github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/dynamodb/adapt.go (about) 1 package dynamodb 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/dynamodb" 5 "github.com/khulnasoft-lab/defsec/pkg/terraform" 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func Adapt(modules terraform.Modules) dynamodb.DynamoDB { 10 return dynamodb.DynamoDB{ 11 DAXClusters: adaptClusters(modules), 12 Tables: adaptTables(modules), 13 } 14 } 15 16 func adaptClusters(modules terraform.Modules) []dynamodb.DAXCluster { 17 var clusters []dynamodb.DAXCluster 18 for _, module := range modules { 19 for _, resource := range module.GetResourcesByType("aws_dax_cluster") { 20 clusters = append(clusters, adaptCluster(resource, module)) 21 } 22 } 23 return clusters 24 } 25 26 func adaptTables(modules terraform.Modules) []dynamodb.Table { 27 var tables []dynamodb.Table 28 for _, module := range modules { 29 for _, resource := range module.GetResourcesByType("aws_dynamodb_table") { 30 tables = append(tables, adaptTable(resource, module)) 31 } 32 } 33 return tables 34 } 35 36 func adaptCluster(resource *terraform.Block, module *terraform.Module) dynamodb.DAXCluster { 37 38 cluster := dynamodb.DAXCluster{ 39 Metadata: resource.GetMetadata(), 40 ServerSideEncryption: dynamodb.ServerSideEncryption{ 41 Metadata: resource.GetMetadata(), 42 Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), 43 KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()), 44 }, 45 PointInTimeRecovery: defsecTypes.BoolDefault(false, resource.GetMetadata()), 46 } 47 48 if ssEncryptionBlock := resource.GetBlock("server_side_encryption"); ssEncryptionBlock.IsNotNil() { 49 cluster.ServerSideEncryption.Metadata = ssEncryptionBlock.GetMetadata() 50 enabledAttr := ssEncryptionBlock.GetAttribute("enabled") 51 cluster.ServerSideEncryption.Enabled = enabledAttr.AsBoolValueOrDefault(false, ssEncryptionBlock) 52 } 53 54 if recoveryBlock := resource.GetBlock("point_in_time_recovery"); recoveryBlock.IsNotNil() { 55 recoveryEnabledAttr := recoveryBlock.GetAttribute("enabled") 56 cluster.PointInTimeRecovery = recoveryEnabledAttr.AsBoolValueOrDefault(false, recoveryBlock) 57 } 58 59 return cluster 60 } 61 62 func adaptTable(resource *terraform.Block, module *terraform.Module) dynamodb.Table { 63 64 table := dynamodb.Table{ 65 Metadata: resource.GetMetadata(), 66 ServerSideEncryption: dynamodb.ServerSideEncryption{ 67 Metadata: resource.GetMetadata(), 68 Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), 69 KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()), 70 }, 71 PointInTimeRecovery: defsecTypes.BoolDefault(false, resource.GetMetadata()), 72 } 73 74 if ssEncryptionBlock := resource.GetBlock("server_side_encryption"); ssEncryptionBlock.IsNotNil() { 75 table.ServerSideEncryption.Metadata = ssEncryptionBlock.GetMetadata() 76 enabledAttr := ssEncryptionBlock.GetAttribute("enabled") 77 table.ServerSideEncryption.Enabled = enabledAttr.AsBoolValueOrDefault(false, ssEncryptionBlock) 78 79 kmsKeyIdAttr := ssEncryptionBlock.GetAttribute("kms_key_arn") 80 table.ServerSideEncryption.KMSKeyID = kmsKeyIdAttr.AsStringValueOrDefault("alias/aws/dynamodb", ssEncryptionBlock) 81 82 kmsBlock, err := module.GetReferencedBlock(kmsKeyIdAttr, resource) 83 if err == nil && kmsBlock.IsNotNil() { 84 table.ServerSideEncryption.KMSKeyID = defsecTypes.String(kmsBlock.FullName(), kmsBlock.GetMetadata()) 85 } 86 } 87 88 if recoveryBlock := resource.GetBlock("point_in_time_recovery"); recoveryBlock.IsNotNil() { 89 recoveryEnabledAttr := recoveryBlock.GetAttribute("enabled") 90 table.PointInTimeRecovery = recoveryEnabledAttr.AsBoolValueOrDefault(false, recoveryBlock) 91 } 92 93 return table 94 }