sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into feat/support_aws_appautoscaling_scheduled_action

main
Elie 2021-10-06 15:30:06 +02:00 committed by GitHub
parent 7d24380e0a e21490f039
commit 69bbc434f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 172789 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
go.mod
View File

@ -16,6 +16,7 @@ require (
github.com/bmatcuk/doublestar/v4 v4.0.1
github.com/eapache/go-resiliency v1.2.0
github.com/fatih/color v1.9.0
github.com/getkin/kin-openapi v0.75.0
github.com/getsentry/sentry-go v0.10.0
github.com/go-git/go-git/v5 v5.4.2
github.com/hashicorp/go-getter v1.5.3

11
go.sum
View File

@ -229,9 +229,12 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc=
github.com/getkin/kin-openapi v0.75.0 h1:JEt2etuOJvejeoj7VBslrpGFGKd3FNOyhFAM0uTiOOw=
github.com/getkin/kin-openapi v0.75.0/go.mod h1:7Yn5whZr5kJi6t+kShccXS8ae1APpYTW6yheSwk8Yi4=
github.com/getsentry/sentry-go v0.10.0 h1:6gwY+66NHKqyZrdi6O2jGdo7wGdo9b3B69E01NFgT5g=
github.com/getsentry/sentry-go v0.10.0/go.mod h1:kELm/9iCblqUYh+ZRML7PNdCvEuw24wBvJPYyi86cws=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3/go.mod h1:VJ0WA2NBN22VlZ2dKZQPAPnyWw5XTlK1KymzLKsr59s=
github.com/gin-gonic/gin v1.4.0/go.mod h1:OW2EZn3DO8Ln9oIKOvM++LBO+5UPHJJDH72/q/3rZdM=
@ -256,9 +259,13 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8=
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
@ -366,6 +373,7 @@ github.com/gophercloud/gophercloud v0.10.1-0.20200424014253-c3bfe50899e5/go.mod
github.com/gophercloud/utils v0.0.0-20200423144003-7c72efc7435d/go.mod h1:ehWUbLQJPqS0Ep+CxeD559hsm9pthPXadJNKwZkp43w=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
@ -538,6 +546,9 @@ github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP
github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e h1:hB2xlXdHp/pmPZq0y3QnmWAArdw9PqbmotexnWx/FU8=
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/masterzen/simplexml v0.0.0-20160608183007-4572e39b1ab9/go.mod h1:kCEbxUJlNDEBNbdQMkPSp6yaKcRXVI6f4ddk8Riv4bc=
github.com/masterzen/simplexml v0.0.0-20190410153822-31eea3082786/go.mod h1:kCEbxUJlNDEBNbdQMkPSp6yaKcRXVI6f4ddk8Riv4bc=
github.com/masterzen/winrm v0.0.0-20200615185753-c42b5136ff88/go.mod h1:a2HXwefeat3evJHxFXSayvRHpYEPJYtErl4uIzfaUqY=

2
pkg/driftctl.go
View File

@ -113,6 +113,8 @@ func (d DriftCTL) Run() (*analyser.Analysis, error) {
middlewares.NewGoogleLegacyBucketIAMBindings(),
middlewares.NewAzurermSubnetExpander(d.resourceFactory),
middlewares.NewAwsApiGatewayDeploymentExpander(d.resourceFactory),
middlewares.NewAwsApiGatewayResourceExpander(d.resourceFactory),
middlewares.NewAwsApiGatewayRestApiExpander(d.resourceFactory),
)
if !d.opts.StrictMode {

1
pkg/iac/terraform/state/terraform_state_reader_test.go
View File

@ -154,6 +154,7 @@ func TestTerraformStateReader_AWS_Resources(t *testing.T) {
{name: "Api Gateway Api Key", dirName: "api_gateway_api_key", wantErr: false},
{name: "Api Gateway authorizer", dirName: "api_gateway_authorizer", wantErr: false},
{name: "Api Gateway stage", dirName: "api_gateway_stage", wantErr: false},
{name: "Api Gateway resource", dirName: "api_gateway_resource", wantErr: false},
{name: "AppAutoScaling Targets", dirName: "aws_appautoscaling_target", wantErr: false},
{name: "network acl", dirName: "aws_network_acl", wantErr: false},
{name: "network acl rule", dirName: "aws_network_acl_rule", wantErr: false},

24
pkg/iac/terraform/state/test/api_gateway_resource/results.golden.json Executable file
View File

@ -0,0 +1,24 @@
[
{
"Id": "21zk4y",
"Type": "aws_api_gateway_resource",
"Attrs": {
"id": "21zk4y",
"parent_id": "pe75h6tq6i",
"path": "/bar",
"path_part": "bar",
"rest_api_id": "3of73v5ob4"
}
},
{
"Id": "wijcbm",
"Type": "aws_api_gateway_resource",
"Attrs": {
"id": "wijcbm",
"parent_id": "2ltv32p058",
"path": "/foo",
"path_part": "foo",
"rest_api_id": "1jitcobwol"
}
}
]

