sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add sqs-queue

main
Martin Guibert 2021-04-30 19:29:04 +02:00
parent efdf8ab43b
commit 0fb7156dbe
5 changed files with 207 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
pkg/driftctl_test.go
View File

@ -981,9 +981,13 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
{
name: "test sqs queue policy expander middleware",
stateResources: []resource.Resource{
&aws.AwsSqsQueue{
Id: "foo",
Policy: awssdk.String("{\"policy\":\"bar\"}"),
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueueResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"policy": "{\"policy\":\"bar\"}",
},
},
},
remoteResources: []resource.Resource{
@ -998,18 +1002,21 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
},
},
mocks: func(factory resource.ResourceFactory) {
foo := cty.ObjectVal(map[string]cty.Value{
"id": cty.StringVal("foo"),
"queue_url": cty.StringVal("foo"),
"policy": cty.StringVal("{\"policy\":\"bar\"}"),
})
factory.(*terraform.MockResourceFactory).On("CreateResource", mock.MatchedBy(func(input map[string]interface{}) bool {
factory.(*terraform.MockResourceFactory).On("CreateAbstractResource", "aws_sqs_queue_policy", "foo", mock.MatchedBy(func(input map[string]interface{}) bool {
return matchByAttributes(input, map[string]interface{}{
"id": "foo",
"queue_url": "foo",
"policy": awssdk.String("{\"policy\":\"bar\"}"),
"policy": "{\"policy\":\"bar\"}",
})
}), "aws_sqs_queue_policy").Times(1).Return(&foo, nil)
})).Times(1).Return(&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"queue_url": "foo",
"policy": "{\"policy\":\"bar\"}",
},
}, nil)
},
assert: func(result *test.ScanResult, err error) {
result.AssertManagedCount(1)

66
pkg/iac/terraform/state/test/sqs_queue/result.golden.json
View File

@ -1,40 +1,42 @@
[
{
"Arn": "arn:aws:sqs:eu-west-3:047081014315:bar.fifo",
"ContentBasedDeduplication": true,
"DelaySeconds": 0,
"FifoQueue": true,
"Id": "https://sqs.eu-west-3.amazonaws.com/047081014315/bar.fifo",
"KmsDataKeyReusePeriodSeconds": 300,
"KmsMasterKeyId": "",
"MaxMessageSize": 262144,
"MessageRetentionSeconds": 345600,
"Name": "bar.fifo",
"NamePrefix": null,
"Policy": null,
"ReceiveWaitTimeSeconds": 0,
"RedrivePolicy": "",
"Tags": {},
"VisibilityTimeoutSeconds": 30,
"CtyVal": {}
"Type": "aws_sqs_queue",
"Attrs": {
"arn": "arn:aws:sqs:eu-west-3:047081014315:bar.fifo",
"content_based_deduplication": true,
"delay_seconds": 0,
"fifo_queue": true,
"id": "https://sqs.eu-west-3.amazonaws.com/047081014315/bar.fifo",
"kms_data_key_reuse_period_seconds": 300,
"kms_master_key_id": "",
"max_message_size": 262144,
"message_retention_seconds": 345600,
"name": "bar.fifo",
"policy": "",
"receive_wait_time_seconds": 0,
"redrive_policy": "",
"visibility_timeout_seconds": 30
}
},
{
"Arn": "arn:aws:sqs:eu-west-3:047081014315:foo",
"ContentBasedDeduplication": false,
"DelaySeconds": 0,
"FifoQueue": false,
"Id": "https://sqs.eu-west-3.amazonaws.com/047081014315/foo",
"KmsDataKeyReusePeriodSeconds": 300,
"KmsMasterKeyId": "",
"MaxMessageSize": 262144,
"MessageRetentionSeconds": 345600,
"Name": "foo",
"NamePrefix": null,
"Policy": null,
"ReceiveWaitTimeSeconds": 0,
"RedrivePolicy": "",
"Tags": {},
"VisibilityTimeoutSeconds": 30,
"CtyVal": {}
"Type": "aws_sqs_queue",
"Attrs": {
"arn": "arn:aws:sqs:eu-west-3:047081014315:foo",
"content_based_deduplication": false,
"delay_seconds": 0,
"fifo_queue": false,
"id": "https://sqs.eu-west-3.amazonaws.com/047081014315/foo",
"kms_data_key_reuse_period_seconds": 300,
"kms_master_key_id": "",
"max_message_size": 262144,
"message_retention_seconds": 345600,
"name": "foo",
"policy": "",
"receive_wait_time_seconds": 0,
"redrive_policy": "",
"visibility_timeout_seconds": 30
}
}
]

