-
Notifications
You must be signed in to change notification settings - Fork 10
/
cloud_loader.go
93 lines (85 loc) · 2.43 KB
/
cloud_loader.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package input
import (
"context"
"errors"
"fmt"
"github.com/snyk/policy-engine/pkg/input/cloudapi"
"github.com/snyk/policy-engine/pkg/models"
)
type CloudClient interface {
Resources(ctx context.Context, orgID string, params cloudapi.ResourcesParameters) ([]cloudapi.ResourceObject, error)
}
type CloudLoader struct {
Client CloudClient
}
var ErrFailedToFetchCloudState = errors.New("failed to fetch cloud state")
func (l *CloudLoader) GetState(ctx context.Context, orgID string, params cloudapi.ResourcesParameters) (*models.State, error) {
cloudResources, err := l.Client.Resources(ctx, orgID, params)
if err != nil {
return nil, fmt.Errorf("%w: %v", ErrFailedToFetchCloudState, err)
}
resources := map[string]map[string]models.ResourceState{}
for _, r := range cloudResources {
attrs := r.Attributes
if _, ok := resources[attrs.ResourceType]; !ok {
resources[attrs.ResourceType] = map[string]models.ResourceState{}
}
resources[attrs.ResourceType][attrs.ResourceID] = convertAPIResource(attrs)
}
return &models.State{
InputType: CloudScan.Name,
EnvironmentProvider: "cloud",
Scope: cloudScope(orgID, params),
Resources: resources,
}, nil
}
func cloudScope(orgID string, params cloudapi.ResourcesParameters) map[string]interface{} {
scope := map[string]interface{}{
"org_id": orgID,
}
if len(params.EnvironmentID) > 0 {
scope["environment_id"] = params.EnvironmentID
}
if len(params.ResourceType) > 0 {
scope["resource_type"] = params.ResourceType
}
if len(params.ResourceID) > 0 {
scope["resource_id"] = params.ResourceID
}
if len(params.NativeID) > 0 {
scope["native_id"] = params.NativeID
}
if len(params.ID) > 0 {
scope["id"] = params.ID
}
if len(params.Platform) > 0 {
scope["platform"] = params.Platform
}
if len(params.Name) > 0 {
scope["name"] = params.Name
}
if len(params.Location) > 0 {
scope["location"] = params.Location
}
return scope
}
func convertAPIResource(r cloudapi.ResourceAttributes) models.ResourceState {
resource := models.ResourceState{
Id: r.ResourceID,
ResourceType: r.ResourceType,
Namespace: r.Namespace,
Attributes: r.State,
}
if len(r.Tags) > 0 {
// We don't support non-string tags in policy-engine atm. Maybe
// we'll change this at some point.
tags := map[string]string{}
for k, v := range r.Tags {
if s, ok := v.(string); ok {
tags[k] = s
}
}
resource.Tags = tags
}
return resource
}