refactor: delete useless aws middleware
sundowndev
parent
3c0321e044
commit
803700806e
|
|
@ -61,7 +61,6 @@ func (d DriftCTL) Run() (*analyser.Analysis, error) {
|
|||
middlewares.NewAwsIamPolicyAttachmentDefaults(),
|
||||
middlewares.NewAwsIamRolePolicyDefaults(),
|
||||
middlewares.NewAwsIamRoleDefaults(),
|
||||
middlewares.NewAwsSecurityGroupRuleDefaults(),
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,70 +0,0 @@
|
|||
package middlewares
|
||||
|
||||
import (
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
)
|
||||
|
||||
// When scanning a brand new AWS account, some users may see irrelevant results about default AWS security group rules.
|
||||
// We ignore these resources by default when strict mode is disabled.
|
||||
type AwsSecurityGroupRuleDefaults struct{}
|
||||
|
||||
func NewAwsSecurityGroupRuleDefaults() AwsSecurityGroupRuleDefaults {
|
||||
return AwsSecurityGroupRuleDefaults{}
|
||||
}
|
||||
|
||||
func (m AwsSecurityGroupRuleDefaults) Execute(remoteResources, resourcesFromState *[]resource.Resource) error {
|
||||
newRemoteResources := make([]resource.Resource, 0)
|
||||
|
||||
for _, remoteResource := range *remoteResources {
|
||||
// Ignore all resources other than security group rule
|
||||
if remoteResource.TerraformType() != aws.AwsSecurityGroupRuleResourceType {
|
||||
newRemoteResources = append(newRemoteResources, remoteResource)
|
||||
continue
|
||||
}
|
||||
|
||||
existInState := false
|
||||
for _, stateResource := range *resourcesFromState {
|
||||
if resource.IsSameResource(remoteResource, stateResource) {
|
||||
existInState = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if existInState || !isDefaultSecurityGroupRule(remoteResource.(*aws.AwsSecurityGroupRule), *remoteResources) {
|
||||
newRemoteResources = append(newRemoteResources, remoteResource)
|
||||
continue
|
||||
}
|
||||
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"id": remoteResource.TerraformId(),
|
||||
"type": remoteResource.TerraformType(),
|
||||
}).Debug("Ignoring default aws security group rule as it is not managed by IaC")
|
||||
}
|
||||
|
||||
*remoteResources = newRemoteResources
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Return true if the record is considered as default one added by aws
|
||||
func isDefaultSecurityGroupRule(sgr *aws.AwsSecurityGroupRule, remoteResources []resource.Resource) bool {
|
||||
isDefaultSecurityGroup := false
|
||||
for _, res := range remoteResources {
|
||||
if res.TerraformType() != aws.AwsSecurityGroupResourceType {
|
||||
continue
|
||||
}
|
||||
|
||||
if res.TerraformId() != *sgr.SecurityGroupId {
|
||||
continue
|
||||
}
|
||||
|
||||
if *res.(*aws.AwsSecurityGroup).Name == defaultAwsSecurityGroupName {
|
||||
isDefaultSecurityGroup = true
|
||||
}
|
||||
}
|
||||
|
||||
return isDefaultSecurityGroup && *sgr.Protocol == "All" && *sgr.Type == "ingress"
|
||||
}
|
||||
|
|
@ -1,144 +0,0 @@
|
|||
package middlewares
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
awssdk "github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awsutil"
|
||||
"github.com/r3labs/diff/v2"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
)
|
||||
|
||||
func TestAwsSecurityGroupRuleDefaults_Execute(t *testing.T) {
|
||||
defaultSecurityGroupName := "default"
|
||||
defaultSecurityGroupId := "sg-test1"
|
||||
defaultSecurityGroupRuleProtocol := "All"