171757
pkg/iac/terraform/state/test/api_gateway_resource/schema.golden.json Executable file
View File

File diff suppressed because it is too large Load Diff

55
pkg/iac/terraform/state/test/api_gateway_resource/terraform.tfstate Normal file
View File

@ -0,0 +1,55 @@
{
"version": 4,
"terraform_version": "1.0.7",
"serial": 27,
"lineage": "85f5bee6-139e-8db2-ae5d-82aa82f62611",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_api_gateway_resource",
"name": "bar",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "21zk4y",
"parent_id": "pe75h6tq6i",
"path": "/bar",
"path_part": "bar",
"rest_api_id": "3of73v5ob4"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_api_gateway_rest_api.bar"
]
}
]
},
{
"mode": "managed",
"type": "aws_api_gateway_resource",
"name": "foo",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"id": "wijcbm",
"parent_id": "2ltv32p058",
"path": "/foo",
"path_part": "foo",
"rest_api_id": "1jitcobwol"
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_api_gateway_rest_api.foo"
]
}
]
}
]
}

58
pkg/middlewares/aws_api_gateway_resource_expander.go Normal file
View File

@ -0,0 +1,58 @@
package middlewares
import (
"github.com/sirupsen/logrus"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
)
// Explodes api gateway default resource found in aws_api_gateway_rest_api.root_resource_id from state resources to dedicated resources
type AwsApiGatewayResourceExpander struct {
resourceFactory resource.ResourceFactory
}
func NewAwsApiGatewayResourceExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayResourceExpander {
return AwsApiGatewayResourceExpander{
resourceFactory: resourceFactory,
}
}
func (m AwsApiGatewayResourceExpander) Execute(_, resourcesFromState *[]*resource.Resource) error {
newStateResources := make([]*resource.Resource, 0)
for _, res := range *resourcesFromState {
// Ignore all resources other than aws_api_gateway_rest_api
if res.ResourceType() != aws.AwsApiGatewayRestApiResourceType {
newStateResources = append(newStateResources, res)
continue
}
newStateResources = append(newStateResources, res)
err := m.handleResource(res, &newStateResources)
if err != nil {
return err
}
}
*resourcesFromState = newStateResources
return nil
}
func (m *AwsApiGatewayResourceExpander) handleResource(api *resource.Resource, results *[]*resource.Resource) error {
resourceId := api.Attrs.GetString("root_resource_id")
if resourceId == nil || *resourceId == "" {
return nil
}
newResource := m.resourceFactory.CreateAbstractResource(aws.AwsApiGatewayResourceResourceType, *resourceId, map[string]interface{}{
"rest_api_id": api.ResourceId(),
"path": "/",
})
*results = append(*results, newResource)
logrus.WithFields(logrus.Fields{
"id": newResource.ResourceId(),
}).Debug("Created new resource from api gateway rest api")
return nil
}

116
pkg/middlewares/aws_api_gateway_resource_expander_test.go Normal file
View File

@ -0,0 +1,116 @@
package middlewares
import (
"strings"
"testing"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/r3labs/diff/v2"
)
func TestAwsApiGatewayResourceExpander_Execute(t *testing.T) {
tests := []struct {
name string
resourcesFromState []*resource.Resource
mocks func(*terraform.MockResourceFactory)
expected []*resource.Resource
}{
{
name: "create api gateway root resource from rest api",
mocks: func(factory *terraform.MockResourceFactory) {
factory.On(
"CreateAbstractResource",
aws.AwsApiGatewayResourceResourceType,
"bar",
map[string]interface{}{
"rest_api_id": "foo",
"path": "/",
},
).Once().Return(&resource.Resource{
Id: "bar",
Type: aws.AwsApiGatewayResourceResourceType,
})
},
resourcesFromState: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"root_resource_id": "bar",
},
},
},
expected: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"root_resource_id": "bar",
},
},
{
Id: "bar",
Type: aws.AwsApiGatewayResourceResourceType,
},
},
},
{
name: "empty or unknown root_resource_id",
resourcesFromState: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"root_resource_id": "",
},
},
{
Id: "bar",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{},
},
},
expected: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"root_resource_id": "",
},
},
{
Id: "bar",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
factory := &terraform.MockResourceFactory{}
if tt.mocks != nil {
tt.mocks(factory)
}
m := NewAwsApiGatewayResourceExpander(factory)
err := m.Execute(&[]*resource.Resource{}, &tt.resourcesFromState)
if err != nil {
t.Fatal(err)
}
changelog, err := diff.Diff(tt.expected, tt.resourcesFromState)
if err != nil {
t.Fatal(err)
}
if len(changelog) > 0 {
for _, change := range changelog {
t.Errorf("%s got = %v, want %v", strings.Join(change.Path, "."), awsutil.Prettify(change.From), awsutil.Prettify(change.To))
}
}
})
}
}

