github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/neptune/cluster.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloudformation/aws/neptune/cluster.go (about)

     1  package neptune
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/neptune"
     5  	"github.com/khulnasoft-lab/defsec/pkg/scanners/cloudformation/parser"
     6  	"github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func getClusters(ctx parser.FileContext) (clusters []neptune.Cluster) {
    10  	for _, r := range ctx.GetResourcesByType("AWS::Neptune::DBCluster") {
    11  
    12  		cluster := neptune.Cluster{
    13  			Metadata: r.Metadata(),
    14  			Logging: neptune.Logging{
    15  				Metadata: r.Metadata(),
    16  				Audit:    getAuditLog(r),
    17  			},
    18  			StorageEncrypted: r.GetBoolProperty("StorageEncrypted"),
    19  			KMSKeyID:         r.GetStringProperty("KmsKeyId"),
    20  		}
    21  		clusters = append(clusters, cluster)
    22  	}
    23  	return clusters
    24  }
    25  
    26  func getAuditLog(r *parser.Resource) types.BoolValue {
    27  	if logsProp := r.GetProperty("EnableCloudwatchLogsExports"); logsProp.IsList() {
    28  		if logsProp.Contains("audit") {
    29  			return types.Bool(true, logsProp.Metadata())
    30  		}
    31  	}
    32  
    33  	return types.BoolDefault(false, r.Metadata())
    34  }