Merge branch 'main' into sso

main
Elie 2021-06-30 18:26:22 +02:00 committed by GitHub
commit 0ca2866e5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
61 changed files with 186642 additions and 61885 deletions

View File

@ -209,7 +209,7 @@ func scanRun(opts *pkg.ScanOptions) error {
logrus.Trace("Exited")
}()
scanner := pkg.NewScanner(supplierLibrary.Suppliers(), remoteLibrary, alerter, pkg.ScannerOptions{Deep: opts.Deep})
scanner := remote.NewScanner(supplierLibrary.Suppliers(), remoteLibrary, alerter, remote.ScannerOptions{Deep: opts.Deep})
iacSupplier, err := supplier.GetIACSupplier(opts.From, providerLibrary, opts.BackendOptions, iacProgress, resFactory)
if err != nil {

View File

@ -80,6 +80,7 @@ func (d DriftCTL) Run() (*analyser.Analysis, error) {
middlewares.NewRoute53DefaultZoneRecordSanitizer(),
middlewares.NewS3BucketAcl(),
middlewares.NewAwsInstanceBlockDeviceResourceMapper(d.resourceFactory),
middlewares.NewAwsDefaultSecurityGroupRule(),
middlewares.NewVPCDefaultSecurityGroupSanitizer(),
middlewares.NewVPCSecurityGroupRuleSanitizer(d.resourceFactory),
middlewares.NewIamPolicyAttachmentTransformer(d.resourceFactory),

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,132 @@
package middlewares
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/sirupsen/logrus"
)
// Remove default security group rules of the default security group from remote resources
type AwsDefaultSecurityGroupRule struct{}
func NewAwsDefaultSecurityGroupRule() AwsDefaultSecurityGroupRule {
return AwsDefaultSecurityGroupRule{}
}
func (m AwsDefaultSecurityGroupRule) Execute(remoteResources, resourcesFromState *[]resource.Resource) error {
newRemoteResources := make([]resource.Resource, 0)
for _, remoteResource := range *remoteResources {
existInState := false
// Ignore all resources other than security group rules
if remoteResource.TerraformType() != aws.AwsSecurityGroupRuleResourceType {
newRemoteResources = append(newRemoteResources, remoteResource)
continue
}
rule, _ := remoteResource.(*resource.AbstractResource)
// Ignore if it's not the default ingress or egress rule
if !isDefaultIngress(rule, remoteResources) && !isDefaultEgress(rule, remoteResources) {
newRemoteResources = append(newRemoteResources, remoteResource)
continue
}
for _, stateResource := range *resourcesFromState {
if resource.IsSameResource(remoteResource, stateResource) {
existInState = true
break
}
}
if existInState {
newRemoteResources = append(newRemoteResources, remoteResource)
}
if !existInState {
logrus.WithFields(logrus.Fields{
"id": remoteResource.TerraformId(),
"type": remoteResource.TerraformType(),
}).Debug("Ignoring default unmanaged security group rule")
}
}
*remoteResources = newRemoteResources
return nil
}
func isDefaultIngress(rule *resource.AbstractResource, remoteResources *[]resource.Resource) bool {
if ty := rule.Attrs.GetString("type"); ty == nil || *ty != "ingress" {
return false
}
if from := rule.Attrs.GetInt("from_port"); from == nil || *from != 0 {
return false
}
if to := rule.Attrs.GetInt("to_port"); to == nil || *to != 0 {
return false
}
if protocol := rule.Attrs.GetString("protocol"); protocol == nil || *protocol != "-1" {
return false
}
if _, exist := rule.Attrs.Get("cidr_blocks"); exist {
return false
}
if _, exist := rule.Attrs.Get("ipv6_cidr_blocks"); exist {
return false
}
if _, exist := rule.Attrs.Get("prefix_list_ids"); exist {
return false
}
sgId := rule.Attrs.GetString("security_group_id")
sourceSgId := rule.Attrs.GetString("source_security_group_id")
if sgId == nil || sourceSgId == nil || *sgId != *sourceSgId {
return false
}
return isFromDefaultSecurityGroup(sgId, remoteResources)
}
func isDefaultEgress(rule *resource.AbstractResource, remoteResources *[]resource.Resource) bool {
if ty := rule.Attrs.GetString("type"); ty == nil || *ty != "egress" {
return false
}
if from := rule.Attrs.GetInt("from_port"); from == nil || *from != 0 {
return false
}
if to := rule.Attrs.GetInt("to_port"); to == nil || *to != 0 {
return false
}
if protocol := rule.Attrs.GetString("protocol"); protocol == nil || *protocol != "-1" {
return false
}
if ipv4 := rule.Attrs.GetSlice("cidr_blocks"); ipv4 == nil || len(ipv4) != 1 || ipv4[0] != "0.0.0.0/0" {
return false
}
if _, exist := rule.Attrs.Get("ipv6_cidr_blocks"); exist {
return false
}
if _, exist := rule.Attrs.Get("prefix_list_ids"); exist {
return false
}
if self := rule.Attrs.GetBool("self"); self == nil || *self {
return false
}
sgId := rule.Attrs.GetString("security_group_id")
if sgId == nil {
return false
}
return isFromDefaultSecurityGroup(sgId, remoteResources)
}
func isFromDefaultSecurityGroup(sgId *string, remoteResources *[]resource.Resource) bool {
for _, remoteResource := range *remoteResources {
if remoteResource.TerraformType() != aws.AwsDefaultSecurityGroupResourceType {
continue
}
if *sgId == remoteResource.TerraformId() {
return true
}
}
return false
}

View File

@ -0,0 +1,311 @@
package middlewares
import (
"reflect"
"testing"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
)
func TestAwsDefaultSecurityGroupRule_Execute(t *testing.T) {
tests := []struct {
name string
remoteResources *[]resource.Resource
resourcesFromState *[]resource.Resource
expected *[]resource.Resource
wantErr bool
}{
{
name: "Should ignore default rules if not managed",
remoteResources: &[]resource.Resource{
&resource.AbstractResource{
Id: "default-sg",
Type: aws.AwsDefaultSecurityGroupResourceType,
Attrs: &resource.Attributes{},
},
&resource.AbstractResource{
Id: "default-ingress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "ingress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"source_security_group_id": "default-sg",
},
},
&resource.AbstractResource{
Id: "default-egress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"self": false,
"cidr_blocks": []interface{}{"0.0.0.0/0"},
},
},
&resource.AbstractResource{
Id: "dummy-ingress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "ingress",
"from_port": float64(22),
"to_port": float64(22),
"protocol": "tcp",
"security_group_id": "default-sg",
"cidr_blocks": []interface{}{"1.2.3.4/32"},
},
},
&resource.AbstractResource{
Id: "dummy-egress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"self": false,
"ipv6_cidr_blocks": []interface{}{"::/0"},
},
},
},
resourcesFromState: &[]resource.Resource{},
expected: &[]resource.Resource{
&resource.AbstractResource{
Id: "default-sg",
Type: aws.AwsDefaultSecurityGroupResourceType,
Attrs: &resource.Attributes{},
},
&resource.AbstractResource{
Id: "dummy-ingress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "ingress",
"from_port": float64(22),
"to_port": float64(22),
"protocol": "tcp",
"security_group_id": "default-sg",
"cidr_blocks": []interface{}{"1.2.3.4/32"},
},
},
&resource.AbstractResource{
Id: "dummy-egress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"self": false,
"ipv6_cidr_blocks": []interface{}{"::/0"},
},
},
},
wantErr: false,
},
{
name: "Should not ignore default rules if managed",
remoteResources: &[]resource.Resource{
&resource.AbstractResource{
Id: "default-sg",
Type: aws.AwsDefaultSecurityGroupResourceType,
Attrs: &resource.Attributes{},
},
&resource.AbstractResource{
Id: "dummy-sg",
Type: aws.AwsSecurityGroupResourceType,
Attrs: &resource.Attributes{},
},
&resource.AbstractResource{
Id: "default-ingress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "ingress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"source_security_group_id": "default-sg",
},
},
&resource.AbstractResource{
Id: "default-egress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"self": false,
"cidr_blocks": []interface{}{"0.0.0.0/0"},
},
},
&resource.AbstractResource{
Id: "dummy-ingress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "ingress",
"from_port": float64(22),
"to_port": float64(22),
"protocol": "tcp",
"security_group_id": "dummy-sg",
"cidr_blocks": []interface{}{"1.2.3.4/32"},
},
},
&resource.AbstractResource{
Id: "dummy-egress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "dummy-sg",
"self": false,
"ipv6_cidr_blocks": []interface{}{"::/0"},
},
},
&resource.AbstractResource{
Id: "default-egress-2",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "dummy-sg",
"self": false,
"cidr_blocks": []interface{}{"0.0.0.0/0"},
},
},
},
resourcesFromState: &[]resource.Resource{
&resource.AbstractResource{
Id: "default-sg",
Type: aws.AwsDefaultSecurityGroupResourceType,
Attrs: &resource.Attributes{},
},
&resource.AbstractResource{
Id: "default-ingress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "ingress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"source_security_group_id": "default-sg",
},
},
&resource.AbstractResource{
Id: "default-egress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"self": false,
"cidr_blocks": []interface{}{"0.0.0.0/0"},
},
},
},
expected: &[]resource.Resource{
&resource.AbstractResource{
Id: "default-sg",
Type: aws.AwsDefaultSecurityGroupResourceType,
Attrs: &resource.Attributes{},
},
&resource.AbstractResource{
Id: "dummy-sg",
Type: aws.AwsSecurityGroupResourceType,
Attrs: &resource.Attributes{},
},
&resource.AbstractResource{
Id: "default-ingress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "ingress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"source_security_group_id": "default-sg",
},
},
&resource.AbstractResource{
Id: "default-egress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "default-sg",
"self": false,
"cidr_blocks": []interface{}{"0.0.0.0/0"},
},
},
&resource.AbstractResource{
Id: "dummy-ingress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "ingress",
"from_port": float64(22),
"to_port": float64(22),
"protocol": "tcp",
"security_group_id": "dummy-sg",
"cidr_blocks": []interface{}{"1.2.3.4/32"},
},
},
&resource.AbstractResource{
Id: "dummy-egress",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "dummy-sg",
"self": false,
"ipv6_cidr_blocks": []interface{}{"::/0"},
},
},
&resource.AbstractResource{
Id: "default-egress-2",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: &resource.Attributes{
"type": "egress",
"from_port": float64(0),
"to_port": float64(0),
"protocol": "-1",
"security_group_id": "dummy-sg",
"self": false,
"cidr_blocks": []interface{}{"0.0.0.0/0"},
},
},
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
m := AwsDefaultSecurityGroupRule{}
if err := m.Execute(tt.remoteResources, tt.resourcesFromState); (err != nil) != tt.wantErr {
t.Errorf("Execute() error = %v, wantErr %v", err, tt.wantErr)
}
if !reflect.DeepEqual(tt.remoteResources, tt.expected) {
t.Fatalf("Expected results mismatch")
}
})
}
}

