Merge branch 'main' into sso
commit
0ca2866e5e
|
@ -209,7 +209,7 @@ func scanRun(opts *pkg.ScanOptions) error {
|
|||
logrus.Trace("Exited")
|
||||
}()
|
||||
|
||||
scanner := pkg.NewScanner(supplierLibrary.Suppliers(), remoteLibrary, alerter, pkg.ScannerOptions{Deep: opts.Deep})
|
||||
scanner := remote.NewScanner(supplierLibrary.Suppliers(), remoteLibrary, alerter, remote.ScannerOptions{Deep: opts.Deep})
|
||||
|
||||
iacSupplier, err := supplier.GetIACSupplier(opts.From, providerLibrary, opts.BackendOptions, iacProgress, resFactory)
|
||||
if err != nil {
|
||||
|
|
|
@ -80,6 +80,7 @@ func (d DriftCTL) Run() (*analyser.Analysis, error) {
|
|||
middlewares.NewRoute53DefaultZoneRecordSanitizer(),
|
||||
middlewares.NewS3BucketAcl(),
|
||||
middlewares.NewAwsInstanceBlockDeviceResourceMapper(d.resourceFactory),
|
||||
middlewares.NewAwsDefaultSecurityGroupRule(),
|
||||
middlewares.NewVPCDefaultSecurityGroupSanitizer(),
|
||||
middlewares.NewVPCSecurityGroupRuleSanitizer(d.resourceFactory),
|
||||
middlewares.NewIamPolicyAttachmentTransformer(d.resourceFactory),
|
||||
|
|
1616
pkg/driftctl_test.go
1616
pkg/driftctl_test.go
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,132 @@
|
|||
package middlewares
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// Remove default security group rules of the default security group from remote resources
|
||||
type AwsDefaultSecurityGroupRule struct{}
|
||||
|
||||
func NewAwsDefaultSecurityGroupRule() AwsDefaultSecurityGroupRule {
|
||||
return AwsDefaultSecurityGroupRule{}
|
||||
}
|
||||
|
||||
func (m AwsDefaultSecurityGroupRule) Execute(remoteResources, resourcesFromState *[]resource.Resource) error {
|
||||
newRemoteResources := make([]resource.Resource, 0)
|
||||
|
||||
for _, remoteResource := range *remoteResources {
|
||||
existInState := false
|
||||
|
||||
// Ignore all resources other than security group rules
|
||||
if remoteResource.TerraformType() != aws.AwsSecurityGroupRuleResourceType {
|
||||
newRemoteResources = append(newRemoteResources, remoteResource)
|
||||
continue
|
||||
}
|
||||
|
||||
rule, _ := remoteResource.(*resource.AbstractResource)
|
||||
|
||||
// Ignore if it's not the default ingress or egress rule
|
||||
if !isDefaultIngress(rule, remoteResources) && !isDefaultEgress(rule, remoteResources) {
|
||||
newRemoteResources = append(newRemoteResources, remoteResource)
|
||||
continue
|
||||
}
|
||||
|
||||
for _, stateResource := range *resourcesFromState {
|
||||
if resource.IsSameResource(remoteResource, stateResource) {
|
||||
existInState = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if existInState {
|
||||
newRemoteResources = append(newRemoteResources, remoteResource)
|
||||
}
|
||||
|
||||
if !existInState {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"id": remoteResource.TerraformId(),
|
||||
"type": remoteResource.TerraformType(),
|
||||
}).Debug("Ignoring default unmanaged security group rule")
|
||||
}
|
||||
}
|
||||
|
||||
*remoteResources = newRemoteResources
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func isDefaultIngress(rule *resource.AbstractResource, remoteResources *[]resource.Resource) bool {
|
||||
if ty := rule.Attrs.GetString("type"); ty == nil || *ty != "ingress" {
|
||||
return false
|
||||
}
|
||||
if from := rule.Attrs.GetInt("from_port"); from == nil || *from != 0 {
|
||||
return false
|
||||
}
|
||||
if to := rule.Attrs.GetInt("to_port"); to == nil || *to != 0 {
|
||||
return false
|
||||
}
|
||||
if protocol := rule.Attrs.GetString("protocol"); protocol == nil || *protocol != "-1" {
|
||||
return false
|
||||
}
|
||||
if _, exist := rule.Attrs.Get("cidr_blocks"); exist {
|
||||
return false
|
||||
}
|
||||
if _, exist := rule.Attrs.Get("ipv6_cidr_blocks"); exist {
|
||||
return false
|
||||
}
|
||||
if _, exist := rule.Attrs.Get("prefix_list_ids"); exist {
|
||||
return false
|
||||
}
|
||||
sgId := rule.Attrs.GetString("security_group_id")
|
||||
sourceSgId := rule.Attrs.GetString("source_security_group_id")
|
||||
if sgId == nil || sourceSgId == nil || *sgId != *sourceSgId {
|
||||
return false
|
||||
}
|
||||
return isFromDefaultSecurityGroup(sgId, remoteResources)
|
||||
}
|
||||
|
||||
func isDefaultEgress(rule *resource.AbstractResource, remoteResources *[]resource.Resource) bool {
|
||||
if ty := rule.Attrs.GetString("type"); ty == nil || *ty != "egress" {
|
||||
return false
|
||||
}
|
||||
if from := rule.Attrs.GetInt("from_port"); from == nil || *from != 0 {
|
||||
return false
|
||||
}
|
||||
if to := rule.Attrs.GetInt("to_port"); to == nil || *to != 0 {
|
||||
return false
|
||||
}
|
||||
if protocol := rule.Attrs.GetString("protocol"); protocol == nil || *protocol != "-1" {
|
||||
return false
|
||||
}
|
||||
if ipv4 := rule.Attrs.GetSlice("cidr_blocks"); ipv4 == nil || len(ipv4) != 1 || ipv4[0] != "0.0.0.0/0" {
|
||||
return false
|
||||
}
|
||||
if _, exist := rule.Attrs.Get("ipv6_cidr_blocks"); exist {
|
||||
return false
|
||||
}
|
||||
if _, exist := rule.Attrs.Get("prefix_list_ids"); exist {
|
||||
return false
|
||||
}
|
||||
if self := rule.Attrs.GetBool("self"); self == nil || *self {
|
||||
return false
|
||||
}
|
||||
sgId := rule.Attrs.GetString("security_group_id")
|
||||
if sgId == nil {
|
||||
return false
|
||||
}
|
||||
return isFromDefaultSecurityGroup(sgId, remoteResources)
|
||||
}
|
||||
|
||||
func isFromDefaultSecurityGroup(sgId *string, remoteResources *[]resource.Resource) bool {
|
||||
for _, remoteResource := range *remoteResources {
|
||||
if remoteResource.TerraformType() != aws.AwsDefaultSecurityGroupResourceType {
|
||||
continue
|
||||
}
|
||||
if *sgId == remoteResource.TerraformId() {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
|
@ -0,0 +1,311 @@
|
|||
package middlewares
|
||||
|
||||
import (
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
)
|
||||
|
||||
func TestAwsDefaultSecurityGroupRule_Execute(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
remoteResources *[]resource.Resource
|
||||
resourcesFromState *[]resource.Resource
|
||||
expected *[]resource.Resource
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "Should ignore default rules if not managed",
|
||||
remoteResources: &[]resource.Resource{
|
||||
&resource.AbstractResource{
|
||||
Id: "default-sg",
|
||||
Type: aws.AwsDefaultSecurityGroupResourceType,
|
||||
Attrs: &resource.Attributes{},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-ingress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "ingress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"source_security_group_id": "default-sg",
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-egress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"self": false,
|
||||
"cidr_blocks": []interface{}{"0.0.0.0/0"},
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-ingress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "ingress",
|
||||
"from_port": float64(22),
|
||||
"to_port": float64(22),
|
||||
"protocol": "tcp",
|
||||
"security_group_id": "default-sg",
|
||||
"cidr_blocks": []interface{}{"1.2.3.4/32"},
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-egress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"self": false,
|
||||
"ipv6_cidr_blocks": []interface{}{"::/0"},
|
||||
},
|
||||
},
|
||||
},
|
||||
resourcesFromState: &[]resource.Resource{},
|
||||
expected: &[]resource.Resource{
|
||||
&resource.AbstractResource{
|
||||
Id: "default-sg",
|
||||
Type: aws.AwsDefaultSecurityGroupResourceType,
|
||||
Attrs: &resource.Attributes{},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-ingress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "ingress",
|
||||
"from_port": float64(22),
|
||||
"to_port": float64(22),
|
||||
"protocol": "tcp",
|
||||
"security_group_id": "default-sg",
|
||||
"cidr_blocks": []interface{}{"1.2.3.4/32"},
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-egress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"self": false,
|
||||
"ipv6_cidr_blocks": []interface{}{"::/0"},
|
||||
},
|
||||
},
|
||||
},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "Should not ignore default rules if managed",
|
||||
remoteResources: &[]resource.Resource{
|
||||
&resource.AbstractResource{
|
||||
Id: "default-sg",
|
||||
Type: aws.AwsDefaultSecurityGroupResourceType,
|
||||
Attrs: &resource.Attributes{},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-sg",
|
||||
Type: aws.AwsSecurityGroupResourceType,
|
||||
Attrs: &resource.Attributes{},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-ingress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "ingress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"source_security_group_id": "default-sg",
