github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/neptune/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/neptune/adapt.go (about)

     1  package neptune
     2  
     3  import (
     4  	api "github.com/aws/aws-sdk-go-v2/service/neptune"
     5  	"github.com/aws/aws-sdk-go-v2/service/neptune/types"
     6  	"github.com/khulnasoft-lab/defsec/internal/adapters/cloud/aws"
     7  	"github.com/khulnasoft-lab/defsec/pkg/concurrency"
     8  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/neptune"
     9  	"github.com/khulnasoft-lab/defsec/pkg/state"
    10  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
    11  )
    12  
    13  type adapter struct {
    14  	*aws.RootAdapter
    15  	api *api.Client
    16  }
    17  
    18  func init() {
    19  	aws.RegisterServiceAdapter(&adapter{})
    20  }
    21  
    22  func (a *adapter) Provider() string {
    23  	return "aws"
    24  }
    25  
    26  func (a *adapter) Name() string {
    27  	return "neptune"
    28  }
    29  
    30  func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error {
    31  
    32  	a.RootAdapter = root
    33  	a.api = api.NewFromConfig(root.SessionConfig())
    34  	var err error
    35  
    36  	state.AWS.Neptune.Clusters, err = a.getClusters()
    37  	if err != nil {
    38  		return err
    39  	}
    40  
    41  	return nil
    42  }
    43  
    44  func (a *adapter) getClusters() ([]neptune.Cluster, error) {
    45  
    46  	a.Tracker().SetServiceLabel("Discovering clusters...")
    47  
    48  	var apiClusters []types.DBCluster
    49  	var input api.DescribeDBClustersInput
    50  	for {
    51  		output, err := a.api.DescribeDBClusters(a.Context(), &input)
    52  		if err != nil {
    53  			return nil, err
    54  		}
    55  		apiClusters = append(apiClusters, output.DBClusters...)
    56  		a.Tracker().SetTotalResources(len(apiClusters))
    57  		if output.Marker == nil {
    58  			break
    59  		}
    60  		input.Marker = output.Marker
    61  	}
    62  
    63  	a.Tracker().SetServiceLabel("Adapting clusters...")
    64  	return concurrency.Adapt(apiClusters, a.RootAdapter, a.adaptCluster), nil
    65  }
    66  
    67  func (a *adapter) adaptCluster(apiCluster types.DBCluster) (*neptune.Cluster, error) {
    68  
    69  	metadata := a.CreateMetadataFromARN(*apiCluster.DBClusterArn)
    70  
    71  	var kmsKeyId string
    72  	if apiCluster.KmsKeyId != nil {
    73  		kmsKeyId = *apiCluster.KmsKeyId
    74  	}
    75  
    76  	var auditLogging bool
    77  	for _, export := range apiCluster.EnabledCloudwatchLogsExports {
    78  		if export == "audit" {
    79  			auditLogging = true
    80  			break
    81  		}
    82  	}
    83  
    84  	return &neptune.Cluster{
    85  		Metadata: metadata,
    86  		Logging: neptune.Logging{
    87  			Metadata: metadata,
    88  			Audit:    defsecTypes.Bool(auditLogging, metadata),
    89  		},
    90  		StorageEncrypted: defsecTypes.Bool(apiCluster.StorageEncrypted, metadata),
    91  		KMSKeyID:         defsecTypes.String(kmsKeyId, metadata),
    92  	}, nil
    93  }