added in adapters of mq and msk (#1218)

internal/adapters/cloud/aws/mq/adapt.go

@@ -74,10 +74,19 @@ func (a *adapter) adaptBroker(apiBroker types.BrokerSummary) (*mq.Broker, error)
 	if err != nil {
 		return nil, err
 	}
+	var kmskeyid string
+	if output.EncryptionOptions != nil {
+		kmskeyid = *output.EncryptionOptions.KmsKeyId
+	}
 
 	return &mq.Broker{
-		Metadata:     metadata,
-		PublicAccess: defsecTypes.Bool(output.PubliclyAccessible, metadata),
+		Metadata:                metadata,
+		PublicAccess:            defsecTypes.Bool(output.PubliclyAccessible, metadata),
+		DeploymentMode:          defsecTypes.String(string(apiBroker.DeploymentMode), metadata),
+		EngineType:              defsecTypes.String(string(apiBroker.EngineType), metadata),
+		HostInstanceType:        defsecTypes.String(*apiBroker.HostInstanceType, metadata),
+		AutoMinorVersionUpgrade: defsecTypes.Bool(output.AutoMinorVersionUpgrade, metadata),
+		KmsKeyId:                defsecTypes.String(kmskeyid, metadata),
 		Logging: mq.Logging{
 			Metadata: metadata,
 			General:  defsecTypes.Bool(output.Logs != nil && output.Logs.General, metadata),

internal/adapters/cloud/aws/msk/adapt.go

@@ -69,10 +69,11 @@ func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, erro
 	metadata := a.CreateMetadataFromARN(*apiCluster.ClusterArn)
 
 	var encInTransitClientBroker, encAtRestKMSKeyId string
-	var encAtRestEnabled bool
+	var encAtRestEnabled, incluster bool
 	if apiCluster.EncryptionInfo != nil {
 		if apiCluster.EncryptionInfo.EncryptionInTransit != nil {
 			encInTransitClientBroker = string(apiCluster.EncryptionInfo.EncryptionInTransit.ClientBroker)
+			incluster = apiCluster.EncryptionInfo.EncryptionInTransit.InCluster
 		}
 
 		if apiCluster.EncryptionInfo.EncryptionAtRest != nil {
@@ -81,6 +82,18 @@ func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, erro
 		}
 	}
 
+	var publicaccesstype string
+	if apiCluster.BrokerNodeGroupInfo != nil && apiCluster.BrokerNodeGroupInfo.ConnectivityInfo != nil {
+		if apiCluster.BrokerNodeGroupInfo.ConnectivityInfo.PublicAccess != nil {
+			publicaccesstype = *apiCluster.BrokerNodeGroupInfo.ConnectivityInfo.PublicAccess.Type
+		}
+	}
+
+	var unauthenticated bool
+	if apiCluster.ClientAuthentication != nil && apiCluster.ClientAuthentication.Unauthenticated != nil {
+		unauthenticated = apiCluster.ClientAuthentication.Unauthenticated.Enabled
+	}
+
 	var logS3, logCW, logFH bool
 	if apiCluster.LoggingInfo != nil && apiCluster.LoggingInfo.BrokerLogs != nil {
 		logs := apiCluster.LoggingInfo.BrokerLogs
@@ -100,12 +113,21 @@ func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, erro
 		EncryptionInTransit: msk.EncryptionInTransit{
 			Metadata:     metadata,
 			ClientBroker: defsecTypes.String(encInTransitClientBroker, metadata),
+			InCluster:    defsecTypes.Bool(incluster, metadata),
 		},
 		EncryptionAtRest: msk.EncryptionAtRest{
 			Metadata:  metadata,
 			KMSKeyARN: defsecTypes.String(encAtRestKMSKeyId, metadata),
 			Enabled:   defsecTypes.Bool(encAtRestEnabled, metadata),
 		},
+		BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{
+			Metadata:         metadata,
+			PublicAccessType: defsecTypes.String(publicaccesstype, metadata),
+		},
+		ClientAuthentication: msk.ClientAuthentication{
+			Metadata:        metadata,
+			Unauthenticated: defsecTypes.Bool(unauthenticated, metadata),
+		},
 		Logging: msk.Logging{
 			Metadata: metadata,
 			Broker: msk.BrokerLogging{

