Add kms_alias
William Beuil
parent
e601ccf296
commit
839ae746e7
|
|
@ -102,6 +102,7 @@ As AWS documentation recommends, the below policy is granting only the permissio
|
|||
"kms:DescribeKey",
|
||||
"kms:GetKeyPolicy",
|
||||
"kms:GetKeyRotationStatus",
|
||||
"kms:ListAliases",
|
||||
"kms:ListKeys",
|
||||
"kms:ListResourceTags",
|
||||
"lambda:GetFunction",
|
||||
|
|
@ -290,5 +291,5 @@ As AWS documentation recommends, the below policy is granting only the permissio
|
|||
## KMS
|
||||
|
||||
- [x] aws_kms_key
|
||||
- [ ] aws_kms_alias
|
||||
- [x] aws_kms_alias
|
||||
- [ ] aws_kms_external_key
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@ func Deserializers() []deserializer.CTYDeserializer {
|
|||
awsdeserializer.NewRoute53HealthCheckDeserializer(),
|
||||
awsdeserializer.NewCloudfrontDistributionDeserializer(),
|
||||
awsdeserializer.NewKMSKeyDeserializer(),
|
||||
awsdeserializer.NewKMSAliasDeserializer(),
|
||||
|
||||
ghdeserializer.NewGithubRepositoryDeserializer(),
|
||||
ghdeserializer.NewGithubTeamDeserializer(),
|
||||
|
|
|
|||
|
|
@ -84,6 +84,7 @@ func TestTerraformStateReader_AWS_Resources(t *testing.T) {
|
|||
{name: "Route53 Health Check", dirName: "route53_health_check", wantErr: false},
|
||||
{name: "Cloudfront distribution", dirName: "cloudfront_distribution", wantErr: false},
|
||||
{name: "KMS key", dirName: "kms_key", wantErr: false},
|
||||
{name: "KMS alias", dirName: "kms_alias", wantErr: false},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
[
|
||||
{
|
||||
"Arn": "arn:aws:kms:eu-west-3:047081014315:alias/bar",
|
||||
"Id": "alias/bar",
|
||||
"Name": "alias/bar",
|
||||
"NamePrefix": null,
|
||||
"TargetKeyArn": "arn:aws:kms:eu-west-3:047081014315:key/341b2d76-feab-4911-b5de-fbdd92b21aa7",
|
||||
"TargetKeyId": "341b2d76-feab-4911-b5de-fbdd92b21aa7"
|
||||
},
|
||||
{
|
||||
"Arn": "arn:aws:kms:eu-west-3:047081014315:alias/baz20210225124429210500000001",
|
||||
"Id": "alias/baz20210225124429210500000001",
|
||||
"Name": null,
|
||||
"NamePrefix": "alias/baz",
|
||||
"TargetKeyArn": "arn:aws:kms:eu-west-3:047081014315:key/341b2d76-feab-4911-b5de-fbdd92b21aa7",
|
||||
"TargetKeyId": "341b2d76-feab-4911-b5de-fbdd92b21aa7"
|
||||
},
|
||||
{
|
||||
"Arn": "arn:aws:kms:eu-west-3:047081014315:alias/foo",
|
||||
"Id": "alias/foo",
|
||||
"Name": "alias/foo",
|
||||
"NamePrefix": null,
|
||||
"TargetKeyArn": "arn:aws:kms:eu-west-3:047081014315:key/341b2d76-feab-4911-b5de-fbdd92b21aa7",
|
||||
"TargetKeyId": "341b2d76-feab-4911-b5de-fbdd92b21aa7"
|
||||
}
|
||||
]
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,81 @@
|
|||
{
|
||||
"version": 4,
|
||||
"terraform_version": "0.14.7",
|
||||
"serial": 159,
|
||||
"lineage": "8a0e42ae-b5de-1d4e-fe9a-f13d80bc8cbc",
|
||||
"outputs": {},
|
||||
"resources": [
|
||||
{
|
||||
"mode": "managed",
|
||||
"type": "aws_kms_alias",
|
||||
"name": "bar",
|
||||
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
|
||||
"instances": [
|
||||
{
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"arn": "arn:aws:kms:eu-west-3:047081014315:alias/bar",
|
||||
"id": "alias/bar",
|
||||
"name": "alias/bar",
|
||||
"name_prefix": null,
|
||||
"target_key_arn": "arn:aws:kms:eu-west-3:047081014315:key/341b2d76-feab-4911-b5de-fbdd92b21aa7",
|
||||
"target_key_id": "341b2d76-feab-4911-b5de-fbdd92b21aa7"
|
||||
},
|
||||
"sensitive_attributes": [],
|
||||
"private": "bnVsbA==",
|
||||
"dependencies": [
|
||||
"aws_kms_key.key"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"mode": "managed",
|
||||
"type": "aws_kms_alias",
|
||||
"name": "baz",
|
||||
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
|
||||
"instances": [
|
||||
{
