github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/documentdb/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/documentdb/adapt.go (about)

     1  package documentdb
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/documentdb"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	"github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(modules terraform.Modules) documentdb.DocumentDB {
    10  	return documentdb.DocumentDB{
    11  		Clusters: adaptClusters(modules),
    12  	}
    13  }
    14  
    15  func adaptClusters(modules terraform.Modules) []documentdb.Cluster {
    16  	var clusters []documentdb.Cluster
    17  	for _, module := range modules {
    18  		for _, resource := range module.GetResourcesByType("aws_docdb_cluster") {
    19  			clusters = append(clusters, adaptCluster(resource, module))
    20  		}
    21  	}
    22  	return clusters
    23  }
    24  
    25  func adaptCluster(resource *terraform.Block, module *terraform.Module) documentdb.Cluster {
    26  	identifierAttr := resource.GetAttribute("cluster_identifier")
    27  	identifierVal := identifierAttr.AsStringValueOrDefault("", resource)
    28  
    29  	var enabledLogExports []types.StringValue
    30  	var instances []documentdb.Instance
    31  
    32  	enabledLogExportsAttr := resource.GetAttribute("enabled_cloudwatch_logs_exports")
    33  	for _, logExport := range enabledLogExportsAttr.AsStringValues() {
    34  		enabledLogExports = append(enabledLogExports, logExport)
    35  	}
    36  
    37  	instancesRes := module.GetReferencingResources(resource, "aws_docdb_cluster_instance", "cluster_identifier")
    38  	for _, instanceRes := range instancesRes {
    39  		keyIDAttr := instanceRes.GetAttribute("kms_key_id")
    40  		keyIDVal := keyIDAttr.AsStringValueOrDefault("", instanceRes)
    41  
    42  		instances = append(instances, documentdb.Instance{
    43  			Metadata: instanceRes.GetMetadata(),
    44  			KMSKeyID: keyIDVal,
    45  		})
    46  	}
    47  
    48  	storageEncryptedAttr := resource.GetAttribute("storage_encrypted")
    49  	storageEncryptedVal := storageEncryptedAttr.AsBoolValueOrDefault(false, resource)
    50  
    51  	KMSKeyIDAttr := resource.GetAttribute("kms_key_id")
    52  	KMSKeyIDVal := KMSKeyIDAttr.AsStringValueOrDefault("", resource)
    53  
    54  	return documentdb.Cluster{
    55  		Metadata:              resource.GetMetadata(),
    56  		Identifier:            identifierVal,
    57  		EnabledLogExports:     enabledLogExports,
    58  		BackupRetentionPeriod: resource.GetAttribute("backup_retention_period").AsIntValueOrDefault(0, resource),
    59  		Instances:             instances,
    60  		StorageEncrypted:      storageEncryptedVal,
    61  		KMSKeyID:              KMSKeyIDVal,
    62  	}
    63  }