driftctl/pkg/middlewares/iam_policy_attachment_expan...

531 lines
14 KiB
Go
Raw Normal View History

package middlewares
import (
"strings"
"testing"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/r3labs/diff/v2"
"github.com/snyk/driftctl/enumeration/resource"
2022-07-21 08:37:03 +00:00
dctlresource "github.com/snyk/driftctl/pkg/resource"
"github.com/snyk/driftctl/pkg/resource/aws"
)
2021-05-12 09:35:02 +00:00
func TestIamPolicyAttachmentExpander_Execute(t *testing.T) {
type resources struct {
2021-08-09 14:03:04 +00:00
RemoteResources *[]*resource.Resource
ResourcesFromState *[]*resource.Resource
}
tests := []struct {
name string
args resources
2022-07-21 08:37:03 +00:00
mocks func(*dctlresource.MockResourceFactory)
expected resources
wantErr bool
}{
{
2021-05-07 15:47:53 +00:00
name: "Split users and ReId",
2022-07-21 08:37:03 +00:00
mocks: func(factory *dctlresource.MockResourceFactory) {
2021-05-07 15:47:53 +00:00
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"jean-arn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "arn",
"users": []interface{}{"jean"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "jean-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"paul-arn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "arn",
"users": []interface{}{"paul"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "paul-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"pierre-arn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "arn",
"users": []interface{}{"pierre"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "pierre-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"jean-thisisarn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "thisisarn",
"users": []interface{}{"jean"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "jean-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"paul-thisisarn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "thisisarn",
"users": []interface{}{"paul"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "paul-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"jacques-thisisarn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "thisisarn",
"users": []interface{}{"jacques"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "jacques-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"jean-fromstatearn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "fromstatearn",
"users": []interface{}{"jean"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "jean-fromstatearn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
},
args: struct {
2021-08-09 14:03:04 +00:00
RemoteResources *[]*resource.Resource
ResourcesFromState *[]*resource.Resource
}{
2021-08-09 14:03:04 +00:00
RemoteResources: &[]*resource.Resource{
{
2021-05-07 15:47:53 +00:00
Id: "wrongId",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "arn",
2021-05-12 09:35:02 +00:00
"users": []interface{}{"jean", "paul", "pierre"},
2021-05-07 15:47:53 +00:00
},
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "wrongId2",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "thisisarn",
2021-05-12 09:35:02 +00:00
"users": []interface{}{"jean", "paul", "jacques"},
2021-05-07 15:47:53 +00:00
},
},
},
2021-08-09 14:03:04 +00:00
ResourcesFromState: &[]*resource.Resource{
{
2021-05-07 15:47:53 +00:00
Id: "wrongId",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "fromstatearn",
2021-05-12 09:35:02 +00:00
"users": []interface{}{"jean"},
2021-05-07 15:47:53 +00:00
},
},
},
},
expected: struct {
2021-08-09 14:03:04 +00:00
RemoteResources *[]*resource.Resource
ResourcesFromState *[]*resource.Resource
}{
2021-08-09 14:03:04 +00:00
RemoteResources: &[]*resource.Resource{
{
2021-05-07 15:47:53 +00:00
Id: "jean-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "paul-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "pierre-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "jean-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "paul-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "jacques-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
2021-08-09 14:03:04 +00:00
ResourcesFromState: &[]*resource.Resource{
{
2021-05-07 15:47:53 +00:00
Id: "jean-fromstatearn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
},
wantErr: false,
},
{
2021-05-07 15:47:53 +00:00
name: "Split Roles and ReId",
2022-07-21 08:37:03 +00:00
mocks: func(factory *dctlresource.MockResourceFactory) {
2021-05-07 15:47:53 +00:00
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role1-arn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "arn",
"roles": []interface{}{"role1"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "role1-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role2-arn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "arn",
"roles": []interface{}{"role2"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "role2-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"pierre-arn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "arn",
"roles": []interface{}{"pierre"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "pierre-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role1-thisisarn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "thisisarn",
"roles": []interface{}{"role1"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "role1-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role2-thisisarn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "thisisarn",
"roles": []interface{}{"role2"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "role2-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role3-thisisarn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "thisisarn",
"roles": []interface{}{"role3"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "role3-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role1-fromstatearn",