internal/adapters/cloudformation/aws/mq/broker.go

@@ -10,8 +10,13 @@ func getBrokers(ctx parser.FileContext) (brokers []mq.Broker) {
 	for _, r := range ctx.GetResourcesByType("AWS::AmazonMQ::Broker") {
 
 		broker := mq.Broker{
-			Metadata:     r.Metadata(),
-			PublicAccess: r.GetBoolProperty("PubliclyAccessible"),
+			Metadata:                r.Metadata(),
+			PublicAccess:            r.GetBoolProperty("PubliclyAccessible"),
+			DeploymentMode:          r.GetStringProperty("DeploymentMode"),
+			AutoMinorVersionUpgrade: r.GetBoolProperty("AutoMinorVersionUpgrade"),
+			EngineType:              r.GetStringProperty("EngineType"),
+			HostInstanceType:        r.GetStringProperty("HostInstanceType"),
+			KmsKeyId:                r.GetStringProperty("EncryptionOptions.KmsKeyId"),
 			Logging: mq.Logging{
 				Metadata: r.Metadata(),
 				General:  types.BoolDefault(false, r.Metadata()),

internal/adapters/cloudformation/aws/msk/cluster.go

@@ -14,12 +14,21 @@ func getClusters(ctx parser.FileContext) (clusters []msk.Cluster) {
 			EncryptionInTransit: msk.EncryptionInTransit{
 				Metadata:     r.Metadata(),
 				ClientBroker: defsecTypes.StringDefault("TLS", r.Metadata()),
+				InCluster:    defsecTypes.BoolDefault(true, r.Metadata()),
 			},
 			EncryptionAtRest: msk.EncryptionAtRest{
 				Metadata:  r.Metadata(),
 				KMSKeyARN: defsecTypes.StringDefault("", r.Metadata()),
 				Enabled:   defsecTypes.BoolDefault(false, r.Metadata()),
 			},
+			BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{
+				Metadata:         r.Metadata(),
+				PublicAccessType: defsecTypes.String("DISABLED", r.Metadata()),
+			},
+			ClientAuthentication: msk.ClientAuthentication{
+				Metadata:        r.Metadata(),
+				Unauthenticated: defsecTypes.BoolDefault(false, r.Metadata()),
+			},
 			Logging: msk.Logging{
 				Metadata: r.Metadata(),
 				Broker: msk.BrokerLogging{
@@ -44,6 +53,21 @@ func getClusters(ctx parser.FileContext) (clusters []msk.Cluster) {
 			cluster.EncryptionInTransit = msk.EncryptionInTransit{
 				Metadata:     encProp.Metadata(),
 				ClientBroker: encProp.GetStringProperty("ClientBroker", "TLS"),
+				InCluster:    encProp.GetBoolProperty("InCluster"),
+			}
+		}
+
+		if brokernodeProp := r.GetProperty("BrokerNodeGroupInfo"); brokernodeProp.IsNotNil() {
+			cluster.BrokerNodeGroupInfo = msk.BrokerNodeGroupInfo{
+				Metadata:         brokernodeProp.Metadata(),
+				PublicAccessType: brokernodeProp.GetStringProperty("ConnectivityInfo.PublicAccess.Type"),
+			}
+		}
+
+		if clientProp := r.GetProperty("ClientAuthentication"); clientProp.IsNotNil() {
+			cluster.ClientAuthentication = msk.ClientAuthentication{
+				Metadata:        clientProp.Metadata(),
+				Unauthenticated: clientProp.GetBoolProperty("Unauthenticated.Enabled"),
 			}
 		}
 

