BREAKING(misconf): flatten recursive types

go.mod

@@ -26,7 +26,7 @@ require (
 	github.com/aquasecurity/table v1.8.0
 	github.com/aquasecurity/testdocker v0.0.0-20240419073403-90bd43849334
 	github.com/aquasecurity/tml v0.6.1
-	github.com/aquasecurity/trivy-aws v0.9.0
+	github.com/aquasecurity/trivy-aws v0.9.1-0.20240607040622-8a7f09cd891f
 	github.com/aquasecurity/trivy-checks v0.11.0
 	github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d
 	github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48

go.sum

@@ -771,8 +771,8 @@ github.com/aquasecurity/testdocker v0.0.0-20240419073403-90bd43849334 h1:MgvbLyL
 github.com/aquasecurity/testdocker v0.0.0-20240419073403-90bd43849334/go.mod h1:TKXn7bPfMM52ETP4sjjwkTKCZ18CqCs+I/vtFePSdBc=
 github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
 github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
-github.com/aquasecurity/trivy-aws v0.9.0 h1:0Xl5p5LtEwFMwZpuRQ6SSzVJN/fJZZtLenaacxjQFvE=
-github.com/aquasecurity/trivy-aws v0.9.0/go.mod h1:KOrgoMtAxHmGa1oIixLxCdJsmyZdplo/9EI+DJ0vUUM=
+github.com/aquasecurity/trivy-aws v0.9.1-0.20240607040622-8a7f09cd891f h1:LS8Xb8Lb0mosGay+hk7hkt8jVc+L8msTdjJCU+ICcS8=
+github.com/aquasecurity/trivy-aws v0.9.1-0.20240607040622-8a7f09cd891f/go.mod h1:pfwElhU8kilUmgib1xBw91ZBPJya6EZ1unwvqC0ijh4=
 github.com/aquasecurity/trivy-checks v0.11.0 h1:hS5gSQyuyIITrY/kCY2AWQMUSwXLpdtbHDPaCs6eSaI=
 github.com/aquasecurity/trivy-checks v0.11.0/go.mod h1:IAK3eHcKNxIHo/ckxKoHsXmEpUG45/38grW5bBjL9lw=
 github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c=

pkg/iac/adapters/terraform/google/iam/adapt.go

@@ -1,109 +1,59 @@
 package iam
 
 import (
-	"github.com/google/uuid"
+	"golang.org/x/exp/maps"
 
 	"github.com/aquasecurity/trivy/pkg/iac/providers/google/iam"
 	"github.com/aquasecurity/trivy/pkg/iac/terraform"
-	"github.com/aquasecurity/trivy/pkg/iac/types"
 )
 
 func Adapt(modules terraform.Modules) iam.IAM {
 	return (&adapter{
-		orgs:    make(map[string]iam.Organization),
-		modules: modules,
+		orgs:         make(map[string]*iam.Organization),
+		projects:     make(map[string]*iam.Project),
+		projectsByID: make(map[string]string), // projectID -> blockID
+		folders:      make(map[string]*iam.Folder),
+		modules:      modules,
 	}).Adapt()
 }
 
 type adapter struct {
 	modules                       terraform.Modules
-	orgs                          map[string]iam.Organization
-	folders                       []parentedFolder
-	projects                      []parentedProject
+	orgs                          map[string]*iam.Organization
+	folders                       map[string]*iam.Folder
+	projects                      map[string]*iam.Project
+	projectsByID                  map[string]string
 	workloadIdentityPoolProviders []iam.WorkloadIdentityPoolProvider
 }
 
 func (a *adapter) Adapt() iam.IAM {
 	a.adaptOrganizationIAM()
-	a.adaptFolders()
 	a.adaptFolderIAM()
-	a.adaptProjects()
 	a.adaptProjectIAM()
 	a.adaptWorkloadIdentityPoolProviders()
-	return a.merge()
+	return a.buildIAMOutput()
 }
 
-func (a *adapter) addOrg(blockID string) {
-	if _, ok := a.orgs[blockID]; !ok {
-		a.orgs[blockID] = iam.Organization{
-			Metadata: types.NewUnmanagedMetadata(),
-		}
+func (a *adapter) buildIAMOutput() iam.IAM {
+	return iam.IAM{
+		Organizations:                 fromPtrSlice(maps.Values(a.orgs)),
+		Folders:                       fromPtrSlice(maps.Values(a.folders)),
+		Projects:                      fromPtrSlice(maps.Values(a.projects)),
+		WorkloadIdentityPoolProviders: a.workloadIdentityPoolProviders,
 	}
 }
 
-func (a *adapter) merge() iam.IAM {
-
-	// add projects to folders, orgs
-PROJECT:
-	for _, project := range a.projects {
-		for i, folder := range a.folders {
-			if project.folderBlockID != "" && project.folderBlockID == folder.blockID {
-				folder.folder.Projects = append(folder.folder.Projects, project.project)
-				a.folders[i] = folder
-				continue PROJECT
-			}
-		}
-		if project.orgBlockID != "" {
-			if org, ok := a.orgs[project.orgBlockID]; ok {
-				org.Projects = append(org.Projects, project.project)
-				a.orgs[project.orgBlockID] = org
-				continue PROJECT
-			}
-		}
-
-		org := iam.Organization{
-			Metadata: types.NewUnmanagedMetadata(),
-			Projects: []iam.Project{project.project},
-		}
-		a.orgs[uuid.NewString()] = org
+func fromPtrSlice[T any](collection []*T) []T {
+	if len(collection) == 0 {
+		return nil
 	}
 
-	// add folders to folders, orgs
-FOLDER_NESTED: // nolint: gocritic
-	for _, folder := range a.folders {
-		for i, existing := range a.folders {
-			if folder.parentBlockID != "" && folder.parentBlockID == existing.blockID {
-				existing.folder.Folders = append(existing.folder.Folders, folder.folder)
-				a.folders[i] = existing
-				continue FOLDER_NESTED // nolint: gocritic
-			}
-
-		}
-	}
-FOLDER_ORG: // nolint: gocritic
-	for _, folder := range a.folders {
-		if folder.parentBlockID != "" {
-			if org, ok := a.orgs[folder.parentBlockID]; ok {
-				org.Folders = append(org.Folders, folder.folder)
-				a.orgs[folder.parentBlockID] = org
-				continue FOLDER_ORG // nolint: gocritic
-			}
-		} else {
-			// add to placeholder?
-			org := iam.Organization{
-				Metadata: types.NewUnmanagedMetadata(),
-				Folders:  []iam.Folder{folder.folder},
-			}
-			a.orgs[uuid.NewString()] = org
+	result := make([]T, 0, len(collection))
+	for _, item := range collection {
+		if item == nil {
+			continue
 		}
+		result = append(result, *item)
 	}
-
-	output := iam.IAM{
-		Organizations:                 nil,
-		WorkloadIdentityPoolProviders: a.workloadIdentityPoolProviders,
-	}
-	for _, org := range a.orgs {
-		output.Organizations = append(output.Organizations, org)
-	}
-	return output
+	return result
 }