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-egress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"self": false,
|
||||
"cidr_blocks": []interface{}{"0.0.0.0/0"},
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-ingress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "ingress",
|
||||
"from_port": float64(22),
|
||||
"to_port": float64(22),
|
||||
"protocol": "tcp",
|
||||
"security_group_id": "dummy-sg",
|
||||
"cidr_blocks": []interface{}{"1.2.3.4/32"},
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-egress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "dummy-sg",
|
||||
"self": false,
|
||||
"ipv6_cidr_blocks": []interface{}{"::/0"},
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-egress-2",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "dummy-sg",
|
||||
"self": false,
|
||||
"cidr_blocks": []interface{}{"0.0.0.0/0"},
|
||||
},
|
||||
},
|
||||
},
|
||||
resourcesFromState: &[]resource.Resource{
|
||||
&resource.AbstractResource{
|
||||
Id: "default-sg",
|
||||
Type: aws.AwsDefaultSecurityGroupResourceType,
|
||||
Attrs: &resource.Attributes{},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-ingress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "ingress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"source_security_group_id": "default-sg",
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-egress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"self": false,
|
||||
"cidr_blocks": []interface{}{"0.0.0.0/0"},
|
||||
},
|
||||
},
|
||||
},
|
||||
expected: &[]resource.Resource{
|
||||
&resource.AbstractResource{
|
||||
Id: "default-sg",
|
||||
Type: aws.AwsDefaultSecurityGroupResourceType,
|
||||
Attrs: &resource.Attributes{},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-sg",
|
||||
Type: aws.AwsSecurityGroupResourceType,
|
||||
Attrs: &resource.Attributes{},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-ingress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "ingress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"source_security_group_id": "default-sg",
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-egress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "default-sg",
|
||||
"self": false,
|
||||
"cidr_blocks": []interface{}{"0.0.0.0/0"},
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-ingress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "ingress",
|
||||
"from_port": float64(22),
|
||||
"to_port": float64(22),
|
||||
"protocol": "tcp",
|
||||
"security_group_id": "dummy-sg",
|
||||
"cidr_blocks": []interface{}{"1.2.3.4/32"},
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "dummy-egress",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "dummy-sg",
|
||||
"self": false,
|
||||
"ipv6_cidr_blocks": []interface{}{"::/0"},
|
||||
},
|
||||
},
|
||||
&resource.AbstractResource{
|
||||
Id: "default-egress-2",
|
||||
Type: aws.AwsSecurityGroupRuleResourceType,
|
||||
Attrs: &resource.Attributes{
|
||||
"type": "egress",
|
||||
"from_port": float64(0),
|
||||
"to_port": float64(0),
|
||||
"protocol": "-1",
|
||||
"security_group_id": "dummy-sg",
|
||||
"self": false,
|
||||
"cidr_blocks": []interface{}{"0.0.0.0/0"},
|
||||
},
|
||||
},
|
||||
},
|
||||
wantErr: false,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
m := AwsDefaultSecurityGroupRule{}
|
||||
if err := m.Execute(tt.remoteResources, tt.resourcesFromState); (err != nil) != tt.wantErr {
|
||||
t.Errorf("Execute() error = %v, wantErr %v", err, tt.wantErr)
|
||||
}
|
||||
if !reflect.DeepEqual(tt.remoteResources, tt.expected) {
|
||||
t.Fatalf("Expected results mismatch")
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
|
@ -61,10 +61,13 @@ func Init(version string, alerter *alerter.Alerter,
|
|||
remoteLibrary.AddEnumerator(NewS3BucketEnumerator(s3Repository, factory, provider.Config))
|
||||
remoteLibrary.AddDetailsFetcher(aws.AwsS3BucketResourceType, NewS3BucketDetailsFetcher(provider, deserializer))
|
||||
|
||||
remoteLibrary.AddEnumerator(NewS3BucketInventoryEnumerator(s3Repository, factory, provider.Config))
|
||||
remoteLibrary.AddDetailsFetcher(aws.AwsS3BucketInventoryResourceType, NewS3BucketInventoryDetailsFetcher(provider, deserializer))
|
||||
remoteLibrary.AddEnumerator(NewS3BucketNotificationEnumerator(s3Repository, factory, provider.Config))
|
||||
remoteLibrary.AddDetailsFetcher(aws.AwsS3BucketNotificationResourceType, NewS3BucketNotificationDetailsFetcher(provider, deserializer))
|
||||
|
||||
supplierLibrary.AddSupplier(NewS3BucketAnalyticSupplier(provider, s3Repository, deserializer))
|
||||
supplierLibrary.AddSupplier(NewS3BucketInventorySupplier(provider, s3Repository, deserializer))
|
||||
supplierLibrary.AddSupplier(NewS3BucketMetricSupplier(provider, s3Repository, deserializer))
|
||||
supplierLibrary.AddSupplier(NewS3BucketNotificationSupplier(provider, s3Repository, deserializer))
|
||||
supplierLibrary.AddSupplier(NewS3BucketPolicySupplier(provider, s3Repository, deserializer))
|
||||
supplierLibrary.AddSupplier(NewEC2EipSupplier(provider, ec2repository, deserializer))
|
||||
supplierLibrary.AddSupplier(NewEC2EipAssociationSupplier(provider, deserializer, ec2repository))
|
||||
|
|
|
@ -40,13 +40,17 @@ type awsConfig struct {
|
|||
type AWSTerraformProvider struct {
|
||||
*terraform.TerraformProvider
|
||||
session *session.Session
|
||||
name string
|
||||
version string
|
||||
}
|
||||
|
||||
func NewAWSTerraformProvider(version string, progress output.Progress, configDir string) (*AWSTerraformProvider, error) {
|
||||
p := &AWSTerraformProvider{}
|
||||
providerKey := "aws"
|
||||
p := &AWSTerraformProvider{
|
||||
version: version,
|
||||
name: "aws",
|
||||
}
|
||||
installer, err := tf.NewProviderInstaller(tf.ProviderConfig{
|
||||
Key: providerKey,
|
||||
Key: p.name,
|
||||
Version: version,
|
||||
ConfigDir: configDir,
|
||||
})
|
||||
|
@ -57,7 +61,7 @@ func NewAWSTerraformProvider(version string, progress output.Progress, configDir
|
|||
SharedConfigState: session.SharedConfigEnable,
|
||||
}))
|
||||
tfProvider, err := terraform.NewTerraformProvider(installer, terraform.TerraformProviderConfig{
|
||||
Name: providerKey,
|
||||
Name: p.name,
|
||||
DefaultAlias: *p.session.Config.Region,
|
||||
GetProviderConfig: func(alias string) interface{} {
|
||||
return awsConfig{
|
||||
|
@ -72,3 +76,11 @@ func NewAWSTerraformProvider(version string, progress output.Progress, configDir
|
|||
p.TerraformProvider = tfProvider
|
||||
return p, err
|
||||
}
|
||||
|
||||
func (a *AWSTerraformProvider) Name() string {
|
||||
return a.name
|
||||
}
|
||||
|
||||
func (p *AWSTerraformProvider) Version() string {
|
||||
return p.version
|
||||
}
|
||||
|
|
|
@ -33,6 +33,29 @@ func (_m *MockS3Repository) GetBucketLocation(bucketName string) (string, error)
|
|||
return r0, r1
|
||||
}
|
||||
|
||||
// GetBucketNotification provides a mock function with given fields: bucketName, region
|
||||
func (_m *MockS3Repository) GetBucketNotification(bucketName string, region string) (*s3.NotificationConfiguration, error) {
|
||||
ret := _m.Called(bucketName, region)
|
||||
|
||||
var r0 *s3.NotificationConfiguration
|
||||
if rf, ok := ret.Get(0).(func(string, string) *s3.NotificationConfiguration); ok {
|
||||
r0 = rf(bucketName, region)
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).(*s3.NotificationConfiguration)
|
||||
}
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func(string, string) error); ok {
|
||||
r1 = rf(bucketName, region)
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListAllBuckets provides a mock function with given fields:
|
||||
func (_m *MockS3Repository) ListAllBuckets() ([]*s3.Bucket, error) {
|
||||
ret := _m.Called()
|
||||
|
|
|
@ -14,6 +14,7 @@ import (
|
|||
|
||||
type S3Repository interface {
|
||||
ListAllBuckets() ([]*s3.Bucket, error)
|
||||
GetBucketNotification(bucketName, region string) (*s3.NotificationConfiguration, error)
|
||||
ListBucketInventoryConfigurations(bucket *s3.Bucket, region string) ([]*s3.InventoryConfiguration, error)
|
||||
ListBucketMetricsConfigurations(bucket *s3.Bucket, region string) ([]*s3.MetricsConfiguration, error)
|
||||
ListBucketAnalyticsConfigurations(bucket *s3.Bucket, region string) ([]*s3.AnalyticsConfiguration, error)
|
||||
|
@ -45,6 +46,39 @@ func (s *s3Repository) ListAllBuckets() ([]*s3.Bucket, error) {
|
|||
return out.Buckets, nil
|
||||
}
|
||||
|
||||
func (s *s3Repository) GetBucketNotification(bucketName, region string) (*s3.NotificationConfiguration, error) {
|
||||
cacheKey := fmt.Sprintf("s3GetBucketNotification_%s_%s", bucketName, region)
|
||||
if v := s.cache.Get(cacheKey); v != nil {
|
||||
return v.(*s3.NotificationConfiguration), nil
|
||||
}
|
||||
bucketNotificationConfig, err := s.clientFactory.
|
||||
GetS3Client(&awssdk.Config{Region: ®ion}).