35
pkg/middlewares/aws_sqs_queue_policy_expander.go
View File

@ -29,15 +29,16 @@ func (m AwsSqsQueuePolicyExpander) Execute(_, resourcesFromState *[]resource.Res
continue
}
queue, _ := res.(*aws.AwsSqsQueue)
queue, _ := res.(*resource.AbstractResource)
newList = append(newList, res)
if queue.Policy == nil {
policy, exist := queue.Attrs.Get("policy")
if !exist || policy == nil {
continue
}
if m.hasPolicyAttached(queue, resourcesFromState) {
queue.Policy = nil
queue.Attrs.SafeDelete([]string{"policy"})
continue
}
@ -50,36 +51,22 @@ func (m AwsSqsQueuePolicyExpander) Execute(_, resourcesFromState *[]resource.Res
return nil
}
func (m *AwsSqsQueuePolicyExpander) handlePolicy(queue *aws.AwsSqsQueue, results *[]resource.Resource) error {
func (m *AwsSqsQueuePolicyExpander) handlePolicy(queue *resource.AbstractResource, results *[]resource.Resource) error {
policy, _ := queue.Attrs.Get("policy")
data := map[string]interface{}{
"queue_url": queue.Id,
"id": queue.Id,
"policy": queue.Policy,
}
ctyVal, err := m.resourceFactory.CreateResource(data, "aws_sqs_queue_policy")
if err != nil {
return err
}
schema, exist := m.resourceSchemaRepository.GetSchema("aws_ebs_volume")
ctyAttr := resource.ToResourceAttributes(ctyVal)
ctyAttr.SanitizeDefaultsV3()
if exist && schema.NormalizeFunc != nil {
schema.NormalizeFunc(ctyAttr)
}
newPolicy := &resource.AbstractResource{
Id: queue.Id,
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: ctyAttr,
"policy": policy,
}
newPolicy := m.resourceFactory.CreateAbstractResource("aws_sqs_queue_policy", queue.Id, data)
*results = append(*results, newPolicy)
logrus.WithFields(logrus.Fields{
"id": newPolicy.TerraformId(),
}).Debug("Created new policy from sqs queue")
queue.Policy = nil
queue.Attrs.SafeDelete([]string{"policy"})
return nil
}
@ -87,7 +74,7 @@ func (m *AwsSqsQueuePolicyExpander) handlePolicy(queue *aws.AwsSqsQueue, results
// It is mandatory since it's possible to have a aws_sqs_queue with an inline policy
// AND a aws_sqs_queue_policy resource at the same time. At the end, on the AWS console,
// the aws_sqs_queue_policy will be used.
func (m *AwsSqsQueuePolicyExpander) hasPolicyAttached(queue *aws.AwsSqsQueue, resourcesFromState *[]resource.Resource) bool {
func (m *AwsSqsQueuePolicyExpander) hasPolicyAttached(queue *resource.AbstractResource, resourcesFromState *[]resource.Resource) bool {
for _, res := range *resourcesFromState {
if res.TerraformType() == aws.AwsSqsQueuePolicyResourceType &&
res.TerraformId() == queue.Id {

