sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #497 from cloudskiff/refacto_iam 

Refacto IAM resources and `aws_key_pair`
main
Elie 2021-05-11 16:13:59 +02:00 committed by GitHub
parent 035788e150 550f5e84ae
commit 92c58cd3e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
40 changed files with 650412 additions and 85285 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/driftctl.go
View File

@ -72,7 +72,7 @@ func (d DriftCTL) Run() (*analyser.Analysis, error) {
middlewares.NewAwsInstanceBlockDeviceResourceMapper(d.resourceFactory),
middlewares.NewVPCDefaultSecurityGroupSanitizer(),
middlewares.NewVPCSecurityGroupRuleSanitizer(d.resourceFactory),
middlewares.NewIamPolicyAttachmentSanitizer(),
middlewares.NewIamPolicyAttachmentSanitizer(d.resourceFactory),
middlewares.AwsInstanceEIP{},
middlewares.NewAwsDefaultInternetGatewayRoute(),
middlewares.NewAwsDefaultInternetGateway(),

191
pkg/driftctl_test.go
View File

@ -73,6 +73,10 @@ func runTest(t *testing.T, cases TestCases) {
c.mocks(resourceFactory)
}
if c.options == nil {
c.options = &pkg.ScanOptions{}
}
scanProgress := &output.MockProgress{}
scanProgress.On("Start").Return().Once()
scanProgress.On("Stop").Return().Once()
@ -110,7 +114,6 @@ func TestDriftctlRun_BasicBehavior(t *testing.T) {
assert: func(result *test.ScanResult, err error) {
result.NotZero(result.Duration)
},
options: &pkg.ScanOptions{},
},
{
name: "infrastructure should be in sync",
@ -277,40 +280,74 @@ func TestDriftctlRun_BasicBehavior(t *testing.T) {
},
{
name: "we should ignore default AWS IAM role when strict mode is disabled",
mocks: func(factory resource.ResourceFactory) {
factory.(*terraform.MockResourceFactory).On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role-test-1-policy-test-1",
map[string]interface{}{
"roles": []string{"role-test-1"},
},
).Once().Return(&resource.AbstractResource{
Id: "role-test-1-policy-test-1",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"roles": []string{"role-test-1"},
},
})
},
stateResources: []resource.Resource{
testresource.FakeResource{
Id: "fake",
},
&aws.AwsIamPolicy{
&resource.AbstractResource{
Id: "role-policy-test-1",
Arn: func(p string) *string { return &p }("policy-test-1"),
Type: aws.AwsIamPolicyResourceType,
Attrs: &resource.Attributes{
"arn": "policy-test-1",
},
},
},
remoteResources: []resource.Resource{
testresource.FakeResource{
Id: "fake",
},
&aws.AwsIamRole{
&resource.AbstractResource{
Id: "role-test-1",
Path: func(p string) *string { return &p }("/aws-service-role/test"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/aws-service-role/test",
},
&aws.AwsIamRolePolicy{
},
&resource.AbstractResource{
Id: "role-policy-test-1",
Role: func(p string) *string { return &p }("role-test-1"),
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "role-test-1",
},
&aws.AwsIamPolicy{
},
&resource.AbstractResource{
Id: "role-policy-test-1",
Arn: func(p string) *string { return &p }("policy-test-1"),
Type: aws.AwsIamPolicyResourceType,
Attrs: &resource.Attributes{
"arn": "policy-test-1",
},
&aws.AwsIamPolicyAttachment{
},
&resource.AbstractResource{
Id: "policy-attachment-test-1",
PolicyArn: func(p string) *string { return &p }("policy-test-1"),
Users: func(p []string) *[]string { return &p }([]string{}),
Roles: func(p []string) *[]string { return &p }([]string{"role-test-1"}),
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "policy-test-1",
"users": []string{},
"roles": []string{"role-test-1"},
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "role-test-2",
Path: func(p string) *string { return &p }("/not-aws-service-role/test"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/test",
},
},
},
assert: func(result *test.ScanResult, err error) {
@ -327,40 +364,74 @@ func TestDriftctlRun_BasicBehavior(t *testing.T) {
},
{
name: "we should not ignore default AWS IAM role when strict mode is enabled",
mocks: func(factory resource.ResourceFactory) {
factory.(*terraform.MockResourceFactory).On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role-test-1-policy-test-1",
map[string]interface{}{
"roles": []string{"role-test-1"},
},
).Once().Return(&resource.AbstractResource{
