14  	*aws.RootAdapter
    15  	api *api.Client
    16  }
    17  
    18  func init() {
    19  	aws.RegisterServiceAdapter(&adapter{})
    20  }
    21  
    22  func (a *adapter) Provider() string {
    23  	return "aws"
    24  }
    25  
    26  func (a *adapter) Name() string {
    27  	return "emr"
    28  }
    29  
    30  func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error {
    31  
    32  	a.RootAdapter = root
    33  	a.api = api.NewFromConfig(root.SessionConfig())
    34  	var err error
    35  
    36  	state.AWS.EMR.Clusters, err = a.getClusters()
    37  	if err != nil {
    38  		return err
    39  	}
    40  
    41  	state.AWS.EMR.SecurityConfiguration, err = a.getSecurityConfigurations()
    42  	if err != nil {
    43  		return err
    44  	}
    45  
    46  	return nil
    47  }
    48  
    49  func (a *adapter) getClusters() ([]emr.Cluster, error) {
    50  
    51  	a.Tracker().SetServiceLabel("Discovering clusters...")
    52  
    53  	var apiClusters []types.ClusterSummary
    54  	var input api.ListClustersInput
    55  	for {
    56  		output, err := a.api.ListClusters(a.Context(), &input)
    57  		if err != nil {
    58  			return nil, err
    59  		}
    60  		apiClusters = append(apiClusters, output.Clusters...)
    61  		a.Tracker().SetTotalResources(len(apiClusters))
    62  		if output.Marker == nil {
    63  			break
    64  		}
    65  		input.Marker = output.Marker
    66  	}
    67  
    68  	a.Tracker().SetServiceLabel("Adapting clusters...")
    69  	return concurrency.Adapt(apiClusters, a.RootAdapter, a.adaptCluster), nil
    70  }
    71  
    72  func (a *adapter) adaptCluster(apiCluster types.ClusterSummary) (*emr.Cluster, error) {
    73  
    74  	metadata := a.CreateMetadataFromARN(*apiCluster.ClusterArn)
    75  
    76  	output, err := a.api.DescribeCluster(a.Context(), &api.DescribeClusterInput{
    77  		ClusterId: apiCluster.Id,
    78  	})
    79  	if err != nil {
    80  		return nil, err
    81  	}
    82  
    83  	name := defsecTypes.StringDefault("", metadata)
    84  	if apiCluster.Name != nil {
    85  		name = defsecTypes.String(*apiCluster.Name, metadata)
    86  	}
    87  
    88  	releaseLabel := defsecTypes.StringDefault("", metadata)
    89  	if output.Cluster != nil && output.Cluster.ReleaseLabel != nil {
    90  		releaseLabel = defsecTypes.String(*output.Cluster.ReleaseLabel, metadata)
    91  	}
    92  
    93  	serviceRole := defsecTypes.StringDefault("", metadata)
    94  	if output.Cluster != nil && output.Cluster.ServiceRole != nil {
    95  		serviceRole = defsecTypes.String(*output.Cluster.ServiceRole, metadata)
    96  	}
    97  
    98  	return &emr.Cluster{
    99  		Metadata: metadata,
   100  		Settings: emr.ClusterSettings{
   101  			Metadata:     metadata,
   102  			Name:         name,
   103  			ReleaseLabel: releaseLabel,
   104  			ServiceRole:  serviceRole,
   105  		},
   106  	}, nil
   107  }
   108  
   109  func (a *adapter) getSecurityConfigurations() ([]emr.SecurityConfiguration, error) {
   110  	a.Tracker().SetServiceLabel("Discovering security configurations...")
   111  
   112  	var apiConfigs []types.SecurityConfigurationSummary
   113  	var input api.ListSecurityConfigurationsInput
   114  	for {
   115  		output, err := a.api.ListSecurityConfigurations(a.Context(), &input)
   116  		if err != nil {
   117  			return nil, err
   118  		}
   119  		apiConfigs = append(apiConfigs, output.SecurityConfigurations...)
   120  		a.Tracker().SetTotalResources(len(apiConfigs))
   121  		if output.Marker == nil {
   122  			break
   123  		}
   124  		input.Marker = output.Marker
   125  	}
   126  
   127  	a.Tracker().SetServiceLabel("Adapting security configurations...")
   128  
   129  	var configs []emr.SecurityConfiguration
   130  	for _, apiConfig := range apiConfigs {
   131  		config, err := a.adaptConfig(apiConfig)
   132  		if err != nil {
   133  			a.Debug("Failed to adapt security configuration '%s': %s", *apiConfig.Name, err)
   134  			continue
   135  		}
   136  		configs = append(configs, *config)
   137  		a.Tracker().IncrementResource()
   138  	}
   139  
   140  	return configs, nil
   141  }
   142  
   143  func (a *adapter) adaptConfig(config types.SecurityConfigurationSummary) (*emr.SecurityConfiguration, error) {
   144  
   145  	metadata := a.CreateMetadata("config/" + *config.Name)
   146  
   147  	output, err := a.api.DescribeSecurityConfiguration(a.Context(), &api.DescribeSecurityConfigurationInput{
   148  		Name: config.Name,
   149  	})
   150  	if err != nil {
   151  		return nil, err
   152  	}
   153  
   154  	name := defsecTypes.StringDefault("", metadata)
   155  	if config.Name != nil {
   156  		name = defsecTypes.String(*config.Name, metadata)
   157  	}
   158  
   159  	secConf := defsecTypes.StringDefault("", metadata)
   160  	if output.SecurityConfiguration != nil {
   161  		secConf = defsecTypes.String(*output.SecurityConfiguration, metadata)
   162  	}
   163  
   164  	return &emr.SecurityConfiguration{
   165  		Metadata:      metadata,
   166  		Name:          name,
   167  		Configuration: secConf,
   168  	}, nil
   169  }