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"arn": "arn:aws:kms:eu-west-3:047081014315:alias/baz20210225124429210500000001",
|
||||
"id": "alias/baz20210225124429210500000001",
|
||||
"name": null,
|
||||
"name_prefix": "alias/baz",
|
||||
"target_key_arn": "arn:aws:kms:eu-west-3:047081014315:key/341b2d76-feab-4911-b5de-fbdd92b21aa7",
|
||||
"target_key_id": "341b2d76-feab-4911-b5de-fbdd92b21aa7"
|
||||
},
|
||||
"sensitive_attributes": [],
|
||||
"private": "bnVsbA==",
|
||||
"dependencies": [
|
||||
"aws_kms_key.key"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"mode": "managed",
|
||||
"type": "aws_kms_alias",
|
||||
"name": "foo",
|
||||
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
|
||||
"instances": [
|
||||
{
|
||||
"schema_version": 0,
|
||||
"attributes": {
|
||||
"arn": "arn:aws:kms:eu-west-3:047081014315:alias/foo",
|
||||
"id": "alias/foo",
|
||||
"name": "alias/foo",
|
||||
"name_prefix": null,
|
||||
"target_key_arn": "arn:aws:kms:eu-west-3:047081014315:key/341b2d76-feab-4911-b5de-fbdd92b21aa7",
|
||||
"target_key_id": "341b2d76-feab-4911-b5de-fbdd92b21aa7"
|
||||
},
|
||||
"sensitive_attributes": [],
|
||||
"private": "bnVsbA==",
|
||||
"dependencies": [
|
||||
"aws_kms_key.key"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -72,6 +72,7 @@ func Init(alerter *alerter.Alerter, providerLibrary *terraform.ProviderLibrary,
|
|||
supplierLibrary.AddSupplier(NewRoute53HealthCheckSupplier(provider))
|
||||
supplierLibrary.AddSupplier(NewCloudfrontDistributionSupplier(provider))
|
||||
supplierLibrary.AddSupplier(NewKMSKeySupplier(provider))
|
||||
supplierLibrary.AddSupplier(NewKMSAliasSupplier(provider))
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,64 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"github.com/aws/aws-sdk-go/service/kms"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/deserializer"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
awsdeserializer "github.com/cloudskiff/driftctl/pkg/resource/aws/deserializer"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
)
|
||||
|
||||
type KMSAliasSupplier struct {
|
||||
reader terraform.ResourceReader
|
||||
deserializer deserializer.CTYDeserializer
|
||||
client repository.KMSRepository
|
||||
runner *terraform.ParallelResourceReader
|
||||
}
|
||||
|
||||
func NewKMSAliasSupplier(provider *AWSTerraformProvider) *KMSAliasSupplier {
|
||||
return &KMSAliasSupplier{
|
||||
provider,
|
||||
awsdeserializer.NewKMSAliasDeserializer(),
|
||||
repository.NewKMSRepository(provider.session),
|
||||
terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
|
||||
}
|
||||
}
|
||||
|
||||
func (s KMSAliasSupplier) Resources() ([]resource.Resource, error) {
|
||||
aliases, err := s.client.ListAllAliases()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsKmsAliasResourceType)
|
||||
}
|
||||
|
||||
for _, alias := range aliases {
|
||||
alias := alias
|
||||
s.runner.Run(func() (cty.Value, error) {
|
||||
return s.readAlias(alias)
|
||||
})
|
||||
}
|
||||
|
||||
retrieve, err := s.runner.Wait()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return s.deserializer.Deserialize(retrieve)
|
||||
}
|
||||
|
||||
func (s KMSAliasSupplier) readAlias(alias *kms.AliasListEntry) (cty.Value, error) {
|
||||
val, err := s.reader.ReadResource(terraform.ReadResourceArgs{
|
||||
ID: *alias.AliasName,
|
||||
Ty: aws.AwsKmsAliasResourceType,
|
||||
})
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return cty.NilVal, err
|
||||
}
|
||||
return *val, nil
|
||||
}
|
||||
|
|
@ -0,0 +1,94 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/aws/aws-sdk-go/service/kms"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/cloudskiff/driftctl/pkg/parallel"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/test"
|
||||
"github.com/cloudskiff/driftctl/test/goldenfile"
|
||||
testmocks "github.com/cloudskiff/driftctl/test/mocks"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/mock"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
awsdeserializer "github.com/cloudskiff/driftctl/pkg/resource/aws/deserializer"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
)
|
||||
|
||||
func TestKMSAliasSupplier_Resources(t *testing.T) {
|
||||
cases := []struct {
|
||||
test string
|
||||
dirName string
|
||||
mocks func(client *repository.MockKMSRepository)
|
||||
err error
|
||||
}{
|
||||
{
|
||||
test: "no aliases",
|
||||
dirName: "kms_alias_empty",
|
||||
mocks: func(client *repository.MockKMSRepository) {
|
||||
client.On("ListAllAliases").Return([]*kms.AliasListEntry{}, nil)
|
||||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
test: "multiple aliases",
|
||||
dirName: "kms_alias_multiple",
|
||||
mocks: func(client *repository.MockKMSRepository) {
|
||||
client.On("ListAllAliases").Return([]*kms.AliasListEntry{
|
||||
{AliasName: aws.String("alias/foo")},
|
||||
{AliasName: aws.String("alias/bar")},
|
||||
{AliasName: aws.String("alias/baz20210225124429210500000001")},
|
||||
}, nil)
|
||||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
test: "cannot list aliases",
|
||||
dirName: "kms_alias_empty",
|
||||
mocks: func(client *repository.MockKMSRepository) {
|
||||
client.On("ListAllAliases").Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsKmsAliasResourceType),
|
||||
},
|
||||
}
|
||||
for _, c := range cases {
|
||||
shouldUpdate := c.dirName == *goldenfile.Update
|
||||
|
||||
providerLibrary := terraform.NewProviderLibrary()
|
||||
supplierLibrary := resource.NewSupplierLibrary()
|
||||
|
||||
if shouldUpdate {
|
||||
provider, err := InitTestAwsProvider(providerLibrary)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
supplierLibrary.AddSupplier(NewKMSAliasSupplier(provider))
|
||||
}
|
||||
|
||||
t.Run(c.test, func(tt *testing.T) {
|
||||
fakeClient := repository.MockKMSRepository{}
|
||||
c.mocks(&fakeClient)
|
||||
provider := testmocks.NewMockedGoldenTFProvider(c.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
|
||||
deserializer := awsdeserializer.NewKMSAliasDeserializer()
|
||||
s := &KMSAliasSupplier{
|
||||
provider,
|
||||
deserializer,
|
||||
&fakeClient,
|
||||
terraform.NewParallelResourceReader(parallel.NewParallelRunner(context.TODO(), 10)),
|
||||
}
|
||||
got, err := s.Resources()
|
||||
assert.Equal(tt, c.err, err)
|
||||
mock.AssertExpectationsForObjects(tt)
|
||||
test.CtyTestDiff(got, c.dirName, provider, deserializer, shouldUpdate, tt)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
@ -1,6 +1,8 @@
|
|||
package repository
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/session"
|
||||
"github.com/aws/aws-sdk-go/service/kms"
|
||||
"github.com/aws/aws-sdk-go/service/kms/kmsiface"
|
||||
|
|
@ -8,6 +10,7 @@ import (
|
|||
|
||||
type KMSRepository interface {
|
||||
ListAllKeys() ([]*kms.KeyListEntry, error)
|
||||
ListAllAliases() ([]*kms.AliasListEntry, error)
|
||||
}
|
||||
|
||||
type kmsRepository struct {
|
||||
|
|
@ -39,6 +42,21 @@ func (r *kmsRepository) ListAllKeys() ([]*kms.KeyListEntry, error) {
|
|||
return customerKeys, nil
|
||||
}
|
||||
|
||||
func (r *kmsRepository) ListAllAliases() ([]*kms.AliasListEntry, error) {
|
||||
var aliases []*kms.AliasListEntry
|
||||
input := kms.ListAliasesInput{}
|
||||
err := r.client.ListAliasesPages(&input,
|
||||
func(resp *kms.ListAliasesOutput, lastPage bool) bool {
|
||||
aliases = append(aliases, resp.Aliases...)