|
||||
defaultSecurityGroupRuleType := "ingress"
|
||||
defaultSecurityGroupRuleDescription := "test desc"
|
||||
|
||||
dummySecurityGroupName := "sg-test2"
|
||||
dummySecurityGroupId := "sg-test2"
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
remoteResources []resource.Resource
|
||||
resourcesFromState []resource.Resource
|
||||
expected diff.Changelog
|
||||
}{
|
||||
{
|
||||
"default security group when they're not managed by IaC",
|
||||
[]resource.Resource{
|
||||
&aws.AwsSecurityGroup{
|
||||
Id: defaultSecurityGroupId,
|
||||
Name: &defaultSecurityGroupName,
|
||||
},
|
||||
&aws.AwsSecurityGroupRule{
|
||||
Id: "test-1",
|
||||
SecurityGroupId: &defaultSecurityGroupId,
|
||||
Type: &defaultSecurityGroupRuleType,
|
||||
Protocol: &defaultSecurityGroupRuleProtocol,
|
||||
},
|
||||
&aws.AwsRoute{
|
||||
Id: "dummy-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("local"),
|
||||
},
|
||||
},
|
||||
[]resource.Resource{
|
||||
&aws.AwsRoute{
|
||||
Id: "dummy-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("local"),
|
||||
},
|
||||
},
|
||||
diff.Changelog{
|
||||
{
|
||||
Type: "delete",
|
||||
Path: []string{"0"},
|
||||
From: &aws.AwsSecurityGroup{
|
||||
Id: defaultSecurityGroupId,
|
||||
Name: &defaultSecurityGroupName,
|
||||
},
|
||||
To: nil,
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
"default security group when they're managed by IaC",
|
||||
[]resource.Resource{
|
||||
&aws.AwsSecurityGroup{
|
||||
Id: defaultSecurityGroupId,
|
||||
Name: &defaultSecurityGroupName,
|
||||
},
|
||||
&aws.AwsSecurityGroupRule{
|
||||
Id: "test-1",
|
||||
SecurityGroupId: &defaultSecurityGroupId,
|
||||
Type: &defaultSecurityGroupRuleType,
|
||||
Protocol: &defaultSecurityGroupRuleProtocol,
|
||||
Description: nil,
|
||||
},
|
||||
&aws.AwsSecurityGroup{
|
||||
Id: dummySecurityGroupId,
|
||||
Name: &dummySecurityGroupName,
|
||||
},
|
||||
},
|
||||
[]resource.Resource{
|
||||
&aws.AwsSecurityGroup{
|
||||
Id: defaultSecurityGroupId,
|
||||
Name: &defaultSecurityGroupName,
|
||||
},
|
||||
&aws.AwsSecurityGroupRule{
|
||||
Id: "test-1",
|
||||
SecurityGroupId: &defaultSecurityGroupId,
|
||||
Type: &defaultSecurityGroupRuleType,
|
||||
Protocol: &defaultSecurityGroupRuleProtocol,
|
||||
Description: &defaultSecurityGroupRuleDescription,
|
||||
},
|
||||
},
|
||||
diff.Changelog{
|
||||
{
|
||||
Type: "delete",
|
||||
Path: []string{"2"},
|
||||
From: &aws.AwsSecurityGroup{
|
||||
Id: dummySecurityGroupId,
|
||||
Name: &dummySecurityGroupName,
|
||||
},
|
||||
To: nil,
|
||||
},
|
||||
{
|
||||
Type: "update",
|
||||
Path: []string{"1", "Description"},
|
||||
From: nil,
|
||||
To: &defaultSecurityGroupRuleDescription,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
m := NewAwsSecurityGroupRuleDefaults()
|
||||
err := m.Execute(&tt.remoteResources, &tt.resourcesFromState)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
changelog, err := diff.Diff(tt.remoteResources, tt.resourcesFromState)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
diffs, err := diff.Diff(tt.expected, changelog)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
for _, change := range diffs {
|
||||
t.Errorf("%s got = %v, want %v", strings.Join(change.Path, "."), awsutil.Prettify(change.From), awsutil.Prettify(change.To))
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue