forked from aquasecurity/defsec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cluster.go
71 lines (56 loc) · 1.7 KB
/
cluster.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package ecs
import (
"fmt"
"github.com/wuwwlwwl/defsec/pkg/concurrency"
defsecTypes "github.com/wuwwlwwl/defsec/pkg/types"
ecsapi "github.com/aws/aws-sdk-go-v2/service/ecs"
"github.com/aws/aws-sdk-go-v2/service/ecs/types"
"github.com/wuwwlwwl/defsec/pkg/providers/aws/ecs"
)
func (a *adapter) getClusters() ([]ecs.Cluster, error) {
a.Tracker().SetServiceLabel("Discovering clusters...")
var clusterARNs []string
var input ecsapi.ListClustersInput
for {
output, err := a.api.ListClusters(a.Context(), &input)
if err != nil {
return nil, err
}
clusterARNs = append(clusterARNs, output.ClusterArns...)
a.Tracker().SetTotalResources(len(clusterARNs))
if output.NextToken == nil {
break
}
input.NextToken = output.NextToken
}
a.Tracker().SetServiceLabel("Adapting clusters...")
return concurrency.Adapt(clusterARNs, a.RootAdapter, a.adaptCluster), nil
}
func (a *adapter) adaptCluster(arn string) (*ecs.Cluster, error) {
metadata := a.CreateMetadataFromARN(arn)
var enableInsights bool
output, err := a.api.DescribeClusters(a.Context(), &ecsapi.DescribeClustersInput{
Clusters: []string{arn},
Include: []types.ClusterField{
types.ClusterFieldSettings,
},
})
if err != nil {
return nil, err
}
if len(output.Clusters) == 0 {
return nil, fmt.Errorf("cluster not found")
}
for _, setting := range output.Clusters[0].Settings {
if setting.Name == types.ClusterSettingNameContainerInsights {
enableInsights = setting.Value != nil && *setting.Value == "enabled"
}
}
return &ecs.Cluster{
Metadata: metadata,
Settings: ecs.ClusterSettings{
Metadata: metadata,
ContainerInsightsEnabled: defsecTypes.Bool(enableInsights, metadata),
},
}, nil
}