BREAKING(misconf): flatten recursive types

aquasecurity · Jun 6, 2024 · df4dda0 · df4dda0
1 parent faa9d92
commit df4dda0
Show file tree

Hide file tree

Showing 14 changed files with 476 additions and 616 deletions.
diff --git a/go.mod b/go.mod
@@ -426,3 +426,5 @@ require (
 	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )
+
+replace github.com/aquasecurity/trivy-aws => github.com/nikpivkin/trivy-aws v0.0.0-20240605151603-9381d36925ae
diff --git a/go.sum b/go.sum
@@ -771,8 +771,6 @@ github.com/aquasecurity/testdocker v0.0.0-20240419073403-90bd43849334 h1:MgvbLyL
 github.com/aquasecurity/testdocker v0.0.0-20240419073403-90bd43849334/go.mod h1:TKXn7bPfMM52ETP4sjjwkTKCZ18CqCs+I/vtFePSdBc=
 github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
 github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
-github.com/aquasecurity/trivy-aws v0.9.0 h1:0Xl5p5LtEwFMwZpuRQ6SSzVJN/fJZZtLenaacxjQFvE=
-github.com/aquasecurity/trivy-aws v0.9.0/go.mod h1:KOrgoMtAxHmGa1oIixLxCdJsmyZdplo/9EI+DJ0vUUM=
 github.com/aquasecurity/trivy-checks v0.11.0 h1:hS5gSQyuyIITrY/kCY2AWQMUSwXLpdtbHDPaCs6eSaI=
 github.com/aquasecurity/trivy-checks v0.11.0/go.mod h1:IAK3eHcKNxIHo/ckxKoHsXmEpUG45/38grW5bBjL9lw=
 github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c=
@@ -1835,6 +1833,8 @@ github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdh
 github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nikpivkin/trivy-aws v0.0.0-20240605151603-9381d36925ae h1:vytjcN7N9+N4FN3sslHOwnzRqrWsILgO8ePl3dMMKgY=
+github.com/nikpivkin/trivy-aws v0.0.0-20240605151603-9381d36925ae/go.mod h1:KOrgoMtAxHmGa1oIixLxCdJsmyZdplo/9EI+DJ0vUUM=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=

diff --git a/pkg/iac/adapters/terraform/google/iam/adapt.go b/pkg/iac/adapters/terraform/google/iam/adapt.go
@@ -1,109 +1,59 @@
 package iam
 
 import (
-	"github.com/google/uuid"
+	"golang.org/x/exp/maps"
 
 	"github.com/aquasecurity/trivy/pkg/iac/providers/google/iam"
 	"github.com/aquasecurity/trivy/pkg/iac/terraform"
-	"github.com/aquasecurity/trivy/pkg/iac/types"
 )
 
 func Adapt(modules terraform.Modules) iam.IAM {
 	return (&adapter{
-		orgs:    make(map[string]iam.Organization),
-		modules: modules,
+		orgs:         make(map[string]*iam.Organization),
+		projects:     make(map[string]*iam.Project),
+		projectsByID: make(map[string]string), // projectID -> blockID
+		folders:      make(map[string]*iam.Folder),
+		modules:      modules,
 	}).Adapt()
 }
 
 type adapter struct {
 	modules                       terraform.Modules
-	orgs                          map[string]iam.Organization
-	folders                       []parentedFolder
-	projects                      []parentedProject
+	orgs                          map[string]*iam.Organization
+	folders                       map[string]*iam.Folder
+	projects                      map[string]*iam.Project
+	projectsByID                  map[string]string
 	workloadIdentityPoolProviders []iam.WorkloadIdentityPoolProvider
 }
 
 func (a *adapter) Adapt() iam.IAM {
 	a.adaptOrganizationIAM()
-	a.adaptFolders()
 	a.adaptFolderIAM()
-	a.adaptProjects()
 	a.adaptProjectIAM()
 	a.adaptWorkloadIdentityPoolProviders()
-	return a.merge()
+	return a.buildIAMOutput()
 }
 
-func (a *adapter) addOrg(blockID string) {
-	if _, ok := a.orgs[blockID]; !ok {
-		a.orgs[blockID] = iam.Organization{
-			Metadata: types.NewUnmanagedMetadata(),
-		}
+func (a *adapter) buildIAMOutput() iam.IAM {
+	return iam.IAM{
+		Organizations:                 fromPtrSlice(maps.Values(a.orgs)),
+		Folders:                       fromPtrSlice(maps.Values(a.folders)),
+		Projects:                      fromPtrSlice(maps.Values(a.projects)),
+		WorkloadIdentityPoolProviders: a.workloadIdentityPoolProviders,
 	}
 }
 
-func (a *adapter) merge() iam.IAM {
-
-	// add projects to folders, orgs
-PROJECT:
-	for _, project := range a.projects {
-		for i, folder := range a.folders {
-			if project.folderBlockID != "" && project.folderBlockID == folder.blockID {
-				folder.folder.Projects = append(folder.folder.Projects, project.project)
-				a.folders[i] = folder
-				continue PROJECT
-			}
-		}
-		if project.orgBlockID != "" {
-			if org, ok := a.orgs[project.orgBlockID]; ok {
-				org.Projects = append(org.Projects, project.project)
-				a.orgs[project.orgBlockID] = org
-				continue PROJECT
-			}
-		}
-
-		org := iam.Organization{
-			Metadata: types.NewUnmanagedMetadata(),
-			Projects: []iam.Project{project.project},
-		}
-		a.orgs[uuid.NewString()] = org
+func fromPtrSlice[T any](collection []*T) []T {
+	if len(collection) == 0 {
+		return nil
 	}
 
-	// add folders to folders, orgs
-FOLDER_NESTED: // nolint: gocritic
-	for _, folder := range a.folders {
-		for i, existing := range a.folders {
-			if folder.parentBlockID != "" && folder.parentBlockID == existing.blockID {
-				existing.folder.Folders = append(existing.folder.Folders, folder.folder)
-				a.folders[i] = existing
-				continue FOLDER_NESTED // nolint: gocritic
-			}
-
-		}
-	}
-FOLDER_ORG: // nolint: gocritic
-	for _, folder := range a.folders {
-		if folder.parentBlockID != "" {
-			if org, ok := a.orgs[folder.parentBlockID]; ok {
-				org.Folders = append(org.Folders, folder.folder)
-				a.orgs[folder.parentBlockID] = org
-				continue FOLDER_ORG // nolint: gocritic
-			}
-		} else {
-			// add to placeholder?
-			org := iam.Organization{
-				Metadata: types.NewUnmanagedMetadata(),
-				Folders:  []iam.Folder{folder.folder},
-			}
-			a.orgs[uuid.NewString()] = org
+	result := make([]T, 0, len(collection))
+	for _, item := range collection {
+		if item == nil {
+			continue
 		}
+		result = append(result, *item)
 	}
-
-	output := iam.IAM{
-		Organizations:                 nil,
-		WorkloadIdentityPoolProviders: a.workloadIdentityPoolProviders,
-	}
-	for _, org := range a.orgs {
-		output.Organizations = append(output.Organizations, org)
-	}
-	return output
+	return result
 }