189
pkg/middlewares/aws_sqs_queue_policy_expander_test.go
View File

@ -4,10 +4,8 @@ import (
"strings"
"testing"
awssdk "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/stretchr/testify/mock"
"github.com/zclconf/go-cty/cty"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
@ -27,15 +25,22 @@ func TestAwsSqsQueuePolicyExpander_Execute(t *testing.T) {
{
"Inline policy, no aws_sqs_queue_policy attached",
[]resource.Resource{
&aws.AwsSqsQueue{
Id: "foo",
Policy: awssdk.String("{\"Id\":\"MYINLINESQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}"),
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueueResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"policy": "{\"Id\":\"MYINLINESQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
},
[]resource.Resource{
&aws.AwsSqsQueue{
Id: "foo",
Policy: nil,
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueueResourceType,
Attrs: &resource.Attributes{
"id": "foo",
},
},
&resource.AbstractResource{
Id: "foo",
@ -48,74 +53,166 @@ func TestAwsSqsQueuePolicyExpander_Execute(t *testing.T) {
},
},
func(factory *terraform.MockResourceFactory) {
foo := cty.ObjectVal(map[string]cty.Value{
"queue_url": cty.StringVal("foo"),
"id": cty.StringVal("foo"),
"policy": cty.StringVal("{\"Id\":\"MYINLINESQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}"),
})
factory.On("CreateResource", mock.MatchedBy(func(input map[string]interface{}) bool {
factory.On("CreateAbstractResource", "aws_sqs_queue_policy", "foo", mock.MatchedBy(func(input map[string]interface{}) bool {
return input["id"] == "foo"
}), "aws_sqs_queue_policy").Once().Return(&foo, nil)
})).Once().Return(&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"queue_url": "foo",
"id": "foo",
"policy": "{\"Id\":\"MYINLINESQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
}, nil)
},
},
{
"No inline policy, aws_sqs_queue_policy attached",
[]resource.Resource{
&aws.AwsSqsQueue{
Id: "foo",
Policy: nil,
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueueResourceType,
Attrs: &resource.Attributes{
"id": "foo",
},
},
&aws.AwsSqsQueuePolicy{
Id: "foo",
QueueUrl: awssdk.String("foo"),
Policy: awssdk.String("{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}"),
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"queue_url": "foo",
"policy": "{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
},
[]resource.Resource{
&aws.AwsSqsQueue{
Id: "foo",
Policy: nil,
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueueResourceType,
Attrs: &resource.Attributes{
"id": "foo",
},
},
&aws.AwsSqsQueuePolicy{
Id: "foo",
QueueUrl: awssdk.String("foo"),
Policy: awssdk.String("{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}"),
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"queue_url": "foo",
"policy": "{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
}, func(factory *terraform.MockResourceFactory) {
factory.On("CreateResource", mock.Anything, "aws_sqs_queue_policy").Once().Return(nil, nil)
},
},
{
"Inline policy and aws_sqs_queue_policy",
"Inline policy duplicate aws_sqs_queue_policy",
[]resource.Resource{
&aws.AwsSqsQueue{
Id: "foo",
Policy: awssdk.String("{\"Id\":\"MYINLINESQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}"),
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueueResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"policy": "{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
&aws.AwsSqsQueuePolicy{
Id: "foo",
QueueUrl: awssdk.String("foo"),
Policy: awssdk.String("{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}"),
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"queue_url": "foo",
"policy": "{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
},
[]resource.Resource{
&aws.AwsSqsQueue{
Id: "foo",
Policy: nil,
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueueResourceType,
Attrs: &resource.Attributes{
"id": "foo",
},
},
&aws.AwsSqsQueuePolicy{
Id: "foo",
QueueUrl: awssdk.String("foo"),
Policy: awssdk.String("{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}"),
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"queue_url": "foo",
"policy": "{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
},
func(factory *terraform.MockResourceFactory) {
factory.On("CreateResource", mock.Anything, "aws_sqs_queue_policy").Once().Return(nil, nil)
},
},
{
"Inline policy and aws_sqs_queue_policy",
[]resource.Resource{
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueueResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"policy": "{\"Id\":\"MYINLINESQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
&resource.AbstractResource{
Id: "bar",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"id": "bar",
"queue_url": "foo",
"policy": "{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
},
[]resource.Resource{
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueueResourceType,
Attrs: &resource.Attributes{
"id": "foo",
},
},
&resource.AbstractResource{
Id: "bar",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"id": "bar",
"queue_url": "foo",
"policy": "{\"Id\":\"MYSQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"queue_url": "foo",
"policy": "{\"Id\":\"MYINLINESQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
},
},
func(factory *terraform.MockResourceFactory) {
factory.On("CreateAbstractResource", "aws_sqs_queue_policy", "foo", mock.MatchedBy(func(input map[string]interface{}) bool {
return input["id"] == "foo"
})).Once().Return(&resource.AbstractResource{
Id: "foo",
Type: aws.AwsSqsQueuePolicyResourceType,
Attrs: &resource.Attributes{
"id": "foo",
"queue_url": "foo",
"policy": "{\"Id\":\"MYINLINESQSPOLICY\",\"Statement\":[{\"Action\":\"sqs:SendMessage\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Resource\":\"arn:aws:sqs:eu-west-3:047081014315:foo\",\"Sid\":\"Stmt1611769527792\"}],\"Version\":\"2012-10-17\"}",
},
}, nil)
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {

2
pkg/resource/resource.go
View File

@ -67,7 +67,7 @@ var refactoredResources = []string{
"aws_sns_topic",
"aws_sns_topic_policy",
"aws_sns_topic_subscription",
// "aws_sqs_queue",
"aws_sqs_queue",
"aws_sqs_queue_policy",
"aws_subnet",
"aws_vpc",