|
||||
return !lastPage
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return r.filterAliases(aliases), nil
|
||||
}
|
||||
|
||||
func (r *kmsRepository) filterKeys(keys []*kms.KeyListEntry) ([]*kms.KeyListEntry, error) {
|
||||
var customerKeys []*kms.KeyListEntry
|
||||
for _, key := range keys {
|
||||
|
|
@ -54,3 +72,13 @@ func (r *kmsRepository) filterKeys(keys []*kms.KeyListEntry) ([]*kms.KeyListEntr
|
|||
}
|
||||
return customerKeys, nil
|
||||
}
|
||||
|
||||
func (r *kmsRepository) filterAliases(aliases []*kms.AliasListEntry) []*kms.AliasListEntry {
|
||||
var customerAliases []*kms.AliasListEntry
|
||||
for _, alias := range aliases {
|
||||
if alias.AliasName != nil && !strings.HasPrefix(*alias.AliasName, "alias/aws/") {
|
||||
customerAliases = append(customerAliases, alias)
|
||||
}
|
||||
}
|
||||
return customerAliases
|
||||
}
|
||||
|
|
|
|||
|
|
@ -90,3 +90,60 @@ func Test_KMSRepository_ListAllKeys(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_KMSRepository_ListAllAliases(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
mocks func(client *mocks.KMSClient)
|
||||
want []*kms.AliasListEntry
|
||||
wantErr error
|
||||
}{
|
||||
{
|
||||
name: "List only customer aliases",
|
||||
mocks: func(client *mocks.KMSClient) {
|
||||
client.On("ListAliasesPages",
|
||||
&kms.ListAliasesInput{},
|
||||
mock.MatchedBy(func(callback func(res *kms.ListAliasesOutput, lastPage bool) bool) bool {
|
||||
callback(&kms.ListAliasesOutput{
|
||||
Aliases: []*kms.AliasListEntry{
|
||||
{AliasName: aws.String("alias/1")},
|
||||
{AliasName: aws.String("alias/foo/2")},
|
||||
{AliasName: aws.String("alias/aw/3")},
|
||||
{AliasName: aws.String("alias/aws/4")},
|
||||
{AliasName: aws.String("alias/aws/5")},
|
||||
{AliasName: aws.String("alias/awss/6")},
|
||||
{AliasName: aws.String("alias/aws7")},
|
||||
},
|
||||
}, true)
|
||||
return true
|
||||
})).Return(nil)
|
||||
},
|
||||
want: []*kms.AliasListEntry{
|
||||
{AliasName: aws.String("alias/1")},
|
||||
{AliasName: aws.String("alias/foo/2")},
|
||||
{AliasName: aws.String("alias/aw/3")},
|
||||
{AliasName: aws.String("alias/awss/6")},
|
||||
{AliasName: aws.String("alias/aws7")},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
client := &mocks.KMSClient{}
|
||||
tt.mocks(client)
|
||||
r := &kmsRepository{
|
||||
client: client,
|
||||
}
|
||||
got, err := r.ListAllAliases()
|
||||
assert.Equal(t, tt.wantErr, err)
|
||||
changelog, err := diff.Diff(got, tt.want)
|
||||
assert.Nil(t, err)
|
||||
if len(changelog) > 0 {
|
||||
for _, change := range changelog {
|
||||
t.Errorf("%s: %v -> %v", strings.Join(change.Path, "."), change.From, change.To)
|
||||
}
|
||||
t.Fail()
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,6 +12,29 @@ type MockKMSRepository struct {
|
|||
mock.Mock
|
||||
}
|
||||
|
||||
// ListAllAliases provides a mock function with given fields:
|
||||
