Add deep mode flag

2021-07-20 14:42:52 +02:00 · 2021-07-20 14:42:52 +02:00 · 91a0418137
parent f7d79529b1
commit 91a0418137
37 changed files with 53 additions and 42 deletions
--- a/pkg/cmd/scan.go
+++ b/pkg/cmd/scan.go
@ -33,7 +33,7 @@ import (
 )

 func NewScanCmd() *cobra.Command {
-	opts := &pkg.ScanOptions{Deep: true}
+	opts := &pkg.ScanOptions{}
 	opts.BackendOptions = &backend.Options{}

 	cmd := &cobra.Command{
@ -99,6 +99,8 @@ func NewScanCmd() *cobra.Command {
 		},
 	}

+	warn := color.New(color.FgYellow, color.Bold).SprintfFunc()
+
 	fl := cmd.Flags()
 	fl.Bool(
 		"quiet",
@ -160,6 +162,12 @@ func NewScanCmd() *cobra.Command {
 		false,
 		"Includes cloud provider service-linked roles (disabled by default)",
 	)
+	fl.BoolVar(&opts.Deep,
+		"deep",
+		false,
+		fmt.Sprintf("%s Enable deep mode\n", warn("EXPERIMENTAL:"))+
+			"You should check the documentation for more details: https://docs.driftctl.com/deep-mode\n",
+	)
 	fl.StringVar(&opts.DriftignorePath,
 		"driftignore",
 		".driftignore",
--- a/pkg/cmd/scan_test.go
+++ b/pkg/cmd/scan_test.go
@ -43,6 +43,7 @@ func TestScanCmd_Valid(t *testing.T) {
 		{args: []string{"scan", "--tfc-token", "token"}},
 		{args: []string{"scan", "--filter", "Type=='aws_s3_bucket'"}},
 		{args: []string{"scan", "--strict"}},
+		{args: []string{"scan", "--deep"}},
 		{args: []string{"scan", "--tf-provider-version", "1.2.3"}},
 		{args: []string{"scan", "--tf-provider-version", "3.30.2"}},
 		{args: []string{"scan", "--driftignore", "./path/to/driftignore.s3"}},
--- a/pkg/remote/scanner.go
+++ b/pkg/remote/scanner.go
@ -112,19 +112,20 @@ func (s *Scanner) scan() ([]resource.Resource, error) {
 		return nil, err
 	}

+	if !s.options.Deep {
+		return enumerationResult, nil
+	}
+
 	for _, res := range enumerationResult {
 		res := res
 		s.detailsFetcherRunner.Run(func() (interface{}, error) {
 			fetcher := s.remoteLibrary.GetDetailsFetcher(resource.ResourceType(res.TerraformType()))
 			if fetcher != nil {
-				// If we are in deep mode, retrieve resource details
-				if s.options.Deep {
-					resourceWithDetails, err := fetcher.ReadDetails(res)
-					if err != nil {
-						return nil, err
-					}
-					return []resource.Resource{resourceWithDetails}, nil
+				resourceWithDetails, err := fetcher.ReadDetails(res)
+				if err != nil {
+					return nil, err
 				}
+				return []resource.Resource{resourceWithDetails}, nil
 			}
 			return []resource.Resource{res}, nil
 		})
--- a/pkg/resource/aws/aws_ami_test.go
+++ b/pkg/resource/aws/aws_ami_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_Ami(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_ami"},
-		Args:             []string{"scan", "--filter", "Type=='aws_ami'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_ami'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_cloudfront_distribution_test.go
+++ b/pkg/resource/aws/aws_cloudfront_distribution_test.go
@ -22,7 +22,7 @@ func TestAcc_Aws_CloudfrontDistribution(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion:           "0.14.9",
 		Paths:                      []string{"./testdata/acc/aws_cloudfront_distribution"},
-		Args:                       []string{"scan", "--filter", "Type=='aws_cloudfront_distribution'"},
+		Args:                       []string{"scan", "--filter", "Type=='aws_cloudfront_distribution'", "--deep"},
 		ShouldRefreshBeforeDestroy: true,
 		Checks: []acceptance.AccCheck{
 			{
--- a/pkg/resource/aws/aws_db_instance_test.go
+++ b/pkg/resource/aws/aws_db_instance_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_DbInstance(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_db_instance"},
-		Args:             []string{"scan", "--filter", "Type=='aws_db_instance'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_db_instance'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_db_subnet_group_test.go
+++ b/pkg/resource/aws/aws_db_subnet_group_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_DbSubnetGroup(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_db_subnet_group"},
-		Args:             []string{"scan", "--filter", "Type=='aws_db_subnet_group' && Id!='default'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_db_subnet_group' && Id!='default'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_dynamodb_table_test.go
+++ b/pkg/resource/aws/aws_dynamodb_table_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsDynamoDBTable(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_dynamodb_table"},