105
pkg/middlewares/aws_api_gateway_rest_api_expander.go Normal file
View File

@ -0,0 +1,105 @@
package middlewares
import (
"encoding/json"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/getkin/kin-openapi/openapi2"
"github.com/getkin/kin-openapi/openapi3"
)
// Explodes api gateway rest api body attribute to dedicated resources as per Terraform documentation (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api)
type AwsApiGatewayRestApiExpander struct {
resourceFactory resource.ResourceFactory
}
func NewAwsApiGatewayRestApiExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayRestApiExpander {
return AwsApiGatewayRestApiExpander{
resourceFactory: resourceFactory,
}
}
func (m AwsApiGatewayRestApiExpander) Execute(remoteResources, resourcesFromState *[]*resource.Resource) error {
newStateResources := make([]*resource.Resource, 0)
for _, res := range *resourcesFromState {
// Ignore all resources other than aws_api_gateway_rest_api
if res.ResourceType() != aws.AwsApiGatewayRestApiResourceType {
newStateResources = append(newStateResources, res)
continue
}
newStateResources = append(newStateResources, res)
err := m.handleBody(res, &newStateResources, remoteResources)
if err != nil {
return err
}
}
*resourcesFromState = newStateResources
return nil
}
func (m *AwsApiGatewayRestApiExpander) handleBody(api *resource.Resource, results, remoteResources *[]*resource.Resource) error {
body := api.Attrs.GetString("body")
if body == nil || *body == "" {
return nil
}
docV3 := &openapi3.T{}
if err := json.Unmarshal([]byte(*body), &docV3); err != nil {
return err
}
// It's an OpenAPI v3 document
if docV3.OpenAPI != "" {
return m.handleBodyV3(docV3, results, remoteResources)
}
docV2 := &openapi2.T{}
if err := json.Unmarshal([]byte(*body), &docV2); err != nil {
return err
}
// It's an OpenAPI v2 document
if docV2.Swagger != "" {
return m.handleBodyV2(docV2, results, remoteResources)
}
return nil
}
func (m *AwsApiGatewayRestApiExpander) handleBodyV3(doc *openapi3.T, results, remoteResources *[]*resource.Resource) error {
for path := range doc.Paths {
m.createApiGatewayResource(path, results, remoteResources)
}
return nil
}
func (m *AwsApiGatewayRestApiExpander) handleBodyV2(doc *openapi2.T, results, remoteResources *[]*resource.Resource) error {
for path := range doc.Paths {
m.createApiGatewayResource(path, results, remoteResources)
}
return nil
}
// Create aws_api_gateway_resource resource
func (m *AwsApiGatewayRestApiExpander) createApiGatewayResource(path string, results, remoteResources *[]*resource.Resource) {
if res := foundMatchingResource(path, remoteResources); res != nil {
newResource := m.resourceFactory.CreateAbstractResource(aws.AwsApiGatewayResourceResourceType, res.ResourceId(), map[string]interface{}{
"rest_api_id": *res.Attributes().GetString("rest_api_id"),
"path": path,
})
*results = append(*results, newResource)
}
}
// Returns the aws_api_gateway_resource resource that matches the path attribute
func foundMatchingResource(path string, remoteResources *[]*resource.Resource) *resource.Resource {
for _, res := range *remoteResources {
if res.ResourceType() == aws.AwsApiGatewayResourceResourceType {
if p := res.Attributes().GetString("path"); p != nil && *p == path {
return res
}
}
}
return nil
}

238
pkg/middlewares/aws_api_gateway_rest_api_expander_test.go Normal file
View File

