2020-12-09 15:31:34 +00:00
|
|
|
package aws
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
|
2021-01-15 11:44:13 +00:00
|
|
|
"github.com/cloudskiff/driftctl/pkg/parallel"
|
2020-12-09 15:31:34 +00:00
|
|
|
awsdeserializer "github.com/cloudskiff/driftctl/pkg/resource/aws/deserializer"
|
|
|
|
|
|
|
|
"github.com/aws/aws-sdk-go/service/iam"
|
|
|
|
"github.com/aws/aws-sdk-go/service/iam/iamiface"
|
|
|
|
"github.com/cloudskiff/driftctl/pkg/remote/deserializer"
|
|
|
|
"github.com/cloudskiff/driftctl/pkg/resource"
|
|
|
|
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
|
|
|
"github.com/cloudskiff/driftctl/pkg/terraform"
|
|
|
|
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
"github.com/zclconf/go-cty/cty"
|
|
|
|
)
|
|
|
|
|
|
|
|
type IamRolePolicySupplier struct {
|
|
|
|
reader terraform.ResourceReader
|
|
|
|
deserializer deserializer.CTYDeserializer
|
|
|
|
client iamiface.IAMAPI
|
|
|
|
runner *terraform.ParallelResourceReader
|
|
|
|
}
|
|
|
|
|
2021-01-15 11:44:13 +00:00
|
|
|
func NewIamRolePolicySupplier(runner *parallel.ParallelRunner, client iamiface.IAMAPI) *IamRolePolicySupplier {
|
2020-12-09 15:31:34 +00:00
|
|
|
return &IamRolePolicySupplier{terraform.Provider(terraform.AWS), awsdeserializer.NewIamRolePolicyDeserializer(), client, terraform.NewParallelResourceReader(runner)}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s IamRolePolicySupplier) Resources() ([]resource.Resource, error) {
|
|
|
|
policies, err := listIamRolePolicies(s.client)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
for _, policyName := range policies {
|
|
|
|
name := policyName
|
|
|
|
s.runner.Run(func() (cty.Value, error) {
|
|
|
|
return s.readRes(name)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
results, err := s.runner.Wait()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return s.deserializer.Deserialize(results)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s IamRolePolicySupplier) readRes(name string) (cty.Value, error) {
|
|
|
|
res, err := s.reader.ReadResource(
|
|
|
|
terraform.ReadResourceArgs{
|
|
|
|
Ty: resourceaws.AwsIamRolePolicyResourceType,
|
|
|
|
ID: name,
|
|
|
|
},
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
logrus.Warnf("Error reading iam role policy %s[%s]: %+v", name, resourceaws.AwsIamRolePolicyResourceType, err)
|
|
|
|
return cty.NilVal, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return *res, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func listIamRolePolicies(client iamiface.IAMAPI) ([]string, error) {
|
|
|
|
roles, err := listIamRoles(client)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var resources []string
|
|
|
|
for _, role := range roles {
|
|
|
|
input := &iam.ListRolePoliciesInput{
|
|
|
|
RoleName: role.RoleName,
|
|
|
|
}
|
|
|
|
|
|
|
|
err := client.ListRolePoliciesPages(input, func(res *iam.ListRolePoliciesOutput, lastPage bool) bool {
|
|
|
|
for _, policy := range res.PolicyNames {
|
|
|
|
resources = append(
|
|
|
|
resources,
|
|
|
|
fmt.Sprintf(
|
|
|
|
"%s:%s",
|
|
|
|
*role.RoleName,
|
|
|
|
*policy,
|
|
|
|
),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
return !lastPage
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return resources, nil
|
|
|
|
}
|