View File

@ -61,10 +61,13 @@ func Init(version string, alerter *alerter.Alerter,
remoteLibrary.AddEnumerator(NewS3BucketEnumerator(s3Repository, factory, provider.Config))
remoteLibrary.AddDetailsFetcher(aws.AwsS3BucketResourceType, NewS3BucketDetailsFetcher(provider, deserializer))
remoteLibrary.AddEnumerator(NewS3BucketInventoryEnumerator(s3Repository, factory, provider.Config))
remoteLibrary.AddDetailsFetcher(aws.AwsS3BucketInventoryResourceType, NewS3BucketInventoryDetailsFetcher(provider, deserializer))
remoteLibrary.AddEnumerator(NewS3BucketNotificationEnumerator(s3Repository, factory, provider.Config))
remoteLibrary.AddDetailsFetcher(aws.AwsS3BucketNotificationResourceType, NewS3BucketNotificationDetailsFetcher(provider, deserializer))
supplierLibrary.AddSupplier(NewS3BucketAnalyticSupplier(provider, s3Repository, deserializer))
supplierLibrary.AddSupplier(NewS3BucketInventorySupplier(provider, s3Repository, deserializer))
supplierLibrary.AddSupplier(NewS3BucketMetricSupplier(provider, s3Repository, deserializer))
supplierLibrary.AddSupplier(NewS3BucketNotificationSupplier(provider, s3Repository, deserializer))
supplierLibrary.AddSupplier(NewS3BucketPolicySupplier(provider, s3Repository, deserializer))
supplierLibrary.AddSupplier(NewEC2EipSupplier(provider, ec2repository, deserializer))
supplierLibrary.AddSupplier(NewEC2EipAssociationSupplier(provider, deserializer, ec2repository))

View File

@ -40,13 +40,17 @@ type awsConfig struct {
type AWSTerraformProvider struct {
*terraform.TerraformProvider
session *session.Session
name string
version string
}
func NewAWSTerraformProvider(version string, progress output.Progress, configDir string) (*AWSTerraformProvider, error) {
p := &AWSTerraformProvider{}
providerKey := "aws"
p := &AWSTerraformProvider{
version: version,
name: "aws",
}
installer, err := tf.NewProviderInstaller(tf.ProviderConfig{
Key: providerKey,
Key: p.name,
Version: version,
ConfigDir: configDir,
})
@ -57,7 +61,7 @@ func NewAWSTerraformProvider(version string, progress output.Progress, configDir
SharedConfigState: session.SharedConfigEnable,
}))
tfProvider, err := terraform.NewTerraformProvider(installer, terraform.TerraformProviderConfig{
Name: providerKey,
Name: p.name,
DefaultAlias: *p.session.Config.Region,
GetProviderConfig: func(alias string) interface{} {
return awsConfig{
@ -72,3 +76,11 @@ func NewAWSTerraformProvider(version string, progress output.Progress, configDir
p.TerraformProvider = tfProvider
return p, err
}
func (a *AWSTerraformProvider) Name() string {
return a.name
}
func (p *AWSTerraformProvider) Version() string {
return p.version
}

View File

@ -33,6 +33,29 @@ func (_m *MockS3Repository) GetBucketLocation(bucketName string) (string, error)
return r0, r1
}
// GetBucketNotification provides a mock function with given fields: bucketName, region
func (_m *MockS3Repository) GetBucketNotification(bucketName string, region string) (*s3.NotificationConfiguration, error) {
ret := _m.Called(bucketName, region)
var r0 *s3.NotificationConfiguration
if rf, ok := ret.Get(0).(func(string, string) *s3.NotificationConfiguration); ok {
r0 = rf(bucketName, region)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(*s3.NotificationConfiguration)
}
}
var r1 error
if rf, ok := ret.Get(1).(func(string, string) error); ok {
r1 = rf(bucketName, region)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ListAllBuckets provides a mock function with given fields:
func (_m *MockS3Repository) ListAllBuckets() ([]*s3.Bucket, error) {
ret := _m.Called()

View File

@ -14,6 +14,7 @@ import (
type S3Repository interface {
ListAllBuckets() ([]*s3.Bucket, error)
GetBucketNotification(bucketName, region string) (*s3.NotificationConfiguration, error)
ListBucketInventoryConfigurations(bucket *s3.Bucket, region string) ([]*s3.InventoryConfiguration, error)
ListBucketMetricsConfigurations(bucket *s3.Bucket, region string) ([]*s3.MetricsConfiguration, error)
ListBucketAnalyticsConfigurations(bucket *s3.Bucket, region string) ([]*s3.AnalyticsConfiguration, error)
@ -45,6 +46,39 @@ func (s *s3Repository) ListAllBuckets() ([]*s3.Bucket, error) {
return out.Buckets, nil
}
func (s *s3Repository) GetBucketNotification(bucketName, region string) (*s3.NotificationConfiguration, error) {
cacheKey := fmt.Sprintf("s3GetBucketNotification_%s_%s", bucketName, region)
if v := s.cache.Get(cacheKey); v != nil {
return v.(*s3.NotificationConfiguration), nil
}
bucketNotificationConfig, err := s.clientFactory.
GetS3Client(&awssdk.Config{Region: &region}).
GetBucketNotificationConfiguration(
&s3.GetBucketNotificationConfigurationRequest{Bucket: &bucketName},
)
if err != nil {
return nil, errors.Wrapf(
err,
"Error listing bucket notification configuration %s",
bucketName,
)
}
result := bucketNotificationConfig
if s.notificationIsEmpty(bucketNotificationConfig) {
result = nil
}
s.cache.Put(cacheKey, result)
return result, nil
}
func (s *s3Repository) notificationIsEmpty(notification *s3.NotificationConfiguration) bool {
return notification.TopicConfigurations == nil &&
notification.QueueConfigurations == nil &&
notification.LambdaFunctionConfigurations == nil
}
func (s *s3Repository) ListBucketInventoryConfigurations(bucket *s3.Bucket, region string) ([]*s3.InventoryConfiguration, error) {
cacheKey := fmt.Sprintf("s3ListBucketInventoryConfigurations_%s_%s", *bucket.Name, region)
if v := s.cache.Get(cacheKey); v != nil {