@ -0,0 +1,238 @@
package middlewares
import (
"strings"
"testing"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/r3labs/diff/v2"
)
func TestAwsApiGatewayRestApiExpander_Execute(t *testing.T) {
tests := []struct {
name string
resourcesFromState []*resource.Resource
remoteResources []*resource.Resource
mocks func(*terraform.MockResourceFactory)
expected []*resource.Resource
}{
{
name: "create aws_api_gateway_resource from OpenAPI v3 document",
mocks: func(factory *terraform.MockResourceFactory) {
factory.On(
"CreateAbstractResource",
aws.AwsApiGatewayResourceResourceType,
"bar",
map[string]interface{}{
"rest_api_id": "foo",
"path": "/path1",
},
).Once().Return(&resource.Resource{
Id: "bar",
Type: aws.AwsApiGatewayResourceResourceType,
Attrs: &resource.Attributes{
"rest_api_id": "foo",
"path": "/path1",
},
})
factory.On(
"CreateAbstractResource",
aws.AwsApiGatewayResourceResourceType,
"baz",
map[string]interface{}{
"rest_api_id": "foo",
"path": "/path1/path2",
},
).Once().Return(&resource.Resource{
Id: "baz",
Type: aws.AwsApiGatewayResourceResourceType,
Attrs: &resource.Attributes{
"rest_api_id": "foo",
"path": "/path1/path2",
},
})
},
resourcesFromState: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"body": "{\"info\":{\"title\":\"example\",\"version\":\"1.0\"},\"openapi\":\"3.0.1\",\"paths\":{\"/path1\":{\"get\":{\"x-amazon-apigateway-integration\":{\"httpMethod\":\"GET\",\"payloadFormatVersion\":\"1.0\",\"type\":\"HTTP_PROXY\",\"uri\":\"https://ip-ranges.amazonaws.com/ip-ranges.json\"}}},\"/path1/path2\":{\"get\":{\"x-amazon-apigateway-integration\":{\"httpMethod\":\"GET\",\"payloadFormatVersion\":\"1.0\",\"type\":\"HTTP_PROXY\",\"uri\":\"https://ip-ranges.amazonaws.com/ip-ranges.json\"}}}}}",
},
},
},
remoteResources: []*resource.Resource{
{
Id: "bar",
Type: aws.AwsApiGatewayResourceResourceType,
Attrs: &resource.Attributes{
"rest_api_id": "foo",
"path": "/path1",
},
},
{
Id: "baz",
Type: aws.AwsApiGatewayResourceResourceType,
Attrs: &resource.Attributes{
"rest_api_id": "foo",
"path": "/path1/path2",
},
},
},
expected: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"body": "{\"info\":{\"title\":\"example\",\"version\":\"1.0\"},\"openapi\":\"3.0.1\",\"paths\":{\"/path1\":{\"get\":{\"x-amazon-apigateway-integration\":{\"httpMethod\":\"GET\",\"payloadFormatVersion\":\"1.0\",\"type\":\"HTTP_PROXY\",\"uri\":\"https://ip-ranges.amazonaws.com/ip-ranges.json\"}}},\"/path1/path2\":{\"get\":{\"x-amazon-apigateway-integration\":{\"httpMethod\":\"GET\",\"payloadFormatVersion\":\"1.0\",\"type\":\"HTTP_PROXY\",\"uri\":\"https://ip-ranges.amazonaws.com/ip-ranges.json\"}}}}}",
},
},
{
Id: "bar",
Type: aws.AwsApiGatewayResourceResourceType,
Attrs: &resource.Attributes{
"rest_api_id": "foo",
"path": "/path1",
},
},
{
Id: "baz",
Type: aws.AwsApiGatewayResourceResourceType,
Attrs: &resource.Attributes{
"rest_api_id": "foo",
"path": "/path1/path2",
},
},
},
},
{
name: "create aws_api_gateway_resource from OpenAPI v2 document",
mocks: func(factory *terraform.MockResourceFactory) {
factory.On(
"CreateAbstractResource",
aws.AwsApiGatewayResourceResourceType,
"bar",
map[string]interface{}{
"rest_api_id": "foo",
"path": "/test",
},
).Once().Return(&resource.Resource{
Id: "bar",
Type: aws.AwsApiGatewayResourceResourceType,
Attrs: &resource.Attributes{
"rest_api_id": "foo",
"path": "/test",
},
})
},
resourcesFromState: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"body": "{\"info\":{\"title\":\"test\",\"version\":\"2017-04-20T04:08:08Z\"},\"paths\":{\"/test\":{\"get\":{\"responses\":{\"200\":{\"description\":\"OK\"}},\"x-amazon-apigateway-integration\":{\"httpMethod\":\"GET\",\"responses\":{\"default\":{\"statusCode\":200}},\"type\":\"HTTP\",\"uri\":\"https://aws.amazon.com/\"}}}},\"schemes\":[\"https\"],\"swagger\":\"2.0\"}",
},
},
},
remoteResources: []*resource.Resource{
{
Id: "bar",
Type: aws.AwsApiGatewayResourceResourceType,
Attrs: &resource.Attributes{
"rest_api_id": "foo",
"path": "/test",
},
},
},
expected: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"body": "{\"info\":{\"title\":\"test\",\"version\":\"2017-04-20T04:08:08Z\"},\"paths\":{\"/test\":{\"get\":{\"responses\":{\"200\":{\"description\":\"OK\"}},\"x-amazon-apigateway-integration\":{\"httpMethod\":\"GET\",\"responses\":{\"default\":{\"statusCode\":200}},\"type\":\"HTTP\",\"uri\":\"https://aws.amazon.com/\"}}}},\"schemes\":[\"https\"],\"swagger\":\"2.0\"}",
},
},
{
Id: "bar",
Type: aws.AwsApiGatewayResourceResourceType,
Attrs: &resource.Attributes{
"rest_api_id": "foo",
"path": "/test",
},
},
},
},
{
name: "empty or unknown body",
resourcesFromState: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"body": "",
},
},
{
Id: "bar",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{},
},
{
Id: "baz",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"body": "{}",
},
},
},
expected: []*resource.Resource{
{
Id: "foo",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"body": "",
},
},
{
Id: "bar",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{},
},
{
Id: "baz",
Type: aws.AwsApiGatewayRestApiResourceType,
Attrs: &resource.Attributes{
"body": "{}",
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
factory := &terraform.MockResourceFactory{}
if tt.mocks != nil {
tt.mocks(factory)
}
m := NewAwsApiGatewayRestApiExpander(factory)
err := m.Execute(&tt.remoteResources, &tt.resourcesFromState)
if err != nil {
t.Fatal(err)
}
changelog, err := diff.Diff(tt.expected, tt.resourcesFromState)
if err != nil {
t.Fatal(err)
}
if len(changelog) > 0 {
for _, change := range changelog {
t.Errorf("%s got = %v, want %v", strings.Join(change.Path, "."), awsutil.Prettify(change.From), awsutil.Prettify(change.To))
}
}
})
}
}