func (_m *MockKMSRepository) ListAllAliases() ([]*kms.AliasListEntry, error) {
|
||||
ret := _m.Called()
|
||||
|
||||
var r0 []*kms.AliasListEntry
|
||||
if rf, ok := ret.Get(0).(func() []*kms.AliasListEntry); ok {
|
||||
r0 = rf()
|
||||
} else {
|
||||
if ret.Get(0) != nil {
|
||||
r0 = ret.Get(0).([]*kms.AliasListEntry)
|
||||
}
|
||||
}
|
||||
|
||||
var r1 error
|
||||
if rf, ok := ret.Get(1).(func() error); ok {
|
||||
r1 = rf()
|
||||
} else {
|
||||
r1 = ret.Error(1)
|
||||
}
|
||||
|
||||
return r0, r1
|
||||
}
|
||||
|
||||
// ListAllKeys provides a mock function with given fields:
|
||||
func (_m *MockKMSRepository) ListAllKeys() ([]*kms.KeyListEntry, error) {
|
||||
ret := _m.Called()
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
[]
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiYXJuIjoic3RyaW5nIiwiaWQiOiJzdHJpbmciLCJuYW1lIjoic3RyaW5nIiwibmFtZV9wcmVmaXgiOiJzdHJpbmciLCJ0YXJnZXRfa2V5X2FybiI6InN0cmluZyIsInRhcmdldF9rZXlfaWQiOiJzdHJpbmcifV0=",
|
||||
"Val": "eyJhcm4iOiJhcm46YXdzOmttczpldS13ZXN0LTM6MDQ3MDgxMDE0MzE1OmFsaWFzL2JhciIsImlkIjoiYWxpYXMvYmFyIiwibmFtZSI6bnVsbCwibmFtZV9wcmVmaXgiOm51bGwsInRhcmdldF9rZXlfYXJuIjoiYXJuOmF3czprbXM6ZXUtd2VzdC0zOjA0NzA4MTAxNDMxNTprZXkvMzQxYjJkNzYtZmVhYi00OTExLWI1ZGUtZmJkZDkyYjIxYWE3IiwidGFyZ2V0X2tleV9pZCI6IjM0MWIyZDc2LWZlYWItNDkxMS1iNWRlLWZiZGQ5MmIyMWFhNyJ9",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiYXJuIjoic3RyaW5nIiwiaWQiOiJzdHJpbmciLCJuYW1lIjoic3RyaW5nIiwibmFtZV9wcmVmaXgiOiJzdHJpbmciLCJ0YXJnZXRfa2V5X2FybiI6InN0cmluZyIsInRhcmdldF9rZXlfaWQiOiJzdHJpbmcifV0=",
|
||||
"Val": "eyJhcm4iOiJhcm46YXdzOmttczpldS13ZXN0LTM6MDQ3MDgxMDE0MzE1OmFsaWFzL2JhejIwMjEwMjI1MTI0NDI5MjEwNTAwMDAwMDAxIiwiaWQiOiJhbGlhcy9iYXoyMDIxMDIyNTEyNDQyOTIxMDUwMDAwMDAwMSIsIm5hbWUiOm51bGwsIm5hbWVfcHJlZml4IjpudWxsLCJ0YXJnZXRfa2V5X2FybiI6ImFybjphd3M6a21zOmV1LXdlc3QtMzowNDcwODEwMTQzMTU6a2V5LzM0MWIyZDc2LWZlYWItNDkxMS1iNWRlLWZiZGQ5MmIyMWFhNyIsInRhcmdldF9rZXlfaWQiOiIzNDFiMmQ3Ni1mZWFiLTQ5MTEtYjVkZS1mYmRkOTJiMjFhYTcifQ==",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiYXJuIjoic3RyaW5nIiwiaWQiOiJzdHJpbmciLCJuYW1lIjoic3RyaW5nIiwibmFtZV9wcmVmaXgiOiJzdHJpbmciLCJ0YXJnZXRfa2V5X2FybiI6InN0cmluZyIsInRhcmdldF9rZXlfaWQiOiJzdHJpbmcifV0=",
|
||||
"Val": "eyJhcm4iOiJhcm46YXdzOmttczpldS13ZXN0LTM6MDQ3MDgxMDE0MzE1OmFsaWFzL2ZvbyIsImlkIjoiYWxpYXMvZm9vIiwibmFtZSI6bnVsbCwibmFtZV9wcmVmaXgiOm51bGwsInRhcmdldF9rZXlfYXJuIjoiYXJuOmF3czprbXM6ZXUtd2VzdC0zOjA0NzA4MTAxNDMxNTprZXkvMzQxYjJkNzYtZmVhYi00OTExLWI1ZGUtZmJkZDkyYjIxYWE3IiwidGFyZ2V0X2tleV9pZCI6IjM0MWIyZDc2LWZlYWItNDkxMS1iNWRlLWZiZGQ5MmIyMWFhNyJ9",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
[
|
||||
{
|
||||
"arn": "arn:aws:kms:eu-west-3:047081014315:alias/baz20210225124429210500000001",
|
||||
"id": "alias/baz20210225124429210500000001",
|
||||
"name": null,
|
||||
"name_prefix": null,
|
||||
"target_key_arn": "arn:aws:kms:eu-west-3:047081014315:key/341b2d76-feab-4911-b5de-fbdd92b21aa7",
|
||||
