added kustomize support

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/hashicorp/hcl/v2 v2.3.0
 	github.com/hashicorp/terraform v0.12.28
 	github.com/iancoleman/strcase v0.1.1
-	github.com/mattn/go-isatty v0.0.5
+	github.com/mattn/go-isatty v0.0.8
 	github.com/open-policy-agent/opa v0.22.0
 	github.com/pelletier/go-toml v1.8.0
 	github.com/pkg/errors v0.9.1
@@ -25,4 +25,5 @@ require (
 	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776
 	helm.sh/helm/v3 v3.4.0
 	honnef.co/go/tools v0.0.1-2020.1.6 // indirect
+	sigs.k8s.io/kustomize/api v0.6.5
 )

pkg/iac-providers/kustomize.go

@@ -0,0 +1,36 @@
+/*
+    Copyright (C) 2020 Accurics, Inc.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+*/
+
+package iacprovider
+
+import (
+	"reflect"
+
+	kustomizev3 "github.com/accurics/terrascan/pkg/iac-providers/kustomize/v3"
+)
+
+// terraform specific constants
+const (
+	kustomize                  supportedIacType    = "kustomize"
+	kustomizeV3                supportedIacVersion = "v3"
+	kustomizeDefaultIacVersion                     = kustomizeV3
+)
+
+// register kubernetes as an IaC provider with terrascan
+func init() {
+	// register iac provider
+	RegisterIacProvider(kustomize, kustomizeV3, kustomizeDefaultIacVersion, reflect.TypeOf(kustomizev3.KustomizeV3{}))
+}

pkg/iac-providers/kustomize/v3/load-dir.go

@@ -0,0 +1,122 @@
+package kustomizev3
+
+import (
+	"errors"
+	"path/filepath"
+
+	k8sv1 "github.com/accurics/terrascan/pkg/iac-providers/kubernetes/v1"
+	"github.com/accurics/terrascan/pkg/iac-providers/output"
+	"github.com/accurics/terrascan/pkg/utils"
+	"go.uber.org/zap"
+	"sigs.k8s.io/kustomize/api/filesys"
+	"sigs.k8s.io/kustomize/api/krusty"
+)
+
+const (
+	kustomizedirectory string = "kustomize_directory"
+)
+
+// LoadIacDir loads the kustomize directory
+func (k *KustomizeV3) LoadIacDir(absRootDir string) (output.AllResourceConfigs, error) {
+
+	allResourcesConfig := make(map[string][]output.ResourceConfig)
+
+	files, err := utils.FindFilesBySuffixInCurrentDir(absRootDir, KustomizeFileNames())
+	if err != nil {
+		zap.S().Warn("error while searching for iac files", zap.String("root dir", absRootDir), zap.Error(err))
+		return allResourcesConfig, err
+	}
+
+	if len(files) == 0 {
+		err := errors.New("could not find a kustomization.yaml/yml file in the directory")
+		zap.S().Warn("error while searching for iac files", zap.String("root dir", absRootDir), zap.Error(err))
+		return allResourcesConfig, err
+	}
+
+	if len(files) > 1 {
+		err := errors.New("a directory cannot have more than 1 kustomization.yaml/yml file")
+		zap.S().Warn("error while searching for iac files", zap.String("root dir", absRootDir), zap.Error(err))
+		return allResourcesConfig, err
+	}
+
+	var config output.ResourceConfig
+	config.Type = kustomizedirectory
+	config.Name = filepath.Dir(absRootDir)
+	config.Line = 0
+	config.ID = config.Type + "." + config.Name
+
+	var yamlkustomizeobj map[string]interface{}
+	var kustomizeFileName string
+	for _, filename := range KustomizeFileNames() {
+		yamlkustomizeobj, err = utils.ReadYamlFile(filepath.Join(absRootDir, filename))
+		if err == nil {
+			kustomizeFileName = filename
+			break
+		}
+	}
+
+	if len(yamlkustomizeobj) == 0 {
+		err := errors.New("unable to read any kustomization file in the directory")
+		zap.S().Warn("error while searching for iac files", zap.String("root dir", absRootDir), zap.Error(err))
+		return allResourcesConfig, err
+	}
+
+	config.Source = filepath.Join(absRootDir, kustomizeFileName)
+	config.Config = yamlkustomizeobj
+
+	allResourcesConfig[kustomizedirectory] = append(allResourcesConfig[kustomizedirectory], config)
+
+	iacDocumentMap := make(map[string][]*utils.IacDocument)
+	var iacDocuments []*utils.IacDocument
+
+	iacDocuments, err = loadKustomize(absRootDir, kustomizeFileName)
+	if err != nil {
+		zap.S().Warn("error occurred while loading kustomize directory", zap.String("kustomize directory", absRootDir), zap.Error(err))
+		return nil, err
+	}
+
+	iacDocumentMap[absRootDir] = iacDocuments
+
+	for _, iacDocuments := range iacDocumentMap {
+		for _, doc := range iacDocuments {
+			// @TODO add k8s version check
+			var k k8sv1.K8sV1
+			var config *output.ResourceConfig
+
+			config, err = k.Normalize(doc)
+			if err != nil {
+				zap.S().Warn("unable to normalize data", zap.Error(err), zap.String("file", doc.FilePath))
+				continue
+			}
+
+			config.Line = 1
+			config.Source = doc.FilePath
+
+			allResourcesConfig[config.Type] = append(allResourcesConfig[config.Type], *config)
+		}
+	}
+
+	return allResourcesConfig, nil
+}
+
+func loadKustomize(basepath, filename string) ([]*utils.IacDocument, error) {
+	fSys := filesys.MakeFsOnDisk()
+	k := krusty.MakeKustomizer(fSys, krusty.MakeDefaultOptions())
+
+	m, err := k.Run(basepath)
+	if err != nil {
+		return nil, err
+	}
+
+	yaml, err := m.AsYaml()
+	if err != nil {
+		return nil, err
+	}
+
+	res, err := utils.LoadYAMLString(string(yaml), filename)
+	if err != nil {
+		return nil, err
+	}
+
+	return res, nil
+}

pkg/iac-providers/kustomize/v3/load-file.go

@@ -0,0 +1,18 @@
+package kustomizev3
+
+import (
+	"fmt"
+
+	"github.com/accurics/terrascan/pkg/iac-providers/output"
+	"go.uber.org/zap"
+)
+
+var (
+	errLoadIacFileNotSupported = fmt.Errorf("load iac file is not supported for kustomize")
+)
+
+// LoadIacFile is not supported for helm. Only loading chart directories are supported
+func (k *KustomizeV3) LoadIacFile(absRootPath string) (allResourcesConfig output.AllResourceConfigs, err error) {
+	zap.S().Error(errLoadIacFileNotSupported)
+	return make(map[string][]output.ResourceConfig), errLoadIacFileNotSupported
+}

pkg/iac-providers/kustomize/v3/testdata/multibases/base/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+- pod.yaml

pkg/iac-providers/kustomize/v3/testdata/multibases/base/pod.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: myapp-pod
+  labels:
+    app: myapp
+spec:
+  containers:
+  - name: nginx
+    image: nginx:1.7.9

pkg/iac-providers/kustomize/v3/testdata/multibases/dev/kustomization.yaml

@@ -0,0 +1,3 @@
+resources:
+- ../base
+namePrefix: dev-

pkg/iac-providers/kustomize/v3/testdata/multibases/kustomization.yaml

@@ -0,0 +1,5 @@
+resources:
+- dev
+- stage
+- prod
+namePrefix: cluster-a-

pkg/iac-providers/kustomize/v3/testdata/multibases/prod/kustomization.yaml

@@ -0,0 +1,3 @@
+resources:
+- ../base
+namePrefix: prod-

pkg/iac-providers/kustomize/v3/testdata/multibases/stage/kustomization.yaml

@@ -0,0 +1,3 @@
+resources:
+- ../base
+namePrefix: staging-