Id: "role-test-1-policy-test-1",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"roles": []string{"role-test-1"},
},
})
},
stateResources: []resource.Resource{
testresource.FakeResource{
Id: "fake",
},
&aws.AwsIamPolicy{
&resource.AbstractResource{
Id: "policy-test-1",
Arn: func(p string) *string { return &p }("policy-test-1"),
Type: aws.AwsIamPolicyResourceType,
Attrs: &resource.Attributes{
"arn": "policy-test-1",
},
},
},
remoteResources: []resource.Resource{
testresource.FakeResource{
Id: "fake",
},
&aws.AwsIamRole{
&resource.AbstractResource{
Id: "role-test-1",
Path: func(p string) *string { return &p }("/aws-service-role/test"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/aws-service-role/test",
},
&aws.AwsIamRolePolicy{
},
&resource.AbstractResource{
Id: "role-policy-test-1",
Role: func(p string) *string { return &p }("role-test-1"),
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "role-test-1",
},
&aws.AwsIamPolicy{
},
&resource.AbstractResource{
Id: "policy-test-1",
Arn: func(p string) *string { return &p }("policy-test-1"),
Type: aws.AwsIamPolicyResourceType,
Attrs: &resource.Attributes{
"arn": "policy-test-1",
},
&aws.AwsIamPolicyAttachment{
},
&resource.AbstractResource{
Id: "policy-attachment-test-1",
PolicyArn: func(p string) *string { return &p }("policy-test-1"),
Users: func(p []string) *[]string { return &p }([]string{}),
Roles: func(p []string) *[]string { return &p }([]string{"role-test-1"}),
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "policy-test-1",
"users": []string{},
"roles": []string{"role-test-1"},
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "role-test-2",
Path: func(p string) *string { return &p }("/not-aws-service-role/test"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/test",
},
},
},
assert: func(result *test.ScanResult, err error) {
@ -377,40 +448,74 @@ func TestDriftctlRun_BasicBehavior(t *testing.T) {
},
{
name: "we should not ignore default AWS IAM role when strict mode is enabled and a filter is specified",
mocks: func(factory resource.ResourceFactory) {
factory.(*terraform.MockResourceFactory).On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role-test-1-policy-test-1",
map[string]interface{}{
"roles": []string{"role-test-1"},
},
).Once().Return(&resource.AbstractResource{
Id: "role-test-1-policy-test-1",
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"roles": []string{"role-test-1"},
},
})
},
stateResources: []resource.Resource{
testresource.FakeResource{
Id: "fake",
},
&aws.AwsIamPolicy{
&resource.AbstractResource{
Id: "policy-test-1",
Arn: func(p string) *string { return &p }("policy-test-1"),
Type: aws.AwsIamPolicyResourceType,
Attrs: &resource.Attributes{
"arn": "policy-test-1",
},
},
},
remoteResources: []resource.Resource{
testresource.FakeResource{
Id: "fake",
},
&aws.AwsIamRole{
&resource.AbstractResource{
Id: "role-test-1",
Path: func(p string) *string { return &p }("/aws-service-role/test"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/aws-service-role/test",
},
&aws.AwsIamRolePolicy{
},
&resource.AbstractResource{
Id: "role-policy-test-1",
Role: func(p string) *string { return &p }("role-test-1"),
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "role-test-1",
},
&aws.AwsIamPolicy{
},
&resource.AbstractResource{
Id: "policy-test-1",
Arn: func(p string) *string { return &p }("policy-test-1"),
Type: aws.AwsIamPolicyResourceType,
Attrs: &resource.Attributes{
"arn": "policy-test-1",
},
&aws.AwsIamPolicyAttachment{
},
&resource.AbstractResource{
Id: "policy-attachment-test-1",
PolicyArn: func(p string) *string { return &p }("policy-test-1"),
Users: func(p []string) *[]string { return &p }([]string{}),
Roles: func(p []string) *[]string { return &p }([]string{"role-test-1"}),
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "policy-test-1",
"users": []string{},
"roles": []string{"role-test-1"},
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "role-test-2",
Path: func(p string) *string { return &p }("/not-aws-service-role/test"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/test",
},
},
},
assert: func(result *test.ScanResult, err error) {

