sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue 165: Add security_group_rule_supplier to ec2_repository

main
Louis TOUSSAINT 2021-05-21 11:14:52 +02:00
parent 18e3a76d90
commit 2329c840d2
2 changed files with 139 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/remote/aws/vpc_security_group_rule_supplier.go
View File

@ -1,6 +1,7 @@
package aws package aws
import ( import (
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error" remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
"github.com/cloudskiff/driftctl/pkg/resource" "github.com/cloudskiff/driftctl/pkg/resource"
@ -10,7 +11,6 @@ import (
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
"github.com/hashicorp/terraform/flatmap" "github.com/hashicorp/terraform/flatmap"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/zclconf/go-cty/cty" "github.com/zclconf/go-cty/cty"
@ -24,7 +24,7 @@ const (
type VPCSecurityGroupRuleSupplier struct { type VPCSecurityGroupRuleSupplier struct {
reader terraform.ResourceReader reader terraform.ResourceReader
deserializer *resource.Deserializer deserializer *resource.Deserializer
client ec2iface.EC2API client repository.EC2Repository
runner *terraform.ParallelResourceReader runner *terraform.ParallelResourceReader
} }
@ -70,13 +70,13 @@ func NewVPCSecurityGroupRuleSupplier(provider *AWSTerraformProvider, deserialize
return &VPCSecurityGroupRuleSupplier{ return &VPCSecurityGroupRuleSupplier{
provider, provider,
deserializer, deserializer,
ec2.New(provider.session), repository.NewEC2Repository(provider.session),
terraform.NewParallelResourceReader(provider.Runner().SubRunner()), terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
} }
} }
func (s *VPCSecurityGroupRuleSupplier) Resources() ([]resource.Resource, error) { func (s *VPCSecurityGroupRuleSupplier) Resources() ([]resource.Resource, error) {
securityGroups, defaultSecurityGroups, err := listSecurityGroups(s.client) securityGroups, defaultSecurityGroups, err := s.client.ListAllSecurityGroups()
if err != nil { if err != nil {
return nil, remoteerror.NewResourceEnumerationError(err, resourceaws.AwsSecurityGroupRuleResourceType) return nil, remoteerror.NewResourceEnumerationError(err, resourceaws.AwsSecurityGroupRuleResourceType)
} }

