Skip to content

Commit 9913465

Browse files
nikpivkinnikpivkin
authored
feat(misconf): adapt aws_opensearch_domain (#8550)
Signed-off-by: nikpivkin <[email protected]>
1 parent 0d9865f commit 9913465

File tree

2 files changed

+98
-40
lines changed

2 files changed

+98
-40
lines changed

pkg/iac/adapters/terraform/aws/elasticsearch/adapt.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ func Adapt(modules terraform.Modules) elasticsearch.Elasticsearch {
1515
func adaptDomains(modules terraform.Modules) []elasticsearch.Domain {
1616
var domains []elasticsearch.Domain
1717
for _, module := range modules {
18-
for _, resource := range module.GetResourcesByType("aws_elasticsearch_domain") {
18+
for _, resource := range module.GetResourcesByType("aws_elasticsearch_domain", "aws_opensearch_domain") {
1919
domains = append(domains, adaptDomain(resource))
2020
}
2121
}

pkg/iac/adapters/terraform/aws/elasticsearch/adapt_test.go

+97-39
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ func Test_adaptDomain(t *testing.T) {
1616
tests := []struct {
1717
name string
1818
terraform string
19-
expected elasticsearch.Domain
19+
expected elasticsearch.Elasticsearch
2020
}{
2121
{
2222
name: "configured",
@@ -44,25 +44,29 @@ func Test_adaptDomain(t *testing.T) {
4444
}
4545
}
4646
`,
47-
expected: elasticsearch.Domain{
48-
Metadata: iacTypes.NewTestMetadata(),
49-
DomainName: iacTypes.String("domain-foo", iacTypes.NewTestMetadata()),
50-
LogPublishing: elasticsearch.LogPublishing{
51-
Metadata: iacTypes.NewTestMetadata(),
52-
AuditEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
53-
},
54-
TransitEncryption: elasticsearch.TransitEncryption{
55-
Metadata: iacTypes.NewTestMetadata(),
56-
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
57-
},
58-
AtRestEncryption: elasticsearch.AtRestEncryption{
59-
Metadata: iacTypes.NewTestMetadata(),
60-
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
61-
},
62-
Endpoint: elasticsearch.Endpoint{
63-
Metadata: iacTypes.NewTestMetadata(),
64-
EnforceHTTPS: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
65-
TLSPolicy: iacTypes.String("Policy-Min-TLS-1-2-2019-07", iacTypes.NewTestMetadata()),
47+
expected: elasticsearch.Elasticsearch{
48+
Domains: []elasticsearch.Domain{
49+
{
50+
Metadata: iacTypes.NewTestMetadata(),
51+
DomainName: iacTypes.String("domain-foo", iacTypes.NewTestMetadata()),
52+
LogPublishing: elasticsearch.LogPublishing{
53+
Metadata: iacTypes.NewTestMetadata(),
54+
AuditEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
55+
},
56+
TransitEncryption: elasticsearch.TransitEncryption{
57+
Metadata: iacTypes.NewTestMetadata(),
58+
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
59+
},
60+
AtRestEncryption: elasticsearch.AtRestEncryption{
61+
Metadata: iacTypes.NewTestMetadata(),
62+
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
63+
},
64+
Endpoint: elasticsearch.Endpoint{
65+
Metadata: iacTypes.NewTestMetadata(),
66+
EnforceHTTPS: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
67+
TLSPolicy: iacTypes.String("Policy-Min-TLS-1-2-2019-07", iacTypes.NewTestMetadata()),
68+
},
69+
},
6670
},
6771
},
6872
},
@@ -72,25 +76,79 @@ func Test_adaptDomain(t *testing.T) {
7276
resource "aws_elasticsearch_domain" "example" {
7377
}
7478
`,
75-
expected: elasticsearch.Domain{
76-
Metadata: iacTypes.NewTestMetadata(),
77-
DomainName: iacTypes.String("", iacTypes.NewTestMetadata()),
78-
LogPublishing: elasticsearch.LogPublishing{
79-
