driftctl/pkg/middlewares/iam_policy_attachment_expan...

85 lines
2.7 KiB
Go
Raw Normal View History

package middlewares
import (
"fmt"
2021-12-06 13:29:39 +00:00
"github.com/snyk/driftctl/pkg/resource"
resourceaws "github.com/snyk/driftctl/pkg/resource/aws"
)
// Split Policy attachment when there is multiple user and groups and generate a repeatable id
type IamPolicyAttachmentExpander struct {
2021-05-07 15:47:53 +00:00
resourceFactory resource.ResourceFactory
}
func NewIamPolicyAttachmentExpander(resourceFactory resource.ResourceFactory) IamPolicyAttachmentExpander {
return IamPolicyAttachmentExpander{
2021-05-07 15:47:53 +00:00
resourceFactory,
}
}
2021-08-09 14:03:04 +00:00
func (m IamPolicyAttachmentExpander) Execute(remoteResources, resourcesFromState *[]*resource.Resource) error {
var newStateResources = make([]*resource.Resource, 0)
for _, stateResource := range *resourcesFromState {
// Ignore all resources other than policy attachment
if stateResource.ResourceType() != resourceaws.AwsIamPolicyAttachmentResourceType {
newStateResources = append(newStateResources, stateResource)
continue
}
2021-08-09 14:03:04 +00:00
newStateResources = append(newStateResources, m.expand(stateResource)...)
}
2021-08-09 14:03:04 +00:00
var newRemoteResources = make([]*resource.Resource, 0)
2021-05-14 14:57:16 +00:00
for _, remoteResource := range *remoteResources {
// Ignore all resources other than policy attachment
if remoteResource.ResourceType() != resourceaws.AwsIamPolicyAttachmentResourceType {
2021-05-14 14:57:16 +00:00
newRemoteResources = append(newRemoteResources, remoteResource)
continue
}
2021-08-09 14:03:04 +00:00
newRemoteResources = append(newRemoteResources, m.expand(remoteResource)...)
}
*resourcesFromState = newStateResources
*remoteResources = newRemoteResources
return nil
}
2021-08-09 14:03:04 +00:00
func (m IamPolicyAttachmentExpander) expand(policyAttachment *resource.Resource) []*resource.Resource {
var newResources []*resource.Resource
2021-05-21 14:09:45 +00:00
users := policyAttachment.Attrs.GetSlice("users")
// we create one attachment per user
for _, user := range users {
2021-05-14 14:57:16 +00:00
user := user.(string)
newAttachment := m.resourceFactory.CreateAbstractResource(
resourceaws.AwsIamPolicyAttachmentResourceType,
2021-05-21 14:09:45 +00:00
fmt.Sprintf("%s-%s", user, (*policyAttachment.Attrs)["policy_arn"]),
2021-05-14 14:57:16 +00:00
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": *policyAttachment.Attrs.GetString("policy_arn"),
"users": []interface{}{user},
2021-05-14 14:57:16 +00:00
},
)
2021-05-21 14:09:45 +00:00
newResources = append(newResources, newAttachment)
2021-05-14 14:57:16 +00:00
}
2021-05-21 14:09:45 +00:00
roles := policyAttachment.Attrs.GetSlice("roles")
// we create one attachment per role
for _, role := range roles {
2021-05-14 14:57:16 +00:00
role := role.(string)
newAttachment := m.resourceFactory.CreateAbstractResource(
resourceaws.AwsIamPolicyAttachmentResourceType,
2021-05-21 14:09:45 +00:00
fmt.Sprintf("%s-%s", role, (*policyAttachment.Attrs)["policy_arn"]),
2021-05-14 14:57:16 +00:00
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": *policyAttachment.Attrs.GetString("policy_arn"),
"roles": []interface{}{role},
2021-05-14 14:57:16 +00:00
},
)
2021-05-21 14:09:45 +00:00
newResources = append(newResources, newAttachment)
}
return newResources
}