github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/openstack/adapt.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/openstack/adapt.go (about)

     1  package openstack
     2  
     3  import (
     4  	"github.com/khulnasoft-lab/defsec/pkg/providers/openstack"
     5  	"github.com/khulnasoft-lab/defsec/pkg/terraform"
     6  )
     7  
     8  func Adapt(modules terraform.Modules) openstack.OpenStack {
     9  	return openstack.OpenStack{
    10  		Compute:    adaptCompute(modules),
    11  		Networking: adaptNetworking(modules),
    12  	}
    13  }
    14  
    15  func adaptCompute(modules terraform.Modules) openstack.Compute {
    16  	compute := openstack.Compute{
    17  		Instances: nil,
    18  		Firewall:  adaptFirewall(modules),
    19  	}
    20  	for _, module := range modules {
    21  		for _, resource := range module.GetResourcesByType("openstack_compute_instance_v2") {
    22  			compute.Instances = append(compute.Instances, adaptInstance(resource))
    23  		}
    24  	}
    25  	return compute
    26  }
    27  
    28  func adaptInstance(resourceBlock *terraform.Block) openstack.Instance {
    29  	adminPassAttr := resourceBlock.GetAttribute("admin_pass")
    30  	adminPassVal := adminPassAttr.AsStringValueOrDefault("", resourceBlock)
    31  
    32  	return openstack.Instance{
    33  		Metadata:      resourceBlock.GetMetadata(),
    34  		AdminPassword: adminPassVal,
    35  	}
    36  }
    37  
    38  func adaptFirewall(modules terraform.Modules) openstack.Firewall {
    39  	firewall := openstack.Firewall{
    40  		AllowRules: nil,
    41  		DenyRules:  nil,
    42  	}
    43  
    44  	for _, module := range modules {
    45  		for _, resource := range module.GetResourcesByType("openstack_fw_rule_v1") {
    46  
    47  			sourceAttr := resource.GetAttribute("source_ip_address")
    48  			sourceVal := sourceAttr.AsStringValueOrDefault("", resource)
    49  
    50  			destinationAttr := resource.GetAttribute("destination_ip_address")
    51  			destinationVal := destinationAttr.AsStringValueOrDefault("", resource)
    52  
    53  			sourcePortAttr := resource.GetAttribute("source_port")
    54  			sourcePortVal := sourcePortAttr.AsStringValueOrDefault("", resource)
    55  
    56  			destinationPortAttr := resource.GetAttribute("destination_port")
    57  			destinationPortVal := destinationPortAttr.AsStringValueOrDefault("", resource)
    58  
    59  			enabledAttr := resource.GetAttribute("enabled")
    60  			enabledVal := enabledAttr.AsBoolValueOrDefault(true, resource)
    61  
    62  			if resource.GetAttribute("action").Equals("allow") {
    63  				firewall.AllowRules = append(firewall.AllowRules, openstack.FirewallRule{
    64  					Metadata:        resource.GetMetadata(),
    65  					Source:          sourceVal,
    66  					Destination:     destinationVal,
    67  					SourcePort:      sourcePortVal,
    68  					DestinationPort: destinationPortVal,
    69  					Enabled:         enabledVal,
    70  				})
    71  			} else if resource.GetAttribute("action").Equals("deny") {
    72  				firewall.DenyRules = append(firewall.DenyRules, openstack.FirewallRule{
    73  					Metadata:        resource.GetMetadata(),
    74  					Source:          sourceVal,
    75  					Destination:     destinationVal,
    76  					SourcePort:      sourcePortVal,
    77  					DestinationPort: destinationPortVal,
    78  					Enabled:         enabledVal,
    79  				})
    80  			}
    81  		}
    82  	}
    83  	return firewall
    84  }