github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/neptune/adapt.go (about) 1 package neptune 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/neptune" 5 "github.com/khulnasoft-lab/defsec/pkg/terraform" 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func Adapt(modules terraform.Modules) neptune.Neptune { 10 return neptune.Neptune{ 11 Clusters: adaptClusters(modules), 12 } 13 } 14 15 func adaptClusters(modules terraform.Modules) []neptune.Cluster { 16 var clusters []neptune.Cluster 17 for _, module := range modules { 18 for _, resource := range module.GetResourcesByType("aws_neptune_cluster") { 19 clusters = append(clusters, adaptCluster(resource)) 20 } 21 } 22 return clusters 23 } 24 25 func adaptCluster(resource *terraform.Block) neptune.Cluster { 26 cluster := neptune.Cluster{ 27 Metadata: resource.GetMetadata(), 28 Logging: neptune.Logging{ 29 Metadata: resource.GetMetadata(), 30 Audit: defsecTypes.BoolDefault(false, resource.GetMetadata()), 31 }, 32 StorageEncrypted: defsecTypes.BoolDefault(false, resource.GetMetadata()), 33 KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()), 34 } 35 36 if enableLogExportsAttr := resource.GetAttribute("enable_cloudwatch_logs_exports"); enableLogExportsAttr.IsNotNil() { 37 cluster.Logging.Metadata = enableLogExportsAttr.GetMetadata() 38 if enableLogExportsAttr.Contains("audit") { 39 cluster.Logging.Audit = defsecTypes.Bool(true, enableLogExportsAttr.GetMetadata()) 40 } 41 } 42 43 storageEncryptedAttr := resource.GetAttribute("storage_encrypted") 44 cluster.StorageEncrypted = storageEncryptedAttr.AsBoolValueOrDefault(false, resource) 45 46 KMSKeyAttr := resource.GetAttribute("kms_key_arn") 47 cluster.KMSKeyID = KMSKeyAttr.AsStringValueOrDefault("", resource) 48 49 return cluster 50 }