|
||||
GetBucketNotificationConfiguration(
|
||||
&s3.GetBucketNotificationConfigurationRequest{Bucket: &bucketName},
|
||||
)
|
||||
if err != nil {
|
||||
return nil, errors.Wrapf(
|
||||
err,
|
||||
"Error listing bucket notification configuration %s",
|
||||
bucketName,
|
||||
)
|
||||
}
|
||||
|
||||
result := bucketNotificationConfig
|
||||
if s.notificationIsEmpty(bucketNotificationConfig) {
|
||||
result = nil
|
||||
}
|
||||
|
||||
s.cache.Put(cacheKey, result)
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (s *s3Repository) notificationIsEmpty(notification *s3.NotificationConfiguration) bool {
|
||||
return notification.TopicConfigurations == nil &&
|
||||
notification.QueueConfigurations == nil &&
|
||||
notification.LambdaFunctionConfigurations == nil
|
||||
}
|
||||
|
||||
func (s *s3Repository) ListBucketInventoryConfigurations(bucket *s3.Bucket, region string) ([]*s3.InventoryConfiguration, error) {
|
||||
cacheKey := fmt.Sprintf("s3ListBucketInventoryConfigurations_%s_%s", *bucket.Name, region)
|
||||
if v := s.cache.Get(cacheKey); v != nil {
|
||||
|
|
|
@ -89,6 +89,159 @@ func Test_s3Repository_ListAllBuckets(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func Test_s3Repository_GetBucketNotification(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
bucketName, region string
|
||||
mocks func(client *awstest.MockFakeS3)
|
||||
want *s3.NotificationConfiguration
|
||||
wantErr string
|
||||
}{
|
||||
{
|
||||
name: "get empty bucket notification",
|
||||
bucketName: "test-bucket",
|
||||
region: "us-east-1",
|
||||
mocks: func(client *awstest.MockFakeS3) {
|
||||
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
|
||||
Bucket: aws.String("test-bucket"),
|
||||
}).Return(
|
||||
&s3.NotificationConfiguration{},
|
||||
nil,
|
||||
).Once()
|
||||
},
|
||||
want: nil,
|
||||
},
|
||||
{
|
||||
name: "get bucket notification with lambda config",
|
||||
bucketName: "test-bucket",
|
||||
region: "us-east-1",
|
||||
mocks: func(client *awstest.MockFakeS3) {
|
||||
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
|
||||
Bucket: aws.String("test-bucket"),
|
||||
}).Return(
|
||||
&s3.NotificationConfiguration{
|
||||
LambdaFunctionConfigurations: []*s3.LambdaFunctionConfiguration{
|
||||
{
|
||||
Id: aws.String("test"),
|
||||
},
|
||||
},
|
||||
},
|
||||
nil,
|
||||
).Once()
|
||||
},
|
||||
want: &s3.NotificationConfiguration{
|
||||
LambdaFunctionConfigurations: []*s3.LambdaFunctionConfiguration{
|
||||
{
|
||||
Id: aws.String("test"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "get bucket notification with queue config",
|
||||
bucketName: "test-bucket",
|
||||
region: "us-east-1",
|
||||
mocks: func(client *awstest.MockFakeS3) {
|
||||
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
|
||||
Bucket: aws.String("test-bucket"),
|
||||
}).Return(
|
||||
&s3.NotificationConfiguration{
|
||||
QueueConfigurations: []*s3.QueueConfiguration{
|
||||
{
|
||||
Id: awssdk.String("test"),
|
||||
},
|
||||
},
|
||||
},
|
||||
nil,
|
||||
).Once()
|
||||
},
|
||||
want: &s3.NotificationConfiguration{
|
||||
QueueConfigurations: []*s3.QueueConfiguration{
|
||||
{
|
||||
Id: awssdk.String("test"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "get bucket notification with topic config",
|
||||
bucketName: "test-bucket",
|
||||
region: "us-east-1",
|
||||
mocks: func(client *awstest.MockFakeS3) {
|
||||
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
|
||||
Bucket: aws.String("test-bucket"),
|
||||
}).Return(
|
||||
&s3.NotificationConfiguration{
|
||||
TopicConfigurations: []*s3.TopicConfiguration{
|
||||
{
|
||||
Id: awssdk.String("test"),
|
||||
},
|
||||
},
|
||||
},
|
||||
nil,
|
||||
).Once()
|
||||
},
|
||||
want: &s3.NotificationConfiguration{
|
||||
TopicConfigurations: []*s3.TopicConfiguration{
|
||||
{
|
||||
Id: awssdk.String("test"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "get bucket location when error",
|
||||
bucketName: "test-bucket",
|
||||
region: "us-east-1",
|
||||
mocks: func(client *awstest.MockFakeS3) {
|
||||
client.On("GetBucketNotificationConfiguration", &s3.GetBucketNotificationConfigurationRequest{
|
||||
Bucket: aws.String("test-bucket"),
|
||||
}).Return(
|
||||
nil,
|
||||
awserr.New("UnknownError", "aws error", nil),
|
||||
).Once()
|
||||
},
|
||||
wantErr: "Error listing bucket notification configuration test-bucket: UnknownError: aws error",
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
store := cache.New(1)
|
||||
mockedClient := &awstest.MockFakeS3{}
|
||||
tt.mocks(mockedClient)
|
||||
factory := client.MockAwsClientFactoryInterface{}
|
||||
factory.On("GetS3Client", &aws.Config{Region: &tt.region}).Return(mockedClient).Once()
|
||||
r := NewS3Repository(&factory, store)
|
||||
got, err := r.GetBucketNotification(tt.bucketName, tt.region)
|
||||
factory.AssertExpectations(t)
|
||||
if err != nil && tt.wantErr == "" {
|
||||
t.Fatalf("Unexpected error %+v", err)
|
||||
}
|
||||
if err != nil {
|
||||
assert.Equal(t, tt.wantErr, err.Error())
|
||||
}
|
||||
|
||||
if err == nil && tt.want != nil {
|
||||
// Check that results were cached
|
||||
cachedData, err := r.GetBucketNotification(tt.bucketName, tt.region)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, got, cachedData)
|
||||
assert.IsType(t, &s3.NotificationConfiguration{}, store.Get(fmt.Sprintf("s3GetBucketNotification_%s_%s", tt.bucketName, tt.region)))
|
||||
}
|
||||
|
||||
changelog, err := diff.Diff(got, tt.want)
|
||||
assert.Nil(t, err)
|
||||
if len(changelog) > 0 {
|
||||
for _, change := range changelog {
|
||||
t.Errorf("%s: %s -> %s", strings.Join(change.Path, "."), change.From, change.To)
|
||||
}
|
||||
t.Fail()
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_s3Repository_ListBucketInventoryConfigurations(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
|
|
|
@ -11,7 +11,7 @@ type S3BucketDetailsFetcher struct {
|
|||
deserializer *resource.Deserializer
|
||||
}
|
||||
|
||||
func NewS3BucketDetailsFetcher(provider *AWSTerraformProvider, deserializer *resource.Deserializer) *S3BucketDetailsFetcher {
|
||||
func NewS3BucketDetailsFetcher(provider terraform.ResourceReader, deserializer *resource.Deserializer) *S3BucketDetailsFetcher {
|
||||
return &S3BucketDetailsFetcher{
|
||||
reader: provider,
|
||||
deserializer: deserializer,
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
)
|
||||
|
||||
type S3BucketInventoryDetailsFetcher struct {
|
||||
reader terraform.ResourceReader
|
||||
deserializer *resource.Deserializer
|
||||
}
|
||||
|
||||
func NewS3BucketInventoryDetailsFetcher(provider terraform.ResourceReader, deserializer *resource.Deserializer) *S3BucketInventoryDetailsFetcher {
|
||||
return &S3BucketInventoryDetailsFetcher{
|
||||
reader: provider,
|
||||
deserializer: deserializer,
|
||||
}
|
||||
}
|
||||
|
||||
func (r *S3BucketInventoryDetailsFetcher) ReadDetails(res resource.Resource) (resource.Resource, error) {
|
||||
ctyVal, err := r.reader.ReadResource(terraform.ReadResourceArgs{
|
||||
Ty: aws.AwsS3BucketInventoryResourceType,
|
||||
ID: res.TerraformId(),
|
||||
Attributes: map[string]string{
|
||||
"alias": *res.Attributes().GetString("region"),
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketInventoryResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return deserializedRes, nil
|
||||
}
|
|
@ -0,0 +1,74 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
type S3BucketInventoryEnumerator struct {
|
||||
repository repository.S3Repository
|
||||
factory resource.ResourceFactory
|
||||
providerConfig tf.TerraformProviderConfig
|
||||
}
|
||||
|
||||
func NewS3BucketInventoryEnumerator(repo repository.S3Repository, factory resource.ResourceFactory, providerConfig tf.TerraformProviderConfig) *S3BucketInventoryEnumerator {
|
||||
return &S3BucketInventoryEnumerator{
|
||||
repository: repo,
|
||||
factory: factory,
|
||||
providerConfig: providerConfig,
|
||||
}
|
||||
}
|
||||
|
||||
func (e *S3BucketInventoryEnumerator) SupportedType() resource.ResourceType {
|
||||
return aws.AwsS3BucketInventoryResourceType
|
||||
}
|
||||
|
||||
func (e *S3BucketInventoryEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
buckets, err := e.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(buckets))
|
||||
|
||||
for _, bucket := range buckets {
|
||||
region, err := e.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if region == "" || region != e.providerConfig.DefaultAlias {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"region": region,
|
||||
"bucket": *bucket.Name,
|
||||
}).Debug("Skipped bucket inventory")
|
||||
continue
|
||||
}
|
||||
|
||||
inventoryConfigurations, err := e.repository.ListBucketInventoryConfigurations(bucket, region)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsS3BucketInventoryResourceType)
|
||||
}
|
||||
|
||||
for _, config := range inventoryConfigurations {
|
||||
id := fmt.Sprintf("%s:%s", *bucket.Name, *config.Id)
|
||||
results = append(
|
||||
results,
|
||||
e.factory.CreateAbstractResource(
|
||||
string(e.SupportedType()),
|
||||
id,
|
||||
map[string]interface{}{
|
||||
"region": region,
|
||||
},
|
||||
),
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
return results, err
|
||||
}
|
|
@ -1,88 +0,0 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/aws/aws-sdk-go/service/s3"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
)
|
||||
|
||||
type S3BucketInventorySupplier struct {
|
||||
reader terraform.ResourceReader
|
||||
deserializer *resource.Deserializer
|
||||
repository repository.S3Repository
|
||||
runner *terraform.ParallelResourceReader
|
||||
providerConfig tf.TerraformProviderConfig
|
||||
}
|
||||
|
||||
func NewS3BucketInventorySupplier(provider *AWSTerraformProvider, repository repository.S3Repository, deserializer *resource.Deserializer) *S3BucketInventorySupplier {
|
||||
return &S3BucketInventorySupplier{
