github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/redshift/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/redshift/adapt.go (about)

     1  package redshift
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/redshift"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(modules terraform.Modules) redshift.Redshift {
    10  	return redshift.Redshift{
    11  		Clusters:          adaptClusters(modules),
    12  		SecurityGroups:    adaptSecurityGroups(modules),
    13  		ClusterParameters: adaptParameters(modules),
    14  		ReservedNodes:     nil,
    15  	}
    16  }
    17  
    18  func adaptClusters(modules terraform.Modules) []redshift.Cluster {
    19  	var clusters []redshift.Cluster
    20  	for _, module := range modules {
    21  		for _, resource := range module.GetResourcesByType("aws_redshift_cluster") {
    22  			clusters = append(clusters, adaptCluster(resource, module))
    23  		}
    24  	}
    25  	return clusters
    26  }
    27  
    28  func adaptSecurityGroups(modules terraform.Modules) []redshift.SecurityGroup {
    29  	var securityGroups []redshift.SecurityGroup
    30  	for _, module := range modules {
    31  		for _, resource := range module.GetResourcesByType("aws_redshift_security_group") {
    32  			securityGroups = append(securityGroups, adaptSecurityGroup(resource))
    33  		}
    34  	}
    35  	return securityGroups
    36  }
    37  
    38  func adaptParameters(modules terraform.Modules) []redshift.ClusterParameter {
    39  	var Parameters []redshift.ClusterParameter
    40  	for _, module := range modules {
    41  		for _, resource := range module.GetResourcesByType("aws_redshift_parameter_group") {
    42  			for _, r := range resource.GetBlocks("parameter") {
    43  				Parameters = append(Parameters, adaptParameter(r))
    44  			}
    45  		}
    46  	}
    47  	return Parameters
    48  }
    49  
    50  func adaptCluster(resource *terraform.Block, module *terraform.Module) redshift.Cluster {
    51  	cluster := redshift.Cluster{
    52  		Metadata:                         resource.GetMetadata(),
    53  		ClusterIdentifier:                resource.GetAttribute("cluster_identifier").AsStringValueOrDefault("", resource),
    54  		NodeType:                         resource.GetAttribute("node_type").AsStringValueOrDefault("", resource),
    55  		MasterUsername:                   resource.GetAttribute("master_username").AsStringValueOrDefault("", resource),
    56  		NumberOfNodes:                    resource.GetAttribute("number_of_nodes").AsIntValueOrDefault(1, resource),
    57  		PubliclyAccessible:               resource.GetAttribute("publicly_accessible").AsBoolValueOrDefault(true, resource),
    58  		LoggingEnabled:                   defsecTypes.Bool(false, resource.GetMetadata()),
    59  		AutomatedSnapshotRetentionPeriod: defsecTypes.Int(0, resource.GetMetadata()),
    60  		AllowVersionUpgrade:              resource.GetAttribute("allow_version_upgrade").AsBoolValueOrDefault(true, resource),
    61  		VpcId:                            defsecTypes.String("", resource.GetMetadata()),
    62  		Encryption: redshift.Encryption{
    63  			Metadata: resource.GetMetadata(),
    64  			Enabled:  defsecTypes.BoolDefault(false, resource.GetMetadata()),
    65  			KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()),
    66  		},
    67  		EndPoint: redshift.EndPoint{
    68  			Metadata: resource.GetMetadata(),
    69  			Port:     resource.GetAttribute("port").AsIntValueOrDefault(5439, resource),
    70  		},
    71  		SubnetGroupName: defsecTypes.StringDefault("", resource.GetMetadata()),
    72  	}
    73  
    74  	encryptedAttr := resource.GetAttribute("encrypted")
    75  	cluster.Encryption.Enabled = encryptedAttr.AsBoolValueOrDefault(false, resource)
    76  
    77  	if logBlock := resource.GetBlock("logging"); logBlock.IsNotNil() {
    78  		cluster.LoggingEnabled = logBlock.GetAttribute("enable").AsBoolValueOrDefault(false, logBlock)
    79  	}
    80  
    81  	if snapBlock := resource.GetBlock("snapshot_copy"); snapBlock.IsNotNil() {
    82  		snapAttr := snapBlock.GetAttribute("retention_period")
    83  		cluster.AutomatedSnapshotRetentionPeriod = snapAttr.AsIntValueOrDefault(7, snapBlock)
    84  	}
    85  
    86  	KMSKeyIDAttr := resource.GetAttribute("kms_key_id")
    87  	cluster.Encryption.KMSKeyID = KMSKeyIDAttr.AsStringValueOrDefault("", resource)
    88  	if KMSKeyIDAttr.IsResourceBlockReference("aws_kms_key") {
    89  		if kmsKeyBlock, err := module.GetReferencedBlock(KMSKeyIDAttr, resource); err == nil {
    90  			cluster.Encryption.KMSKeyID = defsecTypes.String(kmsKeyBlock.FullName(), kmsKeyBlock.GetMetadata())
    91  		}
    92  	}
    93  
    94  	subnetGroupNameAttr := resource.GetAttribute("cluster_subnet_group_name")
    95  	cluster.SubnetGroupName = subnetGroupNameAttr.AsStringValueOrDefault("", resource)
    96  
    97  	return cluster
    98  }
    99  
   100  func adaptSecurityGroup(resource *terraform.Block) redshift.SecurityGroup {
   101  	descriptionAttr := resource.GetAttribute("description")
   102  	descriptionVal := descriptionAttr.AsStringValueOrDefault("Managed by Terraform", resource)
   103  
   104  	return redshift.SecurityGroup{
   105  		Metadata:    resource.GetMetadata(),
   106  		Description: descriptionVal,
   107  	}
   108  }
   109  
   110  func adaptParameter(resource *terraform.Block) redshift.ClusterParameter {
   111  
   112  	return redshift.ClusterParameter{
   113  		Metadata:       resource.GetMetadata(),
   114  		ParameterName:  resource.GetAttribute("name").AsStringValueOrDefault("", resource),
   115  		ParameterValue: resource.GetAttribute("value").AsStringValueOrDefault("", resource),
   116  	}
   117  }