56
pkg/remote/aws/vpc_security_group_rule_supplier_test.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"testing" "testing"
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error" remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
awstest "github.com/cloudskiff/driftctl/test/aws" awstest "github.com/cloudskiff/driftctl/test/aws"
testresource "github.com/cloudskiff/driftctl/test/resource" testresource "github.com/cloudskiff/driftctl/test/resource"
@ -31,39 +32,28 @@ func TestVPCSecurityGroupRuleSupplier_Resources(t *testing.T) {
cases := []struct { cases := []struct {
test string test string
dirName string dirName string
mocks func(client *awstest.MockFakeEC2) mocks func(client *repository.MockEC2Repository)
err error err error
}{ }{
{ {
test: "no security group rules", test: "no security group rules",
dirName: "vpc_security_group_rule_empty", dirName: "vpc_security_group_rule_empty",
mocks: func(client *awstest.MockFakeEC2) { mocks: func(client *repository.MockEC2Repository) {
client.On("DescribeSecurityGroupsPages", client.On("ListAllSecurityGroups").Once().Return([]*ec2.SecurityGroup{
&ec2.DescribeSecurityGroupsInput{},
mock.MatchedBy(func(callback func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool) bool {
callback(&ec2.DescribeSecurityGroupsOutput{
SecurityGroups: []*ec2.SecurityGroup{
{ {
GroupId: aws.String("sg-0254c038e32f25530"), GroupId: aws.String("sg-0254c038e32f25530"),
IpPermissions: []*ec2.IpPermission{}, IpPermissions: []*ec2.IpPermission{},
IpPermissionsEgress: []*ec2.IpPermission{}, IpPermissionsEgress: []*ec2.IpPermission{},
}, },
}, }, nil, nil)
}, true)
return true
})).Return(nil)
}, },
err: nil, err: nil,
}, },
{ {
test: "with security group rules", test: "with security group rules",
dirName: "vpc_security_group_rule_multiple", dirName: "vpc_security_group_rule_multiple",
mocks: func(client *awstest.MockFakeEC2) { mocks: func(client *repository.MockEC2Repository) {
client.On("DescribeSecurityGroupsPages", client.On("ListAllSecurityGroups").Once().Return([]*ec2.SecurityGroup{
&ec2.DescribeSecurityGroupsInput{},
mock.MatchedBy(func(callback func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool) bool {
callback(&ec2.DescribeSecurityGroupsOutput{
SecurityGroups: []*ec2.SecurityGroup{
{ {
GroupId: aws.String("sg-0254c038e32f25530"), GroupId: aws.String("sg-0254c038e32f25530"),
IpPermissions: []*ec2.IpPermission{ IpPermissions: []*ec2.IpPermission{
@ -113,10 +103,6 @@ func TestVPCSecurityGroupRuleSupplier_Resources(t *testing.T) {
}, },
}, },
}, },
},
}, false)
callback(&ec2.DescribeSecurityGroupsOutput{
SecurityGroups: []*ec2.SecurityGroup{
{ {
GroupId: aws.String("sg-0cc8b3c3c2851705a"), GroupId: aws.String("sg-0cc8b3c3c2851705a"),
IpPermissions: []*ec2.IpPermission{ IpPermissions: []*ec2.IpPermission{
@ -155,22 +141,15 @@ func TestVPCSecurityGroupRuleSupplier_Resources(t *testing.T) {
}, },
}, },
}, },
}, }, nil, nil)
}, true)
return true
})).Return(nil)
}, },
err: nil, err: nil,
}, },
{ {
test: "should ignore default security group default rules", test: "should ignore default security group default rules",
dirName: "vpc_security_group_default_rules", dirName: "vpc_security_group_default_rules",
mocks: func(client *awstest.MockFakeEC2) { mocks: func(client *repository.MockEC2Repository) {
client.On("DescribeSecurityGroupsPages", client.On("ListAllSecurityGroups").Once().Return([]*ec2.SecurityGroup{
&ec2.DescribeSecurityGroupsInput{},
mock.MatchedBy(func(callback func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool) bool {
callback(&ec2.DescribeSecurityGroupsOutput{
SecurityGroups: []*ec2.SecurityGroup{
{ {
GroupId: aws.String("sg-a74815c8"), GroupId: aws.String("sg-a74815c8"),
GroupName: aws.String("default"), GroupName: aws.String("default"),
@ -211,22 +190,15 @@ func TestVPCSecurityGroupRuleSupplier_Resources(t *testing.T) {
}, },
}, },
}, },
}, }, nil, nil)
}, true)
return true
})).Return(nil)
}, },
err: nil, err: nil,
}, },
{ {
test: "cannot list security group rules", test: "cannot list security group rules",
dirName: "vpc_security_group_rule_empty", dirName: "vpc_security_group_rule_empty",
mocks: func(client *awstest.MockFakeEC2) { mocks: func(client *repository.MockEC2Repository) {
client.On("DescribeSecurityGroupsPages", client.On("ListAllSecurityGroups").Once().Return(nil, nil, awserr.NewRequestFailure(nil, 403, ""))
&ec2.DescribeSecurityGroupsInput{},
mock.MatchedBy(func(callback func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool) bool {
return true
})).Return(awserr.NewRequestFailure(nil, 403, ""))
}, },
err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsSecurityGroupRuleResourceType), err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsSecurityGroupRuleResourceType),
}, },
@ -251,7 +223,7 @@ func TestVPCSecurityGroupRuleSupplier_Resources(t *testing.T) {
} }
t.Run(c.test, func(tt *testing.T) { t.Run(c.test, func(tt *testing.T) {
fakeEC2 := awstest.MockFakeEC2{} fakeEC2 := repository.MockEC2Repository{}
c.mocks(&fakeEC2) c.mocks(&fakeEC2)
provider := mocks2.NewMockedGoldenTFProvider(c.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate) provider := mocks2.NewMockedGoldenTFProvider(c.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
s := &VPCSecurityGroupRuleSupplier{ s := &VPCSecurityGroupRuleSupplier{