2020-12-09 15:31:34 +00:00
|
|
|
package aws
|
|
|
|
|
|
|
|
import (
|
2021-01-15 11:44:13 +00:00
|
|
|
"github.com/cloudskiff/driftctl/pkg/parallel"
|
2020-12-09 15:31:34 +00:00
|
|
|
"github.com/cloudskiff/driftctl/pkg/remote/deserializer"
|
|
|
|
"github.com/cloudskiff/driftctl/pkg/resource"
|
|
|
|
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
|
|
|
awsdeserializer "github.com/cloudskiff/driftctl/pkg/resource/aws/deserializer"
|
|
|
|
"github.com/cloudskiff/driftctl/pkg/terraform"
|
|
|
|
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
|
|
"github.com/aws/aws-sdk-go/service/ec2"
|
|
|
|
"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
"github.com/zclconf/go-cty/cty"
|
|
|
|
)
|
|
|
|
|
|
|
|
type VPCSecurityGroupSupplier struct {
|
2021-01-15 13:15:31 +00:00
|
|
|
reader terraform.ResourceReader
|
|
|
|
defaultSecurityGroupDeserializer deserializer.CTYDeserializer
|
|
|
|
securityGroupDeserializer deserializer.CTYDeserializer
|
|
|
|
client ec2iface.EC2API
|
|
|
|
defaultSecurityGroupRunner *terraform.ParallelResourceReader
|
|
|
|
securityGroupRunner *terraform.ParallelResourceReader
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
|
|
|
|
2021-01-15 11:44:13 +00:00
|
|
|
func NewVPCSecurityGroupSupplier(runner *parallel.ParallelRunner, client ec2iface.EC2API) *VPCSecurityGroupSupplier {
|
2021-01-15 13:15:31 +00:00
|
|
|
return &VPCSecurityGroupSupplier{
|
|
|
|
terraform.Provider(terraform.AWS),
|
|
|
|
awsdeserializer.NewDefaultSecurityGroupDeserializer(),
|
|
|
|
awsdeserializer.NewVPCSecurityGroupDeserializer(),
|
|
|
|
client,
|
|
|
|
terraform.NewParallelResourceReader(runner.SubRunner()),
|
|
|
|
terraform.NewParallelResourceReader(runner.SubRunner()),
|
|
|
|
}
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s VPCSecurityGroupSupplier) Resources() ([]resource.Resource, error) {
|
2021-01-15 13:15:31 +00:00
|
|
|
securityGroups, defaultSecurityGroups, err := listSecurityGroups(s.client)
|
2020-12-09 15:31:34 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2021-01-15 13:15:31 +00:00
|
|
|
|
|
|
|
for _, item := range securityGroups {
|
|
|
|
res := *item
|
|
|
|
s.securityGroupRunner.Run(func() (cty.Value, error) {
|
|
|
|
return s.readSecurityGroup(res)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
securityGroupResources, err := s.securityGroupRunner.Wait()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, item := range defaultSecurityGroups {
|
|
|
|
res := *item
|
|
|
|
s.defaultSecurityGroupRunner.Run(func() (cty.Value, error) {
|
|
|
|
return s.readSecurityGroup(res)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
defaultSecurityGroupResources, err := s.defaultSecurityGroupRunner.Wait()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
2021-01-15 13:15:31 +00:00
|
|
|
|
|
|
|
// Deserialize
|
|
|
|
deserializedDefaultSecurityGroups, err := s.defaultSecurityGroupDeserializer.Deserialize(defaultSecurityGroupResources)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
deserializedSecurityGroups, err := s.securityGroupDeserializer.Deserialize(securityGroupResources)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
resources := make([]resource.Resource, 0, len(securityGroupResources)+len(defaultSecurityGroupResources))
|
|
|
|
resources = append(resources, deserializedDefaultSecurityGroups...)
|
|
|
|
resources = append(resources, deserializedSecurityGroups...)
|
|
|
|
|
|
|
|
return resources, nil
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s VPCSecurityGroupSupplier) readSecurityGroup(securityGroup ec2.SecurityGroup) (cty.Value, error) {
|
2021-01-15 13:15:31 +00:00
|
|
|
var Ty resource.ResourceType = resourceaws.AwsSecurityGroupResourceType
|
2021-01-15 16:02:44 +00:00
|
|
|
if isDefaultSecurityGroup(securityGroup) {
|
2021-01-15 13:15:31 +00:00
|
|
|
Ty = resourceaws.AwsDefaultSecurityGroupResourceType
|
|
|
|
}
|
|
|
|
val, err := s.reader.ReadResource(terraform.ReadResourceArgs{
|
|
|
|
ID: aws.StringValue(securityGroup.GroupId),
|
|
|
|
Ty: Ty,
|
2020-12-09 15:31:34 +00:00
|
|
|
})
|
|
|
|
if err != nil {
|
2021-01-15 13:15:31 +00:00
|
|
|
logrus.Error(err)
|
2020-12-09 15:31:34 +00:00
|
|
|
return cty.NilVal, err
|
|
|
|
}
|
2021-01-15 13:15:31 +00:00
|
|
|
return *val, nil
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
|
|
|
|
2021-01-15 13:15:31 +00:00
|
|
|
func listSecurityGroups(client ec2iface.EC2API) ([]*ec2.SecurityGroup, []*ec2.SecurityGroup, error) {
|
2020-12-09 15:31:34 +00:00
|
|
|
var securityGroups []*ec2.SecurityGroup
|
2021-01-15 13:15:31 +00:00
|
|
|
var defaultSecurityGroups []*ec2.SecurityGroup
|
2020-12-09 15:31:34 +00:00
|
|
|
input := &ec2.DescribeSecurityGroupsInput{}
|
|
|
|
err := client.DescribeSecurityGroupsPages(input, func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool {
|
2021-01-15 13:15:31 +00:00
|
|
|
for _, securityGroup := range res.SecurityGroups {
|
2021-01-15 16:02:44 +00:00
|
|
|
if isDefaultSecurityGroup(*securityGroup) {
|
2021-01-15 13:15:31 +00:00
|
|
|
defaultSecurityGroups = append(defaultSecurityGroups, securityGroup)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
securityGroups = append(securityGroups, securityGroup)
|
|
|
|
}
|
2020-12-09 15:31:34 +00:00
|
|
|
return !lastPage
|
|
|
|
})
|
|
|
|
if err != nil {
|
2021-01-15 13:15:31 +00:00
|
|
|
return nil, nil, err
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
2021-01-15 13:15:31 +00:00
|
|
|
return securityGroups, defaultSecurityGroups, nil
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
2021-01-15 16:02:44 +00:00
|
|
|
|
|
|
|
// Return true if the security group is considered as a default one
|
|
|
|
func isDefaultSecurityGroup(securityGroup ec2.SecurityGroup) bool {
|
|
|
|
return securityGroup.GroupName != nil && *securityGroup.GroupName == "default"
|
|
|
|
}
|