-		Args:             []string{"scan", "--filter", "Type=='aws_dynamodb_table'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_dynamodb_table'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_ebs_snapshot_test.go
+++ b/pkg/resource/aws/aws_ebs_snapshot_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_EbsSnapshot(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_ebs_snapshot"},
-		Args:             []string{"scan", "--filter", "Type=='aws_ebs_snapshot'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_ebs_snapshot'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_ebs_volume_test.go
+++ b/pkg/resource/aws/aws_ebs_volume_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_EbsVolume(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_ebs_volume"},
-		Args:             []string{"scan", "--filter", "Type=='aws_ebs_volume'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_ebs_volume'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_ecr_repository_test.go
+++ b/pkg/resource/aws/aws_ecr_repository_test.go
@ -20,7 +20,7 @@ func TestAcc_AwsECRRepository(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_ecr_repository"},
-		Args:             []string{"scan", "--filter", "Type=='aws_ecr_repository'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_ecr_repository'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_eip_association_test.go
+++ b/pkg/resource/aws/aws_eip_association_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_EipAssociation(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_eip_association"},
-		Args:             []string{"scan", "--filter", "Type=='aws_eip' || Type=='aws_eip_association'", "--tf-provider-version", "3.44.0"},
+		Args:             []string{"scan", "--filter", "Type=='aws_eip' || Type=='aws_eip_association'", "--tf-provider-version", "3.44.0", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_eip_test.go
+++ b/pkg/resource/aws/aws_eip_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_Eip(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_eip"},
-		Args:             []string{"scan", "--filter", "Type=='aws_eip' || Type=='aws_eip_association'", "--tf-provider-version", "3.44.0"},
+		Args:             []string{"scan", "--filter", "Type=='aws_eip' || Type=='aws_eip_association'", "--tf-provider-version", "3.44.0", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_iam_access_key_test.go
+++ b/pkg/resource/aws/aws_iam_access_key_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_IamAccessKey(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_iam_access_key"},
-		Args:             []string{"scan", "--filter", "Type=='aws_iam_access_key' && Attr.user!='circleci_acc_tests_admin' && Attr.user!='driftctl_qa'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_iam_access_key' && Attr.user!='circleci_acc_tests_admin' && Attr.user!='driftctl_qa'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_iam_policy_attachment_test.go
+++ b/pkg/resource/aws/aws_iam_policy_attachment_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsIamPolicyAttachment_WithGroupsUsers(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_iam_policy_attachment"},
-		Args:             []string{"scan", "--filter", "Type=='aws_iam_policy_attachment'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_iam_policy_attachment'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Check: func(result *test.ScanResult, stdout string, err error) {
--- a/pkg/resource/aws/aws_iam_role_test.go
+++ b/pkg/resource/aws/aws_iam_role_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_IamRole(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_iam_role"},
-		Args:             []string{"scan", "--filter", "Type=='aws_iam_role'", "--tf-provider-version", "3.45.0"},
+		Args:             []string{"scan", "--filter", "Type=='aws_iam_role'", "--tf-provider-version", "3.45.0", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_instance_test.go
+++ b/pkg/resource/aws/aws_instance_test.go
@ -24,6 +24,7 @@ func TestAcc_AwsInstance(t *testing.T) {
 			"Type=='aws_instance' || Type=='aws_ebs_volume'",
 			"--tf-provider-version",
 			"3.45.0",
+			"--deep",
 		},
 		Checks: []acceptance.AccCheck{
 			{
--- a/pkg/resource/aws/aws_internet_gateway_test.go
+++ b/pkg/resource/aws/aws_internet_gateway_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsInternetGateway(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_internet_gateway"},
