dZddlmZddlmZddlmZddlZddlZddlZddlZddl m Z m Z m Z ddl mZddl mZdd lmZdd lmZdd lmZd ed e eeffdZded efdZde eefd efdZde ee fd e e ee ffdZded efdZy)z,Module for interacting with Terraform files.)absolute_import)division)unicode_literalsN)DictListAny)const)parsers)run_subprocess)errors)filesroot_dirreturnc4i}tj|g}|r|j}tj|D]}tj j ||}tj j|r$|jdrT|j|ftj j|s|jds$|jds|jdrtj|||<|r|S)aFetches all the relevant TF files in the given directory recusively and returns a dictionary of the file paths and contents. Args: root_dir: The path of the directory to find the TF files in. Returns: A dictionary of the TF files in the given directory {path: contents}. .z.tfz.tfvars) collectionsdequepopleftoslistdirpathjoinisdir startswithappendisfileendswithr ReadFileContents)rtf_files dir_queue current_diritem item_paths ?lib/googlecloudsdk/api_lib/scc/remediation_intents/terraform.pyfetch_tf_filesr%"s ( +) ##%K ;''',,{D1i y !s#   9 % 77>>) $   U #y'9'9)'D&&s+#44Y?(  /dir_pathc tj}tj|ddg}tj|t j  gd}tj|t j d}tj|tj|dS#t$r#}tjt|d}~wwxYw#t$r#}tjt|d}~wwxYw) zFetches the TfState json for the given directory and returns in json format. Args: dir_path: The path of the directory to fetch the TfState data from. Returns: The json of the TfState data or throws an exception if there is an error. terraforminit) timeout_secN)r)showz-jsonT)r+ strip_outputr) rgetcwdchdirr GetOutputLinesr TF_CMD_TIMEOUT Exceptionr TfStateFetchingErrorstrjsonloads)r'org_dircmde tfstate_datas r$ fetch_tfstater;@s.iikGHHX  C!!#53G3GH. (C!00 --DLHHW ::l1o && .  % %c!f --. .  % %c!f --.s1AB,AC, C5CC D$DDmodified_tf_filesc zi}|jD]\}}tj|||<|jD]X\}}tj|| ddd|g}t j |ddtj tj }Zddg} t j |ddtj tj }|jDcgc]\}}tj||}}}y#tj$r}|jDcgc]\}}tj||ncc}}w}}}tjj||j|jcYd}~cSd}~wwxYw#tj$r|}|jDcgc]\}}tj||ncc}}w}}}tjj|j|j cYd}~Sd}~wwxYwcc}}w) zValidates the given TF files and returns the appropriate error message if any. Args: modified_tf_files: The dictionary of the modified TF files {path: contents}. Returns: The error message if any in string format, otherwise None. r)fmtz -write=trueT)textcheckstdoutstderr) file_pathrArBNvalidate)rArB)itemsr rWriteFileContents subprocessrunPIPECalledProcessErrorr TF_FMT_ERROR_MSGformatrArBTF_VALIDATE_ERROR_MSG) r<original_tf_filesrC_ file_contentr8r9fpfcs r$validate_tf_filesrS^s')'--/li#(#9#9)#Di 0"3!8!8!:i I|4 % :c ..   a ";. j!#   A&6G5L5L5NO5N62rur2&5N!O E  ( ( *//1 1fb"  ! !"b )1 a   # # * *ahhqxx+ *  & & (--/ /FB B'/ A   & & - -xx .  PsZ H/)H4/H4 tfstate_jsoncgdtttfffd |jdijdi}|S)a{Traverses the TfState json and returns a list of resources in json format. Args: tfstate_json: The json of the TfState data. Structure: { "values": { "root_module": { "resources": [ ... ], # List of resources "child_modules": [ # List of nested modules { "resources": [ ... ], "child_modules": [ ... ] } ] } } } Returns: A list of json objects, each representing a resource in the TfState. or an empty list if there are no resources in the TfState or if the TfState is not in the expected format. modulecdd|vrj|dd|vr|dD] }| yy)N resources child_modules)extend)rVchild all_resourcestraverses r$r]z,get_resources_from_tfstate..traversesAf6+./& /*%+!r&values root_module)rr4rget)rTr_r\r]s @@r$get_resources_from_tfstaterasM4-tCH~  2.22="E+ ; r&cDt|}t|}itjDcic]}|tj c}tj Dcic]}|tjc}}|j|vr||j||Sycc}wcc}w)aParses the tfstate file for the given finding. Args: dir_path: The path of the directory to parse the tfstate file from. finding_data: SCC Finding data in form of class (securityposture.messages.Finding). Returns: The structured data depending on the finding category, in string format. If the finding category is not supported, returns an empty string. ) r;rar IAM_RECOMMENDER_FINDINGSr iam_recommender_parserFIREWALL_FINDINGSfirewall_parsercategory)r' finding_data tftstate_jsonrXrh parser_maps r$ parse_tf_filerls )-(7)  88 8h G22 28   11 1h G++ +1  *j( ,:l++ ,Y EE   s BB)__doc__ __future__rrrrr5rrGtypingrrr.googlecloudsdk.api_lib.scc.remediation_intentsr r googlecloudsdk.command_lib.coder 2googlecloudsdk.command_lib.scc.remediation_intentsr googlecloudsdk.core.utilr r4r%r;rSrarlr&r$rus3&' ""@B:E*ST#s(^<.C.4.<<c3h<C<~%sCx.% $sCx.%P C # r&