driftctl/pkg/remote/alerts/alerts.go

97 lines
3.2 KiB
Go
Raw Normal View History

2021-08-03 10:34:36 +00:00
package alerts
import (
"fmt"
"github.com/cloudskiff/driftctl/pkg/alerter"
"github.com/cloudskiff/driftctl/pkg/remote/common"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
"github.com/sirupsen/logrus"
)
type ScanningPhase int
const (
EnumerationPhase ScanningPhase = iota
DetailsFetchingPhase
)
type RemoteAccessDeniedAlert struct {
message string
provider string
scanningPhase ScanningPhase
}
func NewRemoteAccessDeniedAlert(provider string, scanErr *remoteerror.ResourceScanningError, scanningPhase ScanningPhase) *RemoteAccessDeniedAlert {
2021-08-03 10:34:36 +00:00
var message string
switch scanningPhase {
case EnumerationPhase:
message = fmt.Sprintf(
"Ignoring %s from drift calculation: Listing %s is forbidden: %s",
scanErr.Resource(),
scanErr.ListedTypeError(),
scanErr.RootCause().Error(),
)
2021-08-03 10:34:36 +00:00
case DetailsFetchingPhase:
message = fmt.Sprintf(
"Ignoring %s from drift calculation: Reading details of %s is forbidden: %s",
scanErr.Resource(),
scanErr.ListedTypeError(),
scanErr.RootCause().Error(),
)
2021-08-03 10:34:36 +00:00
default:
message = fmt.Sprintf(
"Ignoring %s from drift calculation: %s",
scanErr.Resource(),
scanErr.RootCause().Error(),
)
2021-08-03 10:34:36 +00:00
}
return &RemoteAccessDeniedAlert{message, provider, scanningPhase}
}
func (e *RemoteAccessDeniedAlert) Message() string {
return e.message
}
func (e *RemoteAccessDeniedAlert) ShouldIgnoreResource() bool {
return true
}
func (e *RemoteAccessDeniedAlert) GetProviderMessage() string {
var message string
if e.scanningPhase == DetailsFetchingPhase {
message = "It seems that we got access denied exceptions while reading details of resources.\n"
}
if e.scanningPhase == EnumerationPhase {
message = "It seems that we got access denied exceptions while listing resources.\n"
}
switch e.provider {
case common.RemoteGithubTerraform:
message += "Please be sure that your Github token has the right permissions, check the last up-to-date documentation there: https://docs.driftctl.com/github/policy"
case common.RemoteAWSTerraform:
message += "The latest minimal read-only IAM policy for driftctl is always available here, please update yours: https://docs.driftctl.com/aws/policy"
2021-08-04 15:17:27 +00:00
case common.RemoteGoogleTerraform:
message += "Please ensure that you have configured the required roles, please check our documentation at https://docs.driftctl.com/google/policy"
2021-08-03 10:34:36 +00:00
default:
return ""
}
return message
}
func sendRemoteAccessDeniedAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError, p ScanningPhase) {
logrus.WithFields(logrus.Fields{
"resource": listError.Resource(),
"listed_type": listError.ListedTypeError(),
}).Debugf("Got an access denied error: %+v", listError.Error())
alerter.SendAlert(listError.Resource(), NewRemoteAccessDeniedAlert(provider, listError, p))
2021-08-03 10:34:36 +00:00
}
func SendEnumerationAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError) {
sendRemoteAccessDeniedAlert(provider, alerter, listError, EnumerationPhase)
}
func SendDetailsFetchingAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError) {
sendRemoteAccessDeniedAlert(provider, alerter, listError, DetailsFetchingPhase)
}