97
pkg/remote/api_gateway_scanner_test.go
View File

@ -458,3 +458,100 @@ func TestApiGatewayStage(t *testing.T) {
})
}
}
func TestApiGatewayResource(t *testing.T) {
dummyError := errors.New("this is an error")
apis := []*apigateway.RestApi{
{Id: awssdk.String("3of73v5ob4")},
}
tests := []struct {
test string
mocks func(*repository.MockApiGatewayRepository, *mocks.AlerterInterface)
assertExpected func(t *testing.T, got []*resource.Resource)
wantErr error
}{
{
test: "no api gateway resources",
mocks: func(repo *repository.MockApiGatewayRepository, alerter *mocks.AlerterInterface) {
repo.On("ListAllRestApis").Return(apis, nil)
repo.On("ListAllRestApiResources", *apis[0].Id).Return([]*apigateway.Resource{}, nil)
},
assertExpected: func(t *testing.T, got []*resource.Resource) {
assert.Len(t, got, 0)
},
},
{
test: "multiple api gateway resources",
mocks: func(repo *repository.MockApiGatewayRepository, alerter *mocks.AlerterInterface) {
repo.On("ListAllRestApis").Return(apis, nil)
repo.On("ListAllRestApiResources", *apis[0].Id).Return([]*apigateway.Resource{
{Id: awssdk.String("21zk4y"), Path: awssdk.String("/")},
{Id: awssdk.String("2ltv32p058"), Path: awssdk.String("/")},
}, nil)
},
assertExpected: func(t *testing.T, got []*resource.Resource) {
assert.Len(t, got, 2)
assert.Equal(t, got[0].ResourceId(), "21zk4y")
assert.Equal(t, got[0].ResourceType(), resourceaws.AwsApiGatewayResourceResourceType)
assert.Equal(t, got[1].ResourceId(), "2ltv32p058")
assert.Equal(t, got[1].ResourceType(), resourceaws.AwsApiGatewayResourceResourceType)
},
},
{
test: "cannot list rest apis",
mocks: func(repo *repository.MockApiGatewayRepository, alerter *mocks.AlerterInterface) {
repo.On("ListAllRestApis").Return(nil, dummyError)
alerter.On("SendAlert", resourceaws.AwsApiGatewayResourceResourceType, alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, remoteerr.NewResourceListingErrorWithType(dummyError, resourceaws.AwsApiGatewayResourceResourceType, resourceaws.AwsApiGatewayRestApiResourceType), alerts.EnumerationPhase)).Return()
},
wantErr: remoteerr.NewResourceListingErrorWithType(dummyError, resourceaws.AwsApiGatewayResourceResourceType, resourceaws.AwsApiGatewayRestApiResourceType),
},
{
test: "cannot list api gateway resources",
mocks: func(repo *repository.MockApiGatewayRepository, alerter *mocks.AlerterInterface) {
repo.On("ListAllRestApis").Return(apis, nil)
repo.On("ListAllRestApiResources", *apis[0].Id).Return(nil, dummyError)
alerter.On("SendAlert", resourceaws.AwsApiGatewayResourceResourceType, alerts.NewRemoteAccessDeniedAlert(common.RemoteAWSTerraform, remoteerr.NewResourceListingErrorWithType(dummyError, resourceaws.AwsApiGatewayResourceResourceType, resourceaws.AwsApiGatewayResourceResourceType), alerts.EnumerationPhase)).Return()
},
wantErr: remoteerr.NewResourceListingError(dummyError, resourceaws.AwsApiGatewayResourceResourceType),
},
}
providerVersion := "3.19.0"
schemaRepository := testresource.InitFakeSchemaRepository("aws", providerVersion)
resourceaws.InitResourcesMetadata(schemaRepository)
factory := terraform.NewTerraformResourceFactory(schemaRepository)
for _, c := range tests {
t.Run(c.test, func(tt *testing.T) {
scanOptions := ScannerOptions{}
remoteLibrary := common.NewRemoteLibrary()
// Initialize mocks
alerter := &mocks.AlerterInterface{}
fakeRepo := &repository.MockApiGatewayRepository{}
c.mocks(fakeRepo, alerter)
var repo repository.ApiGatewayRepository = fakeRepo
remoteLibrary.AddEnumerator(aws.NewApiGatewayResourceEnumerator(repo, factory))
testFilter := &filter.MockFilter{}
testFilter.On("IsTypeIgnored", mock.Anything).Return(false)
s := NewScanner(remoteLibrary, alerter, scanOptions, testFilter)
got, err := s.Resources()
assert.Equal(tt, err, c.wantErr)
if err != nil {
return
}
c.assertExpected(tt, got)
alerter.AssertExpectations(tt)
fakeRepo.AssertExpectations(tt)
testFilter.AssertExpectations(tt)
})
}
}

