-
Notifications
You must be signed in to change notification settings - Fork 7
/
adapt.go
107 lines (92 loc) · 3.7 KB
/
adapt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package ecs
import (
"github.com/aquasecurity/defsec/pkg/providers/aws/ecs"
"github.com/aquasecurity/defsec/pkg/terraform"
"github.com/aquasecurity/defsec/pkg/types"
)
func Adapt(modules terraform.Modules) ecs.ECS {
return ecs.ECS{
Clusters: adaptClusters(modules),
TaskDefinitions: adaptTaskDefinitions(modules),
}
}
func adaptClusters(modules terraform.Modules) []ecs.Cluster {
var clusters []ecs.Cluster
for _, module := range modules {
for _, resource := range module.GetResourcesByType("aws_ecs_cluster") {
clusters = append(clusters, adaptClusterResource(resource))
}
}
return clusters
}
func adaptClusterResource(resourceBlock *terraform.Block) ecs.Cluster {
return ecs.Cluster{
Metadata: resourceBlock.GetMetadata(),
Settings: adaptClusterSettings(resourceBlock),
}
}
func adaptClusterSettings(resourceBlock *terraform.Block) ecs.ClusterSettings {
settings := ecs.ClusterSettings{
Metadata: resourceBlock.GetMetadata(),
ContainerInsightsEnabled: types.BoolDefault(false, resourceBlock.GetMetadata()),
}
if settingBlock := resourceBlock.GetBlock("setting"); settingBlock.IsNotNil() {
settings.Metadata = settingBlock.GetMetadata()
if settingBlock.GetAttribute("name").Equals("containerInsights") {
insightsAttr := settingBlock.GetAttribute("value")
settings.ContainerInsightsEnabled = types.Bool(insightsAttr.Equals("enabled"), settingBlock.GetMetadata())
if insightsAttr.IsNotNil() {
settings.ContainerInsightsEnabled = types.Bool(insightsAttr.Equals("enabled"), insightsAttr.GetMetadata())
}
}
}
return settings
}
func adaptTaskDefinitions(modules terraform.Modules) []ecs.TaskDefinition {
var taskDefinitions []ecs.TaskDefinition
for _, module := range modules {
for _, resource := range module.GetResourcesByType("aws_ecs_task_definition") {
taskDefinitions = append(taskDefinitions, adaptTaskDefinitionResource(resource))
}
}
return taskDefinitions
}
func adaptTaskDefinitionResource(resourceBlock *terraform.Block) ecs.TaskDefinition {
var definitions []ecs.ContainerDefinition
if ct := resourceBlock.GetAttribute("container_definitions"); ct != nil && ct.IsString() {
definitions, _ = ecs.CreateDefinitionsFromString(resourceBlock.GetMetadata(), ct.Value().AsString())
}
return ecs.TaskDefinition{
Metadata: resourceBlock.GetMetadata(),
Volumes: adaptVolumes(resourceBlock),
ContainerDefinitions: definitions,
}
}
func adaptVolumes(resourceBlock *terraform.Block) []ecs.Volume {
if volumeBlocks := resourceBlock.GetBlocks("volume"); len(volumeBlocks) > 0 {
var volumes []ecs.Volume
for _, volumeBlock := range volumeBlocks {
volumes = append(volumes, ecs.Volume{
Metadata: volumeBlock.GetMetadata(),
EFSVolumeConfiguration: adaptEFSVolumeConfiguration(volumeBlock),
})
}
return volumes
}
return []ecs.Volume{}
}
func adaptEFSVolumeConfiguration(volumeBlock *terraform.Block) ecs.EFSVolumeConfiguration {
EFSVolumeConfiguration := ecs.EFSVolumeConfiguration{
Metadata: volumeBlock.GetMetadata(),
TransitEncryptionEnabled: types.BoolDefault(true, volumeBlock.GetMetadata()),
}
if EFSConfigBlock := volumeBlock.GetBlock("efs_volume_configuration"); EFSConfigBlock.IsNotNil() {
EFSVolumeConfiguration.Metadata = EFSConfigBlock.GetMetadata()
transitEncryptionAttr := EFSConfigBlock.GetAttribute("transit_encryption")
EFSVolumeConfiguration.TransitEncryptionEnabled = types.Bool(transitEncryptionAttr.Equals("ENABLED"), EFSConfigBlock.GetMetadata())
if transitEncryptionAttr.IsNotNil() {
EFSVolumeConfiguration.TransitEncryptionEnabled = types.Bool(transitEncryptionAttr.Equals("ENABLED"), transitEncryptionAttr.GetMetadata())
}
}
return EFSVolumeConfiguration
}