|
||||
provider,
|
||||
deserializer,
|
||||
repository,
|
||||
terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
|
||||
provider.Config,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *S3BucketInventorySupplier) Resources() ([]resource.Resource, error) {
|
||||
buckets, err := s.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, aws.AwsS3BucketInventoryResourceType, aws.AwsS3BucketResourceType)
|
||||
}
|
||||
|
||||
for _, bucket := range buckets {
|
||||
bucket := *bucket
|
||||
region, err := s.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if region == "" || region != s.providerConfig.DefaultAlias {
|
||||
continue
|
||||
}
|
||||
if err := s.listBucketInventoryConfiguration(&bucket, region); err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsS3BucketInventoryResourceType)
|
||||
}
|
||||
}
|
||||
ctyVals, err := s.runner.Wait()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return s.deserializer.Deserialize(aws.AwsS3BucketInventoryResourceType, ctyVals)
|
||||
}
|
||||
|
||||
func (s *S3BucketInventorySupplier) listBucketInventoryConfiguration(bucket *s3.Bucket, region string) error {
|
||||
inventoryConfigurations, err := s.repository.ListBucketInventoryConfigurations(bucket, region)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, config := range inventoryConfigurations {
|
||||
id := fmt.Sprintf("%s:%s", *bucket.Name, *config.Id)
|
||||
s.runner.Run(func() (cty.Value, error) {
|
||||
s3BucketInventory, err := s.reader.ReadResource(
|
||||
terraform.ReadResourceArgs{
|
||||
Ty: aws.AwsS3BucketInventoryResourceType,
|
||||
ID: id,
|
||||
Attributes: map[string]string{
|
||||
"alias": region,
|
||||
},
|
||||
},
|
||||
)
|
||||
|
||||
if err != nil {
|
||||
return cty.NilVal, err
|
||||
}
|
||||
return *s3BucketInventory, err
|
||||
})
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
|
@ -1,161 +0,0 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
awssdk "github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/s3"
|
||||
"github.com/cloudskiff/driftctl/pkg/parallel"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/client"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/cache"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
testresource "github.com/cloudskiff/driftctl/test/resource"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
"github.com/cloudskiff/driftctl/test"
|
||||
"github.com/cloudskiff/driftctl/test/goldenfile"
|
||||
"github.com/cloudskiff/driftctl/test/mocks"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestS3BucketInventorySupplier_Resources(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
test string
|
||||
dirName string
|
||||
mocks func(repository *repository.MockS3Repository)
|
||||
wantErr error
|
||||
}{
|
||||
{
|
||||
test: "multiple bucket with multiple inventories", dirName: "s3_bucket_inventories_multiple",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On(
|
||||
"ListAllBuckets",
|
||||
).Return([]*s3.Bucket{
|
||||
{Name: awssdk.String("bucket-martin-test-drift")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift2")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift3")},
|
||||
}, nil)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift",
|
||||
).Return(
|
||||
"eu-west-1",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift2",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift3",
|
||||
).Return(
|
||||
"eu-west-1",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"ListBucketInventoryConfigurations",
|
||||
&s3.Bucket{Name: awssdk.String("bucket-martin-test-drift2")},
|
||||
"eu-west-3",
|
||||
).Return(
|
||||
[]*s3.InventoryConfiguration{
|
||||
{Id: awssdk.String("Inventory_Bucket2")},
|
||||
{Id: awssdk.String("Inventory2_Bucket2")},
|
||||
},
|
||||
nil,
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "cannot list bucket", dirName: "s3_bucket_inventories_list_bucket",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
wantErr: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketInventoryResourceType, resourceaws.AwsS3BucketResourceType),
|
||||
},
|
||||
{
|
||||
test: "cannot list bucket inventories", dirName: "s3_bucket_inventories_list_inventories",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On("ListAllBuckets").Return(
|
||||
[]*s3.Bucket{
|
||||
{Name: awssdk.String("bucket-martin-test-drift")},
|
||||
},
|
||||
nil,
|
||||
)
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
repository.On(
|
||||
"ListBucketInventoryConfigurations",
|
||||
&s3.Bucket{Name: awssdk.String("bucket-martin-test-drift")},
|
||||
"eu-west-3",
|
||||
).Return(
|
||||
nil,
|
||||
awserr.NewRequestFailure(nil, 403, ""),
|
||||
)
|
||||
},
|
||||
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketInventoryResourceType),
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
shouldUpdate := tt.dirName == *goldenfile.Update
|
||||
|
||||
providerLibrary := terraform.NewProviderLibrary()
|
||||
supplierLibrary := resource.NewSupplierLibrary()
|
||||
|
||||
repo := testresource.InitFakeSchemaRepository("aws", "3.19.0")
|
||||
resourceaws.InitResourcesMetadata(repo)
|
||||
factory := terraform.NewTerraformResourceFactory(repo)
|
||||
|
||||
deserializer := resource.NewDeserializer(factory)
|
||||
if shouldUpdate {
|
||||
provider, err := InitTestAwsProvider(providerLibrary)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
repository := repository.NewS3Repository(client.NewAWSClientFactory(provider.session), cache.New(0))
|
||||
supplierLibrary.AddSupplier(NewS3BucketInventorySupplier(provider, repository, deserializer))
|
||||
}
|
||||
|
||||
t.Run(tt.test, func(t *testing.T) {
|
||||
|
||||
mock := repository.MockS3Repository{}
|
||||
tt.mocks(&mock)
|
||||
|
||||
provider := mocks.NewMockedGoldenTFProvider(tt.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
|
||||
s := &S3BucketInventorySupplier{
|
||||
provider,
|
||||
deserializer,
|
||||
&mock,
|
||||
terraform.NewParallelResourceReader(parallel.NewParallelRunner(context.TODO(), 10)),
|
||||
tf.TerraformProviderConfig{
|
||||
Name: "test",
|
||||
DefaultAlias: "eu-west-3",
|
||||
},
|
||||
}
|
||||
got, err := s.Resources()
|
||||
assert.Equal(t, err, tt.wantErr)
|
||||
|
||||
test.CtyTestDiff(got, tt.dirName, provider, deserializer, shouldUpdate, t)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
)
|
||||
|
||||
type S3BucketNotificationDetailsFetcher struct {
|
||||
reader terraform.ResourceReader
|
||||
deserializer *resource.Deserializer
|
||||
}
|
||||
|
||||
func NewS3BucketNotificationDetailsFetcher(provider terraform.ResourceReader, deserializer *resource.Deserializer) *S3BucketNotificationDetailsFetcher {
|
||||
return &S3BucketNotificationDetailsFetcher{
|
||||
reader: provider,
|
||||
deserializer: deserializer,
|
||||
}
|
||||
}
|
||||
|
||||
func (r *S3BucketNotificationDetailsFetcher) ReadDetails(res resource.Resource) (resource.Resource, error) {
|
||||
ctyVal, err := r.reader.ReadResource(terraform.ReadResourceArgs{
|
||||
Ty: aws.AwsS3BucketNotificationResourceType,
|
||||
ID: res.TerraformId(),
|
||||
Attributes: map[string]string{
|
||||
"alias": *res.Attributes().GetString("region"),
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketNotificationResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return deserializedRes, nil
|
||||
}
|
|
@ -0,0 +1,77 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
type S3BucketNotificationEnumerator struct {
|
||||
repository repository.S3Repository
|
||||
factory resource.ResourceFactory
|
||||
providerConfig tf.TerraformProviderConfig
|
||||
}
|
||||
|
||||
func NewS3BucketNotificationEnumerator(repo repository.S3Repository, factory resource.ResourceFactory, providerConfig tf.TerraformProviderConfig) *S3BucketNotificationEnumerator {
|
||||
return &S3BucketNotificationEnumerator{
|
||||
repository: repo,
|
||||
factory: factory,
|
||||
providerConfig: providerConfig,
|
||||
}
|
||||
}
|
||||
|
||||
func (e *S3BucketNotificationEnumerator) SupportedType() resource.ResourceType {
|
||||
return aws.AwsS3BucketNotificationResourceType
|
||||
}
|
||||
|
||||
func (e *S3BucketNotificationEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
buckets, err := e.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(buckets))
|
||||
|
||||
for _, bucket := range buckets {
|
||||
region, err := e.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if region == "" || region != e.providerConfig.DefaultAlias {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"region": region,
|
||||
"bucket": *bucket.Name,
|
||||
}).Debug("Skipped bucket")
|
||||
continue
|
||||
}
|
||||
|
||||
notification, err := e.repository.GetBucketNotification(*bucket.Name, region)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
if notification == nil {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"region": region,
|
||||
"bucket": *bucket.Name,
|
||||
}).Debug("Skipped empty bucket notification")
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(
|
||||
results,
|
||||
e.factory.CreateAbstractResource(
|
||||
string(e.SupportedType()),
|
||||
*bucket.Name,
|
||||
map[string]interface{}{
|
||||
"region": region,
|
||||
},
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
return results, err
|
||||
}
|
|
@ -1,81 +0,0 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
)
|
||||
|
||||
type S3BucketNotificationSupplier struct {
|
||||
reader terraform.ResourceReader
|
||||
deserializer *resource.Deserializer
|
||||
repository repository.S3Repository
|
||||
runner *terraform.ParallelResourceReader
|
||||
providerConfig tf.TerraformProviderConfig
|
||||
}
|
||||
|
||||
func NewS3BucketNotificationSupplier(provider *AWSTerraformProvider, repository repository.S3Repository, deserializer *resource.Deserializer) *S3BucketNotificationSupplier {
|
||||
return &S3BucketNotificationSupplier{
|
||||
provider,
|
||||
deserializer,
|
||||
repository,