View File

@ -89,6 +89,159 @@ func Test_s3Repository_ListAllBuckets(t *testing.T) {
}
}
func Test_s3Repository_GetBucketNotification(t *testing.T) {
tests := []struct {
name string
bucketName, region string
mocks func(client *awstest.MockFakeS3)
want *s3.NotificationConfiguration
wantErr string
}{
{
name: "get empty bucket notification",
bucketName: "test-bucket",
region: "us-east-1",
mocks: func(client *awstest.MockFakeS3) {
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
Bucket: aws.String("test-bucket"),
}).Return(
&s3.NotificationConfiguration{},
nil,
).Once()
},
want: nil,
},
{
name: "get bucket notification with lambda config",
bucketName: "test-bucket",
region: "us-east-1",
mocks: func(client *awstest.MockFakeS3) {
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
Bucket: aws.String("test-bucket"),
}).Return(
&s3.NotificationConfiguration{
LambdaFunctionConfigurations: []*s3.LambdaFunctionConfiguration{
{
Id: aws.String("test"),
},
},
},
nil,
).Once()
},
want: &s3.NotificationConfiguration{
LambdaFunctionConfigurations: []*s3.LambdaFunctionConfiguration{
{
Id: aws.String("test"),
},
},
},
},
{
name: "get bucket notification with queue config",
bucketName: "test-bucket",
region: "us-east-1",
mocks: func(client *awstest.MockFakeS3) {
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
Bucket: aws.String("test-bucket"),
}).Return(
&s3.NotificationConfiguration{
QueueConfigurations: []*s3.QueueConfiguration{
{
Id: awssdk.String("test"),
},
},
},
nil,
).Once()
},
want: &s3.NotificationConfiguration{
QueueConfigurations: []*s3.QueueConfiguration{
{
Id: awssdk.String("test"),
},
},
},
},
{
name: "get bucket notification with topic config",
bucketName: "test-bucket",
region: "us-east-1",
mocks: func(client *awstest.MockFakeS3) {
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
Bucket: aws.String("test-bucket"),
}).Return(
&s3.NotificationConfiguration{
TopicConfigurations: []*s3.TopicConfiguration{
{
Id: awssdk.String("test"),
},
},
},
nil,
).Once()
},
want: &s3.NotificationConfiguration{
TopicConfigurations: []*s3.TopicConfiguration{
{
Id: awssdk.String("test"),
},
},
},
},
{
name: "get bucket location when error",
bucketName: "test-bucket",
region: "us-east-1",
mocks: func(client *awstest.MockFakeS3) {
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
Bucket: aws.String("test-bucket"),
}).Return(
nil,
awserr.New("UnknownError", "aws error", nil),
).Once()
},
wantErr: "Error listing bucket notification configuration test-bucket: UnknownError: aws error",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
store := cache.New(1)
mockedClient := &awstest.MockFakeS3{}
tt.mocks(mockedClient)
factory := client.MockAwsClientFactoryInterface{}
factory.On("GetS3Client", &aws.Config{Region: &tt.region}).Return(mockedClient).Once()
r := NewS3Repository(&factory, store)
got, err := r.GetBucketNotification(tt.bucketName, tt.region)
factory.AssertExpectations(t)
if err != nil && tt.wantErr == "" {
t.Fatalf("Unexpected error %+v", err)
}
if err != nil {
assert.Equal(t, tt.wantErr, err.Error())
}
if err == nil && tt.want != nil {
// Check that results were cached
cachedData, err := r.GetBucketNotification(tt.bucketName, tt.region)
assert.NoError(t, err)
assert.Equal(t, got, cachedData)
assert.IsType(t, &s3.NotificationConfiguration{}, store.Get(fmt.Sprintf("s3GetBucketNotification_%s_%s", tt.bucketName, tt.region)))
}
changelog, err := diff.Diff(got, tt.want)
assert.Nil(t, err)
if len(changelog) > 0 {
for _, change := range changelog {
t.Errorf("%s: %s -> %s", strings.Join(change.Path, "."), change.From, change.To)
}
t.Fail()
}
})
}
}
func Test_s3Repository_ListBucketInventoryConfigurations(t *testing.T) {
tests := []struct {
name string

View File

@ -11,7 +11,7 @@ type S3BucketDetailsFetcher struct {
deserializer *resource.Deserializer
}
func NewS3BucketDetailsFetcher(provider *AWSTerraformProvider, deserializer *resource.Deserializer) *S3BucketDetailsFetcher {
func NewS3BucketDetailsFetcher(provider terraform.ResourceReader, deserializer *resource.Deserializer) *S3BucketDetailsFetcher {
return &S3BucketDetailsFetcher{
reader: provider,
deserializer: deserializer,

View File

@ -0,0 +1,38 @@
package aws
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
)
type S3BucketInventoryDetailsFetcher struct {
reader terraform.ResourceReader
deserializer *resource.Deserializer
}
func NewS3BucketInventoryDetailsFetcher(provider terraform.ResourceReader, deserializer *resource.Deserializer) *S3BucketInventoryDetailsFetcher {
return &S3BucketInventoryDetailsFetcher{
reader: provider,
deserializer: deserializer,
}
}
func (r *S3BucketInventoryDetailsFetcher) ReadDetails(res resource.Resource) (resource.Resource, error) {
ctyVal, err := r.reader.ReadResource(terraform.ReadResourceArgs{
Ty: aws.AwsS3BucketInventoryResourceType,
ID: res.TerraformId(),
Attributes: map[string]string{
"alias": *res.Attributes().GetString("region"),
},
})
if err != nil {
return nil, err
}
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketInventoryResourceType, *ctyVal)
if err != nil {
return nil, err
}
return deserializedRes, nil
}

View File

@ -0,0 +1,74 @@
package aws
import (
"fmt"
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/sirupsen/logrus"
)
type S3BucketInventoryEnumerator struct {
repository repository.S3Repository
factory resource.ResourceFactory
providerConfig tf.TerraformProviderConfig
}
func NewS3BucketInventoryEnumerator(repo repository.S3Repository, factory resource.ResourceFactory, providerConfig tf.TerraformProviderConfig) *S3BucketInventoryEnumerator {
return &S3BucketInventoryEnumerator{
repository: repo,
factory: factory,
providerConfig: providerConfig,
}
}
func (e *S3BucketInventoryEnumerator) SupportedType() resource.ResourceType {
return aws.AwsS3BucketInventoryResourceType
}
func (e *S3BucketInventoryEnumerator) Enumerate() ([]resource.Resource, error) {
buckets, err := e.repository.ListAllBuckets()
if err != nil {
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
}
results := make([]resource.Resource, len(buckets))
for _, bucket := range buckets {
region, err := e.repository.GetBucketLocation(*bucket.Name)
if err != nil {
return nil, err
}
if region == "" || region != e.providerConfig.DefaultAlias {
logrus.WithFields(logrus.Fields{
"region": region,
"bucket": *bucket.Name,
}).Debug("Skipped bucket inventory")
continue
}
inventoryConfigurations, err := e.repository.ListBucketInventoryConfigurations(bucket, region)
if err != nil {
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsS3BucketInventoryResourceType)
}
for _, config := range inventoryConfigurations {
id := fmt.Sprintf("%s:%s", *bucket.Name, *config.Id)
results = append(
results,
e.factory.CreateAbstractResource(
string(e.SupportedType()),
id,
map[string]interface{}{
"region": region,
},
),
)
}
}
return results, err
}

View File

@ -1,88 +0,0 @@
package aws
import (
"fmt"
"github.com/aws/aws-sdk-go/service/s3"
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/zclconf/go-cty/cty"
)
type S3BucketInventorySupplier struct {
reader terraform.ResourceReader
deserializer *resource.Deserializer
repository repository.S3Repository
runner *terraform.ParallelResourceReader
providerConfig tf.TerraformProviderConfig
}
func NewS3BucketInventorySupplier(provider *AWSTerraformProvider, repository repository.S3Repository, deserializer *resource.Deserializer) *S3BucketInventorySupplier {
return &S3BucketInventorySupplier{
provider,
deserializer,
repository,
terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
provider.Config,
}
}
func (s *S3BucketInventorySupplier) Resources() ([]resource.Resource, error) {
buckets, err := s.repository.ListAllBuckets()
if err != nil {
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, aws.AwsS3BucketInventoryResourceType, aws.AwsS3BucketResourceType)
}
for _, bucket := range buckets {
bucket := *bucket
region, err := s.repository.GetBucketLocation(*bucket.Name)
if err != nil {
return nil, err
}
if region == "" || region != s.providerConfig.DefaultAlias {
continue
}
if err := s.listBucketInventoryConfiguration(&bucket, region); err != nil {
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsS3BucketInventoryResourceType)
}
}
ctyVals, err := s.runner.Wait()
if err != nil {
return nil, err
}
return s.deserializer.Deserialize(aws.AwsS3BucketInventoryResourceType, ctyVals)
}
func (s *S3BucketInventorySupplier) listBucketInventoryConfiguration(bucket *s3.Bucket, region string) error {
inventoryConfigurations, err := s.repository.ListBucketInventoryConfigurations(bucket, region)
if err != nil {
return err
}
for _, config := range inventoryConfigurations {
id := fmt.Sprintf("%s:%s", *bucket.Name, *config.Id)
s.runner.Run(func() (cty.Value, error) {
s3BucketInventory, err := s.reader.ReadResource(
terraform.ReadResourceArgs{
Ty: aws.AwsS3BucketInventoryResourceType,
ID: id,
Attributes: map[string]string{
"alias": region,
},
},
)
if err != nil {
return cty.NilVal, err
}
return *s3BucketInventory, err
})
}
return nil
}