58
pkg/remote/aws/api_gateway_resource_enumerator.go Normal file
View File

@ -0,0 +1,58 @@
package aws
import (
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
)
type ApiGatewayResourceEnumerator struct {
repository repository.ApiGatewayRepository
factory resource.ResourceFactory
}
func NewApiGatewayResourceEnumerator(repo repository.ApiGatewayRepository, factory resource.ResourceFactory) *ApiGatewayResourceEnumerator {
return &ApiGatewayResourceEnumerator{
repository: repo,
factory: factory,
}
}
func (e *ApiGatewayResourceEnumerator) SupportedType() resource.ResourceType {
return aws.AwsApiGatewayResourceResourceType
}
func (e *ApiGatewayResourceEnumerator) Enumerate() ([]*resource.Resource, error) {
apis, err := e.repository.ListAllRestApis()
if err != nil {
return nil, remoteerror.NewResourceListingErrorWithType(err, string(e.SupportedType()), aws.AwsApiGatewayRestApiResourceType)
}
results := make([]*resource.Resource, 0)
for _, api := range apis {
a := api
resources, err := e.repository.ListAllRestApiResources(*a.Id)
if err != nil {
return nil, remoteerror.NewResourceListingError(err, string(e.SupportedType()))
}
for _, resource := range resources {
r := resource
results = append(
results,
e.factory.CreateAbstractResource(
string(e.SupportedType()),
*r.Id,
map[string]interface{}{
"rest_api_id": *a.Id,
"path": *r.Path,
},
),
)
}
}
return results, err
}

1
pkg/remote/aws/init.go
View File

@ -187,6 +187,7 @@ func Init(version string, alerter *alerter.Alerter,
remoteLibrary.AddEnumerator(NewApiGatewayApiKeyEnumerator(apigatewayRepository, factory))
remoteLibrary.AddEnumerator(NewApiGatewayAuthorizerEnumerator(apigatewayRepository, factory))
remoteLibrary.AddEnumerator(NewApiGatewayStageEnumerator(apigatewayRepository, factory))
remoteLibrary.AddEnumerator(NewApiGatewayResourceEnumerator(apigatewayRepository, factory))
remoteLibrary.AddEnumerator(NewAppAutoscalingTargetEnumerator(appAutoScalingRepository, factory))
remoteLibrary.AddDetailsFetcher(aws.AwsAppAutoscalingTargetResourceType, common.NewGenericDetailsFetcher(aws.AwsAppAutoscalingTargetResourceType, provider, deserializer))