-		Args:             []string{"scan", "--filter", "Type=='aws_internet_gateway'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_internet_gateway'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_kms_alias_test.go
+++ b/pkg/resource/aws/aws_kms_alias_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_KMSAlias(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_kms_alias"},
-		Args:             []string{"scan", "--filter", "Type=='aws_kms_alias'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_kms_alias'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_kms_key_test.go
+++ b/pkg/resource/aws/aws_kms_key_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_KMSKey(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_kms_key"},
-		Args:             []string{"scan", "--filter", "Type=='aws_kms_key'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_kms_key'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_lambda_event_source_mapping_test.go
+++ b/pkg/resource/aws/aws_lambda_event_source_mapping_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsLambdaEventSourceMapping(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_lambda_event_source_mapping"},
-		Args:             []string{"scan", "--filter", "Type=='aws_lambda_event_source_mapping'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_lambda_event_source_mapping'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_nat_gateway_test.go
+++ b/pkg/resource/aws/aws_nat_gateway_test.go
@ -12,7 +12,7 @@ func TestAcc_AwsNATGateway(t *testing.T) {
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_nat_gateway"},
 		// We filter on aws_eip_association too to test the middleware behavior
-		Args: []string{"scan", "--filter", "Type=='aws_nat_gateway' || Type=='aws_eip_association'"},
+		Args: []string{"scan", "--filter", "Type=='aws_nat_gateway' || Type=='aws_eip_association'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_route53_health_check_test.go
+++ b/pkg/resource/aws/aws_route53_health_check_test.go
@ -19,7 +19,7 @@ func TestAcc_AwsRoute53HealthCheck(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_route53_health_check"},
-		Args:             []string{"scan", "--filter", "Type=='aws_route53_health_check'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_route53_health_check'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_route53_record_test.go
+++ b/pkg/resource/aws/aws_route53_record_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsRoute53Record_WithFQDNAsId(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_route53_record"},
-		Args:             []string{"scan", "--filter", "Type=='aws_route53_record'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_route53_record'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
@ -34,7 +34,7 @@ func TestAcc_AwsRoute53Record_WithAlias(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_route53_record_with_alias"},
-		Args:             []string{"scan", "--filter", "Type=='aws_route53_record'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_route53_record'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Check: func(result *test.ScanResult, stdout string, err error) {
--- a/pkg/resource/aws/aws_route_table_association_test.go
+++ b/pkg/resource/aws/aws_route_table_association_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsRouteTableAssociation(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_route_table_association"},
-		Args:             []string{"scan", "--filter", "Type=='aws_route_table_association'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_route_table_association'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_route_table_test.go
+++ b/pkg/resource/aws/aws_route_table_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsRouteTable(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_route_table"},
-		Args:             []string{"scan", "--filter", "Type=='aws_route_table' || Type=='aws_default_route_table'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_route_table' || Type=='aws_default_route_table'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_route_test.go
+++ b/pkg/resource/aws/aws_route_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsRoute(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_route"},
-		Args:             []string{"scan", "--filter", "Type=='aws_route'", "--tf-provider-version", "3.44.0"},