|
||||
terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
|
||||
provider.Config,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *S3BucketNotificationSupplier) Resources() ([]resource.Resource, error) {
|
||||
buckets, err := s.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, aws.AwsS3BucketNotificationResourceType, aws.AwsS3BucketResourceType)
|
||||
}
|
||||
|
||||
for _, bucket := range buckets {
|
||||
bucket := *bucket
|
||||
region, err := s.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if region == "" || region != s.providerConfig.DefaultAlias {
|
||||
continue
|
||||
}
|
||||
s.runner.Run(func() (cty.Value, error) {
|
||||
s3BucketPolicy, err := s.reader.ReadResource(terraform.ReadResourceArgs{
|
||||
Ty: aws.AwsS3BucketNotificationResourceType,
|
||||
ID: *bucket.Name,
|
||||
Attributes: map[string]string{
|
||||
"alias": region,
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return cty.NilVal, err
|
||||
}
|
||||
return *s3BucketPolicy, err
|
||||
})
|
||||
}
|
||||
ctyVals, err := s.runner.Wait()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
deserializedValues, err := s.deserializer.Deserialize(aws.AwsS3BucketNotificationResourceType, ctyVals)
|
||||
results := make([]resource.Resource, 0, len(deserializedValues))
|
||||
if err != nil {
|
||||
return deserializedValues, err
|
||||
}
|
||||
for _, val := range deserializedValues {
|
||||
res, _ := val.(*resource.AbstractResource)
|
||||
|
||||
if ((*res.Attrs)["lambda_function"] != nil && len((*res.Attrs)["lambda_function"].([]interface{})) > 0) ||
|
||||
((*res.Attrs)["queue"] != nil && len((*res.Attrs)["queue"].([]interface{})) > 0) ||
|
||||
((*res.Attrs)["topic"] != nil && len((*res.Attrs)["topic"].([]interface{})) > 0) {
|
||||
results = append(results, res)
|
||||
}
|
||||
|
||||
}
|
||||
return results, nil
|
||||
}
|
|
@ -1,139 +0,0 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
awssdk "github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/service/s3"
|
||||
"github.com/cloudskiff/driftctl/pkg/parallel"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/client"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/cache"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
testresource "github.com/cloudskiff/driftctl/test/resource"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
"github.com/cloudskiff/driftctl/test"
|
||||
"github.com/cloudskiff/driftctl/test/goldenfile"
|
||||
"github.com/cloudskiff/driftctl/test/mocks"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestS3BucketNotificationSupplier_Resources(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
test string
|
||||
dirName string
|
||||
mocks func(repository *repository.MockS3Repository)
|
||||
wantErr error
|
||||
}{
|
||||
{
|
||||
test: "single bucket without notifications",
|
||||
dirName: "s3_bucket_notifications_no_notif",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On(
|
||||
"ListAllBuckets",
|
||||
).Return([]*s3.Bucket{
|
||||
{Name: awssdk.String("dritftctl-test-no-notifications")},
|
||||
}, nil)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"dritftctl-test-no-notifications",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "multiple bucket with notifications", dirName: "s3_bucket_notifications_multiple",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On(
|
||||
"ListAllBuckets",
|
||||
).Return([]*s3.Bucket{
|
||||
{Name: awssdk.String("bucket-martin-test-drift")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift2")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift3")},
|
||||
}, nil)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift",
|
||||
).Return(
|
||||
"eu-west-1",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift2",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift3",
|
||||
).Return(
|
||||
"ap-northeast-1",
|
||||
nil,
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "Cannot list bucket", dirName: "s3_bucket_notifications_list_bucket",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
wantErr: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketNotificationResourceType, resourceaws.AwsS3BucketResourceType),
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
shouldUpdate := tt.dirName == *goldenfile.Update
|
||||
|
||||
providerLibrary := terraform.NewProviderLibrary()
|
||||
supplierLibrary := resource.NewSupplierLibrary()
|
||||
|
||||
repo := testresource.InitFakeSchemaRepository("aws", "3.19.0")
|
||||
resourceaws.InitResourcesMetadata(repo)
|
||||
factory := terraform.NewTerraformResourceFactory(repo)
|
||||
|
||||
deserializer := resource.NewDeserializer(factory)
|
||||
if shouldUpdate {
|
||||
provider, err := InitTestAwsProvider(providerLibrary)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
repository := repository.NewS3Repository(client.NewAWSClientFactory(provider.session), cache.New(0))
|
||||
supplierLibrary.AddSupplier(NewS3BucketNotificationSupplier(provider, repository, deserializer))
|
||||
}
|
||||
|
||||
t.Run(tt.test, func(t *testing.T) {
|
||||
|
||||
mock := repository.MockS3Repository{}
|
||||
tt.mocks(&mock)
|
||||
|
||||
provider := mocks.NewMockedGoldenTFProvider(tt.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
|
||||
s := &S3BucketNotificationSupplier{
|
||||
provider,
|
||||
deserializer,
|
||||
&mock,
|
||||
terraform.NewParallelResourceReader(parallel.NewParallelRunner(context.TODO(), 10)),
|
||||
tf.TerraformProviderConfig{
|
||||
Name: "test",
|
||||
DefaultAlias: "eu-west-3",
|
||||
},
|
||||
}
|
||||
got, err := s.Resources()
|
||||
assert.Equal(t, err, tt.wantErr)
|
||||
test.CtyTestDiff(got, tt.dirName, provider, deserializer, shouldUpdate, t)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -1 +1,56 @@
|
|||
[]
|
||||
[
|
||||
{
|
||||
"bucket": "bucket-martin-test-drift2",
|
||||
"destination": [
|
||||
{
|
||||
"bucket": [
|
||||
{
|
||||
"account_id": "",
|
||||
"bucket_arn": "arn:aws:s3:::bucket-martin-test-drift2",
|
||||
"encryption": [],
|
||||
"format": "ORC",
|
||||
"prefix": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"enabled": true,
|
||||
"filter": [],
|
||||
"id": "bucket-martin-test-drift2:Inventory_Bucket2",
|
||||
"included_object_versions": "All",
|
||||
"name": "Inventory_Bucket2",
|
||||
"optional_fields": [],
|
||||
"schedule": [
|
||||
{
|
||||
"frequency": "Daily"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"bucket": "bucket-martin-test-drift2",
|
||||
"destination": [
|
||||
{
|
||||
"bucket": [
|
||||
{
|
||||
"account_id": "",
|
||||
"bucket_arn": "arn:aws:s3:::bucket-martin-test-drift2",
|
||||
"encryption": [],
|
||||
"format": "ORC",
|
||||
"prefix": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"enabled": true,
|
||||
"filter": [],
|
||||
"id": "bucket-martin-test-drift2:Inventory2_Bucket2",
|
||||
"included_object_versions": "All",
|
||||
"name": "Inventory2_Bucket2",
|
||||
"optional_fields": [],
|
||||
"schedule": [
|
||||
{
|
||||
"frequency": "Daily"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
File diff suppressed because it is too large
Load Diff
|
@ -191,43 +191,5 @@ func (s *VPCSecurityGroupRuleSupplier) addSecurityGroupRule(ruleType string, rul
|
|||
}
|
||||
rules = append(rules, r)
|
||||
}
|
||||
// Filter default rules for default security group
|
||||
if sg.GroupName != nil && *sg.GroupName == "default" {
|
||||
results := make([]securityGroupRule, 0, len(rules))
|
||||
for _, r := range rules {
|
||||
r := r
|
||||
if s.isDefaultIngress(&r) || s.isDefaultEgress(&r) {
|
||||
continue
|
||||
}
|
||||
results = append(results, r)
|
||||
}
|
||||
return results
|
||||
}
|
||||
|
||||
return rules
|
||||
}
|
||||
|
||||
func (s *VPCSecurityGroupRuleSupplier) isDefaultIngress(rule *securityGroupRule) bool {
|
||||
return rule.Type == sgRuleTypeIngress &&
|
||||
rule.FromPort == 0 &&
|
||||
rule.ToPort == 0 &&
|
||||
rule.Protocol == "-1" &&
|
||||
rule.CidrBlocks == nil &&
|
||||
rule.Ipv6CidrBlocks == nil &&
|
||||
rule.PrefixListIds == nil &&
|
||||
rule.SourceSecurityGroupId == "" &&
|
||||
rule.Self
|
||||
}
|
||||
|
||||
func (s *VPCSecurityGroupRuleSupplier) isDefaultEgress(rule *securityGroupRule) bool {
|
||||
return rule.Type == sgRuleTypeEgress &&
|
||||
rule.FromPort == 0 &&
|
||||
rule.ToPort == 0 &&
|
||||
rule.Protocol == "-1" &&
|
||||
rule.Ipv6CidrBlocks == nil &&
|
||||
rule.PrefixListIds == nil &&
|
||||
rule.SourceSecurityGroupId == "" &&
|
||||
rule.CidrBlocks != nil &&
|
||||
len(rule.CidrBlocks) == 1 &&
|
||||
(rule.CidrBlocks)[0] == "0.0.0.0/0"
|
||||
}
|
||||
|
|
|
@ -145,55 +145,6 @@ func TestVPCSecurityGroupRuleSupplier_Resources(t *testing.T) {
|
|||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
test: "should ignore default security group default rules",
|
||||
dirName: "vpc_security_group_default_rules",
|
||||
mocks: func(client *repository.MockEC2Repository) {
|
||||
client.On("ListAllSecurityGroups").Once().Return([]*ec2.SecurityGroup{
|
||||
{
|
||||
GroupId: aws.String("sg-a74815c8"),
|
||||
GroupName: aws.String("default"),
|
||||
IpPermissions: []*ec2.IpPermission{
|
||||
{
|
||||
IpProtocol: aws.String("-1"),
|
||||
UserIdGroupPairs: []*ec2.UserIdGroupPair{
|
||||
{
|
||||
GroupId: aws.String("sg-a74815c8"),
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
IpProtocol: aws.String("-1"),
|
||||
IpRanges: []*ec2.IpRange{
|
||||
{
|
||||
CidrIp: aws.String("1.2.0.0/16"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
IpPermissionsEgress: []*ec2.IpPermission{
|
||||
{
|
||||
IpProtocol: aws.String("-1"),
|
||||
IpRanges: []*ec2.IpRange{
|
||||
{
|
||||
CidrIp: aws.String("0.0.0.0/0"),
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
IpProtocol: aws.String("-1"),
|
||||
IpRanges: []*ec2.IpRange{
|
||||
{
|
||||
CidrIp: aws.String("1.2.3.4/32"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}, nil, nil)
|
||||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
