driftctl/pkg/resource/aws/aws_iam_access_key.go

39 lines
1.4 KiB
Go
Raw Normal View History

package aws
2021-05-11 15:02:08 +00:00
import (
"github.com/cloudskiff/driftctl/pkg/resource"
)
2021-03-25 11:13:52 +00:00
const AwsIamAccessKeyResourceType = "aws_iam_access_key"
2021-05-11 15:02:08 +00:00
func initAwsIAMAccessKeyMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
2021-08-09 15:15:35 +00:00
resourceSchemaRepository.SetResolveReadAttributesFunc(AwsIamAccessKeyResourceType, func(res *resource.Resource) map[string]string {
return map[string]string{
"user": *res.Attributes().GetString("user"),
}
})
2021-08-09 14:03:04 +00:00
resourceSchemaRepository.SetNormalizeFunc(AwsIamAccessKeyResourceType, func(res *resource.Resource) {
val := res.Attrs
2021-05-11 15:02:08 +00:00
// As we can't read secrets from aws API once access_key created we need to set
// fields retrieved from state to nil to avoid drift
// We can't detect drift if we cannot retrieve latest value from aws API for fields like secrets, passwords etc ...
val.SafeDelete([]string{"secret"})
val.SafeDelete([]string{"ses_smtp_password_v4"})
val.SafeDelete([]string{"ses_smtp_password"})
2021-06-01 13:38:14 +00:00
val.SafeDelete([]string{"encrypted_secret"})
val.SafeDelete([]string{"key_fingerprint"})
val.SafeDelete([]string{"pgp_key"})
2021-05-11 15:02:08 +00:00
})
2021-08-09 14:03:04 +00:00
resourceSchemaRepository.SetHumanReadableAttributesFunc(AwsIamAccessKeyResourceType, func(res *resource.Resource) map[string]string {
2021-05-21 14:09:45 +00:00
val := res.Attrs
attrs := make(map[string]string)
if user := val.GetString("user"); user != nil && *user != "" {
attrs["User"] = *user
}
return attrs
})
2021-09-17 15:16:06 +00:00
resourceSchemaRepository.SetFlags(AwsIamAccessKeyResourceType, resource.FlagDeepMode)
2021-05-11 15:02:08 +00:00
}