sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue 165: Add security_group_rule_supplier to ec2_repository

main
Louis TOUSSAINT 2021-05-21 11:14:52 +02:00
parent 18e3a76d90
commit 2329c840d2
2 changed files with 139 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/remote/aws/vpc_security_group_rule_supplier.go
View File

@ -1,6 +1,7 @@
package aws
import (
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
"github.com/cloudskiff/driftctl/pkg/resource"
@ -10,7 +11,6 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
"github.com/hashicorp/terraform/flatmap"
"github.com/sirupsen/logrus"
"github.com/zclconf/go-cty/cty"
@ -24,7 +24,7 @@ const (
type VPCSecurityGroupRuleSupplier struct {
reader terraform.ResourceReader
deserializer *resource.Deserializer
client ec2iface.EC2API
client repository.EC2Repository
runner *terraform.ParallelResourceReader
}
@ -70,13 +70,13 @@ func NewVPCSecurityGroupRuleSupplier(provider *AWSTerraformProvider, deserialize
return &VPCSecurityGroupRuleSupplier{
provider,
deserializer,
ec2.New(provider.session),
repository.NewEC2Repository(provider.session),
terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
}
}
func (s *VPCSecurityGroupRuleSupplier) Resources() ([]resource.Resource, error) {
securityGroups, defaultSecurityGroups, err := listSecurityGroups(s.client)
securityGroups, defaultSecurityGroups, err := s.client.ListAllSecurityGroups()
if err != nil {
return nil, remoteerror.NewResourceEnumerationError(err, resourceaws.AwsSecurityGroupRuleResourceType)
}

