-
Notifications
You must be signed in to change notification settings - Fork 0
/
adapt.go
129 lines (109 loc) · 3.24 KB
/
adapt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package msk
import (
api "github.com/aws/aws-sdk-go-v2/service/kafka"
"github.com/aws/aws-sdk-go-v2/service/kafka/types"
"github.com/khulnasoft/tunnel-aws/internal/adapters/cloud/aws"
"github.com/khulnasoft/defsec/pkg/providers/aws/msk"
"github.com/khulnasoft/defsec/pkg/state"
defsecTypes "github.com/khulnasoft/defsec/pkg/types"
"github.com/khulnasoft/tunnel-aws/pkg/concurrency"
)
type adapter struct {
*aws.RootAdapter
api *api.Client
}
func init() {
aws.RegisterServiceAdapter(&adapter{})
}
func (a *adapter) Provider() string {
return "aws"
}
func (a *adapter) Name() string {
return "msk"
}
func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error {
a.RootAdapter = root
a.api = api.NewFromConfig(root.SessionConfig())
var err error
state.AWS.MSK.Clusters, err = a.getClusters()
if err != nil {
return err
}
return nil
}
func (a *adapter) getClusters() ([]msk.Cluster, error) {
a.Tracker().SetServiceLabel("Discovering clusters...")
var apiClusters []types.ClusterInfo
var input api.ListClustersInput
for {
output, err := a.api.ListClusters(a.Context(), &input)
if err != nil {
return nil, err
}
apiClusters = append(apiClusters, output.ClusterInfoList...)
a.Tracker().SetTotalResources(len(apiClusters))
if output.NextToken == nil {
break
}
input.NextToken = output.NextToken
}
a.Tracker().SetServiceLabel("Adapting clusters...")
return concurrency.Adapt(apiClusters, a.RootAdapter, a.adaptCluster), nil
}
func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, error) {
metadata := a.CreateMetadataFromARN(*apiCluster.ClusterArn)
var encInTransitClientBroker, encAtRestKMSKeyId string
var encAtRestEnabled bool
if apiCluster.EncryptionInfo != nil {
if apiCluster.EncryptionInfo.EncryptionInTransit != nil {
encInTransitClientBroker = string(apiCluster.EncryptionInfo.EncryptionInTransit.ClientBroker)
}
if apiCluster.EncryptionInfo.EncryptionAtRest != nil {
encAtRestKMSKeyId = *apiCluster.EncryptionInfo.EncryptionAtRest.DataVolumeKMSKeyId
encAtRestEnabled = true
}
}
var logS3, logCW, logFH bool
if apiCluster.LoggingInfo != nil && apiCluster.LoggingInfo.BrokerLogs != nil {
logs := apiCluster.LoggingInfo.BrokerLogs
if logs.S3 != nil {
logS3 = logs.S3.Enabled
}
if logs.CloudWatchLogs != nil {
logCW = logs.CloudWatchLogs.Enabled
}
if logs.Firehose != nil {
logFH = logs.Firehose.Enabled
}
}
return &msk.Cluster{
Metadata: metadata,
EncryptionInTransit: msk.EncryptionInTransit{
Metadata: metadata,
ClientBroker: defsecTypes.String(encInTransitClientBroker, metadata),
},
EncryptionAtRest: msk.EncryptionAtRest{
Metadata: metadata,
KMSKeyARN: defsecTypes.String(encAtRestKMSKeyId, metadata),
Enabled: defsecTypes.Bool(encAtRestEnabled, metadata),
},
Logging: msk.Logging{
Metadata: metadata,
Broker: msk.BrokerLogging{
Metadata: metadata,
S3: msk.S3Logging{
Metadata: metadata,
Enabled: defsecTypes.Bool(logS3, metadata),
},
Cloudwatch: msk.CloudwatchLogging{
Metadata: metadata,
Enabled: defsecTypes.Bool(logCW, metadata),
},
Firehose: msk.FirehoseLogging{
Metadata: metadata,
Enabled: defsecTypes.Bool(logFH, metadata),
},
},
},
}, nil
}