From 00664bcc933fa96b5d4bb1afc701dd1af01703f5 Mon Sep 17 00:00:00 2001 From: Shreyas Phansalkar <79958391+shreyas-phansalkar-189@users.noreply.github.com> Date: Mon, 13 Jun 2022 15:45:56 +0530 Subject: [PATCH] Adding CFT support for new resources (#1293) * Adding CFT support for following resources: - AWS Subnet - AWS Nat Gateway - AWS Route Table - AWS Route Table Association - AWS Route * Fixing incorrect variable names * Removing unnecessary Config allocation --- pkg/mapper/iac-providers/cft/cft.go | 10 +++ .../iac-providers/cft/config/nat-gateway.go | 45 ++++++++++++++ .../cft/config/route-table-association.go | 40 ++++++++++++ .../iac-providers/cft/config/route-table.go | 41 ++++++++++++ pkg/mapper/iac-providers/cft/config/route.go | 62 +++++++++++++++++++ pkg/mapper/iac-providers/cft/config/subnet.go | 53 ++++++++++++++++ pkg/mapper/iac-providers/cft/store/store.go | 5 ++ pkg/mapper/iac-providers/cft/store/types.go | 5 ++ 8 files changed, 261 insertions(+) create mode 100644 pkg/mapper/iac-providers/cft/config/nat-gateway.go create mode 100644 pkg/mapper/iac-providers/cft/config/route-table-association.go create mode 100644 pkg/mapper/iac-providers/cft/config/route-table.go create mode 100644 pkg/mapper/iac-providers/cft/config/route.go create mode 100644 pkg/mapper/iac-providers/cft/config/subnet.go diff --git a/pkg/mapper/iac-providers/cft/cft.go b/pkg/mapper/iac-providers/cft/cft.go index 8cc279069..4bebd93d1 100644 --- a/pkg/mapper/iac-providers/cft/cft.go +++ b/pkg/mapper/iac-providers/cft/cft.go @@ -191,6 +191,16 @@ func (m cftMapper) mapConfigForResource(r cloudformation.Resource, resourceName return config.GetEbsVolumeConfig(resource) case *ec2.VPC: return config.GetEc2VpcConfig(resource) + case *ec2.SubnetRouteTableAssociation: + return config.GetRouteTableAssociationConfig(resource) + case *ec2.RouteTable: + return config.GetRouteTableConfig(resource) + case *ec2.NatGateway: + return config.GetNatGatewayConfig(resource) + case *ec2.Subnet: + return config.GetSubnetConfig(resource) + case *ec2.Route: + return config.GetRouteConfig(resource) case *efs.FileSystem: return config.GetEfsFileSystemConfig(resource) case *elasticache.CacheCluster: diff --git a/pkg/mapper/iac-providers/cft/config/nat-gateway.go b/pkg/mapper/iac-providers/cft/config/nat-gateway.go new file mode 100644 index 000000000..e2012196e --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/nat-gateway.go @@ -0,0 +1,45 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// NatGatewayConfig holds config for aws_nat_gateway +type NatGatewayConfig struct { + Config + AllocationID string `json:"allocation_id"` + ConnectivityType string `json:"connectivity_type"` + SubnetID string `json:"subnet_id"` +} + +// GetNatGatewayConfig returns config for aws_nat_gateway +func GetNatGatewayConfig(e *ec2.NatGateway) []AWSResourceConfig { + cf := NatGatewayConfig{ + Config: Config{ + Tags: e.Tags, + }, + AllocationID: e.AllocationId, + ConnectivityType: e.ConnectivityType, + SubnetID: e.SubnetId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/config/route-table-association.go b/pkg/mapper/iac-providers/cft/config/route-table-association.go new file mode 100644 index 000000000..51617a355 --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/route-table-association.go @@ -0,0 +1,40 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// RouteTableAssociationConfig holds config for aws_route_table_association +type RouteTableAssociationConfig struct { + Config + RouteTableID string `json:"route_table_id"` + SubnetID string `json:"subnet_id"` +} + +// GetRouteTableAssociationConfig returns config for aws_route_table_association +func GetRouteTableAssociationConfig(e *ec2.SubnetRouteTableAssociation) []AWSResourceConfig { + cf := RouteTableAssociationConfig{ + RouteTableID: e.RouteTableId, + SubnetID: e.SubnetId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/config/route-table.go b/pkg/mapper/iac-providers/cft/config/route-table.go new file mode 100644 index 000000000..c9e169e39 --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/route-table.go @@ -0,0 +1,41 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// RouteTableConfig holds config for aws_route_table +type RouteTableConfig struct { + Config + VpcID string `json:"vpc_id"` +} + +// GetRouteTableConfig returns config