+		Args:             []string{"scan", "--filter", "Type=='aws_route'", "--tf-provider-version", "3.44.0", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_s3_bucket_test.go
+++ b/pkg/resource/aws/aws_s3_bucket_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsS3Bucket_BucketInUsEast1(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_s3_bucket"},
-		Args:             []string{"scan", "--filter", "Type=='aws_s3_bucket' || Type=='aws_s3_bucket_policy'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_s3_bucket' || Type=='aws_s3_bucket_policy'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_security_group_rule_test.go
+++ b/pkg/resource/aws/aws_security_group_rule_test.go
@ -11,7 +11,7 @@ func TestAcc_Aws_SecurityGroupRule(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_security_group_rule"},
-		Args:             []string{"scan", "--filter", "Type=='aws_security_group_rule'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_security_group_rule'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_security_group_test.go
+++ b/pkg/resource/aws/aws_security_group_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsSecurityGroup(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_security_group"},
-		Args:             []string{"scan", "--filter", "Type=='aws_security_group' || Type=='aws_default_security_group'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_security_group' || Type=='aws_default_security_group'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_sns_topic_policy_test.go
+++ b/pkg/resource/aws/aws_sns_topic_policy_test.go
@ -16,7 +16,7 @@ func TestAcc_AwsSNSTopicPolicy(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_sns_topic_policy"},
-		Args:             []string{"scan", "--filter", "Type=='aws_sns_topic' || Type=='aws_sns_topic_policy'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_sns_topic' || Type=='aws_sns_topic_policy'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_sns_topic_subscription_test.go
+++ b/pkg/resource/aws/aws_sns_topic_subscription_test.go
@ -16,7 +16,7 @@ func TestAcc_AwsSNSTopicSubscription(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_sns_topic_subscription"},
-		Args:             []string{"scan", "--filter", "Type=='aws_sns_topic_subscription'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_sns_topic_subscription'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_sns_topic_test.go
+++ b/pkg/resource/aws/aws_sns_topic_test.go
@ -26,7 +26,7 @@ func TestAcc_AwsSNSTopic(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_sns_topic"},
-		Args:             []string{"scan", "--filter", "Type=='aws_sns_topic'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_sns_topic'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_sqs_queue_policy_test.go
+++ b/pkg/resource/aws/aws_sqs_queue_policy_test.go
@ -16,7 +16,7 @@ func TestAcc_AwsSQSQueuePolicy(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_sqs_queue_policy"},
-		Args:             []string{"scan", "--filter", "Type=='aws_sqs_queue_policy'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_sqs_queue_policy'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_sqs_queue_test.go
+++ b/pkg/resource/aws/aws_sqs_queue_test.go
@ -24,7 +24,7 @@ func TestAcc_AwsSQSQueue(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_sqs_queue"},
-		Args:             []string{"scan", "--filter", "Type=='aws_sqs_queue'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_sqs_queue'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_subnet_test.go
+++ b/pkg/resource/aws/aws_subnet_test.go
@ -11,7 +11,7 @@ func TestAcc_AwsSubnet(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_subnet"},
-		Args:             []string{"scan", "--filter", "Type=='aws_subnet' || Type=='aws_default_subnet'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_subnet' || Type=='aws_default_subnet'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{
--- a/pkg/resource/aws/aws_vpc_test.go
+++ b/pkg/resource/aws/aws_vpc_test.go
@ -12,7 +12,7 @@ func TestAcc_AwsVPC(t *testing.T) {
 	acceptance.Run(t, acceptance.AccTestCase{
 		TerraformVersion: "0.14.9",
 		Paths:            []string{"./testdata/acc/aws_vpc"},
-		Args:             []string{"scan", "--filter", "Type=='aws_vpc'"},
+		Args:             []string{"scan", "--filter", "Type=='aws_vpc'", "--deep"},
 		Checks: []acceptance.AccCheck{
 			{
 				Env: map[string]string{