View File

@ -1,161 +0,0 @@
package aws
import (
"context"
"testing"
awssdk "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/s3"
"github.com/cloudskiff/driftctl/pkg/parallel"
"github.com/cloudskiff/driftctl/pkg/remote/aws/client"
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
"github.com/cloudskiff/driftctl/pkg/remote/cache"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
"github.com/cloudskiff/driftctl/pkg/resource"
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
testresource "github.com/cloudskiff/driftctl/test/resource"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/cloudskiff/driftctl/test"
"github.com/cloudskiff/driftctl/test/goldenfile"
"github.com/cloudskiff/driftctl/test/mocks"
"github.com/stretchr/testify/assert"
)
func TestS3BucketInventorySupplier_Resources(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockS3Repository)
wantErr error
}{
{
test: "multiple bucket with multiple inventories", dirName: "s3_bucket_inventories_multiple",
mocks: func(repository *repository.MockS3Repository) {
repository.On(
"ListAllBuckets",
).Return([]*s3.Bucket{
{Name: awssdk.String("bucket-martin-test-drift")},
{Name: awssdk.String("bucket-martin-test-drift2")},
{Name: awssdk.String("bucket-martin-test-drift3")},
}, nil)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift",
).Return(
"eu-west-1",
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift2",
).Return(
"eu-west-3",
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift3",
).Return(
"eu-west-1",
nil,
)
repository.On(
"ListBucketInventoryConfigurations",
&s3.Bucket{Name: awssdk.String("bucket-martin-test-drift2")},
"eu-west-3",
).Return(
[]*s3.InventoryConfiguration{
{Id: awssdk.String("Inventory_Bucket2")},
{Id: awssdk.String("Inventory2_Bucket2")},
},
nil,
)
},
},
{
test: "cannot list bucket", dirName: "s3_bucket_inventories_list_bucket",
mocks: func(repository *repository.MockS3Repository) {
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketInventoryResourceType, resourceaws.AwsS3BucketResourceType),
},
{
test: "cannot list bucket inventories", dirName: "s3_bucket_inventories_list_inventories",
mocks: func(repository *repository.MockS3Repository) {
repository.On("ListAllBuckets").Return(
[]*s3.Bucket{
{Name: awssdk.String("bucket-martin-test-drift")},
},
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift",
).Return(
"eu-west-3",
nil,
)
repository.On(
"ListBucketInventoryConfigurations",
&s3.Bucket{Name: awssdk.String("bucket-martin-test-drift")},
"eu-west-3",
).Return(
nil,
awserr.NewRequestFailure(nil, 403, ""),
)
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketInventoryResourceType),
},
}
for _, tt := range tests {
shouldUpdate := tt.dirName == *goldenfile.Update
providerLibrary := terraform.NewProviderLibrary()
supplierLibrary := resource.NewSupplierLibrary()
repo := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(repo)
factory := terraform.NewTerraformResourceFactory(repo)
deserializer := resource.NewDeserializer(factory)
if shouldUpdate {
provider, err := InitTestAwsProvider(providerLibrary)
if err != nil {
t.Fatal(err)
}
repository := repository.NewS3Repository(client.NewAWSClientFactory(provider.session), cache.New(0))
supplierLibrary.AddSupplier(NewS3BucketInventorySupplier(provider, repository, deserializer))
}
t.Run(tt.test, func(t *testing.T) {
mock := repository.MockS3Repository{}
tt.mocks(&mock)
provider := mocks.NewMockedGoldenTFProvider(tt.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
s := &S3BucketInventorySupplier{
provider,
deserializer,
&mock,
terraform.NewParallelResourceReader(parallel.NewParallelRunner(context.TODO(), 10)),
tf.TerraformProviderConfig{
Name: "test",
DefaultAlias: "eu-west-3",
},
}
got, err := s.Resources()
assert.Equal(t, err, tt.wantErr)
test.CtyTestDiff(got, tt.dirName, provider, deserializer, shouldUpdate, t)
})
}
}

View File

@ -0,0 +1,38 @@
package aws
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
)
type S3BucketNotificationDetailsFetcher struct {
reader terraform.ResourceReader
deserializer *resource.Deserializer
}
func NewS3BucketNotificationDetailsFetcher(provider terraform.ResourceReader, deserializer *resource.Deserializer) *S3BucketNotificationDetailsFetcher {
return &S3BucketNotificationDetailsFetcher{
reader: provider,
deserializer: deserializer,
}
}
func (r *S3BucketNotificationDetailsFetcher) ReadDetails(res resource.Resource) (resource.Resource, error) {
ctyVal, err := r.reader.ReadResource(terraform.ReadResourceArgs{
Ty: aws.AwsS3BucketNotificationResourceType,
ID: res.TerraformId(),
Attributes: map[string]string{
"alias": *res.Attributes().GetString("region"),
},
})
if err != nil {
return nil, err
}
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketNotificationResourceType, *ctyVal)
if err != nil {
return nil, err
}
return deserializedRes, nil
}

View File

@ -0,0 +1,77 @@
package aws
import (
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/sirupsen/logrus"
)
type S3BucketNotificationEnumerator struct {
repository repository.S3Repository
factory resource.ResourceFactory
providerConfig tf.TerraformProviderConfig
}
func NewS3BucketNotificationEnumerator(repo repository.S3Repository, factory resource.ResourceFactory, providerConfig tf.TerraformProviderConfig) *S3BucketNotificationEnumerator {
return &S3BucketNotificationEnumerator{
repository: repo,
factory: factory,
providerConfig: providerConfig,
}
}
func (e *S3BucketNotificationEnumerator) SupportedType() resource.ResourceType {
return aws.AwsS3BucketNotificationResourceType
}
func (e *S3BucketNotificationEnumerator) Enumerate() ([]resource.Resource, error) {
buckets, err := e.repository.ListAllBuckets()
if err != nil {
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
}
results := make([]resource.Resource, len(buckets))
for _, bucket := range buckets {
region, err := e.repository.GetBucketLocation(*bucket.Name)
if err != nil {
return nil, err
}
if region == "" || region != e.providerConfig.DefaultAlias {
logrus.WithFields(logrus.Fields{
"region": region,
"bucket": *bucket.Name,
}).Debug("Skipped bucket")
continue
}
notification, err := e.repository.GetBucketNotification(*bucket.Name, region)
if err != nil {
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
}
if notification == nil {
logrus.WithFields(logrus.Fields{
"region": region,
"bucket": *bucket.Name,
}).Debug("Skipped empty bucket notification")
continue
}
results = append(
results,
e.factory.CreateAbstractResource(
string(e.SupportedType()),
*bucket.Name,
map[string]interface{}{
"region": region,
},
),
)
}
return results, err
}

View File

@ -1,81 +0,0 @@
package aws
import (
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/zclconf/go-cty/cty"
)
type S3BucketNotificationSupplier struct {
reader terraform.ResourceReader
deserializer *resource.Deserializer
repository repository.S3Repository
runner *terraform.ParallelResourceReader
providerConfig tf.TerraformProviderConfig
}
func NewS3BucketNotificationSupplier(provider *AWSTerraformProvider, repository repository.S3Repository, deserializer *resource.Deserializer) *S3BucketNotificationSupplier {
return &S3BucketNotificationSupplier{
provider,
deserializer,
repository,
terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
provider.Config,
}
}
func (s *S3BucketNotificationSupplier) Resources() ([]resource.Resource, error) {
buckets, err := s.repository.ListAllBuckets()
if err != nil {
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, aws.AwsS3BucketNotificationResourceType, aws.AwsS3BucketResourceType)
}
for _, bucket := range buckets {
bucket := *bucket
region, err := s.repository.GetBucketLocation(*bucket.Name)
if err != nil {
return nil, err
}
if region == "" || region != s.providerConfig.DefaultAlias {
continue
}
s.runner.Run(func() (cty.Value, error) {
s3BucketPolicy, err := s.reader.ReadResource(terraform.ReadResourceArgs{
Ty: aws.AwsS3BucketNotificationResourceType,
ID: *bucket.Name,
Attributes: map[string]string{
"alias": region,
},
})
if err != nil {
return cty.NilVal, err
}
return *s3BucketPolicy, err
})
}
ctyVals, err := s.runner.Wait()
if err != nil {
return nil, err
}
deserializedValues, err := s.deserializer.Deserialize(aws.AwsS3BucketNotificationResourceType, ctyVals)
results := make([]resource.Resource, 0, len(deserializedValues))
if err != nil {
return deserializedValues, err
}
for _, val := range deserializedValues {
res, _ := val.(*resource.AbstractResource)
if ((*res.Attrs)["lambda_function"] != nil && len((*res.Attrs)["lambda_function"].([]interface{})) > 0) ||
((*res.Attrs)["queue"] != nil && len((*res.Attrs)["queue"].([]interface{})) > 0) ||
((*res.Attrs)["topic"] != nil && len((*res.Attrs)["topic"].([]interface{})) > 0) {
results = append(results, res)
}
}
return results, nil
}