test: "cannot list security group rules",
|
||||
dirName: "vpc_security_group_rule_empty",
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
package common
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
)
|
||||
|
||||
type DetailsFetcher interface {
|
||||
ReadDetails(resource.Resource) (resource.Resource, error)
|
||||
}
|
||||
|
||||
type GenericDetailFetcher struct {
|
||||
resType resource.ResourceType
|
||||
reader terraform.ResourceReader
|
||||
deserializer *resource.Deserializer
|
||||
}
|
||||
|
||||
func NewGenericDetailFetcher(resType resource.ResourceType, provider terraform.ResourceReader, deserializer *resource.Deserializer) *GenericDetailFetcher {
|
||||
return &GenericDetailFetcher{
|
||||
resType: resType,
|
||||
reader: provider,
|
||||
deserializer: deserializer,
|
||||
}
|
||||
}
|
||||
|
||||
func (f *GenericDetailFetcher) ReadDetails(res resource.Resource) (resource.Resource, error) {
|
||||
ctyVal, err := f.reader.ReadResource(terraform.ReadResourceArgs{
|
||||
Ty: f.resType,
|
||||
ID: res.TerraformId(),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
deserializedRes, err := f.deserializer.DeserializeOne(string(f.resType), *ctyVal)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return deserializedRes, nil
|
||||
}
|
|
@ -9,10 +9,6 @@ type Enumerator interface {
|
|||
Enumerate() ([]resource.Resource, error)
|
||||
}
|
||||
|
||||
type DetailsFetcher interface {
|
||||
ReadDetails(resource.Resource) (resource.Resource, error)
|
||||
}
|
||||
|
||||
type RemoteLibrary struct {
|
||||
enumerators []Enumerator
|
||||
detailsFetchers map[resource.ResourceType]DetailsFetcher
|
||||
|
|
|
@ -11,6 +11,8 @@ import (
|
|||
|
||||
type GithubTerraformProvider struct {
|
||||
*terraform.TerraformProvider
|
||||
name string
|
||||
version string
|
||||
}
|
||||
|
||||
type githubConfig struct {
|
||||
|
@ -20,10 +22,12 @@ type githubConfig struct {
|
|||
}
|
||||
|
||||
func NewGithubTerraformProvider(version string, progress output.Progress, configDir string) (*GithubTerraformProvider, error) {
|
||||
p := &GithubTerraformProvider{}
|
||||
providerKey := "github"
|
||||
p := &GithubTerraformProvider{
|
||||
version: version,
|
||||
name: "github",
|
||||
}
|
||||
installer, err := tf.NewProviderInstaller(tf.ProviderConfig{
|
||||
Key: providerKey,
|
||||
Key: p.name,
|
||||
Version: version,
|
||||
ConfigDir: configDir,
|
||||
})
|
||||
|
@ -31,7 +35,7 @@ func NewGithubTerraformProvider(version string, progress output.Progress, config
|
|||
return nil, err
|
||||
}
|
||||
tfProvider, err := terraform.NewTerraformProvider(installer, terraform.TerraformProviderConfig{
|
||||
Name: providerKey,
|
||||
Name: p.name,
|
||||
DefaultAlias: p.GetConfig().getDefaultOwner(),
|
||||
GetProviderConfig: func(owner string) interface{} {
|
||||
return githubConfig{
|
||||
|
@ -60,3 +64,11 @@ func (p GithubTerraformProvider) GetConfig() githubConfig {
|
|||
Organization: os.Getenv("GITHUB_ORGANIZATION"),
|
||||
}
|
||||
}
|
||||
|
||||
func (p *GithubTerraformProvider) Name() string {
|
||||
return p.name
|
||||
}
|
||||
|
||||
func (p *GithubTerraformProvider) Version() string {
|
||||
return p.version
|
||||
}
|
||||
|
|
|
@ -43,7 +43,7 @@ func (e *EnumerationAccessDeniedAlert) GetProviderMessage() string {
|
|||
return message
|
||||
}
|
||||
|
||||
func HandleResourceEnumerationError(err error, alerter *alerter.Alerter) error {
|
||||
func HandleResourceEnumerationError(err error, alerter alerter.AlerterInterface) error {
|
||||
listError, ok := err.(*remoteerror.ResourceEnumerationError)
|
||||
if !ok {
|
||||
return err
|
||||
|
|
|
@ -0,0 +1,462 @@
|
|||
package remote
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
awssdk "github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/aws/aws-sdk-go/aws/session"
|
||||
"github.com/aws/aws-sdk-go/service/s3"
|
||||
"github.com/cloudskiff/driftctl/mocks"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/cache"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/common"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
tf "github.com/cloudskiff/driftctl/pkg/remote/terraform"
|
||||
testresource "github.com/cloudskiff/driftctl/test/resource"
|
||||
terraform2 "github.com/cloudskiff/driftctl/test/terraform"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/client"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
"github.com/cloudskiff/driftctl/test"
|
||||
"github.com/cloudskiff/driftctl/test/goldenfile"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestS3Bucket(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
test string
|
||||
dirName string
|
||||
mocks func(repository *repository.MockS3Repository)
|
||||
wantErr error
|
||||
}{
|
||||
{
|
||||
test: "multiple bucket", dirName: "aws_s3_bucket_multiple",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On(
|
||||
"ListAllBuckets",
|
||||
).Return([]*s3.Bucket{
|
||||
{Name: awssdk.String("bucket-martin-test-drift")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift2")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift3")},
|
||||
}, nil)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift",
|
||||
).Return(
|
||||
"eu-west-1",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift2",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift3",
|
||||
).Return(
|
||||
"ap-northeast-1",
|
||||
nil,
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "cannot list bucket", dirName: "s3_bucket_list",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketResourceType),
|
||||
},
|
||||
}
|
||||
|
||||
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
|
||||
resourceaws.InitResourcesMetadata(schemaRepository)
|
||||
factory := terraform.NewTerraformResourceFactory(schemaRepository)
|
||||
deserializer := resource.NewDeserializer(factory)
|
||||
alerter := &mocks.AlerterInterface{}
|
||||
|
||||
for _, c := range tests {
|
||||
t.Run(c.test, func(tt *testing.T) {
|
||||
shouldUpdate := c.dirName == *goldenfile.Update
|
||||
|
||||
session := session.Must(session.NewSessionWithOptions(session.Options{
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
}))
|
||||
|
||||
scanOptions := ScannerOptions{Deep: true}
|
||||
providerLibrary := terraform.NewProviderLibrary()
|
||||
remoteLibrary := common.NewRemoteLibrary()
|
||||
|
||||
// Initialize mocks
|
||||
fakeRepo := &repository.MockS3Repository{}
|
||||
c.mocks(fakeRepo)
|
||||
var repo repository.S3Repository = fakeRepo
|
||||
providerVersion := "3.19.0"
|
||||
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
provider := terraform2.NewFakeTerraformProvider(realProvider)
|
||||
provider.WithResponse(c.dirName)
|
||||
|
||||
// Replace mock by real resources if we are in update mode
|
||||
if shouldUpdate {
|
||||
err := realProvider.Init()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
provider.ShouldUpdate()
|
||||
repo = repository.NewS3Repository(client.NewAWSClientFactory(session), cache.New(0))
|
||||
}
|
||||
|
||||
remoteLibrary.AddEnumerator(aws.NewS3BucketEnumerator(repo, factory, tf.TerraformProviderConfig{
|
||||
Name: "test",
|
||||
DefaultAlias: "eu-west-3",
|
||||
}))
|
||||
remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketResourceType, aws.NewS3BucketDetailsFetcher(provider, deserializer))
|
||||
|
||||
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
|
||||
got, err := s.Resources()
|
||||
assert.Equal(tt, err, c.wantErr)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
test.TestAgainstGoldenFile(got, resourceaws.AwsS3BucketResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestS3BucketInventory(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
test string
|
||||
dirName string
|
||||
mocks func(repository *repository.MockS3Repository)
|
||||
wantErr error
|
||||
}{
|
||||
{
|
||||
test: "multiple bucket with multiple inventories", dirName: "s3_bucket_inventories_multiple",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On(
|
||||
"ListAllBuckets",
|
||||
).Return([]*s3.Bucket{
|
||||
{Name: awssdk.String("bucket-martin-test-drift")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift2")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift3")},
|
||||
}, nil)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift",
|
||||
).Return(
|
||||
"eu-west-1",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift2",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift3",
|
||||
).Return(
|
||||
"eu-west-1",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"ListBucketInventoryConfigurations",
|
||||
&s3.Bucket{Name: awssdk.String("bucket-martin-test-drift2")},
|
||||
"eu-west-3",
|
||||
).Return(
|
||||
[]*s3.InventoryConfiguration{
|
||||
{Id: awssdk.String("Inventory_Bucket2")},
|
||||
{Id: awssdk.String("Inventory2_Bucket2")},
|
||||
},
|
||||
nil,
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "cannot list bucket", dirName: "s3_bucket_inventories_list_bucket",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
wantErr: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketInventoryResourceType, resourceaws.AwsS3BucketResourceType),
|
||||
},
|
||||
{
|
||||
test: "cannot list bucket inventories", dirName: "s3_bucket_inventories_list_inventories",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On("ListAllBuckets").Return(
|
||||
[]*s3.Bucket{
|
||||
{Name: awssdk.String("bucket-martin-test-drift")},
|
||||
},
|
||||
nil,
|
||||
)
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
repository.On(
|
||||
"ListBucketInventoryConfigurations",
|
||||
&s3.Bucket{Name: awssdk.String("bucket-martin-test-drift")},
|
||||
"eu-west-3",
|
||||
).Return(
|
||||
nil,
|
||||
awserr.NewRequestFailure(nil, 403, ""),
|
||||
)
|
||||
},
|
||||
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketInventoryResourceType),
|
||||
},
|
||||
}
|
||||
|
||||
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
|
||||