298
pkg/remote/aws/vpc_security_group_rule_supplier_test.go
View File

@ -4,6 +4,7 @@ import (
"context"
"testing"
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
awstest "github.com/cloudskiff/driftctl/test/aws"
testresource "github.com/cloudskiff/driftctl/test/resource"
@ -31,202 +32,173 @@ func TestVPCSecurityGroupRuleSupplier_Resources(t *testing.T) {
cases := []struct {
test string
dirName string
mocks func(client *awstest.MockFakeEC2)
mocks func(client *repository.MockEC2Repository)
err error
}{
{
test: "no security group rules",
dirName: "vpc_security_group_rule_empty",
mocks: func(client *awstest.MockFakeEC2) {
client.On("DescribeSecurityGroupsPages",
&ec2.DescribeSecurityGroupsInput{},
mock.MatchedBy(func(callback func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool) bool {
callback(&ec2.DescribeSecurityGroupsOutput{
SecurityGroups: []*ec2.SecurityGroup{
{
GroupId: aws.String("sg-0254c038e32f25530"),
IpPermissions: []*ec2.IpPermission{},
IpPermissionsEgress: []*ec2.IpPermission{},
},
},
}, true)
return true
})).Return(nil)
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllSecurityGroups").Once().Return([]*ec2.SecurityGroup{
{
GroupId: aws.String("sg-0254c038e32f25530"),
IpPermissions: []*ec2.IpPermission{},
IpPermissionsEgress: []*ec2.IpPermission{},
},
}, nil, nil)
},
err: nil,
},
{
test: "with security group rules",
dirName: "vpc_security_group_rule_multiple",
mocks: func(client *awstest.MockFakeEC2) {
client.On("DescribeSecurityGroupsPages",
&ec2.DescribeSecurityGroupsInput{},
mock.MatchedBy(func(callback func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool) bool {
callback(&ec2.DescribeSecurityGroupsOutput{
SecurityGroups: []*ec2.SecurityGroup{
{
GroupId: aws.String("sg-0254c038e32f25530"),
IpPermissions: []*ec2.IpPermission{
{
FromPort: aws.Int64(0),
ToPort: aws.Int64(65535),
IpProtocol: aws.String("tcp"),
UserIdGroupPairs: []*ec2.UserIdGroupPair{
{
GroupId: aws.String("sg-0254c038e32f25530"),
},
{
GroupId: aws.String("sg-9e0204ff"),
},
},
},
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("1.2.0.0/16"),
},
{
CidrIp: aws.String("5.6.7.0/24"),
},
},
Ipv6Ranges: []*ec2.Ipv6Range{
{
CidrIpv6: aws.String("::/0"),
},
},
},
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllSecurityGroups").Once().Return([]*ec2.SecurityGroup{
{
GroupId: aws.String("sg-0254c038e32f25530"),
IpPermissions: []*ec2.IpPermission{
{
FromPort: aws.Int64(0),
ToPort: aws.Int64(65535),
IpProtocol: aws.String("tcp"),
UserIdGroupPairs: []*ec2.UserIdGroupPair{
{
GroupId: aws.String("sg-0254c038e32f25530"),
},
IpPermissionsEgress: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
Ipv6Ranges: []*ec2.Ipv6Range{
{
CidrIpv6: aws.String("::/0"),
},
},
},
{
GroupId: aws.String("sg-9e0204ff"),
},
},
},
}, false)
callback(&ec2.DescribeSecurityGroupsOutput{
SecurityGroups: []*ec2.SecurityGroup{
{
GroupId: aws.String("sg-0cc8b3c3c2851705a"),
IpPermissions: []*ec2.IpPermission{
{
FromPort: aws.Int64(443),
ToPort: aws.Int64(443),
IpProtocol: aws.String("tcp"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
},
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("1.2.0.0/16"),
},
IpPermissionsEgress: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
Ipv6Ranges: []*ec2.Ipv6Range{
{
CidrIpv6: aws.String("::/0"),
},
},
},
{
IpProtocol: aws.String("5"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
},
{
CidrIp: aws.String("5.6.7.0/24"),
},
},
Ipv6Ranges: []*ec2.Ipv6Range{
{
CidrIpv6: aws.String("::/0"),
},
},
},
}, true)
return true
})).Return(nil)
},
IpPermissionsEgress: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
Ipv6Ranges: []*ec2.Ipv6Range{
{
CidrIpv6: aws.String("::/0"),
},
},
},
},
},
{
GroupId: aws.String("sg-0cc8b3c3c2851705a"),
IpPermissions: []*ec2.IpPermission{
{
FromPort: aws.Int64(443),
ToPort: aws.Int64(443),
IpProtocol: aws.String("tcp"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
},
},
IpPermissionsEgress: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
Ipv6Ranges: []*ec2.Ipv6Range{
{
CidrIpv6: aws.String("::/0"),
},
},
},
{
IpProtocol: aws.String("5"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
},
},
},
}, nil, nil)
},
err: nil,
},
{
test: "should ignore default security group default rules",
dirName: "vpc_security_group_default_rules",
mocks: func(client *awstest.MockFakeEC2) {
client.On("DescribeSecurityGroupsPages",
&ec2.DescribeSecurityGroupsInput{},
mock.MatchedBy(func(callback func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool) bool {
callback(&ec2.DescribeSecurityGroupsOutput{
SecurityGroups: []*ec2.SecurityGroup{
{
GroupId: aws.String("sg-a74815c8"),
GroupName: aws.String("default"),
IpPermissions: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
UserIdGroupPairs: []*ec2.UserIdGroupPair{
{
GroupId: aws.String("sg-a74815c8"),
},
},
},
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("1.2.0.0/16"),
},
},
},
},
IpPermissionsEgress: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
},
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("1.2.3.4/32"),
},
},
},
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllSecurityGroups").Once().Return([]*ec2.SecurityGroup{
{
GroupId: aws.String("sg-a74815c8"),
GroupName: aws.String("default"),
IpPermissions: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
UserIdGroupPairs: []*ec2.UserIdGroupPair{
{
GroupId: aws.String("sg-a74815c8"),
},
},
},
}, true)
return true
})).Return(nil)
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("1.2.0.0/16"),
},
},
},
},
IpPermissionsEgress: []*ec2.IpPermission{
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("0.0.0.0/0"),
},
},
},
{
IpProtocol: aws.String("-1"),
IpRanges: []*ec2.IpRange{
{
CidrIp: aws.String("1.2.3.4/32"),
},
},
},
},
},
}, nil, nil)
},
err: nil,
},
{
test: "cannot list security group rules",
dirName: "vpc_security_group_rule_empty",
mocks: func(client *awstest.MockFakeEC2) {
client.On("DescribeSecurityGroupsPages",
&ec2.DescribeSecurityGroupsInput{},
mock.MatchedBy(func(callback func(res *ec2.DescribeSecurityGroupsOutput, lastPage bool) bool) bool {
return true
})).Return(awserr.NewRequestFailure(nil, 403, ""))
mocks: func(client *repository.MockEC2Repository) {
client.On("ListAllSecurityGroups").Once().Return(nil, nil, awserr.NewRequestFailure(nil, 403, ""))
},
err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsSecurityGroupRuleResourceType),
},
@ -251,7 +223,7 @@ func TestVPCSecurityGroupRuleSupplier_Resources(t *testing.T) {
}
t.Run(c.test, func(tt *testing.T) {
fakeEC2 := awstest.MockFakeEC2{}
fakeEC2 := repository.MockEC2Repository{}
c.mocks(&fakeEC2)
provider := mocks2.NewMockedGoldenTFProvider(c.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
s := &VPCSecurityGroupRuleSupplier{