23
pkg/remote/aws/repository/api_gateway_repository.go
View File

@ -15,6 +15,7 @@ type ApiGatewayRepository interface {
ListAllApiKeys() ([]*apigateway.ApiKey, error)
ListAllRestApiAuthorizers([]*apigateway.RestApi) ([]*apigateway.Authorizer, error)
ListAllRestApiStages(string) ([]*apigateway.Stage, error)
ListAllRestApiResources(string) ([]*apigateway.Resource, error)
}
type apigatewayRepository struct {
@ -126,3 +127,25 @@ func (r *apigatewayRepository) ListAllRestApiStages(apiId string) ([]*apigateway
r.cache.Put(cacheKey, resources.Item)
return resources.Item, nil
}
func (r *apigatewayRepository) ListAllRestApiResources(apiId string) ([]*apigateway.Resource, error) {
cacheKey := fmt.Sprintf("apigatewayListAllRestApiResources_api_%s", apiId)
if v := r.cache.Get(cacheKey); v != nil {
return v.([]*apigateway.Resource), nil
}
var resources []*apigateway.Resource
input := &apigateway.GetResourcesInput{
RestApiId: &apiId,
}
err := r.client.GetResourcesPages(input, func(res *apigateway.GetResourcesOutput, lastPage bool) bool {
resources = append(resources, res.Items...)
return !lastPage
})
if err != nil {
return nil, err
}
r.cache.Put(cacheKey, resources)
return resources, nil
}

71
pkg/remote/aws/repository/api_gateway_repository_test.go
View File

@ -348,3 +348,74 @@ func Test_apigatewayRepository_ListAllRestApiStages(t *testing.T) {
})
}
}
func Test_apigatewayRepository_ListAllRestApiResources(t *testing.T) {
api := &apigateway.RestApi{
Id: aws.String("restapi1"),
}
apiResources := []*apigateway.Resource{
{Id: aws.String("resource1")},
{Id: aws.String("resource2")},
{Id: aws.String("resource3")},
{Id: aws.String("resource4")},
}
tests := []struct {
name string
mocks func(client *awstest.MockFakeApiGateway, store *cache.MockCache)
want []*apigateway.Resource
wantErr error
}{
{
name: "list multiple rest api resources",
mocks: func(client *awstest.MockFakeApiGateway, store *cache.MockCache) {
client.On("GetResourcesPages",
&apigateway.GetResourcesInput{
RestApiId: aws.String("restapi1"),
},
mock.MatchedBy(func(callback func(res *apigateway.GetResourcesOutput, lastPage bool) bool) bool {
callback(&apigateway.GetResourcesOutput{
Items: apiResources,
}, true)
return true
})).Return(nil).Once()
store.On("Get", "apigatewayListAllRestApiResources_api_restapi1").Return(nil).Times(1)
store.On("Put", "apigatewayListAllRestApiResources_api_restapi1", apiResources).Return(false).Times(1)
},
want: apiResources,
},
{
name: "should hit cache",
mocks: func(client *awstest.MockFakeApiGateway, store *cache.MockCache) {
store.On("Get", "apigatewayListAllRestApiResources_api_restapi1").Return(apiResources).Times(1)
},
want: apiResources,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
store := &cache.MockCache{}
client := &awstest.MockFakeApiGateway{}
tt.mocks(client, store)
r := &apigatewayRepository{
client: client,
cache: store,
}
got, err := r.ListAllRestApiResources(*api.Id)
assert.Equal(t, tt.wantErr, err)
changelog, err := diff.Diff(got, tt.want)
assert.Nil(t, err)
if len(changelog) > 0 {
for _, change := range changelog {
t.Errorf("%s: %s -> %s", strings.Join(change.Path, "."), change.From, change.To)
}
t.Fail()
}
store.AssertExpectations(t)
client.AssertExpectations(t)
})
}
}

23
pkg/remote/aws/repository/mock_ApiGatewayRepository.go
View File

@ -81,6 +81,29 @@ func (_m *MockApiGatewayRepository) ListAllRestApiAuthorizers(_a0 []*apigateway.
return r0, r1
}
// ListAllRestApiResources provides a mock function with given fields: _a0
func (_m *MockApiGatewayRepository) ListAllRestApiResources(_a0 string) ([]*apigateway.Resource, error) {
ret := _m.Called(_a0)
var r0 []*apigateway.Resource
if rf, ok := ret.Get(0).(func(string) []*apigateway.Resource); ok {
r0 = rf(_a0)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).([]*apigateway.Resource)
}
}
var r1 error
if rf, ok := ret.Get(1).(func(string) error); ok {
r1 = rf(_a0)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// ListAllRestApiStages provides a mock function with given fields: _a0
func (_m *MockApiGatewayRepository) ListAllRestApiStages(_a0 string) ([]*apigateway.Stage, error) {
ret := _m.Called(_a0)

3
pkg/resource/aws/aws_api_gateway_resource.go Normal file
View File

@ -0,0 +1,3 @@
package aws
const AwsApiGatewayResourceResourceType = "aws_api_gateway_resource"

30
pkg/resource/aws/aws_api_gateway_resource_test.go Normal file
View File

@ -0,0 +1,30 @@
package aws_test
import (
"testing"
"github.com/cloudskiff/driftctl/test"
"github.com/cloudskiff/driftctl/test/acceptance"
)
func TestAcc_Aws_ApiGatewayResource(t *testing.T) {
acceptance.Run(t, acceptance.AccTestCase{
TerraformVersion: "0.15.5",
Paths: []string{"./testdata/acc/aws_api_gateway_resource"},
Args: []string{"scan", "--filter", "Type=='aws_api_gateway_resource'"},
Checks: []acceptance.AccCheck{
{
Env: map[string]string{
"AWS_REGION": "us-east-1",
},
Check: func(result *test.ScanResult, stdout string, err error) {
if err != nil {
t.Fatal(err)
}
result.AssertInfrastructureIsInSync()
result.AssertManagedCount(8)
},
},
},
})
}

20
pkg/resource/aws/testdata/acc/aws_api_gateway_resource/.terraform.lock.hcl vendored Normal file
View File

@ -0,0 +1,20 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "3.19.0"
constraints = "3.19.0"
hashes = [
"h1:xur9tF49NgsovNnmwmBR8RdpN8Fcg1TD4CKQPJD6n1A=",
"zh:185a5259153eb9ee4699d4be43b3d509386b473683392034319beee97d470c3b",
"zh:2d9a0a01f93e8d16539d835c02b8b6e1927b7685f4076e96cb07f7dd6944bc6c",
"zh:703f6da36b1b5f3497baa38fccaa7765fb8a2b6440344e4c97172516b49437dd",
"zh:770855565462abadbbddd98cb357d2f1a8f30f68a358cb37cbd5c072cb15b377",
"zh:8008db43149fe4345301f81e15e6d9ddb47aa5e7a31648f9b290af96ad86e92a",
"zh:8cdd27d375da6dcb7687f1fed126b7c04efce1671066802ee876dbbc9c66ec79",
"zh:be22ae185005690d1a017c1b909e0d80ab567e239b4f06ecacdba85080667c1c",
"zh:d2d02e72dbd80f607636cd6237a6c862897caabc635c7b50c0cb243d11246723",
"zh:d8f125b66a1eda2555c0f9bbdf12036a5f8d073499a22ca9e4812b68067fea31",
"zh:f5a98024c64d5d2973ff15b093725a074c0cb4afde07ef32c542e69f17ac90bc",
]
}

94
pkg/resource/aws/testdata/acc/aws_api_gateway_resource/terraform.tf vendored Normal file
View File

@ -0,0 +1,94 @@
provider "aws" {
region = "us-east-1"
}
terraform {
required_providers {
aws = "3.19.0"
}
}
resource "aws_api_gateway_rest_api" "foo" {
name = "foo"
description = "This is foo API"
}
resource "aws_api_gateway_rest_api" "bar" {
name = "bar"
description = "This is bar API"
body = jsonencode({
openapi = "3.0.1"
info = {
title = "example"
version = "1.0"
}
paths = {
"/path1" = {
get = {
x-amazon-apigateway-integration = {
httpMethod = "GET"
payloadFormatVersion = "1.0"
type = "HTTP_PROXY"
uri = "https://ip-ranges.amazonaws.com/ip-ranges.json"
}
}
}
"/path1/path2" = {
get = {
x-amazon-apigateway-integration = {
httpMethod = "GET"
payloadFormatVersion = "1.0"
type = "HTTP_PROXY"
uri = "https://ip-ranges.amazonaws.com/ip-ranges.json"
}
}
}
}
})
}
resource "aws_api_gateway_rest_api" "baz" {
name = "baz"
description = "This is baz API"
body = jsonencode({
swagger = "2.0"
info = {
title = "test"
version = "2017-04-20T04:08:08Z"
}
schemes = ["https"]
paths = {
"/test" = {
get = {
responses = {
"200" = {
description = "OK"
}
}
x-amazon-apigateway-integration = {
httpMethod = "GET"
type = "HTTP"
responses = {
default = {
statusCode = 200
}
}
uri = "https://aws.amazon.com/"
}
}
}
}
})
}
resource "aws_api_gateway_resource" "foo" {
rest_api_id = aws_api_gateway_rest_api.foo.id
parent_id = aws_api_gateway_rest_api.foo.root_resource_id
path_part = "foo"
}
resource "aws_api_gateway_resource" "bar" {
rest_api_id = aws_api_gateway_rest_api.bar.id
parent_id = aws_api_gateway_rest_api.bar.root_resource_id
path_part = "bar"
}

1
pkg/resource/resource_types.go
View File

@ -66,6 +66,7 @@ var supportedTypes = map[string]struct{}{
"aws_api_gateway_authorizer": {},
"aws_api_gateway_deployment": {},
"aws_api_gateway_stage": {},
"aws_api_gateway_resource": {},
"aws_appautoscaling_target": {},
"aws_rds_cluster_instance": {},
"aws_appautoscaling_policy": {},