driftctl/pkg/middlewares/aws_iam_policy_attachement_...

90 lines
3.1 KiB
Go
Raw Normal View History

2021-05-21 14:09:45 +00:00
package middlewares
import (
"github.com/snyk/driftctl/enumeration/resource"
2022-07-21 08:37:03 +00:00
"github.com/snyk/driftctl/pkg/resource/aws"
2021-05-21 14:09:45 +00:00
)
/**
When listing policy attachment from aws we retrieve only user_policy_attachment or role_policy_attachment thus making it
impossible to compare with policy_attachment that could exist in terraform.
We decided to transform all attachments to policy_attachment so we can find which attachments are managed.
*/
type IamPolicyAttachmentTransformer struct {
resourceFactory resource.ResourceFactory
}
func NewIamPolicyAttachmentTransformer(resourceFactory resource.ResourceFactory) IamPolicyAttachmentTransformer {
return IamPolicyAttachmentTransformer{
resourceFactory,
}
}
2021-08-09 14:03:04 +00:00
func (m IamPolicyAttachmentTransformer) Execute(remoteResources, resourcesFromState *[]*resource.Resource) error {
2021-05-21 14:09:45 +00:00
*remoteResources = m.transform(remoteResources)
*resourcesFromState = m.transform(resourcesFromState)
return nil
}
2021-08-09 14:03:04 +00:00
func (m IamPolicyAttachmentTransformer) transform(resources *[]*resource.Resource) []*resource.Resource {
var newResources []*resource.Resource
2021-05-21 14:09:45 +00:00
for _, res := range *resources {
if res.ResourceType() != aws.AwsIamUserPolicyAttachmentResourceType &&
2022-05-10 13:46:59 +00:00
res.ResourceType() != aws.AwsIamRolePolicyAttachmentResourceType &&
res.ResourceType() != aws.AwsIamGroupPolicyAttachmentResourceType {
2021-05-21 14:09:45 +00:00
newResources = append(newResources, res)
continue
}
if res.ResourceType() == aws.AwsIamUserPolicyAttachmentResourceType {
2021-05-21 14:09:45 +00:00
attrs := *res.Attributes()
policyAttachmentData := resource.Attributes{
"id": res.ResourceId(),
2021-05-21 14:09:45 +00:00
"policy_arn": attrs["policy_arn"],
"users": []interface{}{attrs["user"]},
"groups": []interface{}{},
"roles": []interface{}{},
}
policyAttachment := m.resourceFactory.CreateAbstractResource(aws.AwsIamPolicyAttachmentResourceType, res.ResourceId(), policyAttachmentData)
2021-05-21 14:09:45 +00:00
newResources = append(newResources, policyAttachment)
continue
}
if res.ResourceType() == aws.AwsIamRolePolicyAttachmentResourceType {
2021-05-21 14:09:45 +00:00
attrs := *res.Attributes()
policyAttachmentData := resource.Attributes{
"id": res.ResourceId(),
2021-05-21 14:09:45 +00:00
"policy_arn": attrs["policy_arn"],
"users": []interface{}{},
"groups": []interface{}{},
"roles": []interface{}{attrs["role"]},
}
policyAttachment := m.resourceFactory.CreateAbstractResource(aws.AwsIamPolicyAttachmentResourceType, res.ResourceId(), policyAttachmentData)
2021-05-21 14:09:45 +00:00
newResources = append(newResources, policyAttachment)
continue
}
2022-05-10 13:46:59 +00:00
if res.ResourceType() == aws.AwsIamGroupPolicyAttachmentResourceType {
attrs := *res.Attributes()
policyAttachmentData := resource.Attributes{
"id": res.ResourceId(),
"policy_arn": attrs["policy_arn"],
"users": []interface{}{},
"groups": []interface{}{attrs["group"]},
"roles": []interface{}{},
}
policyAttachment := m.resourceFactory.CreateAbstractResource(aws.AwsIamPolicyAttachmentResourceType, res.ResourceId(), policyAttachmentData)
newResources = append(newResources, policyAttachment)
continue
}
2021-05-21 14:09:45 +00:00
}
return newResources
}