2021-08-03 10:34:36 +00:00
package alerts
import (
"fmt"
"github.com/cloudskiff/driftctl/pkg/alerter"
"github.com/cloudskiff/driftctl/pkg/remote/common"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
"github.com/sirupsen/logrus"
)
type ScanningPhase int
const (
EnumerationPhase ScanningPhase = iota
DetailsFetchingPhase
)
type RemoteAccessDeniedAlert struct {
message string
provider string
scanningPhase ScanningPhase
}
2021-09-06 15:00:38 +00:00
func NewRemoteAccessDeniedAlert ( provider string , scanErr * remoteerror . ResourceScanningError , scanningPhase ScanningPhase ) * RemoteAccessDeniedAlert {
2021-08-03 10:34:36 +00:00
var message string
switch scanningPhase {
case EnumerationPhase :
2021-09-06 15:00:38 +00:00
message = fmt . Sprintf (
"Ignoring %s from drift calculation: Listing %s is forbidden: %s" ,
scanErr . Resource ( ) ,
scanErr . ListedTypeError ( ) ,
scanErr . RootCause ( ) . Error ( ) ,
)
2021-08-03 10:34:36 +00:00
case DetailsFetchingPhase :
2021-09-06 15:00:38 +00:00
message = fmt . Sprintf (
"Ignoring %s from drift calculation: Reading details of %s is forbidden: %s" ,
scanErr . Resource ( ) ,
scanErr . ListedTypeError ( ) ,
scanErr . RootCause ( ) . Error ( ) ,
)
2021-08-03 10:34:36 +00:00
default :
2021-09-06 15:00:38 +00:00
message = fmt . Sprintf (
"Ignoring %s from drift calculation: %s" ,
scanErr . Resource ( ) ,
scanErr . RootCause ( ) . Error ( ) ,
)
2021-08-03 10:34:36 +00:00
}
return & RemoteAccessDeniedAlert { message , provider , scanningPhase }
}
func ( e * RemoteAccessDeniedAlert ) Message ( ) string {
return e . message
}
func ( e * RemoteAccessDeniedAlert ) ShouldIgnoreResource ( ) bool {
return true
}
func ( e * RemoteAccessDeniedAlert ) GetProviderMessage ( ) string {
var message string
if e . scanningPhase == DetailsFetchingPhase {
message = "It seems that we got access denied exceptions while reading details of resources.\n"
}
if e . scanningPhase == EnumerationPhase {
message = "It seems that we got access denied exceptions while listing resources.\n"
}
switch e . provider {
case common . RemoteGithubTerraform :
message += "Please be sure that your Github token has the right permissions, check the last up-to-date documentation there: https://docs.driftctl.com/github/policy"
case common . RemoteAWSTerraform :
message += "The latest minimal read-only IAM policy for driftctl is always available here, please update yours: https://docs.driftctl.com/aws/policy"
2021-08-04 15:17:27 +00:00
case common . RemoteGoogleTerraform :
message += "Please ensure that you have configured the required roles, please check our documentation at https://docs.driftctl.com/google/policy"
2021-08-03 10:34:36 +00:00
default :
return ""
}
return message
}
func sendRemoteAccessDeniedAlert ( provider string , alerter alerter . AlerterInterface , listError * remoteerror . ResourceScanningError , p ScanningPhase ) {
logrus . WithFields ( logrus . Fields {
"resource" : listError . Resource ( ) ,
"listed_type" : listError . ListedTypeError ( ) ,
2021-09-06 15:00:38 +00:00
} ) . Debugf ( "Got an access denied error: %+v" , listError . Error ( ) )
alerter . SendAlert ( listError . Resource ( ) , NewRemoteAccessDeniedAlert ( provider , listError , p ) )
2021-08-03 10:34:36 +00:00
}
func SendEnumerationAlert ( provider string , alerter alerter . AlerterInterface , listError * remoteerror . ResourceScanningError ) {
sendRemoteAccessDeniedAlert ( provider , alerter , listError , EnumerationPhase )
}
func SendDetailsFetchingAlert ( provider string , alerter alerter . AlerterInterface , listError * remoteerror . ResourceScanningError ) {
sendRemoteAccessDeniedAlert ( provider , alerter , listError , DetailsFetchingPhase )
}