resourceaws.InitResourcesMetadata(schemaRepository)
|
||||
factory := terraform.NewTerraformResourceFactory(schemaRepository)
|
||||
deserializer := resource.NewDeserializer(factory)
|
||||
alerter := &mocks.AlerterInterface{}
|
||||
|
||||
for _, c := range tests {
|
||||
t.Run(c.test, func(tt *testing.T) {
|
||||
shouldUpdate := c.dirName == *goldenfile.Update
|
||||
|
||||
session := session.Must(session.NewSessionWithOptions(session.Options{
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
}))
|
||||
|
||||
scanOptions := ScannerOptions{Deep: true}
|
||||
providerLibrary := terraform.NewProviderLibrary()
|
||||
remoteLibrary := common.NewRemoteLibrary()
|
||||
|
||||
// Initialize mocks
|
||||
fakeRepo := &repository.MockS3Repository{}
|
||||
c.mocks(fakeRepo)
|
||||
var repo repository.S3Repository = fakeRepo
|
||||
providerVersion := "3.19.0"
|
||||
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
provider := terraform2.NewFakeTerraformProvider(realProvider)
|
||||
provider.WithResponse(c.dirName)
|
||||
|
||||
// Replace mock by real resources if we are in update mode
|
||||
if shouldUpdate {
|
||||
err := realProvider.Init()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
provider.ShouldUpdate()
|
||||
repo = repository.NewS3Repository(client.NewAWSClientFactory(session), cache.New(0))
|
||||
}
|
||||
|
||||
remoteLibrary.AddEnumerator(aws.NewS3BucketInventoryEnumerator(repo, factory, tf.TerraformProviderConfig{
|
||||
Name: "test",
|
||||
DefaultAlias: "eu-west-3",
|
||||
}))
|
||||
remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketInventoryResourceType, aws.NewS3BucketInventoryDetailsFetcher(provider, deserializer))
|
||||
|
||||
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
|
||||
got, err := s.Resources()
|
||||
assert.Equal(tt, err, c.wantErr)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
test.TestAgainstGoldenFile(got, resourceaws.AwsS3BucketInventoryResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestS3BucketNotification(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
test string
|
||||
dirName string
|
||||
mocks func(repository *repository.MockS3Repository)
|
||||
wantErr error
|
||||
}{
|
||||
{
|
||||
test: "single bucket without notifications",
|
||||
dirName: "s3_bucket_notifications_no_notif",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On(
|
||||
"ListAllBuckets",
|
||||
).Return([]*s3.Bucket{
|
||||
{Name: awssdk.String("dritftctl-test-no-notifications")},
|
||||
}, nil)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"dritftctl-test-no-notifications",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketNotification",
|
||||
"dritftctl-test-no-notifications",
|
||||
"eu-west-3",
|
||||
).Return(
|
||||
nil,
|
||||
nil,
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "multiple bucket with notifications", dirName: "s3_bucket_notifications_multiple",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On(
|
||||
"ListAllBuckets",
|
||||
).Return([]*s3.Bucket{
|
||||
{Name: awssdk.String("bucket-martin-test-drift")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift2")},
|
||||
{Name: awssdk.String("bucket-martin-test-drift3")},
|
||||
}, nil)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift",
|
||||
).Return(
|
||||
"eu-west-1",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift2",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketNotification",
|
||||
"bucket-martin-test-drift2",
|
||||
"eu-west-3",
|
||||
).Return(
|
||||
&s3.NotificationConfiguration{
|
||||
LambdaFunctionConfigurations: []*s3.LambdaFunctionConfiguration{
|
||||
{
|
||||
Id: awssdk.String("tf-s3-lambda-20201103165354926600000001"),
|
||||
},
|
||||
{
|
||||
Id: awssdk.String("tf-s3-lambda-20201103165354926600000002"),
|
||||
},
|
||||
},
|
||||
},
|
||||
nil,
|
||||
)
|
||||
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"bucket-martin-test-drift3",
|
||||
).Return(
|
||||
"ap-northeast-1",
|
||||
nil,
|
||||
)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "Cannot get bucket notification", dirName: "s3_bucket_notifications_list_bucket",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On(
|
||||
"ListAllBuckets",
|
||||
).Return([]*s3.Bucket{
|
||||
{Name: awssdk.String("dritftctl-test-notifications-error")},
|
||||
}, nil)
|
||||
repository.On(
|
||||
"GetBucketLocation",
|
||||
"dritftctl-test-notifications-error",
|
||||
).Return(
|
||||
"eu-west-3",
|
||||
nil,
|
||||
)
|
||||
repository.On("GetBucketNotification", "dritftctl-test-notifications-error", "eu-west-3").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
wantErr: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketNotificationResourceType),
|
||||
},
|
||||
{
|
||||
test: "Cannot list bucket", dirName: "s3_bucket_notifications_list_bucket",
|
||||
mocks: func(repository *repository.MockS3Repository) {
|
||||
repository.On("ListAllBuckets").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
wantErr: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsS3BucketNotificationResourceType, resourceaws.AwsS3BucketResourceType),
|
||||
},
|
||||
}
|
||||
|
||||
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
|
||||
resourceaws.InitResourcesMetadata(schemaRepository)
|
||||
factory := terraform.NewTerraformResourceFactory(schemaRepository)
|
||||
deserializer := resource.NewDeserializer(factory)
|
||||
alerter := &mocks.AlerterInterface{}
|
||||
|
||||
for _, c := range tests {
|
||||
t.Run(c.test, func(tt *testing.T) {
|
||||
shouldUpdate := c.dirName == *goldenfile.Update
|
||||
|
||||
session := session.Must(session.NewSessionWithOptions(session.Options{
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
}))
|
||||
|
||||
scanOptions := ScannerOptions{Deep: true}
|
||||
providerLibrary := terraform.NewProviderLibrary()
|
||||
remoteLibrary := common.NewRemoteLibrary()
|
||||
|
||||
// Initialize mocks
|
||||
fakeRepo := &repository.MockS3Repository{}
|
||||
c.mocks(fakeRepo)
|
||||
var repo repository.S3Repository = fakeRepo
|
||||
providerVersion := "3.19.0"
|
||||
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
provider := terraform2.NewFakeTerraformProvider(realProvider)
|
||||
provider.WithResponse(c.dirName)
|
||||
|
||||
// Replace mock by real resources if we are in update mode
|
||||
if shouldUpdate {
|
||||
err := realProvider.Init()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
provider.ShouldUpdate()
|
||||
repo = repository.NewS3Repository(client.NewAWSClientFactory(session), cache.New(0))
|
||||
}
|
||||
|
||||
remoteLibrary.AddEnumerator(aws.NewS3BucketNotificationEnumerator(repo, factory, tf.TerraformProviderConfig{
|
||||
Name: "test",
|
||||
DefaultAlias: "eu-west-3",
|
||||
}))
|
||||
remoteLibrary.AddDetailsFetcher(resourceaws.AwsS3BucketNotificationResourceType, aws.NewS3BucketNotificationDetailsFetcher(provider, deserializer))
|
||||
|
||||
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
|
||||
got, err := s.Resources()
|
||||
assert.Equal(tt, err, c.wantErr)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
test.TestAgainstGoldenFile(got, resourceaws.AwsS3BucketNotificationResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
|
||||
})
|
||||
}
|
||||
}
|
|
@ -1,11 +1,10 @@
|
|||
package pkg
|
||||
package remote
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/alerter"
|
||||
"github.com/cloudskiff/driftctl/pkg/parallel"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/common"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/pkg/errors"
|
||||
|
@ -21,11 +20,11 @@ type Scanner struct {
|
|||
enumeratorRunner *parallel.ParallelRunner
|
||||
detailsFetcherRunner *parallel.ParallelRunner
|
||||
remoteLibrary *common.RemoteLibrary
|
||||
alerter *alerter.Alerter
|
||||
alerter alerter.AlerterInterface
|
||||
options ScannerOptions
|
||||
}
|
||||
|
||||
func NewScanner(resourceSuppliers []resource.Supplier, remoteLibrary *common.RemoteLibrary, alerter *alerter.Alerter, options ScannerOptions) *Scanner {
|
||||
func NewScanner(resourceSuppliers []resource.Supplier, remoteLibrary *common.RemoteLibrary, alerter alerter.AlerterInterface, options ScannerOptions) *Scanner {
|
||||
return &Scanner{
|
||||
resourceSuppliers: resourceSuppliers,
|
||||
enumeratorRunner: parallel.NewParallelRunner(context.TODO(), 10),
|
||||
|
@ -64,7 +63,7 @@ func (s *Scanner) legacyScan() ([]resource.Resource, error) {
|
|||
s.enumeratorRunner.Run(func() (interface{}, error) {
|
||||
res, err := supplier.Resources()
|
||||
if err != nil {
|
||||
err := remote.HandleResourceEnumerationError(err, s.alerter)
|
||||
err := HandleResourceEnumerationError(err, s.alerter)
|
||||
if err == nil {
|
||||
return []resource.Resource{}, nil
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiYnVja2V0Ijoic3RyaW5nIiwiZGVzdGluYXRpb24iOlsibGlzdCIsWyJvYmplY3QiLHsiYnVja2V0IjpbImxpc3QiLFsib2JqZWN0Iix7ImFjY291bnRfaWQiOiJzdHJpbmciLCJidWNrZXRfYXJuIjoic3RyaW5nIiwiZW5jcnlwdGlvbiI6WyJsaXN0IixbIm9iamVjdCIseyJzc2Vfa21zIjpbImxpc3QiLFsib2JqZWN0Iix7ImtleV9pZCI6InN0cmluZyJ9XV0sInNzZV9zMyI6WyJsaXN0IixbIm9iamVjdCIse31dXX1dXSwiZm9ybWF0Ijoic3RyaW5nIiwicHJlZml4Ijoic3RyaW5nIn1dXX1dXSwiZW5hYmxlZCI6ImJvb2wiLCJmaWx0ZXIiOlsibGlzdCIsWyJvYmplY3QiLHsicHJlZml4Ijoic3RyaW5nIn1dXSwiaWQiOiJzdHJpbmciLCJpbmNsdWRlZF9vYmplY3RfdmVyc2lvbnMiOiJzdHJpbmciLCJuYW1lIjoic3RyaW5nIiwib3B0aW9uYWxfZmllbGRzIjpbInNldCIsInN0cmluZyJdLCJzY2hlZHVsZSI6WyJsaXN0IixbIm9iamVjdCIseyJmcmVxdWVuY3kiOiJzdHJpbmcifV1dfV0=",
|
||||
"Val": "eyJidWNrZXQiOiJidWNrZXQtbWFydGluLXRlc3QtZHJpZnQyIiwiZGVzdGluYXRpb24iOlt7ImJ1Y2tldCI6W3siYWNjb3VudF9pZCI6IiIsImJ1Y2tldF9hcm4iOiJhcm46YXdzOnMzOjo6YnVja2V0LW1hcnRpbi10ZXN0LWRyaWZ0MiIsImVuY3J5cHRpb24iOltdLCJmb3JtYXQiOiJPUkMiLCJwcmVmaXgiOiIifV19XSwiZW5hYmxlZCI6dHJ1ZSwiZmlsdGVyIjpbXSwiaWQiOiJidWNrZXQtbWFydGluLXRlc3QtZHJpZnQyOkludmVudG9yeTJfQnVja2V0MiIsImluY2x1ZGVkX29iamVjdF92ZXJzaW9ucyI6IkFsbCIsIm5hbWUiOiJJbnZlbnRvcnkyX0J1Y2tldDIiLCJvcHRpb25hbF9maWVsZHMiOltdLCJzY2hlZHVsZSI6W3siZnJlcXVlbmN5IjoiRGFpbHkifV19",
