github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/compute/disks.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/compute/disks.go (about)

     1  package compute
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/google/compute"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     7  )
     8  
     9  func adaptDisks(modules terraform.Modules) (disks []compute.Disk) {
    10  
    11  	for _, diskBlock := range modules.GetResourcesByType("google_compute_disk") {
    12  		disk := compute.Disk{
    13  			Metadata: diskBlock.GetMetadata(),
    14  			Name:     diskBlock.GetAttribute("name").AsStringValueOrDefault("", diskBlock),
    15  			Encryption: compute.DiskEncryption{
    16  				Metadata:   diskBlock.GetMetadata(),
    17  				RawKey:     defsecTypes.BytesDefault(nil, diskBlock.GetMetadata()),
    18  				KMSKeyLink: defsecTypes.StringDefault("", diskBlock.GetMetadata()),
    19  			},
    20  		}
    21  		if encBlock := diskBlock.GetBlock("disk_encryption_key"); encBlock.IsNotNil() {
    22  			disk.Encryption.Metadata = encBlock.GetMetadata()
    23  			kmsKeyAttr := encBlock.GetAttribute("kms_key_self_link")
    24  			disk.Encryption.KMSKeyLink = kmsKeyAttr.AsStringValueOrDefault("", encBlock)
    25  
    26  			if kmsKeyAttr.IsResourceBlockReference("google_kms_crypto_key") {
    27  				if kmsKeyBlock, err := modules.GetReferencedBlock(kmsKeyAttr, encBlock); err == nil {
    28  					disk.Encryption.KMSKeyLink = defsecTypes.String(kmsKeyBlock.FullName(), kmsKeyAttr.GetMetadata())
    29  				}
    30  			}
    31  
    32  			disk.Encryption.RawKey = encBlock.GetAttribute("raw_key").AsBytesValueOrDefault(nil, encBlock)
    33  		}
    34  		disks = append(disks, disk)
    35  	}
    36  
    37  	return disks
    38  }