github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/azure/authorization/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/azure/authorization/adapt.go (about)

     1  package authorization
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/azure/authorization"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  )
     7  
     8  func Adapt(modules terraform.Modules) authorization.Authorization {
     9  	return authorization.Authorization{
    10  		RoleDefinitions: adaptRoleDefinitions(modules),
    11  	}
    12  }
    13  
    14  func adaptRoleDefinitions(modules terraform.Modules) []authorization.RoleDefinition {
    15  	var roleDefinitions []authorization.RoleDefinition
    16  	for _, module := range modules {
    17  		for _, resource := range module.GetResourcesByType("azurerm_role_definition") {
    18  			roleDefinitions = append(roleDefinitions, adaptRoleDefinition(resource))
    19  		}
    20  	}
    21  	return roleDefinitions
    22  }
    23  
    24  func adaptRoleDefinition(resource *terraform.Block) authorization.RoleDefinition {
    25  	permissionsBlocks := resource.GetBlocks("permissions")
    26  	var permissionsVal []authorization.Permission
    27  
    28  	for _, permissionsBlock := range permissionsBlocks {
    29  		actionsAttr := permissionsBlock.GetAttribute("actions")
    30  		permissionsVal = append(permissionsVal, authorization.Permission{
    31  			Metadata: permissionsBlock.GetMetadata(),
    32  			Actions:  actionsAttr.AsStringValues(),
    33  		})
    34  	}
    35  
    36  	assignableScopesAttr := resource.GetAttribute("assignable_scopes")
    37  	return authorization.RoleDefinition{
    38  		Metadata:         resource.GetMetadata(),
    39  		Permissions:      permissionsVal,
    40  		AssignableScopes: assignableScopesAttr.AsStringValues(),
    41  	}
    42  }