2020-12-09 15:31:34 +00:00
|
|
|
package aws
|
|
|
|
|
|
|
|
import (
|
2021-05-21 14:09:45 +00:00
|
|
|
"fmt"
|
2021-06-07 13:02:12 +00:00
|
|
|
|
2021-05-19 14:58:52 +00:00
|
|
|
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
2021-01-20 13:01:57 +00:00
|
|
|
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
|
|
|
|
2020-12-09 15:31:34 +00:00
|
|
|
"github.com/cloudskiff/driftctl/pkg/resource"
|
|
|
|
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
2021-05-21 14:09:45 +00:00
|
|
|
|
2020-12-09 15:31:34 +00:00
|
|
|
"github.com/cloudskiff/driftctl/pkg/terraform"
|
|
|
|
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
"github.com/zclconf/go-cty/cty"
|
|
|
|
)
|
|
|
|
|
|
|
|
type IamRolePolicyAttachmentSupplier struct {
|
|
|
|
reader terraform.ResourceReader
|
2021-05-21 14:09:45 +00:00
|
|
|
deserializer *resource.Deserializer
|
2021-05-27 14:15:55 +00:00
|
|
|
repo repository.IAMRepository
|
2020-12-09 15:31:34 +00:00
|
|
|
runner *terraform.ParallelResourceReader
|
|
|
|
}
|
|
|
|
|
2021-06-07 13:02:12 +00:00
|
|
|
func NewIamRolePolicyAttachmentSupplier(provider *AWSTerraformProvider, deserializer *resource.Deserializer, repo repository.IAMRepository) *IamRolePolicyAttachmentSupplier {
|
2021-01-20 13:01:57 +00:00
|
|
|
return &IamRolePolicyAttachmentSupplier{
|
2021-01-22 17:06:17 +00:00
|
|
|
provider,
|
2021-05-21 14:09:45 +00:00
|
|
|
deserializer,
|
2021-06-07 13:02:12 +00:00
|
|
|
repo,
|
2021-01-22 17:06:17 +00:00
|
|
|
terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
|
2021-01-20 13:01:57 +00:00
|
|
|
}
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
|
|
|
|
2021-03-17 15:54:53 +00:00
|
|
|
func (s *IamRolePolicyAttachmentSupplier) Resources() ([]resource.Resource, error) {
|
2021-05-27 14:15:55 +00:00
|
|
|
roles, err := s.repo.ListAllRoles()
|
2020-12-09 15:31:34 +00:00
|
|
|
if err != nil {
|
2021-05-19 14:58:52 +00:00
|
|
|
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, resourceaws.AwsIamRolePolicyAttachmentResourceType, resourceaws.AwsIamRoleResourceType)
|
|
|
|
}
|
2021-05-27 14:15:55 +00:00
|
|
|
policyAttachments, err := s.repo.ListAllRolePolicyAttachments(roles)
|
2021-05-19 14:58:52 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, remoteerror.NewResourceEnumerationError(err, resourceaws.AwsIamRolePolicyAttachmentResourceType)
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
|
|
|
|
2021-05-19 14:58:52 +00:00
|
|
|
results := make([]cty.Value, 0)
|
|
|
|
if len(policyAttachments) > 0 {
|
|
|
|
for _, attachedPolicy := range policyAttachments {
|
2020-12-09 15:31:34 +00:00
|
|
|
attached := *attachedPolicy
|
|
|
|
s.runner.Run(func() (cty.Value, error) {
|
2021-05-19 14:58:52 +00:00
|
|
|
return s.readRolePolicyAttachment(&attached)
|
2020-12-09 15:31:34 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
results, err = s.runner.Wait()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-05-21 14:09:45 +00:00
|
|
|
return s.deserializer.Deserialize(resourceaws.AwsIamRolePolicyAttachmentResourceType, results)
|
2020-12-09 15:31:34 +00:00
|
|
|
}
|
|
|
|
|
2021-05-19 14:58:52 +00:00
|
|
|
func (s *IamRolePolicyAttachmentSupplier) readRolePolicyAttachment(attachedPol *repository.AttachedRolePolicy) (cty.Value, error) {
|
2020-12-09 15:31:34 +00:00
|
|
|
res, err := s.reader.ReadResource(
|
|
|
|
terraform.ReadResourceArgs{
|
|
|
|
Ty: resourceaws.AwsIamRolePolicyAttachmentResourceType,
|
2021-05-21 14:09:45 +00:00
|
|
|
ID: fmt.Sprintf("%s-%s", *attachedPol.PolicyName, attachedPol.RoleName),
|
2020-12-09 15:31:34 +00:00
|
|
|
Attributes: map[string]string{
|
|
|
|
"role": attachedPol.RoleName,
|
|
|
|
"policy_arn": *attachedPol.PolicyArn,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
logrus.Warnf("Error reading iam role policy attachment %s[%s]: %+v", attachedPol, resourceaws.AwsIamRolePolicyAttachmentResourceType, err)
|
|
|
|
return cty.NilVal, err
|
|
|
|
}
|
|
|
|
return *res, nil
|
|
|
|
}
|