|
||||
"Err": null
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiYnVja2V0Ijoic3RyaW5nIiwiZGVzdGluYXRpb24iOlsibGlzdCIsWyJvYmplY3QiLHsiYnVja2V0IjpbImxpc3QiLFsib2JqZWN0Iix7ImFjY291bnRfaWQiOiJzdHJpbmciLCJidWNrZXRfYXJuIjoic3RyaW5nIiwiZW5jcnlwdGlvbiI6WyJsaXN0IixbIm9iamVjdCIseyJzc2Vfa21zIjpbImxpc3QiLFsib2JqZWN0Iix7ImtleV9pZCI6InN0cmluZyJ9XV0sInNzZV9zMyI6WyJsaXN0IixbIm9iamVjdCIse31dXX1dXSwiZm9ybWF0Ijoic3RyaW5nIiwicHJlZml4Ijoic3RyaW5nIn1dXX1dXSwiZW5hYmxlZCI6ImJvb2wiLCJmaWx0ZXIiOlsibGlzdCIsWyJvYmplY3QiLHsicHJlZml4Ijoic3RyaW5nIn1dXSwiaWQiOiJzdHJpbmciLCJpbmNsdWRlZF9vYmplY3RfdmVyc2lvbnMiOiJzdHJpbmciLCJuYW1lIjoic3RyaW5nIiwib3B0aW9uYWxfZmllbGRzIjpbInNldCIsInN0cmluZyJdLCJzY2hlZHVsZSI6WyJsaXN0IixbIm9iamVjdCIseyJmcmVxdWVuY3kiOiJzdHJpbmcifV1dfV0=",
|
||||
"Val": "eyJidWNrZXQiOiJidWNrZXQtbWFydGluLXRlc3QtZHJpZnQyIiwiZGVzdGluYXRpb24iOlt7ImJ1Y2tldCI6W3siYWNjb3VudF9pZCI6IiIsImJ1Y2tldF9hcm4iOiJhcm46YXdzOnMzOjo6YnVja2V0LW1hcnRpbi10ZXN0LWRyaWZ0MiIsImVuY3J5cHRpb24iOltdLCJmb3JtYXQiOiJPUkMiLCJwcmVmaXgiOiIifV19XSwiZW5hYmxlZCI6dHJ1ZSwiZmlsdGVyIjpbXSwiaWQiOiJidWNrZXQtbWFydGluLXRlc3QtZHJpZnQyOkludmVudG9yeV9CdWNrZXQyIiwiaW5jbHVkZWRfb2JqZWN0X3ZlcnNpb25zIjoiQWxsIiwibmFtZSI6IkludmVudG9yeV9CdWNrZXQyIiwib3B0aW9uYWxfZmllbGRzIjpbXSwic2NoZWR1bGUiOlt7ImZyZXF1ZW5jeSI6IkRhaWx5In1dfQ==",
|
||||
"Err": null
|
||||
}
|
|
@ -5,4 +5,6 @@ type TerraformProvider interface {
|
|||
SchemaSupplier
|
||||
ResourceReader
|
||||
Cleanup()
|
||||
Name() string
|
||||
Version() string
|
||||
}
|
||||
|
|
|
@ -74,6 +74,7 @@ func doTestDiff(got []resource.Resource, dirName string, provider terraform.Terr
|
|||
return differ.Diff(got, expectedResources)
|
||||
}
|
||||
|
||||
// CtyTestDiff Deprecated
|
||||
func CtyTestDiff(got []resource.Resource, dirName string, provider terraform.TerraformProvider, deserializer *resource.Deserializer, shouldUpdate bool, t *testing.T) {
|
||||
changelog, err := doTestDiff(got, dirName, provider, deserializer, shouldUpdate)
|
||||
if err != nil {
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
package test
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"path"
|
||||
"runtime"
|
||||
)
|
||||
|
||||
func WriteTestFile(p string, content []byte) error {
|
||||
_, filename, _, _ := runtime.Caller(1)
|
||||
return ioutil.WriteFile(path.Join(path.Dir(filename), p), content, 0644)
|
||||
}
|
||||
|
||||
func ReadTestFile(p string) ([]byte, error) {
|
||||
_, filename, _, _ := runtime.Caller(1)
|
||||
return ioutil.ReadFile(path.Join(path.Dir(filename), p))
|
||||
}
|
|
@ -167,3 +167,11 @@ func getFileNameSuffix(args terraform.ReadResourceArgs) string {
|
|||
}
|
||||
|
||||
func (p MockedGoldenTFProvider) Cleanup() {}
|
||||
|
||||
func (p *MockedGoldenTFProvider) Name() string {
|
||||
return p.realProvider.Name()
|
||||
}
|
||||
|
||||
func (p *MockedGoldenTFProvider) Version() string {
|
||||
return p.realProvider.Version()
|
||||
}
|
||||
|
|
|
@ -0,0 +1,128 @@
|
|||
package terraform
|
||||
|
||||
import (
|
||||
gojson "encoding/json"
|
||||
"fmt"
|
||||
"sort"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
"github.com/cloudskiff/driftctl/test"
|
||||
"github.com/cloudskiff/driftctl/test/goldenfile"
|
||||
"github.com/cloudskiff/driftctl/test/mocks"
|
||||
"github.com/hashicorp/terraform/providers"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
)
|
||||
|
||||
type FakeTerraformProvider struct {
|
||||
realProvider terraform.TerraformProvider
|
||||
shouldUpdate bool
|
||||
response string
|
||||
}
|
||||
|
||||
func NewFakeTerraformProvider(realProvider terraform.TerraformProvider) *FakeTerraformProvider {
|
||||
return &FakeTerraformProvider{realProvider: realProvider}
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) ShouldUpdate() {
|
||||
p.shouldUpdate = true
|
||||
}
|
||||
|
||||
func (m *FakeTerraformProvider) Schema() map[string]providers.Schema {
|
||||
if m.shouldUpdate {
|
||||
schema := m.realProvider.Schema()
|
||||
m.writeSchema(schema)
|
||||
return schema
|
||||
}
|
||||
return m.readSchema()
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) WithResponse(response string) *FakeTerraformProvider {
|
||||
p.response = response
|
||||
return p
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) ReadResource(args terraform.ReadResourceArgs) (*cty.Value, error) {
|
||||
if p.response == "" {
|
||||
return nil, errors.New("WithResponse should be called before ReadResource to specify a directory to fetch fake response")
|
||||
}
|
||||
if p.shouldUpdate {
|
||||
readResource, err := p.realProvider.ReadResource(args)
|
||||
p.writeResource(args, readResource, err)
|
||||
return readResource, err
|
||||
}
|
||||
|
||||
return p.readResource(args)
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) writeSchema(schema map[string]providers.Schema) {
|
||||
marshal, err := gojson.Marshal(schema)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
err = test.WriteTestFile(fmt.Sprintf("schemas/%s/%s.json", p.realProvider.Name(), p.realProvider.Version()), marshal)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) readSchema() map[string]providers.Schema {
|
||||
content, err := test.ReadTestFile(fmt.Sprintf("schemas/%s/%s.json", p.realProvider.Name(), p.realProvider.Version()))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
var schema map[string]providers.Schema
|
||||
if err := gojson.Unmarshal(content, &schema); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return schema
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) writeResource(args terraform.ReadResourceArgs, readResource *cty.Value, err error) {
|
||||
var readRes = mocks.ReadResource{
|
||||
Value: readResource,
|
||||
Err: err,
|
||||
}
|
||||
|
||||
marshalled, err := gojson.Marshal(&readRes)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fileName := p.getFileName(args)
|
||||
goldenfile.WriteFile(p.response, marshalled, fileName)
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) readResource(args terraform.ReadResourceArgs) (*cty.Value, error) {
|
||||
fileName := p.getFileName(args)
|
||||
content := goldenfile.ReadFile(p.response, fileName)
|
||||
var readRes mocks.ReadResource
|
||||
if err := gojson.Unmarshal(content, &readRes); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
return readRes.Value, readRes.Err
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) getFileName(args terraform.ReadResourceArgs) string {
|
||||
suffix := ""
|
||||
keys := make([]string, 0, len(args.Attributes))
|
||||
for k := range args.Attributes {
|
||||
keys = append(keys, k)
|
||||
}
|
||||
sort.Strings(keys)
|
||||
|
||||
for _, k := range keys {
|
||||
suffix = fmt.Sprintf("%s-%s", suffix, args.Attributes[k])
|
||||
}
|
||||
fileName := fmt.Sprintf("%s-%s%s.res.golden.json", args.Ty, args.ID, suffix)
|
||||
return fileName
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) Cleanup() {}
|
||||
|
||||
func (p *FakeTerraformProvider) Name() string {
|
||||
return p.realProvider.Name()
|
||||
}
|
||||
|
||||
func (p *FakeTerraformProvider) Version() string {
|
||||
return p.realProvider.Version()
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
package terraform
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/output"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
)
|
||||
|
||||
func InitTestAwsProvider(providerLibrary *terraform.ProviderLibrary, version string) (*aws.AWSTerraformProvider, error) {
|
||||
progress := &output.MockProgress{}
|
||||
progress.On("Inc").Maybe().Return()
|
||||
provider, err := aws.NewAWSTerraformProvider(version, progress, os.TempDir())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
providerLibrary.AddProvider(terraform.AWS, provider)
|
||||
return provider, nil
|
||||
}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,74 @@
|
|||
package test
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/awsutil"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
"github.com/cloudskiff/driftctl/test/goldenfile"
|
||||
"github.com/r3labs/diff/v2"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
"github.com/zclconf/go-cty/cty/gocty"
|
||||
"github.com/zclconf/go-cty/cty/json"
|
||||
)
|
||||
|
||||
func TestAgainstGoldenFile(
|
||||
got []resource.Resource,
|
||||
ty string,
|
||||
dirName string,
|
||||
provider terraform.TerraformProvider,
|
||||
deserializer *resource.Deserializer,
|
||||
shouldUpdate bool,
|
||||
tt *testing.T,
|
||||
) {
|
||||
resGoldenName := "results.golden.json"
|
||||
var expectedResources []resource.Resource
|
||||
ctyType := cty.List(provider.Schema()[ty].Block.ImpliedType())
|
||||
|
||||
// update golden file
|
||||
if shouldUpdate {
|
||||
ctVal, err := gocty.ToCtyValue(got, ctyType)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
unm, err := json.Marshal(ctVal, ctyType)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
goldenfile.WriteFile(dirName, unm, resGoldenName)
|
||||
}
|
||||
|
||||
// read golden file
|
||||
file := goldenfile.ReadFile(dirName, resGoldenName)
|
||||
decodedJson, err := json.Unmarshal(file, ctyType)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
decodedResources, err := deserializer.Deserialize(ty, decodedJson.AsValueSlice())
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
expectedResources = append(expectedResources, decodedResources...)
|
||||
|
||||
// diff
|
||||
differ, err := diff.NewDiffer(diff.SliceOrdering(true))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
got = resource.Sort(got)
|
||||
expectedResources = resource.Sort(expectedResources)
|
||||
|
||||
changelog, err := differ.Diff(got, expectedResources)
|
||||
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if len(changelog) > 0 {
|
||||
for _, change := range changelog {
|
||||
tt.Errorf("%s got = %v, want %v", strings.Join(change.Path, "."), awsutil.Prettify(change.From), awsutil.Prettify(change.To))
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue