$SrSSKJr SSKJr SSKJr SSKrSSKrSSKrSSKrSSK J r J r J r SSK Jr SSK Jr SS KJr SS KJr SS KJr S \S \ \\44SjrS\S \4SjrS\ \\4S \4SjrS\ \\ 4S \ \ \\ 44SjrS\S \4Sjrg)z,Module for interacting with Terraform files.)absolute_import)division)unicode_literalsN)DictListAny)const)parsers)run_subprocess)errors)filesroot_dirreturnc0n[R"U/5nU(Ga)UR5n[R"U5Hn[R R X45n[R RU5(a+URS5(dURU5 MoMq[R RU5(dMURS5(d0URS5(dMURS5(aM[R"U5X'M U(aGM)U$)aFetches all the relevant TF files in the given directory recusively and returns a dictionary of the file paths and contents. Args: root_dir: The path of the directory to find the TF files in. Returns: A dictionary of the TF files in the given directory {path: contents}. .z.tfz.tfvars) collectionsdequepopleftoslistdirpathjoinisdir startswithappendisfileendswithr ReadFileContents)rtf_files dir_queue current_diritem item_paths ?lib/googlecloudsdk/api_lib/scc/remediation_intents/terraform.pyfetch_tf_filesr%"s ( +) ##%K ;''',,{1i y ! !s##   9 %$ 77>>) $ $   U # #y'9'9)'D'D&&s++#44Y?(   /dir_pathc[R"5n[R"U5 SS/n[R"U[ R S9 /SQn[R"U[ R SS9n[R"U5 [R"US5$![a$n[R"[U55eSnAff=f![a$n[R"[U55eSnAff=f) zFetches the TfState json for the given directory and returns in json format. Args: dir_path: The path of the directory to fetch the TfState data from. Returns: The json of the TfState data or throws an exception if there is an error. terraforminit) timeout_secN)r)showz-jsonT)r+ strip_outputr) rgetcwdchdirr GetOutputLinesr TF_CMD_TIMEOUT Exceptionr TfStateFetchingErrorstrjsonloads)r'org_dircmde tfstate_datas r$ fetch_tfstater;@s.iikGHHX  C!!#53G3GH. (C!00 --DLHHW ::l1o && .  % %c!f --. .  % %c!f --.s1AB,AC, C6CC D 'DD modified_tf_filesc x0nUR5Hup#[R"U5X'M UR5HVup$[R"X$5 SSSU/n[R "USS[R [R S9nMX SS/n[R "USS[R [R S9nUR5VVs/sHupx[R"Xx5PM nnng![Ra}nUR5VVs/sHupx[R"Xx5PM Os snnfnnn[RRX&RURS9sSnAs $SnAff=f![Ra{nUR5VVs/sHupx[R"Xx5PM Os snnfnnn[RRURURS 9sSnA$SnAff=fs snnf) zValidates the given TF files and returns the appropriate error message if any. Args: modified_tf_files: The dictionary of the modified TF files {path: contents}. Returns: The error message if any in string format, otherwise None. r)fmtz -write=trueT)textcheckstdoutstderr) file_pathrArBNvalidate)rArB)itemsr rWriteFileContents subprocessrunPIPECalledProcessErrorr TF_FMT_ERROR_MSGformatrArBTF_VALIDATE_ERROR_MSG) r<original_tf_filesrC_ file_contentr8r9fpfcs r$validate_tf_filesrS^s')'--/li#(#9#9)#D 0"3!8!8!:i I4 % :c ..   a ";. j!#   A&6G5L5L5NO5N62ur&5N!O E  ( ( *//1 1fb  ! !" )1 a   # # * *hhqxx+ *  & & (--/ /FB '/ A   & & - -xx .  PsZ :D#4F$*"H6F!$F7"E ;FF!F!$H38H. "G.-;H.(H3.H3 tfstate_jsonc^^/mS[[[44UU4SjjmURS05RS05nT"U5 T$)aSTraverses the TfState json and returns a list of resources in json format. Args: tfstate_json: The json of the TfState data. Structure: { "values": { "root_module": { "resources": [ ... ], # List of resources "child_modules": [ # List of nested modules { "resources": [ ... ], "child_modules": [ ... ] } ] } } } Returns: A list of json objects, each representing a resource in the TfState. or an empty list if there are no resources in the TfState or if the TfState is not in the expected format. modulecp>SU;aTRUS5 SU;aUSH nT"U5 M gg)N resources child_modules)extend)rVchild all_resourcestraverses r$r],get_resources_from_tfstate..traversesAf6+./& /*%+!r&values root_module)rr4rget)rTr`r\r]s @@r$get_resources_from_tfstaterbsR4-tCH~  2.22="E+ ; r&cP[U5n[U5n0[RVs0sHnU[R _M snE[R Vs0sHnU[R_M snEnURU;aXQR"X15$gs snfs snf)apParses the tfstate file for the given finding. Args: dir_path: The path of the directory to parse the tfstate file from. finding_data: SCC Finding data in form of class (securityposture.messages.Finding). Returns: The structured data depending on the finding category, in string format. If the finding category is not supported, returns an empty string. ) r;rbr IAM_RECOMMENDER_FINDINGSr iam_recommender_parserFIREWALL_FINDINGSfirewall_parsercategory)r' finding_data tftstate_jsonrXri parser_maps r$ parse_tf_filerms )-(7)  88 8h G22 28   11 1h G++ +1  *j( ++ ,Y EE   s BB#)__doc__ __future__rrrrr5rrGtypingrrr.googlecloudsdk.api_lib.scc.remediation_intentsr r googlecloudsdk.command_lib.coder 2googlecloudsdk.command_lib.scc.remediation_intentsr googlecloudsdk.core.utilr r4r%r;rSrbrmr&r$rvs3&' ""@B:E*ST#s(^<.C.4.<<c3h<C<~%sCx.% $sCx.%P C # r&