-
Notifications
You must be signed in to change notification settings - Fork 2.2k
/
cluster.go
48 lines (44 loc) · 1.83 KB
/
cluster.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package rds
import (
"github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds"
"github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser"
iacTypes "github.com/aquasecurity/trivy/pkg/iac/types"
)
func getClusters(ctx parser.FileContext) (clusters map[string]rds.Cluster) {
clusters = make(map[string]rds.Cluster)
for _, clusterResource := range ctx.GetResourcesByType("AWS::RDS::DBCluster") {
clusters[clusterResource.ID()] = rds.Cluster{
Metadata: clusterResource.Metadata(),
BackupRetentionPeriodDays: clusterResource.GetIntProperty("BackupRetentionPeriod", 1),
PerformanceInsights: rds.PerformanceInsights{
Metadata: clusterResource.Metadata(),
Enabled: clusterResource.GetBoolProperty("PerformanceInsightsEnabled"),
KMSKeyID: clusterResource.GetStringProperty("PerformanceInsightsKmsKeyId"),
},
Encryption: rds.Encryption{
Metadata: clusterResource.Metadata(),
EncryptStorage: clusterResource.GetBoolProperty("StorageEncrypted"),
KMSKeyID: clusterResource.GetStringProperty("KmsKeyId"),
},
PublicAccess: iacTypes.BoolDefault(false, clusterResource.Metadata()),
Engine: clusterResource.GetStringProperty("Engine", rds.EngineAurora),
LatestRestorableTime: iacTypes.TimeUnresolvable(clusterResource.Metadata()),
DeletionProtection: clusterResource.GetBoolProperty("DeletionProtection"),
}
}
return clusters
}
func getClassic(ctx parser.FileContext) rds.Classic {
return rds.Classic{
DBSecurityGroups: getClassicSecurityGroups(ctx),
}
}
func getClassicSecurityGroups(ctx parser.FileContext) (groups []rds.DBSecurityGroup) {
for _, dbsgResource := range ctx.GetResourcesByType("AWS::RDS::DBSecurityGroup") {
group := rds.DBSecurityGroup{
Metadata: dbsgResource.Metadata(),
}
groups = append(groups, group)
}
return groups
}