github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/msk/adapt.go (about) 1 package msk 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/msk" 5 "github.com/khulnasoft-lab/defsec/pkg/terraform" 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func Adapt(modules terraform.Modules) msk.MSK { 10 return msk.MSK{ 11 Clusters: adaptClusters(modules), 12 } 13 } 14 15 func adaptClusters(modules terraform.Modules) []msk.Cluster { 16 var clusters []msk.Cluster 17 for _, module := range modules { 18 for _, resource := range module.GetResourcesByType("aws_msk_cluster") { 19 clusters = append(clusters, adaptCluster(resource)) 20 } 21 } 22 return clusters 23 } 24 25 func adaptCluster(resource *terraform.Block) msk.Cluster { 26 cluster := msk.Cluster{ 27 Metadata: resource.GetMetadata(), 28 EncryptionInTransit: msk.EncryptionInTransit{ 29 Metadata: resource.GetMetadata(), 30 ClientBroker: defsecTypes.StringDefault("TLS_PLAINTEXT", resource.GetMetadata()), 31 }, 32 EncryptionAtRest: msk.EncryptionAtRest{ 33 Metadata: resource.GetMetadata(), 34 KMSKeyARN: defsecTypes.StringDefault("", resource.GetMetadata()), 35 Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), 36 }, 37 Logging: msk.Logging{ 38 Metadata: resource.GetMetadata(), 39 Broker: msk.BrokerLogging{ 40 Metadata: resource.GetMetadata(), 41 S3: msk.S3Logging{ 42 Metadata: resource.GetMetadata(), 43 Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), 44 }, 45 Cloudwatch: msk.CloudwatchLogging{ 46 Metadata: resource.GetMetadata(), 47 Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), 48 }, 49 Firehose: msk.FirehoseLogging{ 50 Metadata: resource.GetMetadata(), 51 Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), 52 }, 53 }, 54 }, 55 } 56 57 if encryptBlock := resource.GetBlock("encryption_info"); encryptBlock.IsNotNil() { 58 if encryptionInTransitBlock := encryptBlock.GetBlock("encryption_in_transit"); encryptionInTransitBlock.IsNotNil() { 59 cluster.EncryptionInTransit.Metadata = encryptionInTransitBlock.GetMetadata() 60 if clientBrokerAttr := encryptionInTransitBlock.GetAttribute("client_broker"); clientBrokerAttr.IsNotNil() { 61 cluster.EncryptionInTransit.ClientBroker = clientBrokerAttr.AsStringValueOrDefault("TLS", encryptionInTransitBlock) 62 } 63 } 64 65 if encryptionAtRestAttr := encryptBlock.GetAttribute("encryption_at_rest_kms_key_arn"); encryptionAtRestAttr.IsNotNil() { 66 cluster.EncryptionAtRest.Metadata = encryptionAtRestAttr.GetMetadata() 67 cluster.EncryptionAtRest.KMSKeyARN = encryptionAtRestAttr.AsStringValueOrDefault("", encryptBlock) 68 cluster.EncryptionAtRest.Enabled = defsecTypes.Bool(true, encryptionAtRestAttr.GetMetadata()) 69 } 70 } 71 72 if logBlock := resource.GetBlock("logging_info"); logBlock.IsNotNil() { 73 cluster.Logging.Metadata = logBlock.GetMetadata() 74 if brokerLogsBlock := logBlock.GetBlock("broker_logs"); brokerLogsBlock.IsNotNil() { 75 cluster.Logging.Broker.Metadata = brokerLogsBlock.GetMetadata() 76 if brokerLogsBlock.HasChild("s3") { 77 if s3Block := brokerLogsBlock.GetBlock("s3"); s3Block.IsNotNil() { 78 s3enabledAttr := s3Block.GetAttribute("enabled") 79 cluster.Logging.Broker.S3.Metadata = s3Block.GetMetadata() 80 cluster.Logging.Broker.S3.Enabled = s3enabledAttr.AsBoolValueOrDefault(false, s3Block) 81 } 82 } 83 if cloudwatchBlock := brokerLogsBlock.GetBlock("cloudwatch_logs"); cloudwatchBlock.IsNotNil() { 84 cwEnabledAttr := cloudwatchBlock.GetAttribute("enabled") 85 cluster.Logging.Broker.Cloudwatch.Metadata = cloudwatchBlock.GetMetadata() 86 cluster.Logging.Broker.Cloudwatch.Enabled = cwEnabledAttr.AsBoolValueOrDefault(false, cloudwatchBlock) 87 } 88 if firehoseBlock := brokerLogsBlock.GetBlock("firehose"); firehoseBlock.IsNotNil() { 89 firehoseEnabledAttr := firehoseBlock.GetAttribute("enabled") 90 cluster.Logging.Broker.Firehose.Metadata = firehoseBlock.GetMetadata() 91 cluster.Logging.Broker.Firehose.Enabled = firehoseEnabledAttr.AsBoolValueOrDefault(false, firehoseBlock) 92 } 93 } 94 } 95 96 return cluster 97 }