github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/kubernetes/adapt.go (about) 1 package kubernetes 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/pkg/providers/kubernetes" 5 "github.com/khulnasoft-lab/defsec/pkg/terraform" 6 ) 7 8 func Adapt(modules terraform.Modules) kubernetes.Kubernetes { 9 return kubernetes.Kubernetes{ 10 NetworkPolicies: adaptNetworkPolicies(modules), 11 } 12 } 13 14 func adaptNetworkPolicies(modules terraform.Modules) []kubernetes.NetworkPolicy { 15 var networkPolicies []kubernetes.NetworkPolicy 16 for _, module := range modules { 17 for _, resource := range module.GetResourcesByType("kubernetes_network_policy") { 18 networkPolicies = append(networkPolicies, adaptNetworkPolicy(resource)) 19 } 20 } 21 return networkPolicies 22 } 23 24 func adaptNetworkPolicy(resourceBlock *terraform.Block) kubernetes.NetworkPolicy { 25 26 policy := kubernetes.NetworkPolicy{ 27 Metadata: resourceBlock.GetMetadata(), 28 Spec: kubernetes.NetworkPolicySpec{ 29 Metadata: resourceBlock.GetMetadata(), 30 Egress: kubernetes.Egress{ 31 Metadata: resourceBlock.GetMetadata(), 32 Ports: nil, 33 DestinationCIDRs: nil, 34 }, 35 Ingress: kubernetes.Ingress{ 36 Metadata: resourceBlock.GetMetadata(), 37 Ports: nil, 38 SourceCIDRs: nil, 39 }, 40 }, 41 } 42 43 if specBlock := resourceBlock.GetBlock("spec"); specBlock.IsNotNil() { 44 if egressBlock := specBlock.GetBlock("egress"); egressBlock.IsNotNil() { 45 policy.Spec.Egress.Metadata = egressBlock.GetMetadata() 46 for _, port := range egressBlock.GetBlocks("ports") { 47 numberAttr := port.GetAttribute("number") 48 numberVal := numberAttr.AsStringValueOrDefault("", port) 49 50 protocolAttr := port.GetAttribute("protocol") 51 protocolVal := protocolAttr.AsStringValueOrDefault("", port) 52 53 policy.Spec.Egress.Ports = append(policy.Spec.Egress.Ports, kubernetes.Port{ 54 Metadata: port.GetMetadata(), 55 Number: numberVal, 56 Protocol: protocolVal, 57 }) 58 } 59 60 for _, to := range egressBlock.GetBlocks("to") { 61 cidrAtrr := to.GetBlock("ip_block").GetAttribute("cidr") 62 cidrVal := cidrAtrr.AsStringValueOrDefault("", to) 63 64 policy.Spec.Egress.DestinationCIDRs = append(policy.Spec.Egress.DestinationCIDRs, cidrVal) 65 } 66 } 67 68 if ingressBlock := specBlock.GetBlock("ingress"); ingressBlock.IsNotNil() { 69 policy.Spec.Ingress.Metadata = ingressBlock.GetMetadata() 70 for _, port := range ingressBlock.GetBlocks("ports") { 71 numberAttr := port.GetAttribute("number") 72 numberVal := numberAttr.AsStringValueOrDefault("", port) 73 74 protocolAttr := port.GetAttribute("protocol") 75 protocolVal := protocolAttr.AsStringValueOrDefault("", port) 76 77 policy.Spec.Ingress.Ports = append(policy.Spec.Ingress.Ports, kubernetes.Port{ 78 Metadata: port.GetMetadata(), 79 Number: numberVal, 80 Protocol: protocolVal, 81 }) 82 } 83 84 for _, from := range ingressBlock.GetBlocks("from") { 85 cidrAtrr := from.GetBlock("ip_block").GetAttribute("cidr") 86 cidrVal := cidrAtrr.AsStringValueOrDefault("", from) 87 88 policy.Spec.Ingress.SourceCIDRs = append(policy.Spec.Ingress.SourceCIDRs, cidrVal) 89 } 90 } 91 } 92 93 return policy 94 }