View File

@ -1,139 +0,0 @@
package aws
import (
"context"
"testing"
awssdk "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/s3"
"github.com/cloudskiff/driftctl/pkg/parallel"
"github.com/cloudskiff/driftctl/pkg/remote/aws/client"
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
"github.com/cloudskiff/driftctl/pkg/remote/cache"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
"github.com/cloudskiff/driftctl/pkg/resource"
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
testresource "github.com/cloudskiff/driftctl/test/resource"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/cloudskiff/driftctl/test"
"github.com/cloudskiff/driftctl/test/goldenfile"
"github.com/cloudskiff/driftctl/test/mocks"
"github.com/stretchr/testify/assert"
)
func TestS3BucketNotificationSupplier_Resources(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockS3Repository)
wantErr error
}{
{
test: "single bucket without notifications",
dirName: "s3_bucket_notifications_no_notif",
mocks: func(repository *repository.MockS3Repository) {
repository.On(
"ListAllBuckets",
).Return([]*s3.Bucket{
{Name: awssdk.String("dritftctl-test-no-notifications")},
}, nil)
repository.On(
"GetBucketLocation",
"dritftctl-test-no-notifications",
).Return(
"eu-west-3",
nil,
)
},
},
{
test: "multiple bucket with notifications", dirName: "s3_bucket_notifications_multiple",
mocks: func(repository *repository.MockS3Repository) {
repository.On(
"ListAllBuckets",
).Return([]*s3.Bucket{
{Name: awssdk.String("bucket-martin-test-drift")},
{Name: awssdk.String("bucket-martin-test-drift2")},
{Name: awssdk.String("bucket-martin-test-drift3")},
}, nil)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift",
).Return(
"eu-west-1",
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift2",
).Return(
"eu-west-3",
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift3",
).Return(
"ap-northeast-1",
nil,
)
},
},
{
test: "Cannot list bucket", dirName: "s3_bucket_notifications_list_bucket",
mocks: func(repository *repository.MockS3Repository) {
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketNotificationResourceType, resourceaws.AwsS3BucketResourceType),
},
}
for _, tt := range tests {
shouldUpdate := tt.dirName == *goldenfile.Update
providerLibrary := terraform.NewProviderLibrary()
supplierLibrary := resource.NewSupplierLibrary()
repo := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(repo)
factory := terraform.NewTerraformResourceFactory(repo)
deserializer := resource.NewDeserializer(factory)
if shouldUpdate {
provider, err := InitTestAwsProvider(providerLibrary)
if err != nil {
t.Fatal(err)
}
repository := repository.NewS3Repository(client.NewAWSClientFactory(provider.session), cache.New(0))
supplierLibrary.AddSupplier(NewS3BucketNotificationSupplier(provider, repository, deserializer))
}
t.Run(tt.test, func(t *testing.T) {
mock := repository.MockS3Repository{}
tt.mocks(&mock)
provider := mocks.NewMockedGoldenTFProvider(tt.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
s := &S3BucketNotificationSupplier{
provider,
deserializer,
&mock,
terraform.NewParallelResourceReader(parallel.NewParallelRunner(context.TODO(), 10)),
tf.TerraformProviderConfig{
Name: "test",
DefaultAlias: "eu-west-3",
},
}
got, err := s.Resources()
assert.Equal(t, err, tt.wantErr)
test.CtyTestDiff(got, tt.dirName, provider, deserializer, shouldUpdate, t)
})
}
}

View File

@ -1 +1,56 @@
[]
[
{
"bucket": "bucket-martin-test-drift2",
"destination": [
{
"bucket": [
{
"account_id": "",
"bucket_arn": "arn:aws:s3:::bucket-martin-test-drift2",
"encryption": [],
"format": "ORC",
"prefix": ""
}
]
}
],
"enabled": true,
"filter": [],
"id": "bucket-martin-test-drift2:Inventory_Bucket2",
"included_object_versions": "All",
"name": "Inventory_Bucket2",
"optional_fields": [],
"schedule": [
{
"frequency": "Daily"
}
]
},
{
"bucket": "bucket-martin-test-drift2",
"destination": [
{
"bucket": [
{
"account_id": "",
"bucket_arn": "arn:aws:s3:::bucket-martin-test-drift2",
"encryption": [],
"format": "ORC",
"prefix": ""
}
]
}
],
"enabled": true,
"filter": [],
"id": "bucket-martin-test-drift2:Inventory2_Bucket2",
"included_object_versions": "All",
"name": "Inventory2_Bucket2",
"optional_fields": [],
"schedule": [
{
"frequency": "Daily"
}
]
}
]

File diff suppressed because it is too large Load Diff

View File

@ -191,43 +191,5 @@ func (s *VPCSecurityGroupRuleSupplier) addSecurityGroupRule(ruleType string, rul
}
rules = append(rules, r)
}
// Filter default rules for default security group
if sg.GroupName != nil && *sg.GroupName == "default" {
results := make([]securityGroupRule, 0, len(rules))
for _, r := range rules {
r := r
if s.isDefaultIngress(&r) || s.isDefaultEgress(&r) {
continue
}
results = append(results, r)
}
return results
}
return rules
}
func (s *VPCSecurityGroupRuleSupplier) isDefaultIngress(rule *securityGroupRule) bool {
return rule.Type == sgRuleTypeIngress &&
rule.FromPort == 0 &&
rule.ToPort == 0 &&
rule.Protocol == "-1" &&
rule.CidrBlocks == nil &&
rule.Ipv6CidrBlocks == nil &&
rule.PrefixListIds == nil &&
rule.SourceSecurityGroupId == "" &&
rule.Self
}
func (s *VPCSecurityGroupRuleSupplier) isDefaultEgress(rule *securityGroupRule) bool {
return rule.Type == sgRuleTypeEgress &&
rule.FromPort == 0 &&
rule.ToPort == 0 &&
rule.Protocol == "-1" &&
rule.Ipv6CidrBlocks == nil &&
rule.PrefixListIds == nil &&
rule.SourceSecurityGroupId == "" &&
rule.CidrBlocks != nil &&
len(rule.CidrBlocks) == 1 &&
(rule.CidrBlocks)[0] == "0.0.0.0/0"
}

View File

@ -145,55 +145,6 @@ func TestVPCSecurityGroupRuleSupplier_Resources(t *testing.T) {
},
err: nil,
},
{
test: "should ignore default security group default rules",
dirName: "vpc_security_group_default_rules",
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllSecurityGroups").Once().Return([]*ec2.SecurityGroup{
{
GroupId: aws.String("sg-a74815c8"),
GroupName: aws.String("default"),
IpPermissions: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
UserIdGroupPairs: []*ec2.UserIdGroupPair{
{
GroupId: aws.String("sg-a74815c8"),
},
},
},
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("1.2.0.0/16"),
},
},
},
},
IpPermissionsEgress: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
},
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("1.2.3.4/32"),
},
},
},
},
},
}, nil, nil)
},
err: nil,
},
{
test: "cannot list security group rules",
dirName: "vpc_security_group_rule_empty",

View File

@ -0,0 +1,40 @@
package common
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/terraform"
)
type DetailsFetcher interface {
ReadDetails(resource.Resource) (resource.Resource, error)
}
type GenericDetailFetcher struct {
resType resource.ResourceType
reader terraform.ResourceReader
deserializer *resource.Deserializer
}
func NewGenericDetailFetcher(resType resource.ResourceType, provider terraform.ResourceReader, deserializer *resource.Deserializer) *GenericDetailFetcher {
return &GenericDetailFetcher{
resType: resType,
reader: provider,
deserializer: deserializer,
}
}
func (f *GenericDetailFetcher) ReadDetails(res resource.Resource) (resource.Resource, error) {
ctyVal, err := f.reader.ReadResource(terraform.ReadResourceArgs{
Ty: f.resType,
ID: res.TerraformId(),
})
if err != nil {
return nil, err
}
deserializedRes, err := f.deserializer.DeserializeOne(string(f.resType), *ctyVal)
if err != nil {
return nil, err
}
return deserializedRes, nil
}