map[string]interface{}{
2021-05-21 14:09:45 +00:00
"policy_arn": "fromstatearn",
"roles": []interface{}{"role1"},
2021-05-07 15:47:53 +00:00
},
2021-08-09 14:03:04 +00:00
).Once().Return(&resource.Resource{
2021-05-07 15:47:53 +00:00
Id: "role1-fromstatearn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
},
args: struct {
2021-08-09 14:03:04 +00:00
RemoteResources *[]*resource.Resource
ResourcesFromState *[]*resource.Resource
}{
2021-08-09 14:03:04 +00:00
RemoteResources: &[]*resource.Resource{
{
2021-05-07 15:47:53 +00:00
Id: "wrongId",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "arn",
2021-05-12 09:35:02 +00:00
"roles": []interface{}{"role1", "role2", "pierre"},
2021-05-07 15:47:53 +00:00
},
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "wrongId2",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "thisisarn",
2021-05-12 09:35:02 +00:00
"roles": []interface{}{"role1", "role2", "role3"},
2021-05-07 15:47:53 +00:00
},
},
},
2021-08-09 14:03:04 +00:00
ResourcesFromState: &[]*resource.Resource{
{
2021-05-07 15:47:53 +00:00
Id: "wrongId",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "fromstatearn",
2021-05-12 09:35:02 +00:00
"roles": []interface{}{"role1"},
2021-05-07 15:47:53 +00:00
},
},
},
},
expected: struct {
2021-08-09 14:03:04 +00:00
RemoteResources *[]*resource.Resource
ResourcesFromState *[]*resource.Resource
}{
2021-08-09 14:03:04 +00:00
RemoteResources: &[]*resource.Resource{
{
2021-05-07 15:47:53 +00:00
Id: "role1-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "role2-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "pierre-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "role1-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "role2-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
2021-08-09 14:03:04 +00:00
{
2021-05-07 15:47:53 +00:00
Id: "role3-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
2021-08-09 14:03:04 +00:00
ResourcesFromState: &[]*resource.Resource{
{
2021-05-07 15:47:53 +00:00
Id: "role1-fromstatearn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
},
wantErr: false,
},
2022-05-10 13:46:59 +00:00
{
name: "Split Groups and ReId",
2022-07-21 08:37:03 +00:00
mocks: func(factory *dctlresource.MockResourceFactory) {
2022-05-10 13:46:59 +00:00
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"group1-arn",
map[string]interface{}{
"policy_arn": "arn",
"groups": []interface{}{"group1"},
},
).Once().Return(&resource.Resource{
Id: "group1-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"group2-arn",
map[string]interface{}{
"policy_arn": "arn",
"groups": []interface{}{"group2"},
},
).Once().Return(&resource.Resource{
Id: "group2-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"foobar-arn",
map[string]interface{}{
"policy_arn": "arn",
"groups": []interface{}{"foobar"},
},
).Once().Return(&resource.Resource{
Id: "foobar-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"group1-thisisarn",
map[string]interface{}{
"policy_arn": "thisisarn",
"groups": []interface{}{"group1"},
},
).Once().Return(&resource.Resource{
Id: "group1-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"group2-thisisarn",
map[string]interface{}{
"policy_arn": "thisisarn",
"groups": []interface{}{"group2"},
},
).Once().Return(&resource.Resource{
Id: "group2-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"group3-thisisarn",
map[string]interface{}{
"policy_arn": "thisisarn",
"groups": []interface{}{"group3"},
},
).Once().Return(&resource.Resource{
Id: "group3-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"group1-fromstatearn",
map[string]interface{}{
"policy_arn": "fromstatearn",
"groups": []interface{}{"group1"},
},
).Once().Return(&resource.Resource{
Id: "group1-fromstatearn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
},
args: struct {
RemoteResources *[]*resource.Resource
ResourcesFromState *[]*resource.Resource
}{
RemoteResources: &[]*resource.Resource{
{
Id: "wrongId",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "arn",
"groups": []interface{}{"group1", "group2", "foobar"},
},
},
{
Id: "wrongId2",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "thisisarn",
"groups": []interface{}{"group1", "group2", "group3"},
},
},
},
ResourcesFromState: &[]*resource.Resource{
{
Id: "wrongId",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "fromstatearn",
"groups": []interface{}{"group1"},
},
},
},
},
expected: struct {
RemoteResources *[]*resource.Resource
ResourcesFromState *[]*resource.Resource
}{
RemoteResources: &[]*resource.Resource{
{
Id: "group1-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
{
Id: "group2-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
{
Id: "foobar-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
{
Id: "group1-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
{
Id: "group2-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
{
Id: "group3-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
ResourcesFromState: &[]*resource.Resource{
{
Id: "group1-fromstatearn",
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
2021-05-07 15:47:53 +00:00
2022-07-21 08:37:03 +00:00
factory := &dctlresource.MockResourceFactory{}
2021-05-07 15:47:53 +00:00
if tt.mocks != nil {
tt.mocks(factory)
}
m := NewIamPolicyAttachmentExpander(factory)
if err := m.Execute(tt.args.RemoteResources, tt.args.ResourcesFromState); (err != nil) != tt.wantErr {
t.Errorf("Execute() error = %v, wantErr %v", err, tt.wantErr)
}
changelog, err := diff.Diff(tt.args, tt.expected)
if err != nil {
t.Error(err)
}
if len(changelog) > 0 {
for _, change := range changelog {
t.Errorf("%s got = %v, want %v", strings.Join(change.Path, "."), awsutil.Prettify(change.From), awsutil.Prettify(change.To))
}
}
})
}
}