internal/adapters/terraform/aws/mq/adapt.go

@@ -25,8 +25,13 @@ func adaptBrokers(modules terraform.Modules) []mq.Broker {
 func adaptBroker(resource *terraform.Block) mq.Broker {
 
 	broker := mq.Broker{
-		Metadata:     resource.GetMetadata(),
-		PublicAccess: types.BoolDefault(false, resource.GetMetadata()),
+		Metadata:                resource.GetMetadata(),
+		PublicAccess:            types.BoolDefault(false, resource.GetMetadata()),
+		EngineType:              resource.GetAttribute("engine_type").AsStringValueOrDefault("", resource),
+		HostInstanceType:        resource.GetAttribute("host_instance_type").AsStringValueOrDefault("", resource),
+		AutoMinorVersionUpgrade: resource.GetAttribute("auto_minor_version_upgrade").AsBoolValueOrDefault(true, resource),
+		DeploymentMode:          resource.GetAttribute("deployment_mode").AsStringValueOrDefault("SINGLE_INSTANCE", resource),
+		KmsKeyId:                types.StringDefault("", resource.GetMetadata()),
 		Logging: mq.Logging{
 			Metadata: resource.GetMetadata(),
 			General:  types.BoolDefault(false, resource.GetMetadata()),
@@ -43,6 +48,9 @@ func adaptBroker(resource *terraform.Block) mq.Broker {
 		generalAttr := logsBlock.GetAttribute("general")
 		broker.Logging.General = generalAttr.AsBoolValueOrDefault(false, logsBlock)
 	}
+	if encryptBlock := resource.GetBlock("encryption_options"); encryptBlock.IsNotNil() {
+		broker.KmsKeyId = encryptBlock.GetAttribute("kms_key_id").AsStringValueOrDefault("", resource)
+	}
 
 	return broker
 }

internal/adapters/terraform/aws/mq/adapt_test.go

@@ -29,11 +29,15 @@ func Test_adaptBroker(t *testing.T) {
 				}
 
 				publicly_accessible = false
+				auto_minor_version_upgrade = false
+				deployment_mode = "CLUSTER_MULTI_AZ"
 			  }
 `,
 			expected: mq.Broker{
-				Metadata:     defsecTypes.NewTestMetadata(),
-				PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
+				Metadata:                defsecTypes.NewTestMetadata(),
+				PublicAccess:            defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
+				AutoMinorVersionUpgrade: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
+				DeploymentMode:          defsecTypes.String("CLUSTER_MULTI_AZ", defsecTypes.NewTestMetadata()),
 				Logging: mq.Logging{
 					Metadata: defsecTypes.NewTestMetadata(),
 					General:  defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
@@ -50,11 +54,15 @@ func Test_adaptBroker(t *testing.T) {
 				}
 
 				publicly_accessible = true
+				auto_minor_version_upgrade = true
+				deployment_mode = "SINGLE_INSTANCE"
 			  }
 `,
 			expected: mq.Broker{
-				Metadata:     defsecTypes.NewTestMetadata(),
-				PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+				Metadata:                defsecTypes.NewTestMetadata(),
+				PublicAccess:            defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+				AutoMinorVersionUpgrade: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+				DeploymentMode:          defsecTypes.String("SINGLE_INSTANCE", defsecTypes.NewTestMetadata()),
 				Logging: mq.Logging{
 					Metadata: defsecTypes.NewTestMetadata(),
 					General:  defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
@@ -69,8 +77,10 @@ func Test_adaptBroker(t *testing.T) {
 			  }
 `,
 			expected: mq.Broker{
-				Metadata:     defsecTypes.NewTestMetadata(),
-				PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
+				Metadata:                defsecTypes.NewTestMetadata(),
+				PublicAccess:            defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),
+				AutoMinorVersionUpgrade: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+				DeploymentMode:          defsecTypes.String("SINGLE_INSTANCE", defsecTypes.NewTestMetadata()),
 				Logging: mq.Logging{
 					Metadata: defsecTypes.NewTestMetadata(),
 					General:  defsecTypes.Bool(false, defsecTypes.NewTestMetadata()),

