-
Notifications
You must be signed in to change notification settings - Fork 7
/
adapt.go
36 lines (30 loc) · 940 Bytes
/
adapt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package kms
import (
"github.com/aquasecurity/defsec/pkg/providers/aws/kms"
"github.com/aquasecurity/defsec/pkg/terraform"
)
func Adapt(modules terraform.Modules) kms.KMS {
return kms.KMS{
Keys: adaptKeys(modules),
}
}
func adaptKeys(modules terraform.Modules) []kms.Key {
var keys []kms.Key
for _, module := range modules {
for _, resource := range module.GetResourcesByType("aws_kms_key") {
keys = append(keys, adaptKey(resource))
}
}
return keys
}
func adaptKey(resource *terraform.Block) kms.Key {
usageAttr := resource.GetAttribute("key_usage")
usageVal := usageAttr.AsStringValueOrDefault("ENCRYPT_DECRYPT", resource)
enableKeyRotationAttr := resource.GetAttribute("enable_key_rotation")
enableKeyRotationVal := enableKeyRotationAttr.AsBoolValueOrDefault(false, resource)
return kms.Key{
Metadata: resource.GetMetadata(),
Usage: usageVal,
RotationEnabled: enableKeyRotationVal,
}
}