github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/documentdb/cluster.go (about) 1 package documentdb 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/documentdb" 5 "github.com/khulnasoft-lab/defsec/pkg/scanners/cloudformation/parser" 6 "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func getClusters(ctx parser.FileContext) (clusters []documentdb.Cluster) { 10 11 clusterResources := ctx.GetResourcesByType("AWS::DocDB::DBCluster") 12 13 for _, r := range clusterResources { 14 cluster := documentdb.Cluster{ 15 Metadata: r.Metadata(), 16 Identifier: r.GetStringProperty("DBClusterIdentifier"), 17 EnabledLogExports: getLogExports(r), 18 Instances: nil, 19 BackupRetentionPeriod: r.GetIntProperty("BackupRetentionPeriod"), 20 StorageEncrypted: r.GetBoolProperty("StorageEncrypted"), 21 KMSKeyID: r.GetStringProperty("KmsKeyId"), 22 } 23 24 updateInstancesOnCluster(&cluster, ctx) 25 26 clusters = append(clusters, cluster) 27 } 28 return clusters 29 } 30 31 func updateInstancesOnCluster(cluster *documentdb.Cluster, ctx parser.FileContext) { 32 33 instanceResources := ctx.GetResourcesByType("AWS::DocDB::DBInstance") 34 35 for _, r := range instanceResources { 36 clusterIdentifier := r.GetStringProperty("DBClusterIdentifier") 37 if clusterIdentifier == cluster.Identifier { 38 cluster.Instances = append(cluster.Instances, documentdb.Instance{ 39 Metadata: r.Metadata(), 40 KMSKeyID: cluster.KMSKeyID, 41 }) 42 } 43 } 44 } 45 46 func getLogExports(r *parser.Resource) (logExports []types.StringValue) { 47 48 exportsList := r.GetProperty("EnableCloudwatchLogsExports") 49 50 if exportsList.IsNil() || exportsList.IsNotList() { 51 return logExports 52 } 53 54 for _, export := range exportsList.AsList() { 55 logExports = append(logExports, export.AsStringValue()) 56 } 57 return logExports 58 }