internal/adapters/terraform/aws/msk/adapt.go

@@ -28,6 +28,15 @@ func adaptCluster(resource *terraform.Block) msk.Cluster {
 		EncryptionInTransit: msk.EncryptionInTransit{
 			Metadata:     resource.GetMetadata(),
 			ClientBroker: defsecTypes.StringDefault("TLS_PLAINTEXT", resource.GetMetadata()),
+			InCluster:    defsecTypes.BoolDefault(true, resource.GetMetadata()),
+		},
+		BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{
+			Metadata:         resource.GetMetadata(),
+			PublicAccessType: defsecTypes.StringDefault("DISABLED", resource.GetMetadata()),
+		},
+		ClientAuthentication: msk.ClientAuthentication{
+			Metadata:        resource.GetMetadata(),
+			Unauthenticated: defsecTypes.BoolDefault(false, resource.GetMetadata()),
 		},
 		EncryptionAtRest: msk.EncryptionAtRest{
 			Metadata:  resource.GetMetadata(),
@@ -60,6 +69,7 @@ func adaptCluster(resource *terraform.Block) msk.Cluster {
 			if clientBrokerAttr := encryptionInTransitBlock.GetAttribute("client_broker"); clientBrokerAttr.IsNotNil() {
 				cluster.EncryptionInTransit.ClientBroker = clientBrokerAttr.AsStringValueOrDefault("TLS", encryptionInTransitBlock)
 			}
+			cluster.EncryptionInTransit.InCluster = encryptionInTransitBlock.GetAttribute("in_cluster").AsBoolValueOrDefault(true, encryptionInTransitBlock)
 		}
 
 		if encryptionAtRestAttr := encryptBlock.GetAttribute("encryption_at_rest_kms_key_arn"); encryptionAtRestAttr.IsNotNil() {
@@ -69,6 +79,20 @@ func adaptCluster(resource *terraform.Block) msk.Cluster {
 		}
 	}
 
+	if clientBlock := resource.GetBlock("client_authentication"); clientBlock.IsNotNil() {
+		cluster.ClientAuthentication.Metadata = clientBlock.GetMetadata()
+		cluster.ClientAuthentication.Unauthenticated = clientBlock.GetAttribute("unauthenticated").AsBoolValueOrDefault(false, clientBlock)
+	}
+
+	if brokernodeBlock := resource.GetBlock("broker_node_group_info"); brokernodeBlock.IsNotNil() {
+		cluster.BrokerNodeGroupInfo.Metadata = brokernodeBlock.GetMetadata()
+		if connectBlock := brokernodeBlock.GetBlock("connectivity_info"); connectBlock.IsNotNil() {
+			if publicaccessBlock := connectBlock.GetBlock("public-access"); publicaccessBlock.IsNotNil() {
+				cluster.BrokerNodeGroupInfo.PublicAccessType = publicaccessBlock.GetAttribute("type").AsStringValueOrDefault("DISABLED", publicaccessBlock)
+			}
+		}
+	}
+
 	if logBlock := resource.GetBlock("logging_info"); logBlock.IsNotNil() {
 		cluster.Logging.Metadata = logBlock.GetMetadata()
 		if brokerLogsBlock := logBlock.GetBlock("broker_logs"); brokerLogsBlock.IsNotNil() {