View File

@ -9,10 +9,6 @@ type Enumerator interface {
Enumerate() ([]resource.Resource, error)
}
type DetailsFetcher interface {
ReadDetails(resource.Resource) (resource.Resource, error)
}
type RemoteLibrary struct {
enumerators []Enumerator
detailsFetchers map[resource.ResourceType]DetailsFetcher

View File

@ -11,6 +11,8 @@ import (
type GithubTerraformProvider struct {
*terraform.TerraformProvider
name string
version string
}
type githubConfig struct {
@ -20,10 +22,12 @@ type githubConfig struct {
}
func NewGithubTerraformProvider(version string, progress output.Progress, configDir string) (*GithubTerraformProvider, error) {
p := &GithubTerraformProvider{}
providerKey := "github"
p := &GithubTerraformProvider{
version: version,
name: "github",
}
installer, err := tf.NewProviderInstaller(tf.ProviderConfig{
Key: providerKey,
Key: p.name,
Version: version,
ConfigDir: configDir,
})
@ -31,7 +35,7 @@ func NewGithubTerraformProvider(version string, progress output.Progress, config
return nil, err
}
tfProvider, err := terraform.NewTerraformProvider(installer, terraform.TerraformProviderConfig{
Name: providerKey,
Name: p.name,
DefaultAlias: p.GetConfig().getDefaultOwner(),
GetProviderConfig: func(owner string) interface{} {
return githubConfig{
@ -60,3 +64,11 @@ func (p GithubTerraformProvider) GetConfig() githubConfig {
Organization: os.Getenv("GITHUB_ORGANIZATION"),
}
}
func (p *GithubTerraformProvider) Name() string {
return p.name
}
func (p *GithubTerraformProvider) Version() string {
return p.version
}

View File

@ -43,7 +43,7 @@ func (e *EnumerationAccessDeniedAlert) GetProviderMessage() string {
return message
}
func HandleResourceEnumerationError(err error, alerter *alerter.Alerter) error {
func HandleResourceEnumerationError(err error, alerter alerter.AlerterInterface) error {
listError, ok := err.(*remoteerror.ResourceEnumerationError)
if !ok {
return err

View File

@ -0,0 +1,462 @@
package remote
import (
"testing"
awssdk "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/s3"
"github.com/cloudskiff/driftctl/mocks"
"github.com/cloudskiff/driftctl/pkg/remote/aws"
"github.com/cloudskiff/driftctl/pkg/remote/cache"
"github.com/cloudskiff/driftctl/pkg/remote/common"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
testresource "github.com/cloudskiff/driftctl/test/resource"
terraform2 "github.com/cloudskiff/driftctl/test/terraform"
"github.com/cloudskiff/driftctl/pkg/remote/aws/client"
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
"github.com/cloudskiff/driftctl/pkg/resource"
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/cloudskiff/driftctl/test"
"github.com/cloudskiff/driftctl/test/goldenfile"
"github.com/stretchr/testify/assert"
)
func TestS3Bucket(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockS3Repository)
wantErr error
}{
{
test: "multiple bucket", dirName: "aws_s3_bucket_multiple",
mocks: func(repository *repository.MockS3Repository) {
repository.On(
"ListAllBuckets",
).Return([]*s3.Bucket{
{Name: awssdk.String("bucket-martin-test-drift")},
{Name: awssdk.String("bucket-martin-test-drift2")},
{Name: awssdk.String("bucket-martin-test-drift3")},
}, nil)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift",
).Return(
"eu-west-1",
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift2",
).Return(
"eu-west-3",
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift3",
).Return(
"ap-northeast-1",
nil,
)
},
},
{
test: "cannot list bucket", dirName: "s3_bucket_list",
mocks: func(repository *repository.MockS3Repository) {
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
session := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockS3Repository{}
c.mocks(fakeRepo)
var repo repository.S3Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewS3Repository(client.NewAWSClientFactory(session), cache.New(0))
}
remoteLibrary.AddEnumerator(aws.NewS3BucketEnumerator(repo, factory, tf.TerraformProviderConfig{
Name: "test",
DefaultAlias: "eu-west-3",
}))
remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketResourceType, aws.NewS3BucketDetailsFetcher(provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsS3BucketResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
func TestS3BucketInventory(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockS3Repository)
wantErr error
}{
{
test: "multiple bucket with multiple inventories", dirName: "s3_bucket_inventories_multiple",
mocks: func(repository *repository.MockS3Repository) {
repository.On(
"ListAllBuckets",
).Return([]*s3.Bucket{
{Name: awssdk.String("bucket-martin-test-drift")},
{Name: awssdk.String("bucket-martin-test-drift2")},
{Name: awssdk.String("bucket-martin-test-drift3")},
}, nil)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift",
).Return(
"eu-west-1",
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift2",
).Return(
"eu-west-3",
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift3",
).Return(
"eu-west-1",
nil,
)
repository.On(
"ListBucketInventoryConfigurations",
&s3.Bucket{Name: awssdk.String("bucket-martin-test-drift2")},
"eu-west-3",
).Return(
[]*s3.InventoryConfiguration{
{Id: awssdk.String("Inventory_Bucket2")},
{Id: awssdk.String("Inventory2_Bucket2")},
},
nil,
)
},
},
{
test: "cannot list bucket", dirName: "s3_bucket_inventories_list_bucket",
mocks: func(repository *repository.MockS3Repository) {
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketInventoryResourceType, resourceaws.AwsS3BucketResourceType),
},
{
test: "cannot list bucket inventories", dirName: "s3_bucket_inventories_list_inventories",
mocks: func(repository *repository.MockS3Repository) {
repository.On("ListAllBuckets").Return(
[]*s3.Bucket{
{Name: awssdk.String("bucket-martin-test-drift")},
},
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift",
).Return(
"eu-west-3",
nil,
)
repository.On(
"ListBucketInventoryConfigurations",
&s3.Bucket{Name: awssdk.String("bucket-martin-test-drift")},
"eu-west-3",
).Return(
nil,
awserr.NewRequestFailure(nil, 403, ""),
)
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketInventoryResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
session := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockS3Repository{}
c.mocks(fakeRepo)
var repo repository.S3Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewS3Repository(client.NewAWSClientFactory(session), cache.New(0))
}
remoteLibrary.AddEnumerator(aws.NewS3BucketInventoryEnumerator(repo, factory, tf.TerraformProviderConfig{
Name: "test",
DefaultAlias: "eu-west-3",
}))
remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketInventoryResourceType, aws.NewS3BucketInventoryDetailsFetcher(provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsS3BucketInventoryResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}
func TestS3BucketNotification(t *testing.T) {
tests := []struct {
test string
dirName string
mocks func(repository *repository.MockS3Repository)
wantErr error
}{
{
test: "single bucket without notifications",
dirName: "s3_bucket_notifications_no_notif",
mocks: func(repository *repository.MockS3Repository) {
repository.On(
"ListAllBuckets",
).Return([]*s3.Bucket{
{Name: awssdk.String("dritftctl-test-no-notifications")},
}, nil)
repository.On(
"GetBucketLocation",
"dritftctl-test-no-notifications",
).Return(
"eu-west-3",
nil,
)
repository.On(
"GetBucketNotification",
"dritftctl-test-no-notifications",
"eu-west-3",
).Return(
nil,
nil,
)
},
},
{
test: "multiple bucket with notifications", dirName: "s3_bucket_notifications_multiple",
mocks: func(repository *repository.MockS3Repository) {
repository.On(
"ListAllBuckets",
).Return([]*s3.Bucket{
{Name: awssdk.String("bucket-martin-test-drift")},
{Name: awssdk.String("bucket-martin-test-drift2")},
{Name: awssdk.String("bucket-martin-test-drift3")},
}, nil)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift",
).Return(
"eu-west-1",
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift2",
).Return(
"eu-west-3",
nil,
)
repository.On(
"GetBucketNotification",
"bucket-martin-test-drift2",
"eu-west-3",
).Return(
&s3.NotificationConfiguration{
LambdaFunctionConfigurations: []*s3.LambdaFunctionConfiguration{
{
Id: awssdk.String("tf-s3-lambda-20201103165354926600000001"),
},
{
Id: awssdk.String("tf-s3-lambda-20201103165354926600000002"),
},
},
},
nil,
)
repository.On(
"GetBucketLocation",
"bucket-martin-test-drift3",
).Return(
"ap-northeast-1",
nil,
)
},
},
{
test: "Cannot get bucket notification", dirName: "s3_bucket_notifications_list_bucket",
mocks: func(repository *repository.MockS3Repository) {
repository.On(
"ListAllBuckets",
).Return([]*s3.Bucket{
{Name: awssdk.String("dritftctl-test-notifications-error")},
}, nil)
repository.On(
"GetBucketLocation",
"dritftctl-test-notifications-error",
).Return(
"eu-west-3",
nil,
)
repository.On("GetBucketNotification", "dritftctl-test-notifications-error", "eu-west-3").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketNotificationResourceType),
},
{
test: "Cannot list bucket", dirName: "s3_bucket_notifications_list_bucket",
mocks: func(repository *repository.MockS3Repository) {
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
},
wantErr: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketNotificationResourceType, resourceaws.AwsS3BucketResourceType),
},
}
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
deserializer := resource.NewDeserializer(factory)
alerter := &mocks.AlerterInterface{}
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
shouldUpdate := c.dirName == *goldenfile.Update
session := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
scanOptions := ScannerOptions{Deep: true}
providerLibrary := terraform.NewProviderLibrary()
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
fakeRepo := &repository.MockS3Repository{}
c.mocks(fakeRepo)
var repo repository.S3Repository = fakeRepo
providerVersion := "3.19.0"
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
if err != nil {
t.Fatal(err)
}
provider := terraform2.NewFakeTerraformProvider(realProvider)
provider.WithResponse(c.dirName)
// Replace mock by real resources if we are in update mode
if shouldUpdate {
err := realProvider.Init()
if err != nil {
t.Fatal(err)
}
provider.ShouldUpdate()
repo = repository.NewS3Repository(client.NewAWSClientFactory(session), cache.New(0))
}
remoteLibrary.AddEnumerator(aws.NewS3BucketNotificationEnumerator(repo, factory, tf.TerraformProviderConfig{
Name: "test",
DefaultAlias: "eu-west-3",
}))
remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketNotificationResourceType, aws.NewS3BucketNotificationDetailsFetcher(provider, deserializer))
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
test.TestAgainstGoldenFile(got, resourceaws.AwsS3BucketNotificationResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
})
}
}

