github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ec2/volume.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ec2/volume.go (about)

     1  package ec2
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	"github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func adaptVolumes(modules terraform.Modules) []ec2.Volume {
    10  	var volumes []ec2.Volume
    11  	for _, module := range modules {
    12  		for _, resource := range module.GetResourcesByType("aws_ebs_volume") {
    13  			volumes = append(volumes, adaptVolume(resource, module))
    14  		}
    15  	}
    16  	return volumes
    17  }
    18  
    19  func adaptVolume(resource *terraform.Block, module *terraform.Module) ec2.Volume {
    20  	encryptedAttr := resource.GetAttribute("encrypted")
    21  	encryptedVal := encryptedAttr.AsBoolValueOrDefault(false, resource)
    22  
    23  	kmsKeyAttr := resource.GetAttribute("kms_key_id")
    24  	kmsKeyVal := kmsKeyAttr.AsStringValueOrDefault("", resource)
    25  
    26  	if kmsKeyAttr.IsResourceBlockReference("aws_kms_key") {
    27  		if kmsKeyBlock, err := module.GetReferencedBlock(kmsKeyAttr, resource); err == nil {
    28  			kmsKeyVal = types.String(kmsKeyBlock.FullName(), kmsKeyBlock.GetMetadata())
    29  		}
    30  	}
    31  
    32  	return ec2.Volume{
    33  		Metadata: resource.GetMetadata(),
    34  		Encryption: ec2.Encryption{
    35  			Metadata: resource.GetMetadata(),
    36  			Enabled:  encryptedVal,
    37  			KMSKeyID: kmsKeyVal,
    38  		},
    39  	}
    40  }