github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/msk/adapt.go (about) 1 package msk 2 3 import ( 4 api "github.com/aws/aws-sdk-go-v2/service/kafka" 5 "github.com/aws/aws-sdk-go-v2/service/kafka/types" 6 "github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws" 7 "github.com/khulnasoft-lab/defsec/pkg/concurrency" 8 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/msk" 9 "github.com/khulnasoft-lab/defsec/pkg/state" 10 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 11 ) 12 13 type adapter struct { 14 *aws.RootAdapter 15 api *api.Client 16 } 17 18 func init() { 19 aws.RegisterServiceAdapter(&adapter{}) 20 } 21 22 func (a *adapter) Provider() string { 23 return "aws" 24 } 25 26 func (a *adapter) Name() string { 27 return "msk" 28 } 29 30 func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error { 31 32 a.RootAdapter = root 33 a.api = api.NewFromConfig(root.SessionConfig()) 34 var err error 35 36 state.AWS.MSK.Clusters, err = a.getClusters() 37 if err != nil { 38 return err 39 } 40 41 return nil 42 } 43 44 func (a *adapter) getClusters() ([]msk.Cluster, error) { 45 46 a.Tracker().SetServiceLabel("Discovering clusters...") 47 48 var apiClusters []types.ClusterInfo 49 var input api.ListClustersInput 50 for { 51 output, err := a.api.ListClusters(a.Context(), &input) 52 if err != nil { 53 return nil, err 54 } 55 apiClusters = append(apiClusters, output.ClusterInfoList...) 56 a.Tracker().SetTotalResources(len(apiClusters)) 57 if output.NextToken == nil { 58 break 59 } 60 input.NextToken = output.NextToken 61 } 62 63 a.Tracker().SetServiceLabel("Adapting clusters...") 64 return concurrency.Adapt(apiClusters, a.RootAdapter, a.adaptCluster), nil 65 } 66 67 func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, error) { 68 69 metadata := a.CreateMetadataFromARN(*apiCluster.ClusterArn) 70 71 var encInTransitClientBroker, encAtRestKMSKeyId string 72 var encAtRestEnabled bool 73 if apiCluster.EncryptionInfo != nil { 74 if apiCluster.EncryptionInfo.EncryptionInTransit != nil { 75 encInTransitClientBroker = string(apiCluster.EncryptionInfo.EncryptionInTransit.ClientBroker) 76 } 77 78 if apiCluster.EncryptionInfo.EncryptionAtRest != nil { 79 encAtRestKMSKeyId = *apiCluster.EncryptionInfo.EncryptionAtRest.DataVolumeKMSKeyId 80 encAtRestEnabled = true 81 } 82 } 83 84 var logS3, logCW, logFH bool 85 if apiCluster.LoggingInfo != nil && apiCluster.LoggingInfo.BrokerLogs != nil { 86 logs := apiCluster.LoggingInfo.BrokerLogs 87 if logs.S3 != nil { 88 logS3 = logs.S3.Enabled 89 } 90 if logs.CloudWatchLogs != nil { 91 logCW = logs.CloudWatchLogs.Enabled 92 } 93 if logs.Firehose != nil { 94 logFH = logs.Firehose.Enabled 95 } 96 } 97 98 return &msk.Cluster{ 99 Metadata: metadata, 100 EncryptionInTransit: msk.EncryptionInTransit{ 101 Metadata: metadata, 102 ClientBroker: defsecTypes.String(encInTransitClientBroker, metadata), 103 }, 104 EncryptionAtRest: msk.EncryptionAtRest{ 105 Metadata: metadata, 106 KMSKeyARN: defsecTypes.String(encAtRestKMSKeyId, metadata), 107 Enabled: defsecTypes.Bool(encAtRestEnabled, metadata), 108 }, 109 Logging: msk.Logging{ 110 Metadata: metadata, 111 Broker: msk.BrokerLogging{ 112 Metadata: metadata, 113 S3: msk.S3Logging{ 114 Metadata: metadata, 115 Enabled: defsecTypes.Bool(logS3, metadata), 116 }, 117 Cloudwatch: msk.CloudwatchLogging{ 118 Metadata: metadata, 119 Enabled: defsecTypes.Bool(logCW, metadata), 120 }, 121 Firehose: msk.FirehoseLogging{ 122 Metadata: metadata, 123 Enabled: defsecTypes.Bool(logFH, metadata), 124 }, 125 }, 126 }, 127 }, nil 128 }