View File

@ -1,11 +1,10 @@
package pkg
package remote
import (
"context"
"github.com/cloudskiff/driftctl/pkg/alerter"
"github.com/cloudskiff/driftctl/pkg/parallel"
"github.com/cloudskiff/driftctl/pkg/remote"
"github.com/cloudskiff/driftctl/pkg/remote/common"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/pkg/errors"
@ -21,11 +20,11 @@ type Scanner struct {
enumeratorRunner *parallel.ParallelRunner
detailsFetcherRunner *parallel.ParallelRunner
remoteLibrary *common.RemoteLibrary
alerter *alerter.Alerter
alerter alerter.AlerterInterface
options ScannerOptions
}
func NewScanner(resourceSuppliers []resource.Supplier, remoteLibrary *common.RemoteLibrary, alerter *alerter.Alerter, options ScannerOptions) *Scanner {
func NewScanner(resourceSuppliers []resource.Supplier, remoteLibrary *common.RemoteLibrary, alerter alerter.AlerterInterface, options ScannerOptions) *Scanner {
return &Scanner{
resourceSuppliers: resourceSuppliers,
enumeratorRunner: parallel.NewParallelRunner(context.TODO(), 10),
@ -64,7 +63,7 @@ func (s *Scanner) legacyScan() ([]resource.Resource, error) {
s.enumeratorRunner.Run(func() (interface{}, error) {
res, err := supplier.Resources()
if err != nil {
err := remote.HandleResourceEnumerationError(err, s.alerter)
err := HandleResourceEnumerationError(err, s.alerter)
if err == nil {
return []resource.Resource{}, nil
}

View File

@ -0,0 +1,5 @@
{
"Typ": "WyJvYmplY3QiLHsiYnVja2V0Ijoic3RyaW5nIiwiZGVzdGluYXRpb24iOlsibGlzdCIsWyJvYmplY3QiLHsiYnVja2V0IjpbImxpc3QiLFsib2JqZWN0Iix7ImFjY291bnRfaWQiOiJzdHJpbmciLCJidWNrZXRfYXJuIjoic3RyaW5nIiwiZW5jcnlwdGlvbiI6WyJsaXN0IixbIm9iamVjdCIseyJzc2Vfa21zIjpbImxpc3QiLFsib2JqZWN0Iix7ImtleV9pZCI6InN0cmluZyJ9XV0sInNzZV9zMyI6WyJsaXN0IixbIm9iamVjdCIse31dXX1dXSwiZm9ybWF0Ijoic3RyaW5nIiwicHJlZml4Ijoic3RyaW5nIn1dXX1dXSwiZW5hYmxlZCI6ImJvb2wiLCJmaWx0ZXIiOlsibGlzdCIsWyJvYmplY3QiLHsicHJlZml4Ijoic3RyaW5nIn1dXSwiaWQiOiJzdHJpbmciLCJpbmNsdWRlZF9vYmplY3RfdmVyc2lvbnMiOiJzdHJpbmciLCJuYW1lIjoic3RyaW5nIiwib3B0aW9uYWxfZmllbGRzIjpbInNldCIsInN0cmluZyJdLCJzY2hlZHVsZSI6WyJsaXN0IixbIm9iamVjdCIseyJmcmVxdWVuY3kiOiJzdHJpbmcifV1dfV0=",
"Val": "eyJidWNrZXQiOiJidWNrZXQtbWFydGluLXRlc3QtZHJpZnQyIiwiZGVzdGluYXRpb24iOlt7ImJ1Y2tldCI6W3siYWNjb3VudF9pZCI6IiIsImJ1Y2tldF9hcm4iOiJhcm46YXdzOnMzOjo6YnVja2V0LW1hcnRpbi10ZXN0LWRyaWZ0MiIsImVuY3J5cHRpb24iOltdLCJmb3JtYXQiOiJPUkMiLCJwcmVmaXgiOiIifV19XSwiZW5hYmxlZCI6dHJ1ZSwiZmlsdGVyIjpbXSwiaWQiOiJidWNrZXQtbWFydGluLXRlc3QtZHJpZnQyOkludmVudG9yeTJfQnVja2V0MiIsImluY2x1ZGVkX29iamVjdF92ZXJzaW9ucyI6IkFsbCIsIm5hbWUiOiJJbnZlbnRvcnkyX0J1Y2tldDIiLCJvcHRpb25hbF9maWVsZHMiOltdLCJzY2hlZHVsZSI6W3siZnJlcXVlbmN5IjoiRGFpbHkifV19",
"Err": null
}

View File

@ -0,0 +1,5 @@
{
"Typ": "WyJvYmplY3QiLHsiYnVja2V0Ijoic3RyaW5nIiwiZGVzdGluYXRpb24iOlsibGlzdCIsWyJvYmplY3QiLHsiYnVja2V0IjpbImxpc3QiLFsib2JqZWN0Iix7ImFjY291bnRfaWQiOiJzdHJpbmciLCJidWNrZXRfYXJuIjoic3RyaW5nIiwiZW5jcnlwdGlvbiI6WyJsaXN0IixbIm9iamVjdCIseyJzc2Vfa21zIjpbImxpc3QiLFsib2JqZWN0Iix7ImtleV9pZCI6InN0cmluZyJ9XV0sInNzZV9zMyI6WyJsaXN0IixbIm9iamVjdCIse31dXX1dXSwiZm9ybWF0Ijoic3RyaW5nIiwicHJlZml4Ijoic3RyaW5nIn1dXX1dXSwiZW5hYmxlZCI6ImJvb2wiLCJmaWx0ZXIiOlsibGlzdCIsWyJvYmplY3QiLHsicHJlZml4Ijoic3RyaW5nIn1dXSwiaWQiOiJzdHJpbmciLCJpbmNsdWRlZF9vYmplY3RfdmVyc2lvbnMiOiJzdHJpbmciLCJuYW1lIjoic3RyaW5nIiwib3B0aW9uYWxfZmllbGRzIjpbInNldCIsInN0cmluZyJdLCJzY2hlZHVsZSI6WyJsaXN0IixbIm9iamVjdCIseyJmcmVxdWVuY3kiOiJzdHJpbmcifV1dfV0=",
"Val": "eyJidWNrZXQiOiJidWNrZXQtbWFydGluLXRlc3QtZHJpZnQyIiwiZGVzdGluYXRpb24iOlt7ImJ1Y2tldCI6W3siYWNjb3VudF9pZCI6IiIsImJ1Y2tldF9hcm4iOiJhcm46YXdzOnMzOjo6YnVja2V0LW1hcnRpbi10ZXN0LWRyaWZ0MiIsImVuY3J5cHRpb24iOltdLCJmb3JtYXQiOiJPUkMiLCJwcmVmaXgiOiIifV19XSwiZW5hYmxlZCI6dHJ1ZSwiZmlsdGVyIjpbXSwiaWQiOiJidWNrZXQtbWFydGluLXRlc3QtZHJpZnQyOkludmVudG9yeV9CdWNrZXQyIiwiaW5jbHVkZWRfb2JqZWN0X3ZlcnNpb25zIjoiQWxsIiwibmFtZSI6IkludmVudG9yeV9CdWNrZXQyIiwib3B0aW9uYWxfZmllbGRzIjpbXSwic2NoZWR1bGUiOlt7ImZyZXF1ZW5jeSI6IkRhaWx5In1dfQ==",
"Err": null
}

