github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/codebuild/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/codebuild/adapt.go (about)

     1  package codebuild
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/codebuild"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	"github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(modules terraform.Modules) codebuild.CodeBuild {
    10  	return codebuild.CodeBuild{
    11  		Projects: adaptProjects(modules),
    12  	}
    13  }
    14  
    15  func adaptProjects(modules terraform.Modules) []codebuild.Project {
    16  	var projects []codebuild.Project
    17  	for _, module := range modules {
    18  		for _, resource := range module.GetResourcesByType("aws_codebuild_project") {
    19  			projects = append(projects, adaptProject(resource))
    20  		}
    21  	}
    22  	return projects
    23  }
    24  
    25  func adaptProject(resource *terraform.Block) codebuild.Project {
    26  
    27  	project := codebuild.Project{
    28  		Metadata: resource.GetMetadata(),
    29  		ArtifactSettings: codebuild.ArtifactSettings{
    30  			Metadata:          resource.GetMetadata(),
    31  			EncryptionEnabled: types.BoolDefault(true, resource.GetMetadata()),
    32  		},
    33  		SecondaryArtifactSettings: nil,
    34  	}
    35  
    36  	var hasArtifacts bool
    37  
    38  	if artifactsBlock := resource.GetBlock("artifacts"); artifactsBlock.IsNotNil() {
    39  		project.ArtifactSettings.Metadata = artifactsBlock.GetMetadata()
    40  		typeAttr := artifactsBlock.GetAttribute("type")
    41  		encryptionDisabledAttr := artifactsBlock.GetAttribute("encryption_disabled")
    42  		hasArtifacts = typeAttr.NotEqual("NO_ARTIFACTS")
    43  		if encryptionDisabledAttr.IsTrue() && hasArtifacts {
    44  			project.ArtifactSettings.EncryptionEnabled = types.Bool(false, artifactsBlock.GetMetadata())
    45  		} else {
    46  			project.ArtifactSettings.EncryptionEnabled = types.Bool(true, artifactsBlock.GetMetadata())
    47  		}
    48  	}
    49  
    50  	secondaryArtifactBlocks := resource.GetBlocks("secondary_artifacts")
    51  	for _, secondaryArtifactBlock := range secondaryArtifactBlocks {
    52  
    53  		secondaryEncryptionEnabled := types.BoolDefault(true, secondaryArtifactBlock.GetMetadata())
    54  		secondaryEncryptionDisabledAttr := secondaryArtifactBlock.GetAttribute("encryption_disabled")
    55  		if secondaryEncryptionDisabledAttr.IsTrue() && hasArtifacts {
    56  			secondaryEncryptionEnabled = types.Bool(false, secondaryArtifactBlock.GetMetadata())
    57  		}
    58  
    59  		project.SecondaryArtifactSettings = append(project.SecondaryArtifactSettings, codebuild.ArtifactSettings{
    60  			Metadata:          secondaryArtifactBlock.GetMetadata(),
    61  			EncryptionEnabled: secondaryEncryptionEnabled,
    62  		})
    63  	}
    64  
    65  	return project
    66  }