Metadata: iacTypes.NewTestMetadata(),
80-
AuditEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
81-
},
82-
TransitEncryption: elasticsearch.TransitEncryption{
83-
Metadata: iacTypes.NewTestMetadata(),
84-
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
85-
},
86-
AtRestEncryption: elasticsearch.AtRestEncryption{
87-
Metadata: iacTypes.NewTestMetadata(),
88-
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
79+
expected: elasticsearch.Elasticsearch{
80+
Domains: []elasticsearch.Domain{
81+
{
82+
Metadata: iacTypes.NewTestMetadata(),
83+
DomainName: iacTypes.String("", iacTypes.NewTestMetadata()),
84+
LogPublishing: elasticsearch.LogPublishing{
85+
Metadata: iacTypes.NewTestMetadata(),
86+
AuditEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
87+
},
88+
TransitEncryption: elasticsearch.TransitEncryption{
89+
Metadata: iacTypes.NewTestMetadata(),
90+
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
91+
},
92+
AtRestEncryption: elasticsearch.AtRestEncryption{
93+
Metadata: iacTypes.NewTestMetadata(),
94+
Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
95+
},
96+
Endpoint: elasticsearch.Endpoint{
97+
Metadata: iacTypes.NewTestMetadata(),
98+
EnforceHTTPS: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
99+
TLSPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
100+
},
101+
},
89102
},
90-
Endpoint: elasticsearch.Endpoint{
91-
Metadata: iacTypes.NewTestMetadata(),
92-
EnforceHTTPS: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
93-
TLSPolicy: iacTypes.String("", iacTypes.NewTestMetadata()),
103+
},
104+
},
105+
{
106+
name: "opensearch",
107+
terraform: `resource "aws_opensearch_domain" "example" {
108+
domain_name = "example"
109+
110+
node_to_node_encryption {
111+
enabled = true
112+
}
113+
114+
encrypt_at_rest {
115+
enabled = true
116+
}
117+
118+
domain_endpoint_options {
119+
enforce_https = true
120+
tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
121+
}
122+
123+
log_publishing_options {
124+
cloudwatch_log_group_arn = aws_cloudwatch_log_group.example.arn
125+
log_type = "AUDIT_LOGS"
126+
}
127+
}
128+
`,
129+
expected: elasticsearch.Elasticsearch{
130+
Domains: []elasticsearch.Domain{
131+
{
132+
Metadata: iacTypes.NewTestMetadata(),
133+
DomainName: iacTypes.String("example", iacTypes.NewTestMetadata()),
134+
LogPublishing: elasticsearch.LogPublishing{
135+
Metadata: iacTypes.NewTestMetadata(),
136+
AuditEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
137+
},
138+
TransitEncryption: elasticsearch.TransitEncryption{
139+
Metadata: iacTypes.NewTestMetadata(),
140+
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
141+
},
142+
AtRestEncryption: elasticsearch.AtRestEncryption{
143+
Metadata: iacTypes.NewTestMetadata(),
144+
Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
145+
},
146+
Endpoint: elasticsearch.Endpoint{
147+
Metadata: iacTypes.NewTestMetadata(),
148+
EnforceHTTPS: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
149+
TLSPolicy: iacTypes.String("Policy-Min-TLS-1-2-2019-07", iacTypes.NewTestMetadata()),
150+
},
151+
},
94152
},
95153
},
96154
},
@@ -99,7 +157,7 @@ func Test_adaptDomain(t *testing.T) {
99157
for _, test := range tests {
100158
t.Run(test.name, func(t *testing.T) {
101159
modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf")
102-
adapted := adaptDomain(modules.GetBlocks()[0])
160+
adapted := Adapt(modules)
103161
testutil.AssertDefsecEqual(t, test.expected, adapted)
104162
})
105163
}

0 commit comments

Comments
 (0)