From b70db14adefbdda258c42004f02a36803c510b18 Mon Sep 17 00:00:00 2001 From: Shreyas Date: Mon, 13 Jun 2022 10:11:03 +0530 Subject: [PATCH 1/3] Adding CFT support for following resources: - AWS Subnet - AWS Nat Gateway - AWS Route Table - AWS Route Table Association - AWS Route --- pkg/mapper/iac-providers/cft/cft.go | 10 +++ .../iac-providers/cft/config/nat-gateway.go | 45 +++++++++++++ .../cft/config/route-table-association.go | 41 ++++++++++++ .../iac-providers/cft/config/route-table.go | 41 ++++++++++++ pkg/mapper/iac-providers/cft/config/route.go | 63 +++++++++++++++++++ pkg/mapper/iac-providers/cft/config/subnet.go | 53 ++++++++++++++++ pkg/mapper/iac-providers/cft/store/store.go | 5 ++ pkg/mapper/iac-providers/cft/store/types.go | 5 ++ 8 files changed, 263 insertions(+) create mode 100644 pkg/mapper/iac-providers/cft/config/nat-gateway.go create mode 100644 pkg/mapper/iac-providers/cft/config/route-table-association.go create mode 100644 pkg/mapper/iac-providers/cft/config/route-table.go create mode 100644 pkg/mapper/iac-providers/cft/config/route.go create mode 100644 pkg/mapper/iac-providers/cft/config/subnet.go diff --git a/pkg/mapper/iac-providers/cft/cft.go b/pkg/mapper/iac-providers/cft/cft.go index 8cc279069..4bebd93d1 100644 --- a/pkg/mapper/iac-providers/cft/cft.go +++ b/pkg/mapper/iac-providers/cft/cft.go @@ -191,6 +191,16 @@ func (m cftMapper) mapConfigForResource(r cloudformation.Resource, resourceName return config.GetEbsVolumeConfig(resource) case *ec2.VPC: return config.GetEc2VpcConfig(resource) + case *ec2.SubnetRouteTableAssociation: + return config.GetRouteTableAssociationConfig(resource) + case *ec2.RouteTable: + return config.GetRouteTableConfig(resource) + case *ec2.NatGateway: + return config.GetNatGatewayConfig(resource) + case *ec2.Subnet: + return config.GetSubnetConfig(resource) + case *ec2.Route: + return config.GetRouteConfig(resource) case *efs.FileSystem: return config.GetEfsFileSystemConfig(resource) case *elasticache.CacheCluster: diff --git a/pkg/mapper/iac-providers/cft/config/nat-gateway.go b/pkg/mapper/iac-providers/cft/config/nat-gateway.go new file mode 100644 index 000000000..04e922356 --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/nat-gateway.go @@ -0,0 +1,45 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// NatGatewayConfig holds config for aws_nat_gateway +type NatGatewayConfig struct { + Config + AllocationId string `json:"allocation_id"` + ConnectivityType string `json:"connectivity_type"` + SubnetId string `json:"subnet_id"` +} + +// GetRouteTableAssociationConfig returns config for aws_nat_gateway +func GetNatGatewayConfig(e *ec2.NatGateway) []AWSResourceConfig { + cf := NatGatewayConfig{ + Config: Config{ + Tags: e.Tags, + }, + AllocationId: e.AllocationId, + ConnectivityType: e.ConnectivityType, + SubnetId: e.SubnetId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/config/route-table-association.go b/pkg/mapper/iac-providers/cft/config/route-table-association.go new file mode 100644 index 000000000..f201c50e2 --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/route-table-association.go @@ -0,0 +1,41 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// RouteTableAssociationConfig holds config for aws_route_table_association +type RouteTableAssociationConfig struct { + Config + RouteTableId string `json:"route_table_id"` + SubnetId string `json:"subnet_id"` +} + +// GetRouteTableAssociationConfig returns config for aws_route_table_association +func GetRouteTableAssociationConfig(e *ec2.SubnetRouteTableAssociation) []AWSResourceConfig { + cf := RouteTableAssociationConfig{ + Config: Config{}, + RouteTableId: e.RouteTableId, + SubnetId: e.SubnetId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/config/route-table.go b/pkg/mapper/iac-providers/cft/config/route-table.go new file mode 100644 index 000000000..568e9120a --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/route-table.go @@ -0,0 +1,41 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// RouteTableConfig holds config for aws_route_table +type RouteTableConfig struct { + Config + VpcId string `json:"vpc_id"` +} + +// RouteTable returns config for aws_route_table +func GetRouteTableConfig(e *ec2.RouteTable) []AWSResourceConfig { + cf := RouteTableConfig{ + Config: Config{ + Tags: e.Tags, + }, + VpcId: e.VpcId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/config/route.go b/pkg/mapper/iac-providers/cft/config/route.go new file mode 100644 index 000000000..d3a7f1830 --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/route.go @@ -0,0 +1,63 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// RouteConfig holds config for aws_route +type RouteConfig struct { + Config + CarrierGatewayId string `json:"carrier_gateway_id"` + DestinationCidrBlock string `json:"destination_cidr_block"` + DestinationIpv6CidrBlock string `json:"destination_ipv6_cidr_block"` + EgressOnlyInternetGatewayId string `json:"egress_only_gateway_id"` + GatewayId string `json:"gateway_id"` + InstanceId string `json:"instance_id"` + LocalGatewayId string `json:"local_gateway_id"` + NatGatewayId string `json:"nat_gateway_id"` + NetworkInterfaceId string `json:"network_interface_id"` + RouteTableId string `json:"route_table_id"` + TransitGatewayId string `json:"transit_gateway_id"` + VpcEndpointId string `json:"vpc_endpoint_id"` + VpcPeeringConnectionId string `json:"vpc_peering_connection_id"` +} + +// RouteTable returns config for aws_route +func GetRouteConfig(e *ec2.Route) []AWSResourceConfig { + cf := RouteConfig{ + Config: Config{}, + CarrierGatewayId: e.CarrierGatewayId, + DestinationCidrBlock: e.DestinationCidrBlock, + DestinationIpv6CidrBlock: e.DestinationIpv6CidrBlock, + EgressOnlyInternetGatewayId: e.EgressOnlyInternetGatewayId, + GatewayId: e.GatewayId, + InstanceId: e.InstanceId, + LocalGatewayId: e.LocalGatewayId, + NatGatewayId: e.NatGatewayId, + NetworkInterfaceId: e.NetworkInterfaceId, + RouteTableId: e.RouteTableId, + TransitGatewayId: e.TransitGatewayId, + VpcEndpointId: e.VpcEndpointId, + VpcPeeringConnectionId: e.VpcPeeringConnectionId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/config/subnet.go b/pkg/mapper/iac-providers/cft/config/subnet.go new file mode 100644 index 000000000..41cd9dc83 --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/subnet.go @@ -0,0 +1,53 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v5/cloudformation/ec2" +) + +// SubnetConfig holds config for aws_subnet +type SubnetConfig struct { + Config + AssignIpv6AddressOnCreation bool `json:"assign_ipv6_address_on_creation"` + AvailabilityZone string `json:"availability_zone"` + CidrBlock string `json:"cidr_block"` + Ipv6CidrBlock string `json:"ipv6_cidr_block"` + MapPublicIpOnLaunch bool `json:"map_public_ip_on_launch"` + OutpostArn string `json:"outpost_arn"` + VpcId string `json:"vpc_id"` +} + +// GetSubnetConfig returns config for aws_subnet +func GetSubnetConfig(e *ec2.Subnet) []AWSResourceConfig { + cf := SubnetConfig{ + Config: Config{ + Tags: e.Tags, + }, + AssignIpv6AddressOnCreation: e.AssignIpv6AddressOnCreation, + AvailabilityZone: e.AvailabilityZone, + CidrBlock: e.CidrBlock, + Ipv6CidrBlock: e.Ipv6CidrBlock, + MapPublicIpOnLaunch: e.MapPublicIpOnLaunch, + OutpostArn: e.OutpostArn, + VpcId: e.VpcId, + } + return []AWSResourceConfig{{ + Resource: cf, + Metadata: e.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/store/store.go b/pkg/mapper/iac-providers/cft/store/store.go index 3c09b2c22..0783206d5 100644 --- a/pkg/mapper/iac-providers/cft/store/store.go +++ b/pkg/mapper/iac-providers/cft/store/store.go @@ -106,4 +106,9 @@ var ResourceTypes = map[string]string{ "AWS::AppMesh::Mesh": AwsAppMeshMesh, "AWS::ApplicationAutoScaling::ScalingPolicy": AwsAppAutoscalingPolicy, "AWS::RAM::ResourceShare": AwsRAMResourceShare, + "AWS::EC2::SubnetRouteTableAssociation": AwsRouteTableAssociation, + "AWS::EC2::RouteTable": AwsRouteTable, + "AWS::EC2::NatGateway": AwsNatGateway, + "AWS::EC2::Subnet": AwsSubnet, + "AWS::EC2::Route": AwsRoute, } diff --git a/pkg/mapper/iac-providers/cft/store/types.go b/pkg/mapper/iac-providers/cft/store/types.go index 8147cd5b3..6c3a9bafe 100644 --- a/pkg/mapper/iac-providers/cft/store/types.go +++ b/pkg/mapper/iac-providers/cft/store/types.go @@ -105,4 +105,9 @@ const ( AwsAppMeshMesh = "aws_appmesh_mesh" AwsRAMResourceShare = "aws_ram_resource_share" AwsAppAutoscalingPolicy = "aws_appautoscaling_policy" + AwsRouteTableAssociation = "aws_route_table_association" + AwsRouteTable = "aws_route_table" + AwsNatGateway = "aws_nat_gateway" + AwsSubnet = "aws_subnet" + AwsRoute = "aws_route" ) From 7ca6c3f20c1c3bfbee5fc716056e691d8c6e3b67 Mon Sep 17 00:00:00 2001 From: Shreyas Date: Mon, 13 Jun 2022 10:35:27 +0530 Subject: [PATCH 2/3] Fixing incorrect variable names --- .../iac-providers/cft/config/nat-gateway.go | 10 ++-- .../cft/config/route-table-association.go | 8 ++-- .../iac-providers/cft/config/route-table.go | 6 +-- pkg/mapper/iac-providers/cft/config/route.go | 46 +++++++++---------- pkg/mapper/iac-providers/cft/config/subnet.go | 8 ++-- 5 files changed, 39 insertions(+), 39 deletions(-) diff --git a/pkg/mapper/iac-providers/cft/config/nat-gateway.go b/pkg/mapper/iac-providers/cft/config/nat-gateway.go index 04e922356..e2012196e 100644 --- a/pkg/mapper/iac-providers/cft/config/nat-gateway.go +++ b/pkg/mapper/iac-providers/cft/config/nat-gateway.go @@ -23,20 +23,20 @@ import ( // NatGatewayConfig holds config for aws_nat_gateway type NatGatewayConfig struct { Config - AllocationId string `json:"allocation_id"` + AllocationID string `json:"allocation_id"` ConnectivityType string `json:"connectivity_type"` - SubnetId string `json:"subnet_id"` + SubnetID string `json:"subnet_id"` } -// GetRouteTableAssociationConfig returns config for aws_nat_gateway +// GetNatGatewayConfig returns config for aws_nat_gateway func GetNatGatewayConfig(e *ec2.NatGateway) []AWSResourceConfig { cf := NatGatewayConfig{ Config: Config{ Tags: e.Tags, }, - AllocationId: e.AllocationId, + AllocationID: e.AllocationId, ConnectivityType: e.ConnectivityType, - SubnetId: e.SubnetId, + SubnetID: e.SubnetId, } return []AWSResourceConfig{{ Resource: cf, diff --git a/pkg/mapper/iac-providers/cft/config/route-table-association.go b/pkg/mapper/iac-providers/cft/config/route-table-association.go index f201c50e2..0397ec599 100644 --- a/pkg/mapper/iac-providers/cft/config/route-table-association.go +++ b/pkg/mapper/iac-providers/cft/config/route-table-association.go @@ -23,16 +23,16 @@ import ( // RouteTableAssociationConfig holds config for aws_route_table_association type RouteTableAssociationConfig struct { Config - RouteTableId string `json:"route_table_id"` - SubnetId string `json:"subnet_id"` + RouteTableID string `json:"route_table_id"` + SubnetID string `json:"subnet_id"` } // GetRouteTableAssociationConfig returns config for aws_route_table_association func GetRouteTableAssociationConfig(e *ec2.SubnetRouteTableAssociation) []AWSResourceConfig { cf := RouteTableAssociationConfig{ Config: Config{}, - RouteTableId: e.RouteTableId, - SubnetId: e.SubnetId, + RouteTableID: e.RouteTableId, + SubnetID: e.SubnetId, } return []AWSResourceConfig{{ Resource: cf, diff --git a/pkg/mapper/iac-providers/cft/config/route-table.go b/pkg/mapper/iac-providers/cft/config/route-table.go index 568e9120a..c9e169e39 100644 --- a/pkg/mapper/iac-providers/cft/config/route-table.go +++ b/pkg/mapper/iac-providers/cft/config/route-table.go @@ -23,16 +23,16 @@ import ( // RouteTableConfig holds config for aws_route_table type RouteTableConfig struct { Config - VpcId string `json:"vpc_id"` + VpcID string `json:"vpc_id"` } -// RouteTable returns config for aws_route_table +// GetRouteTableConfig returns config for aws_route_table func GetRouteTableConfig(e *ec2.RouteTable) []AWSResourceConfig { cf := RouteTableConfig{ Config: Config{ Tags: e.Tags, }, - VpcId: e.VpcId, + VpcID: e.VpcId, } return []AWSResourceConfig{{ Resource: cf, diff --git a/pkg/mapper/iac-providers/cft/config/route.go b/pkg/mapper/iac-providers/cft/config/route.go index d3a7f1830..915e74b4a 100644 --- a/pkg/mapper/iac-providers/cft/config/route.go +++ b/pkg/mapper/iac-providers/cft/config/route.go @@ -23,38 +23,38 @@ import ( // RouteConfig holds config for aws_route type RouteConfig struct { Config - CarrierGatewayId string `json:"carrier_gateway_id"` + CarrierGatewayID string `json:"carrier_gateway_id"` DestinationCidrBlock string `json:"destination_cidr_block"` DestinationIpv6CidrBlock string `json:"destination_ipv6_cidr_block"` - EgressOnlyInternetGatewayId string `json:"egress_only_gateway_id"` - GatewayId string `json:"gateway_id"` - InstanceId string `json:"instance_id"` - LocalGatewayId string `json:"local_gateway_id"` - NatGatewayId string `json:"nat_gateway_id"` - NetworkInterfaceId string `json:"network_interface_id"` - RouteTableId string `json:"route_table_id"` - TransitGatewayId string `json:"transit_gateway_id"` - VpcEndpointId string `json:"vpc_endpoint_id"` - VpcPeeringConnectionId string `json:"vpc_peering_connection_id"` + EgressOnlyInternetGatewayID string `json:"egress_only_gateway_id"` + GatewayID string `json:"gateway_id"` + InstanceID string `json:"instance_id"` + LocalGatewayID string `json:"local_gateway_id"` + NatGatewayID string `json:"nat_gateway_id"` + NetworkInterfaceID string `json:"network_interface_id"` + RouteTableID string `json:"route_table_id"` + TransitGatewayID string `json:"transit_gateway_id"` + VpcEndpointID string `json:"vpc_endpoint_id"` + VpcPeeringConnectionID string `json:"vpc_peering_connection_id"` } -// RouteTable returns config for aws_route +// GetRouteConfig returns config for aws_route func GetRouteConfig(e *ec2.Route) []AWSResourceConfig { cf := RouteConfig{ Config: Config{}, - CarrierGatewayId: e.CarrierGatewayId, + CarrierGatewayID: e.CarrierGatewayId, DestinationCidrBlock: e.DestinationCidrBlock, DestinationIpv6CidrBlock: e.DestinationIpv6CidrBlock, - EgressOnlyInternetGatewayId: e.EgressOnlyInternetGatewayId, - GatewayId: e.GatewayId, - InstanceId: e.InstanceId, - LocalGatewayId: e.LocalGatewayId, - NatGatewayId: e.NatGatewayId, - NetworkInterfaceId: e.NetworkInterfaceId, - RouteTableId: e.RouteTableId, - TransitGatewayId: e.TransitGatewayId, - VpcEndpointId: e.VpcEndpointId, - VpcPeeringConnectionId: e.VpcPeeringConnectionId, + EgressOnlyInternetGatewayID: e.EgressOnlyInternetGatewayId, + GatewayID: e.GatewayId, + InstanceID: e.InstanceId, + LocalGatewayID: e.LocalGatewayId, + NatGatewayID: e.NatGatewayId, + NetworkInterfaceID: e.NetworkInterfaceId, + RouteTableID: e.RouteTableId, + TransitGatewayID: e.TransitGatewayId, + VpcEndpointID: e.VpcEndpointId, + VpcPeeringConnectionID: e.VpcPeeringConnectionId, } return []AWSResourceConfig{{ Resource: cf, diff --git a/pkg/mapper/iac-providers/cft/config/subnet.go b/pkg/mapper/iac-providers/cft/config/subnet.go index 41cd9dc83..b4f8bbe8f 100644 --- a/pkg/mapper/iac-providers/cft/config/subnet.go +++ b/pkg/mapper/iac-providers/cft/config/subnet.go @@ -27,9 +27,9 @@ type SubnetConfig struct { AvailabilityZone string `json:"availability_zone"` CidrBlock string `json:"cidr_block"` Ipv6CidrBlock string `json:"ipv6_cidr_block"` - MapPublicIpOnLaunch bool `json:"map_public_ip_on_launch"` + MapPublicIPOnLaunch bool `json:"map_public_ip_on_launch"` OutpostArn string `json:"outpost_arn"` - VpcId string `json:"vpc_id"` + VpcID string `json:"vpc_id"` } // GetSubnetConfig returns config for aws_subnet @@ -42,9 +42,9 @@ func GetSubnetConfig(e *ec2.Subnet) []AWSResourceConfig { AvailabilityZone: e.AvailabilityZone, CidrBlock: e.CidrBlock, Ipv6CidrBlock: e.Ipv6CidrBlock, - MapPublicIpOnLaunch: e.MapPublicIpOnLaunch, + MapPublicIPOnLaunch: e.MapPublicIpOnLaunch, OutpostArn: e.OutpostArn, - VpcId: e.VpcId, + VpcID: e.VpcId, } return []AWSResourceConfig{{ Resource: cf, From 86a9b3981e33cdfae2dada259080a64f0f58a324 Mon Sep 17 00:00:00 2001 From: Shreyas Date: Mon, 13 Jun 2022 15:15:30 +0530 Subject: [PATCH 3/3] Removing unnecessary Config allocation --- pkg/mapper/iac-providers/cft/config/route-table-association.go | 1 - pkg/mapper/iac-providers/cft/config/route.go | 1 - 2 files changed, 2 deletions(-) diff --git a/pkg/mapper/iac-providers/cft/config/route-table-association.go b/pkg/mapper/iac-providers/cft/config/route-table-association.go index 0397ec599..51617a355 100644 --- a/pkg/mapper/iac-providers/cft/config/route-table-association.go +++ b/pkg/mapper/iac-providers/cft/config/route-table-association.go @@ -30,7 +30,6 @@ type RouteTableAssociationConfig struct { // GetRouteTableAssociationConfig returns config for aws_route_table_association func GetRouteTableAssociationConfig(e *ec2.SubnetRouteTableAssociation) []AWSResourceConfig { cf := RouteTableAssociationConfig{ - Config: Config{}, RouteTableID: e.RouteTableId, SubnetID: e.SubnetId, } diff --git a/pkg/mapper/iac-providers/cft/config/route.go b/pkg/mapper/iac-providers/cft/config/route.go index 915e74b4a..e81ca676e 100644 --- a/pkg/mapper/iac-providers/cft/config/route.go +++ b/pkg/mapper/iac-providers/cft/config/route.go @@ -41,7 +41,6 @@ type RouteConfig struct { // GetRouteConfig returns config for aws_route func GetRouteConfig(e *ec2.Route) []AWSResourceConfig { cf := RouteConfig{ - Config: Config{}, CarrierGatewayID: e.CarrierGatewayId, DestinationCidrBlock: e.DestinationCidrBlock, DestinationIpv6CidrBlock: e.DestinationIpv6CidrBlock,