Skip to content

Commit

Permalink
fix(terraform): check that the expiration_date is string (#1387)
Browse files Browse the repository at this point in the history
* fix(terraform): check that the expiration_date is string

* extract fn
  • Loading branch information
nikpivkin authored Jul 16, 2023
1 parent 931764a commit 4bed7fd
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 18 deletions.
31 changes: 13 additions & 18 deletions internal/adapters/terraform/azure/keyvault/adapt.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,38 +127,33 @@ func adaptSecret(resource *terraform.Block) keyvault.Secret {
contentTypeAttr := resource.GetAttribute("content_type")
contentTypeVal := contentTypeAttr.AsStringValueOrDefault("", resource)

expiryDateAttr := resource.GetAttribute("expiration_date")
expiryDateVal := defsecTypes.TimeDefault(time.Time{}, resource.GetMetadata())

if expiryDateAttr.IsString() {
expiryDateString := expiryDateAttr.Value().AsString()
if expiryDate, err := time.Parse(time.RFC3339, expiryDateString); err == nil {
expiryDateVal = defsecTypes.Time(expiryDate, expiryDateAttr.GetMetadata())
}
} else if expiryDateAttr.IsNotNil() {
expiryDateVal = defsecTypes.TimeUnresolvable(expiryDateAttr.GetMetadata())
}

return keyvault.Secret{
Metadata: resource.GetMetadata(),
ContentType: contentTypeVal,
ExpiryDate: expiryDateVal,
ExpiryDate: resolveExpiryDate(resource),
}
}

func adaptKey(resource *terraform.Block) keyvault.Key {

return keyvault.Key{
Metadata: resource.GetMetadata(),
ExpiryDate: resolveExpiryDate(resource),
}
}

func resolveExpiryDate(resource *terraform.Block) defsecTypes.TimeValue {
expiryDateAttr := resource.GetAttribute("expiration_date")
expiryDateVal := defsecTypes.TimeDefault(time.Time{}, resource.GetMetadata())

if expiryDateAttr.IsNotNil() {
if expiryDateAttr.IsString() {
expiryDateString := expiryDateAttr.Value().AsString()
if expiryDate, err := time.Parse(time.RFC3339, expiryDateString); err == nil {
expiryDateVal = defsecTypes.Time(expiryDate, expiryDateAttr.GetMetadata())
}
} else if expiryDateAttr.IsNotNil() {
expiryDateVal = defsecTypes.TimeUnresolvable(expiryDateAttr.GetMetadata())
}

return keyvault.Key{
Metadata: resource.GetMetadata(),
ExpiryDate: expiryDateVal,
}
return expiryDateVal
}
44 changes: 44 additions & 0 deletions internal/adapters/terraform/azure/keyvault/adapt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,50 @@ func Test_adaptKey(t *testing.T) {
ExpiryDate: defsecTypes.Time(time.Time{}, defsecTypes.NewTestMetadata()),
},
},
{
name: "expiration date refers to the resource",
terraform: `
terraform {
required_version = ">=1.3.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=3.0.0"
}
time = {
source = "hashicorp/time"
version = ">=0.9.0"
}
}
}
resource "azurerm_key_vault" "this" {
name = "keyvault"
location = "us-west"
resource_group_name = "resource-group"
tenant_id = "tenant-id"
sku_name = "Standard"
}
resource "time_offset" "expiry" {
offset_years = 1
base_rfc3339 = "YYYY-MM-DDTHH:MM:SSZ"
}
resource "azurerm_key_vault_key" "this" {
name = "key"
key_vault_id = azurerm_key_vault.this.id
key_type = "RSA"
key_size = 2048
key_opts = ["decrypt", "encrypt", "sign", "unwrapKey", "verify", "wrapKey"]
expiration_date = time_offset.expiry.rfc3339
}
`,
expected: keyvault.Key{
Metadata: defsecTypes.NewTestMetadata(),
ExpiryDate: defsecTypes.TimeUnresolvable(defsecTypes.NewTestMetadata()),
},
},
}

for _, test := range tests {
Expand Down

0 comments on commit 4bed7fd

Please sign in to comment.