github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ssm/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/aws/ssm/adapt.go (about)

     1  package ssm
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/ssm"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	"github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func Adapt(modules terraform.Modules) ssm.SSM {
    10  	return ssm.SSM{
    11  		Secrets: adaptSecrets(modules),
    12  	}
    13  }
    14  
    15  func adaptSecrets(modules terraform.Modules) []ssm.Secret {
    16  	var secrets []ssm.Secret
    17  	for _, module := range modules {
    18  		for _, resource := range module.GetResourcesByType("aws_secretsmanager_secret") {
    19  			secrets = append(secrets, adaptSecret(resource, module))
    20  		}
    21  	}
    22  	return secrets
    23  }
    24  
    25  func adaptSecret(resource *terraform.Block, module *terraform.Module) ssm.Secret {
    26  	KMSKeyIDAttr := resource.GetAttribute("kms_key_id")
    27  	KMSKeyIDVal := KMSKeyIDAttr.AsStringValueOrDefault("alias/aws/secretsmanager", resource)
    28  
    29  	if KMSKeyIDAttr.IsResourceBlockReference("aws_kms_key") {
    30  		kmsBlock, err := module.GetReferencedBlock(KMSKeyIDAttr, resource)
    31  		if err == nil {
    32  			KMSKeyIDVal = types.String(kmsBlock.FullName(), kmsBlock.GetMetadata())
    33  		}
    34  	}
    35  
    36  	return ssm.Secret{
    37  		Metadata: resource.GetMetadata(),
    38  		KMSKeyID: KMSKeyIDVal,
    39  	}
    40  }