"target_key_id": "341b2d76-feab-4911-b5de-fbdd92b21aa7"
|
||||
},
|
||||
{
|
||||
"arn": "arn:aws:kms:eu-west-3:047081014315:alias/foo",
|
||||
"id": "alias/foo",
|
||||
"name": null,
|
||||
"name_prefix": null,
|
||||
"target_key_arn": "arn:aws:kms:eu-west-3:047081014315:key/341b2d76-feab-4911-b5de-fbdd92b21aa7",
|
||||
"target_key_id": "341b2d76-feab-4911-b5de-fbdd92b21aa7"
|
||||
},
|
||||
{
|
||||
"arn": "arn:aws:kms:eu-west-3:047081014315:alias/bar",
|
||||
"id": "alias/bar",
|
||||
"name": null,
|
||||
"name_prefix": null,
|
||||
"target_key_arn": "arn:aws:kms:eu-west-3:047081014315:key/341b2d76-feab-4911-b5de-fbdd92b21aa7",
|
||||
"target_key_id": "341b2d76-feab-4911-b5de-fbdd92b21aa7"
|
||||
}
|
||||
]
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,26 @@
|
|||
provider "aws" {
|
||||
region = "us-east-1"
|
||||
}
|
||||
|
||||
terraform {
|
||||
required_providers {
|
||||
aws = "3.19.0"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_kms_key" "key" {}
|
||||
|
||||
resource "aws_kms_alias" "foo" {
|
||||
name = "alias/foo"
|
||||
target_key_id = aws_kms_key.key.key_id
|
||||
}
|
||||
|
||||
resource "aws_kms_alias" "bar" {
|
||||
name = "alias/bar"
|
||||
target_key_id = aws_kms_key.key.key_id
|
||||
}
|
||||
|
||||
resource "aws_kms_alias" "baz" {
|
||||
name_prefix = "alias/baz"
|
||||
target_key_id = aws_kms_key.key.key_id
|
||||
}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
// GENERATED, DO NOT EDIT THIS FILE
|
||||
package aws
|
||||
|
||||
const AwsKmsAliasResourceType = "aws_kms_alias"
|
||||
|
||||
type AwsKmsAlias struct {
|
||||
Arn *string `cty:"arn" computed:"true"`
|
||||
Id string `cty:"id" computed:"true"`
|
||||
Name *string `cty:"name" diff:"-"`
|
||||
NamePrefix *string `cty:"name_prefix" diff:"-"`
|
||||
TargetKeyArn *string `cty:"target_key_arn" computed:"true"`
|
||||
TargetKeyId *string `cty:"target_key_id"`
|
||||
}
|
||||
|
||||
func (r *AwsKmsAlias) TerraformId() string {
|
||||
return r.Id
|
||||
}
|
||||
|
||||
func (r *AwsKmsAlias) TerraformType() string {
|
||||
return AwsKmsAliasResourceType
|
||||
}
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
package aws_test
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/cloudskiff/driftctl/test/acceptance"
|
||||
)
|
||||
|
||||
func TestAcc_Aws_KMSAlias(t *testing.T) {
|
||||
acceptance.Run(t, acceptance.AccTestCase{
|
||||
Paths: []string{"./testdata/acc/aws_kms_alias"},
|
||||
Args: []string{"scan", "--filter", "Type=='aws_kms_alias'"},
|
||||
Checks: []acceptance.AccCheck{
|
||||
{
|
||||
Env: map[string]string{
|
||||
"AWS_REGION": "us-east-1",
|
||||
},
|
||||
Check: func(result *acceptance.ScanResult, stdout string, err error) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
result.AssertInfrastructureIsInSync()
|
||||
result.AssertManagedCount(2)
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
package deserializer
