github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/google/dns/adapt.go (about) 1 package dns 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/google/dns" 5 "github.com/khulnasoft-lab/defsec/pkg/terraform" 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 ) 8 9 func Adapt(modules terraform.Modules) dns.DNS { 10 return dns.DNS{ 11 ManagedZones: adaptManagedZones(modules), 12 } 13 } 14 15 func adaptManagedZones(modules terraform.Modules) []dns.ManagedZone { 16 var managedZones []dns.ManagedZone 17 for _, module := range modules { 18 for _, resource := range module.GetResourcesByType("google_dns_managed_zone") { 19 managedZone := adaptManagedZone(resource) 20 for _, data := range module.GetDatasByType("google_dns_keys") { 21 managedZone.DNSSec.DefaultKeySpecs = adaptKeySpecs(data) 22 } 23 managedZones = append(managedZones, managedZone) 24 } 25 } 26 return managedZones 27 } 28 29 func adaptManagedZone(resource *terraform.Block) dns.ManagedZone { 30 31 zone := dns.ManagedZone{ 32 Metadata: resource.GetMetadata(), 33 Visibility: defsecTypes.StringDefault("public", resource.GetMetadata()), 34 DNSSec: dns.DNSSec{ 35 Metadata: resource.GetMetadata(), 36 Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), 37 DefaultKeySpecs: dns.KeySpecs{ 38 Metadata: resource.GetMetadata(), 39 KeySigningKey: dns.Key{ 40 Metadata: resource.GetMetadata(), 41 Algorithm: defsecTypes.StringDefault("", resource.GetMetadata()), 42 }, 43 ZoneSigningKey: dns.Key{ 44 Metadata: resource.GetMetadata(), 45 Algorithm: defsecTypes.StringDefault("", resource.GetMetadata()), 46 }, 47 }, 48 }, 49 } 50 51 if resource.HasChild("visibility") { 52 zone.Visibility = resource.GetAttribute("visibility").AsStringValueOrDefault("public", resource) 53 } 54 55 if resource.HasChild("dnssec_config") { 56 DNSSecBlock := resource.GetBlock("dnssec_config") 57 zone.DNSSec.Metadata = DNSSecBlock.GetMetadata() 58 59 stateAttr := DNSSecBlock.GetAttribute("state") 60 if stateAttr.Equals("on") { 61 zone.DNSSec.Enabled = defsecTypes.Bool(true, stateAttr.GetMetadata()) 62 } else if stateAttr.Equals("off") || stateAttr.Equals("transfer") { 63 zone.DNSSec.Enabled = defsecTypes.Bool(false, stateAttr.GetMetadata()) 64 } 65 66 if DNSSecBlock.HasChild("default_key_specs") { 67 DefaultKeySpecsBlock := DNSSecBlock.GetBlock("default_key_specs") 68 zone.DNSSec.DefaultKeySpecs.Metadata = DefaultKeySpecsBlock.GetMetadata() 69 70 algorithmAttr := DefaultKeySpecsBlock.GetAttribute("algorithm") 71 algorithmVal := algorithmAttr.AsStringValueOrDefault("", DefaultKeySpecsBlock) 72 73 keyTypeAttr := DefaultKeySpecsBlock.GetAttribute("key_type") 74 if keyTypeAttr.Equals("keySigning") { 75 zone.DNSSec.DefaultKeySpecs.KeySigningKey.Algorithm = algorithmVal 76 zone.DNSSec.DefaultKeySpecs.KeySigningKey.Metadata = keyTypeAttr.GetMetadata() 77 } else if keyTypeAttr.Equals("zoneSigning") { 78 zone.DNSSec.DefaultKeySpecs.ZoneSigningKey.Algorithm = algorithmVal 79 zone.DNSSec.DefaultKeySpecs.ZoneSigningKey.Metadata = keyTypeAttr.GetMetadata() 80 } 81 } 82 } 83 return zone 84 } 85 86 func adaptKeySpecs(resource *terraform.Block) dns.KeySpecs { 87 keySpecs := dns.KeySpecs{ 88 Metadata: resource.GetMetadata(), 89 KeySigningKey: dns.Key{ 90 Metadata: resource.GetMetadata(), 91 Algorithm: defsecTypes.String("", resource.GetMetadata()), 92 }, 93 ZoneSigningKey: dns.Key{ 94 Metadata: resource.GetMetadata(), 95 Algorithm: defsecTypes.String("", resource.GetMetadata()), 96 }, 97 } 98 KeySigningKeysBlock := resource.GetBlock("key_signing_keys") 99 if KeySigningKeysBlock.IsNotNil() { 100 algorithmAttr := KeySigningKeysBlock.GetAttribute("algorithm") 101 keySpecs.KeySigningKey.Algorithm = algorithmAttr.AsStringValueOrDefault("", KeySigningKeysBlock) 102 } 103 104 ZoneSigningKeysBlock := resource.GetBlock("zone_signing_keys") 105 if ZoneSigningKeysBlock.IsNotNil() { 106 algorithmAttr := ZoneSigningKeysBlock.GetAttribute("algorithm") 107 keySpecs.ZoneSigningKey.Algorithm = algorithmAttr.AsStringValueOrDefault("", ZoneSigningKeysBlock) 108 } 109 110 return keySpecs 111 }