Skip to content

Commit

Permalink
Added feature to implement SSM parameters (#1653)
Browse files Browse the repository at this point in the history
* fix for crash in lambda function cft yaml if code key is not present

* removed duplicate tag image tag

* bump up the version to 1.18.5

* added feature to parse cft template for ssm parameter
  • Loading branch information
nmoretenable authored Dec 13, 2023
1 parent 791983c commit 575d95b
Show file tree
Hide file tree
Showing 4 changed files with 68 additions and 0 deletions.
3 changes: 3 additions & 0 deletions pkg/mapper/iac-providers/cft/cft.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ import (
"github.com/awslabs/goformation/v7/cloudformation/redshift"
"github.com/awslabs/goformation/v7/cloudformation/route53"
"github.com/awslabs/goformation/v7/cloudformation/s3"
"github.com/awslabs/goformation/v7/cloudformation/ssm"
"github.com/tenable/terrascan/pkg/iac-providers/output"
"github.com/tenable/terrascan/pkg/mapper/core"
"github.com/tenable/terrascan/pkg/mapper/iac-providers/cft/config"
Expand Down Expand Up @@ -311,6 +312,8 @@ func (m cftMapper) mapConfigForResource(r cloudformation.Resource, resourceName
return config.GetAppAutoScalingPolicyConfig(resource)
case *secretsmanager.RotationSchedule:
return config.GetSecretsManagerSecretRotationConfig(resource)
case *ssm.Parameter:
return config.GetSSMParameterConfig(resource)
default:
}
return []config.AWSResourceConfig{}
Expand Down
63 changes: 63 additions & 0 deletions pkg/mapper/iac-providers/cft/config/ssm-parameter.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
/*
Copyright (C) 2022 Tenable, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package config

import (
"github.com/awslabs/goformation/v7/cloudformation/ssm"
)

// SSMParameterConfig holds config for SSMParameter
type SSMParameterConfig struct {
Config
Name string `json:"name"`
Description string `json:"description"`
Type string `json:"type"`
Value string `json:"value"`
Tier string `json:"tier"`
Policies string `json:"policies"`
AllowedPattern string `json:"allowed_pattern"`
}

// GetSSMParameterConfig returns config for SSM Parameter
func GetSSMParameterConfig(b *ssm.Parameter) []AWSResourceConfig {
cf := SSMParameterConfig{
Config: Config{
Name: *b.Name,
Tags: b.Tags,
},
Name: *b.Name,
Type: b.Type,
Value: b.Value,
}
if b.Description != nil {
cf.Description = *b.Description
}
if b.Tier != nil {
cf.Tier = *b.Tier
}
if b.Policies != nil {
cf.Policies = *b.Policies
}
if b.AllowedPattern != nil {
cf.AllowedPattern = *b.AllowedPattern
}

return []AWSResourceConfig{{
Resource: cf,
Metadata: b.AWSCloudFormationMetadata,
}}
}
1 change: 1 addition & 0 deletions pkg/mapper/iac-providers/cft/store/store.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,4 +111,5 @@ var ResourceTypes = map[string]string{
"AWS::EC2::NatGateway": AwsNatGateway,
"AWS::EC2::Subnet": AwsSubnet,
"AWS::EC2::Route": AwsRoute,
"AWS::SSM::Parameter": AwsSSMParameter,
}
1 change: 1 addition & 0 deletions pkg/mapper/iac-providers/cft/store/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,4 +110,5 @@ const (
AwsNatGateway = "aws_nat_gateway"
AwsSubnet = "aws_subnet"
AwsRoute = "aws_route"
AwsSSMParameter = "aws_ssm_parameter"
)

0 comments on commit 575d95b

Please sign in to comment.