driftctl/pkg/remote/aws/iam_role_policy_attachment_...

78 lines
2.5 KiB
Go
Raw Normal View History

package aws
import (
2021-05-21 14:09:45 +00:00
"fmt"
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
"github.com/cloudskiff/driftctl/pkg/resource"
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
2021-05-21 14:09:45 +00:00
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/sirupsen/logrus"
"github.com/zclconf/go-cty/cty"
)
type IamRolePolicyAttachmentSupplier struct {
reader terraform.ResourceReader
2021-05-21 14:09:45 +00:00
deserializer *resource.Deserializer
2021-05-27 14:15:55 +00:00
repo repository.IAMRepository
runner *terraform.ParallelResourceReader
}
2021-05-21 14:09:45 +00:00
func NewIamRolePolicyAttachmentSupplier(provider *AWSTerraformProvider, deserializer *resource.Deserializer) *IamRolePolicyAttachmentSupplier {
return &IamRolePolicyAttachmentSupplier{
provider,
2021-05-21 14:09:45 +00:00
deserializer,
2021-05-27 14:15:55 +00:00
repository.NewIAMRepository(provider.session),
terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
}
}
func (s *IamRolePolicyAttachmentSupplier) Resources() ([]resource.Resource, error) {
2021-05-27 14:15:55 +00:00
roles, err := s.repo.ListAllRoles()
if err != nil {
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, resourceaws.AwsIamRolePolicyAttachmentResourceType, resourceaws.AwsIamRoleResourceType)
}
2021-05-27 14:15:55 +00:00
policyAttachments, err := s.repo.ListAllRolePolicyAttachments(roles)
if err != nil {
return nil, remoteerror.NewResourceEnumerationError(err, resourceaws.AwsIamRolePolicyAttachmentResourceType)
}
results := make([]cty.Value, 0)
if len(policyAttachments) > 0 {
for _, attachedPolicy := range policyAttachments {
attached := *attachedPolicy
s.runner.Run(func() (cty.Value, error) {
return s.readRolePolicyAttachment(&attached)
})
}
results, err = s.runner.Wait()
if err != nil {
return nil, err
}
}
2021-05-21 14:09:45 +00:00
return s.deserializer.Deserialize(resourceaws.AwsIamRolePolicyAttachmentResourceType, results)
}
func (s *IamRolePolicyAttachmentSupplier) readRolePolicyAttachment(attachedPol *repository.AttachedRolePolicy) (cty.Value, error) {
res, err := s.reader.ReadResource(
terraform.ReadResourceArgs{
Ty: resourceaws.AwsIamRolePolicyAttachmentResourceType,
2021-05-21 14:09:45 +00:00
ID: fmt.Sprintf("%s-%s", *attachedPol.PolicyName, attachedPol.RoleName),
Attributes: map[string]string{
"role": attachedPol.RoleName,
"policy_arn": *attachedPol.PolicyArn,
},
},
)
if err != nil {
logrus.Warnf("Error reading iam role policy attachment %s[%s]: %+v", attachedPol, resourceaws.AwsIamRolePolicyAttachmentResourceType, err)
return cty.NilVal, err
}
return *res, nil
}