for aws_route_table +func GetRouteTableConfig(e *ec2.RouteTable) []AWSResourceConfig { + cf := RouteTableConfig{ + Config: Config{ + Tags: e.Tags, + }, + VpcID: e.VpcId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/config/route.go b/pkg/mapper/iac-providers/cft/config/route.go new file mode 100644 index 000000000..e81ca676e --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/route.go @@ -0,0 +1,62 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// RouteConfig holds config for aws_route +type RouteConfig struct { + Config + CarrierGatewayID string `json:"carrier_gateway_id"` + DestinationCidrBlock string `json:"destination_cidr_block"` + DestinationIpv6CidrBlock string `json:"destination_ipv6_cidr_block"` + EgressOnlyInternetGatewayID string `json:"egress_only_gateway_id"` + GatewayID string `json:"gateway_id"` + InstanceID string `json:"instance_id"` + LocalGatewayID string `json:"local_gateway_id"` + NatGatewayID string `json:"nat_gateway_id"` + NetworkInterfaceID string `json:"network_interface_id"` + RouteTableID string `json:"route_table_id"` + TransitGatewayID string `json:"transit_gateway_id"` + VpcEndpointID string `json:"vpc_endpoint_id"` + VpcPeeringConnectionID string `json:"vpc_peering_connection_id"` +} + +// GetRouteConfig returns config for aws_route +func GetRouteConfig(e *ec2.Route) []AWSResourceConfig { + cf := RouteConfig{ + CarrierGatewayID: e.CarrierGatewayId, + DestinationCidrBlock: e.DestinationCidrBlock, + DestinationIpv6CidrBlock: e.DestinationIpv6CidrBlock, + EgressOnlyInternetGatewayID: e.EgressOnlyInternetGatewayId, + GatewayID: e.GatewayId, + InstanceID: e.InstanceId, + LocalGatewayID: e.LocalGatewayId, + NatGatewayID: e.NatGatewayId, + NetworkInterfaceID: e.NetworkInterfaceId, + RouteTableID: e.RouteTableId, + TransitGatewayID: e.TransitGatewayId, + VpcEndpointID: e.VpcEndpointId, + VpcPeeringConnectionID: e.VpcPeeringConnectionId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/config/subnet.go b/pkg/mapper/iac-providers/cft/config/subnet.go new file mode 100644 index 000000000..b4f8bbe8f --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/subnet.go @@ -0,0 +1,53 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// SubnetConfig holds config for aws_subnet +type SubnetConfig struct { + Config + AssignIpv6AddressOnCreation bool `json:"assign_ipv6_address_on_creation"` + AvailabilityZone string `json:"availability_zone"` + CidrBlock string `json:"cidr_block"` + Ipv6CidrBlock string `json:"ipv6_cidr_block"` + MapPublicIPOnLaunch bool `json:"map_public_ip_on_launch"` + OutpostArn string `json:"outpost_arn"` + VpcID string `json:"vpc_id"` +} + +// GetSubnetConfig returns config for aws_subnet +func GetSubnetConfig(e *ec2.Subnet) []AWSResourceConfig { + cf := SubnetConfig{ + Config: Config{ + Tags: e.Tags, + }, + AssignIpv6AddressOnCreation: e.AssignIpv6AddressOnCreation, + AvailabilityZone: e.AvailabilityZone, + CidrBlock: e.CidrBlock, + Ipv6CidrBlock: e.Ipv6CidrBlock, + MapPublicIPOnLaunch: e.MapPublicIpOnLaunch, + OutpostArn: e.OutpostArn, + VpcID: e.VpcId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/store/store.go b/pkg/mapper/iac-providers/cft/store/store.go index 3c09b2c22..0783206d5 100644 --- a/pkg/mapper/iac-providers/cft/store/store.go +++ b/pkg/mapper/iac-providers/cft/store/store.go @@ -106,4 +106,9 @@ var ResourceTypes = map[string]string{ "AWS::AppMesh::Mesh": AwsAppMeshMesh, "AWS::ApplicationAutoScaling::ScalingPolicy": AwsAppAutoscalingPolicy, "AWS::RAM::ResourceShare": AwsRAMResourceShare, + "AWS::EC2::SubnetRouteTableAssociation": AwsRouteTableAssociation, + "AWS::EC2::RouteTable": AwsRouteTable, + "AWS::EC2::NatGateway": AwsNatGateway, + "AWS::EC2::Subnet": AwsSubnet, + "AWS::EC2::Route": AwsRoute, } diff --git a/pkg/mapper/iac-providers/cft/store/types.go b/pkg/mapper/iac-providers/cft/store/types.go index 8147cd5b3..6c3a9bafe 100644 --- a/pkg/mapper/iac-providers/cft/store/types.go +++ b/pkg/mapper/iac-providers/cft/store/types.go @@ -105,4 +105,9 @@ const ( AwsAppMeshMesh = "aws_appmesh_mesh" AwsRAMResourceShare = "aws_ram_resource_share" AwsAppAutoscalingPolicy = "aws_appautoscaling_policy" + AwsRouteTableAssociation = "aws_route_table_association" + AwsRouteTable = "aws_route_table" + AwsNatGateway = "aws_nat_gateway" + AwsSubnet = "aws_subnet" + AwsRoute = "aws_route" )