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
"github.com/zclconf/go-cty/cty/gocty"
|
||||
)
|
||||
|
||||
type KMSAliasDeserializer struct {
|
||||
}
|
||||
|
||||
func NewKMSAliasDeserializer() *KMSAliasDeserializer {
|
||||
return &KMSAliasDeserializer{}
|
||||
}
|
||||
|
||||
func (s *KMSAliasDeserializer) HandledType() resource.ResourceType {
|
||||
return resourceaws.AwsKmsAliasResourceType
|
||||
}
|
||||
|
||||
func (s KMSAliasDeserializer) Deserialize(rawList []cty.Value) ([]resource.Resource, error) {
|
||||
resources := make([]resource.Resource, 0)
|
||||
for _, rawResource := range rawList {
|
||||
rawResource := rawResource
|
||||
resource, err := decodeKMSAlias(&rawResource)
|
||||
if err != nil {
|
||||
logrus.Warnf("Error when deserializing resource %+v : %+v", rawResource, err)
|
||||
return nil, err
|
||||
}
|
||||
resources = append(resources, resource)
|
||||
}
|
||||
return resources, nil
|
||||
}
|
||||
|
||||
func decodeKMSAlias(raw *cty.Value) (*resourceaws.AwsKmsAlias, error) {
|
||||
var decoded resourceaws.AwsKmsAlias
|
||||
if err := gocty.FromCtyValue(*raw, &decoded); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &decoded, nil
|
||||
}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
# This file is maintained automatically by "terraform init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/hashicorp/aws" {
|
||||
version = "3.19.0"
|
||||
constraints = "3.19.0"
|
||||
hashes = [
|
||||
"h1:xur9tF49NgsovNnmwmBR8RdpN8Fcg1TD4CKQPJD6n1A=",
|
||||
"zh:185a5259153eb9ee4699d4be43b3d509386b473683392034319beee97d470c3b",
|
||||
"zh:2d9a0a01f93e8d16539d835c02b8b6e1927b7685f4076e96cb07f7dd6944bc6c",
|
||||
"zh:703f6da36b1b5f3497baa38fccaa7765fb8a2b6440344e4c97172516b49437dd",
|
||||
"zh:770855565462abadbbddd98cb357d2f1a8f30f68a358cb37cbd5c072cb15b377",
|
||||
"zh:8008db43149fe4345301f81e15e6d9ddb47aa5e7a31648f9b290af96ad86e92a",
|
||||
"zh:8cdd27d375da6dcb7687f1fed126b7c04efce1671066802ee876dbbc9c66ec79",
|
||||
"zh:be22ae185005690d1a017c1b909e0d80ab567e239b4f06ecacdba85080667c1c",
|
||||
"zh:d2d02e72dbd80f607636cd6237a6c862897caabc635c7b50c0cb243d11246723",
|
||||
"zh:d8f125b66a1eda2555c0f9bbdf12036a5f8d073499a22ca9e4812b68067fea31",
|
||||
"zh:f5a98024c64d5d2973ff15b093725a074c0cb4afde07ef32c542e69f17ac90bc",
|
||||
]
|
||||
}
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
provider "aws" {
|
||||
region = "us-east-1"
|
||||
}
|
||||
|
||||
terraform {
|
||||
required_providers {
|
||||
aws = "3.19.0"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_kms_key" "key" {
|
||||
deletion_window_in_days = 7
|
||||
is_enabled = false
|
||||
}
|
||||
|
||||
resource "aws_kms_alias" "foo" {
|
||||
name = "alias/foo"
|
||||
target_key_id = aws_kms_key.key.key_id
|
||||
}
|
||||
|
||||
resource "aws_kms_alias" "baz" {
|
||||
name_prefix = "alias/baz"
|
||||
target_key_id = aws_kms_key.key.key_id
|
||||
}
|
||||
Loading…
Reference in New Issue