github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/cloudfront/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/cloudfront/adapt.go (about)

     1  package cloudfront
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/cloudfront"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	"github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(modules terraform.Modules) cloudfront.Cloudfront {
    10  	return cloudfront.Cloudfront{
    11  		Distributions: adaptDistributions(modules),
    12  	}
    13  }
    14  
    15  func adaptDistributions(modules terraform.Modules) []cloudfront.Distribution {
    16  	var distributions []cloudfront.Distribution
    17  	for _, module := range modules {
    18  		for _, resource := range module.GetResourcesByType("aws_cloudfront_distribution") {
    19  			distributions = append(distributions, adaptDistribution(resource))
    20  		}
    21  	}
    22  	return distributions
    23  }
    24  
    25  func adaptDistribution(resource *terraform.Block) cloudfront.Distribution {
    26  
    27  	distribution := cloudfront.Distribution{
    28  		Metadata: resource.GetMetadata(),
    29  		WAFID:    types.StringDefault("", resource.GetMetadata()),
    30  		Logging: cloudfront.Logging{
    31  			Metadata: resource.GetMetadata(),
    32  			Bucket:   types.StringDefault("", resource.GetMetadata()),
    33  		},
    34  		DefaultCacheBehaviour: cloudfront.CacheBehaviour{
    35  			Metadata:             resource.GetMetadata(),
    36  			ViewerProtocolPolicy: types.String("allow-all", resource.GetMetadata()),
    37  		},
    38  		OrdererCacheBehaviours: nil,
    39  		ViewerCertificate: cloudfront.ViewerCertificate{
    40  			Metadata:               resource.GetMetadata(),
    41  			MinimumProtocolVersion: types.StringDefault("TLSv1", resource.GetMetadata()),
    42  		},
    43  	}
    44  
    45  	distribution.WAFID = resource.GetAttribute("web_acl_id").AsStringValueOrDefault("", resource)
    46  
    47  	if loggingBlock := resource.GetBlock("logging_config"); loggingBlock.IsNotNil() {
    48  		distribution.Logging.Metadata = loggingBlock.GetMetadata()
    49  		bucketAttr := loggingBlock.GetAttribute("bucket")
    50  		distribution.Logging.Bucket = bucketAttr.AsStringValueOrDefault("", loggingBlock)
    51  	}
    52  
    53  	if defaultCacheBlock := resource.GetBlock("default_cache_behavior"); defaultCacheBlock.IsNotNil() {
    54  		distribution.DefaultCacheBehaviour.Metadata = defaultCacheBlock.GetMetadata()
    55  		viewerProtocolPolicyAttr := defaultCacheBlock.GetAttribute("viewer_protocol_policy")
    56  		distribution.DefaultCacheBehaviour.ViewerProtocolPolicy = viewerProtocolPolicyAttr.AsStringValueOrDefault("allow-all", defaultCacheBlock)
    57  	}
    58  
    59  	orderedCacheBlocks := resource.GetBlocks("ordered_cache_behavior")
    60  	for _, orderedCacheBlock := range orderedCacheBlocks {
    61  		viewerProtocolPolicyAttr := orderedCacheBlock.GetAttribute("viewer_protocol_policy")
    62  		viewerProtocolPolicyVal := viewerProtocolPolicyAttr.AsStringValueOrDefault("allow-all", orderedCacheBlock)
    63  		distribution.OrdererCacheBehaviours = append(distribution.OrdererCacheBehaviours, cloudfront.CacheBehaviour{
    64  			Metadata:             orderedCacheBlock.GetMetadata(),
    65  			ViewerProtocolPolicy: viewerProtocolPolicyVal,
    66  		})
    67  	}
    68  
    69  	if viewerCertBlock := resource.GetBlock("viewer_certificate"); viewerCertBlock.IsNotNil() {
    70  		distribution.ViewerCertificate.Metadata = viewerCertBlock.GetMetadata()
    71  		minProtocolAttr := viewerCertBlock.GetAttribute("minimum_protocol_version")
    72  		distribution.ViewerCertificate.MinimumProtocolVersion = minProtocolAttr.AsStringValueOrDefault("TLSv1", viewerCertBlock)
    73  	}
    74  
    75  	return distribution
    76  }