View File

@ -5,4 +5,6 @@ type TerraformProvider interface {
SchemaSupplier
ResourceReader
Cleanup()
Name() string
Version() string
}

View File

@ -74,6 +74,7 @@ func doTestDiff(got []resource.Resource, dirName string, provider terraform.Terr
return differ.Diff(got, expectedResources)
}
// CtyTestDiff Deprecated
func CtyTestDiff(got []resource.Resource, dirName string, provider terraform.TerraformProvider, deserializer *resource.Deserializer, shouldUpdate bool, t *testing.T) {
changelog, err := doTestDiff(got, dirName, provider, deserializer, shouldUpdate)
if err != nil {

17
test/files.go Normal file
View File

@ -0,0 +1,17 @@
package test
import (
"io/ioutil"
"path"
"runtime"
)
func WriteTestFile(p string, content []byte) error {
_, filename, _, _ := runtime.Caller(1)
return ioutil.WriteFile(path.Join(path.Dir(filename), p), content, 0644)
}
func ReadTestFile(p string) ([]byte, error) {
_, filename, _, _ := runtime.Caller(1)
return ioutil.ReadFile(path.Join(path.Dir(filename), p))
}

View File

@ -167,3 +167,11 @@ func getFileNameSuffix(args terraform.ReadResourceArgs) string {
}
func (p MockedGoldenTFProvider) Cleanup() {}
func (p *MockedGoldenTFProvider) Name() string {
return p.realProvider.Name()
}
func (p *MockedGoldenTFProvider) Version() string {
return p.realProvider.Version()
}

View File

@ -0,0 +1,128 @@
package terraform
import (
gojson "encoding/json"
"fmt"
"sort"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/cloudskiff/driftctl/test"
"github.com/cloudskiff/driftctl/test/goldenfile"
"github.com/cloudskiff/driftctl/test/mocks"
"github.com/hashicorp/terraform/providers"
"github.com/pkg/errors"
"github.com/zclconf/go-cty/cty"
)
type FakeTerraformProvider struct {
realProvider terraform.TerraformProvider
shouldUpdate bool
response string
}
func NewFakeTerraformProvider(realProvider terraform.TerraformProvider) *FakeTerraformProvider {
return &FakeTerraformProvider{realProvider: realProvider}
}
func (p *FakeTerraformProvider) ShouldUpdate() {
p.shouldUpdate = true
}
func (m *FakeTerraformProvider) Schema() map[string]providers.Schema {
if m.shouldUpdate {
schema := m.realProvider.Schema()
m.writeSchema(schema)
return schema
}
return m.readSchema()
}
func (p *FakeTerraformProvider) WithResponse(response string) *FakeTerraformProvider {
p.response = response
return p
}
func (p *FakeTerraformProvider) ReadResource(args terraform.ReadResourceArgs) (*cty.Value, error) {
if p.response == "" {
return nil, errors.New("WithResponse should be called before ReadResource to specify a directory to fetch fake response")
}
if p.shouldUpdate {
readResource, err := p.realProvider.ReadResource(args)
p.writeResource(args, readResource, err)
return readResource, err
}
return p.readResource(args)
}
func (p *FakeTerraformProvider) writeSchema(schema map[string]providers.Schema) {
marshal, err := gojson.Marshal(schema)
if err != nil {
panic(err)
}
err = test.WriteTestFile(fmt.Sprintf("schemas/%s/%s.json", p.realProvider.Name(), p.realProvider.Version()), marshal)
if err != nil {
panic(err)
}
}
func (p *FakeTerraformProvider) readSchema() map[string]providers.Schema {
content, err := test.ReadTestFile(fmt.Sprintf("schemas/%s/%s.json", p.realProvider.Name(), p.realProvider.Version()))
if err != nil {
panic(err)
}
var schema map[string]providers.Schema
if err := gojson.Unmarshal(content, &schema); err != nil {
panic(err)
}
return schema
}
func (p *FakeTerraformProvider) writeResource(args terraform.ReadResourceArgs, readResource *cty.Value, err error) {
var readRes = mocks.ReadResource{
Value: readResource,
Err: err,
}
marshalled, err := gojson.Marshal(&readRes)
if err != nil {
panic(err)
}
fileName := p.getFileName(args)
goldenfile.WriteFile(p.response, marshalled, fileName)
}
func (p *FakeTerraformProvider) readResource(args terraform.ReadResourceArgs) (*cty.Value, error) {
fileName := p.getFileName(args)
content := goldenfile.ReadFile(p.response, fileName)
var readRes mocks.ReadResource
if err := gojson.Unmarshal(content, &readRes); err != nil {
panic(err)
}
return readRes.Value, readRes.Err
}
func (p *FakeTerraformProvider) getFileName(args terraform.ReadResourceArgs) string {
suffix := ""
keys := make([]string, 0, len(args.Attributes))
for k := range args.Attributes {
keys = append(keys, k)
}
sort.Strings(keys)
for _, k := range keys {
suffix = fmt.Sprintf("%s-%s", suffix, args.Attributes[k])
}
fileName := fmt.Sprintf("%s-%s%s.res.golden.json", args.Ty, args.ID, suffix)
return fileName
}
func (p *FakeTerraformProvider) Cleanup() {}
func (p *FakeTerraformProvider) Name() string {
return p.realProvider.Name()
}
func (p *FakeTerraformProvider) Version() string {
return p.realProvider.Version()
}

View File

@ -0,0 +1,20 @@
package terraform
import (
"os"
"github.com/cloudskiff/driftctl/pkg/output"
"github.com/cloudskiff/driftctl/pkg/remote/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
)
func InitTestAwsProvider(providerLibrary *terraform.ProviderLibrary, version string) (*aws.AWSTerraformProvider, error) {
progress := &output.MockProgress{}
progress.On("Inc").Maybe().Return()
provider, err := aws.NewAWSTerraformProvider(version, progress, os.TempDir())
if err != nil {
return nil, err
}
providerLibrary.AddProvider(terraform.AWS, provider)
return provider, nil
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

74
test/test_diff.go Normal file
View File

@ -0,0 +1,74 @@
package test
import (
"strings"
"testing"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/cloudskiff/driftctl/test/goldenfile"
"github.com/r3labs/diff/v2"
"github.com/zclconf/go-cty/cty"
"github.com/zclconf/go-cty/cty/gocty"
"github.com/zclconf/go-cty/cty/json"
)
func TestAgainstGoldenFile(
got []resource.Resource,
ty string,
dirName string,
provider terraform.TerraformProvider,
deserializer *resource.Deserializer,
shouldUpdate bool,
tt *testing.T,
) {
resGoldenName := "results.golden.json"
var expectedResources []resource.Resource
ctyType := cty.List(provider.Schema()[ty].Block.ImpliedType())
// update golden file
if shouldUpdate {
ctVal, err := gocty.ToCtyValue(got, ctyType)
if err != nil {
panic(err)
}
unm, err := json.Marshal(ctVal, ctyType)
if err != nil {
panic(err)
}
goldenfile.WriteFile(dirName, unm, resGoldenName)
}
// read golden file
file := goldenfile.ReadFile(dirName, resGoldenName)
decodedJson, err := json.Unmarshal(file, ctyType)
if err != nil {
panic(err)
}
decodedResources, err := deserializer.Deserialize(ty, decodedJson.AsValueSlice())
if err != nil {
panic(err)
}
expectedResources = append(expectedResources, decodedResources...)
// diff
differ, err := diff.NewDiffer(diff.SliceOrdering(true))
if err != nil {
panic(err)
}
got = resource.Sort(got)
expectedResources = resource.Sort(expectedResources)
changelog, err := differ.Diff(got, expectedResources)
if err != nil {
panic(err)
}
if len(changelog) > 0 {
for _, change := range changelog {
tt.Errorf("%s got = %v, want %v", strings.Join(change.Path, "."), awsutil.Prettify(change.From), awsutil.Prettify(change.To))
}
}
}