github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ecs/adapt.go (about) 1 package ecs 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/ecs" 5 "github.com/khulnasoft-lab/defsec/pkg/terraform" 6 "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func Adapt(modules terraform.Modules) ecs.ECS { 10 return ecs.ECS{ 11 Clusters: adaptClusters(modules), 12 TaskDefinitions: adaptTaskDefinitions(modules), 13 } 14 } 15 16 func adaptClusters(modules terraform.Modules) []ecs.Cluster { 17 var clusters []ecs.Cluster 18 for _, module := range modules { 19 for _, resource := range module.GetResourcesByType("aws_ecs_cluster") { 20 clusters = append(clusters, adaptClusterResource(resource)) 21 } 22 } 23 return clusters 24 } 25 26 func adaptClusterResource(resourceBlock *terraform.Block) ecs.Cluster { 27 return ecs.Cluster{ 28 Metadata: resourceBlock.GetMetadata(), 29 Settings: adaptClusterSettings(resourceBlock), 30 } 31 } 32 33 func adaptClusterSettings(resourceBlock *terraform.Block) ecs.ClusterSettings { 34 settings := ecs.ClusterSettings{ 35 Metadata: resourceBlock.GetMetadata(), 36 ContainerInsightsEnabled: types.BoolDefault(false, resourceBlock.GetMetadata()), 37 } 38 39 if settingBlock := resourceBlock.GetBlock("setting"); settingBlock.IsNotNil() { 40 settings.Metadata = settingBlock.GetMetadata() 41 if settingBlock.GetAttribute("name").Equals("containerInsights") { 42 insightsAttr := settingBlock.GetAttribute("value") 43 settings.ContainerInsightsEnabled = types.Bool(insightsAttr.Equals("enabled"), settingBlock.GetMetadata()) 44 if insightsAttr.IsNotNil() { 45 settings.ContainerInsightsEnabled = types.Bool(insightsAttr.Equals("enabled"), insightsAttr.GetMetadata()) 46 } 47 } 48 } 49 return settings 50 } 51 52 func adaptTaskDefinitions(modules terraform.Modules) []ecs.TaskDefinition { 53 var taskDefinitions []ecs.TaskDefinition 54 for _, module := range modules { 55 for _, resource := range module.GetResourcesByType("aws_ecs_task_definition") { 56 taskDefinitions = append(taskDefinitions, adaptTaskDefinitionResource(resource)) 57 } 58 } 59 return taskDefinitions 60 } 61 62 func adaptTaskDefinitionResource(resourceBlock *terraform.Block) ecs.TaskDefinition { 63 64 var definitions []ecs.ContainerDefinition 65 if ct := resourceBlock.GetAttribute("container_definitions"); ct != nil && ct.IsString() { 66 definitions, _ = ecs.CreateDefinitionsFromString(resourceBlock.GetMetadata(), ct.Value().AsString()) 67 } 68 69 return ecs.TaskDefinition{ 70 Metadata: resourceBlock.GetMetadata(), 71 Volumes: adaptVolumes(resourceBlock), 72 ContainerDefinitions: definitions, 73 } 74 } 75 76 func adaptVolumes(resourceBlock *terraform.Block) []ecs.Volume { 77 if volumeBlocks := resourceBlock.GetBlocks("volume"); len(volumeBlocks) > 0 { 78 var volumes []ecs.Volume 79 for _, volumeBlock := range volumeBlocks { 80 volumes = append(volumes, ecs.Volume{ 81 Metadata: volumeBlock.GetMetadata(), 82 EFSVolumeConfiguration: adaptEFSVolumeConfiguration(volumeBlock), 83 }) 84 } 85 return volumes 86 } 87 88 return []ecs.Volume{} 89 } 90 91 func adaptEFSVolumeConfiguration(volumeBlock *terraform.Block) ecs.EFSVolumeConfiguration { 92 EFSVolumeConfiguration := ecs.EFSVolumeConfiguration{ 93 Metadata: volumeBlock.GetMetadata(), 94 TransitEncryptionEnabled: types.BoolDefault(true, volumeBlock.GetMetadata()), 95 } 96 97 if EFSConfigBlock := volumeBlock.GetBlock("efs_volume_configuration"); EFSConfigBlock.IsNotNil() { 98 EFSVolumeConfiguration.Metadata = EFSConfigBlock.GetMetadata() 99 transitEncryptionAttr := EFSConfigBlock.GetAttribute("transit_encryption") 100 EFSVolumeConfiguration.TransitEncryptionEnabled = types.Bool(transitEncryptionAttr.Equals("ENABLED"), EFSConfigBlock.GetMetadata()) 101 if transitEncryptionAttr.IsNotNil() { 102 EFSVolumeConfiguration.TransitEncryptionEnabled = types.Bool(transitEncryptionAttr.Equals("ENABLED"), transitEncryptionAttr.GetMetadata()) 103 } 104 } 105 106 return EFSVolumeConfiguration 107 }