internal/adapters/terraform/aws/msk/adapt_test.go

@@ -51,19 +51,31 @@ func Test_adaptCluster(t *testing.T) {
 					}
 				  }
 				}
+				broker_node_group_info {
+					connectivity_info {
+						public-access{
+							type = "SERVICE_PROVIDED_EIPS"
+						}
+					}
+				}
 			  }
 `,
 			expected: msk.Cluster{
 				Metadata: defsecTypes.NewTestMetadata(),
 				EncryptionInTransit: msk.EncryptionInTransit{
 					Metadata:     defsecTypes.NewTestMetadata(),
 					ClientBroker: defsecTypes.String("TLS", defsecTypes.NewTestMetadata()),
+					InCluster:    defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
 				},
 				EncryptionAtRest: msk.EncryptionAtRest{
 					Metadata:  defsecTypes.NewTestMetadata(),
 					KMSKeyARN: defsecTypes.String("foo-bar-key", defsecTypes.NewTestMetadata()),
 					Enabled:   defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
 				},
+				BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{
+					Metadata:         defsecTypes.NewTestMetadata(),
+					PublicAccessType: defsecTypes.String("SERVICE_PROVIDED_EIPS", defsecTypes.NewTestMetadata()),
+				},
 				Logging: msk.Logging{
 					Metadata: defsecTypes.NewTestMetadata(),
 					Broker: msk.BrokerLogging{
@@ -95,6 +107,11 @@ func Test_adaptCluster(t *testing.T) {
 				EncryptionInTransit: msk.EncryptionInTransit{
 					Metadata:     defsecTypes.NewTestMetadata(),
 					ClientBroker: defsecTypes.String("TLS_PLAINTEXT", defsecTypes.NewTestMetadata()),
+					InCluster:    defsecTypes.Bool(true, defsecTypes.NewTestMetadata()),
+				},
+				BrokerNodeGroupInfo: msk.BrokerNodeGroupInfo{
+					Metadata:         defsecTypes.NewTestMetadata(),
+					PublicAccessType: defsecTypes.String("DISABLED", defsecTypes.NewTestMetadata()),
 				},
 				Logging: msk.Logging{
 					Metadata: defsecTypes.NewTestMetadata(),

pkg/providers/aws/mq/mq.go

@@ -9,9 +9,14 @@ type MQ struct {
 }
 
 type Broker struct {
-	Metadata     defsecTypes.Metadata
-	PublicAccess defsecTypes.BoolValue
-	Logging      Logging
+	Metadata                defsecTypes.Metadata
+	PublicAccess            defsecTypes.BoolValue
+	DeploymentMode          defsecTypes.StringValue
+	EngineType              defsecTypes.StringValue
+	HostInstanceType        defsecTypes.StringValue
+	KmsKeyId                defsecTypes.StringValue
+	AutoMinorVersionUpgrade defsecTypes.BoolValue
+	Logging                 Logging
 }
 
 type Logging struct {

pkg/providers/aws/msk/msk.go

@@ -9,10 +9,12 @@ type MSK struct {
 }
 
 type Cluster struct {
-	Metadata            defsecTypes.Metadata
-	EncryptionInTransit EncryptionInTransit
-	EncryptionAtRest    EncryptionAtRest
-	Logging             Logging
+	Metadata             defsecTypes.Metadata
+	EncryptionInTransit  EncryptionInTransit
+	EncryptionAtRest     EncryptionAtRest
+	BrokerNodeGroupInfo  BrokerNodeGroupInfo
+	ClientAuthentication ClientAuthentication
+	Logging              Logging
 }
 
 const (
@@ -24,6 +26,7 @@ const (
 type EncryptionInTransit struct {
 	Metadata     defsecTypes.Metadata
 	ClientBroker defsecTypes.StringValue
+	InCluster    defsecTypes.BoolValue
 }
 
 type EncryptionAtRest struct {
@@ -58,3 +61,13 @@ type FirehoseLogging struct {
 	Metadata defsecTypes.Metadata
 	Enabled  defsecTypes.BoolValue
 }
+
+type BrokerNodeGroupInfo struct {
+	Metadata         defsecTypes.Metadata
+	PublicAccessType defsecTypes.StringValue
+}
+
+type ClientAuthentication struct {
+	Metadata        defsecTypes.Metadata
+	Unauthenticated defsecTypes.BoolValue
+}