17
pkg/iac/terraform/state/test/ec2_key_pair/result.golden.json
View File

@ -1 +1,16 @@
[{"Arn":"arn:aws:ec2:eu-west-3:047081014315:key-pair/test","Fingerprint":"b1:fb:1c:2a:f1:f9:7e:98:44:5f:0c:57:5a:47:31:af:77:a5:f2:ba","Id":"test","KeyName":"test","KeyNamePrefix":null,"KeyPairId":"key-05080f65a4735790b","PublicKey":null,"Tags":{"test":"lol2"},"CtyVal":{}}]
[
{
"Id": "test",
"Type": "aws_key_pair",
"Attrs": {
"arn": "arn:aws:ec2:eu-west-3:047081014315:key-pair/test",
"fingerprint": "b1:fb:1c:2a:f1:f9:7e:98:44:5f:0c:57:5a:47:31:af:77:a5:f2:ba",
"id": "test",
"key_name": "test",
"key_pair_id": "key-05080f65a4735790b",
"tags": {
"test": "lol2"
}
}
}
]

171758
pkg/iac/terraform/state/test/ec2_key_pair/schema.golden.json
View File

File diff suppressed because one or more lines are too long

22
pkg/iac/terraform/state/test/iam_access_key_multiple/result.golden.json
View File

@ -1,26 +1,4 @@
[
{
"Arn": "arn:aws:iam::929327065333:user/test-driftctl",
"ForceDestroy": false,
"Id": "test-driftctl",
"Name": "test-driftctl",
"Path": "/",
"PermissionsBoundary": null,
"Tags": {},
"UniqueId": "AIDA5QYBVVD27TBHIJVSL",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::929327065333:user/test-driftctl2",
"ForceDestroy": false,
"Id": "test-driftctl2",
"Name": "test-driftctl2",
"Path": "/",
"PermissionsBoundary": null,
"Tags": {},
"UniqueId": "AIDA5QYBVVD2RVTK3ODPO",
"CtyVal": {}
},
{
"EncryptedSecret": null,
"Id": "AKIA5QYBVVD223VWU32A",

70124
pkg/iac/terraform/state/test/iam_access_key_multiple/schema.golden.json
View File

File diff suppressed because it is too large Load Diff

44
pkg/iac/terraform/state/test/iam_access_key_multiple/terraform.tfstate
View File

@ -94,50 +94,6 @@
]
}
]
},
{
"mode": "managed",
"type": "aws_iam_user",
"name": "testuser",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::929327065333:user/test-driftctl",
"force_destroy": false,
"id": "test-driftctl",
"name": "test-driftctl",
"path": "/",
"permissions_boundary": null,
"tags": {},
"unique_id": "AIDA5QYBVVD27TBHIJVSL"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_user",
"name": "testuser2",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::929327065333:user/test-driftctl2",
"force_destroy": false,
"id": "test-driftctl2",
"name": "test-driftctl2",
"path": "/",
"permissions_boundary": null,
"tags": {},
"unique_id": "AIDA5QYBVVD2RVTK3ODPO"
},
"private": "bnVsbA=="
}
]
}
]
}

54
pkg/iac/terraform/state/test/iam_policy_multiple/result.golden.json
View File

@ -1,32 +1,38 @@
[
{
"Arn": "arn:aws:iam::929327065333:policy/policy-2",
"Description": "",
"Id": "arn:aws:iam::929327065333:policy/policy-2",
"Name": "policy-2",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":\"ec2:*\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2Admin\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::929327065333:policy/policy-0",
"Description": "",
"Id": "arn:aws:iam::929327065333:policy/policy-0",
"Name": "policy-0",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":\"ec2:*\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2Admin\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
"Type": "aws_iam_policy",
"Attrs": {
"arn": "arn:aws:iam::929327065333:policy/policy-0",
"description": "",
"id": "arn:aws:iam::929327065333:policy/policy-0",
"name": "policy-0",
"path": "/",
"policy": "{\"Statement\":[{\"Action\":\"ec2:*\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2Admin\"}],\"Version\":\"2012-10-17\"}"
}
},
{
"Arn": "arn:aws:iam::929327065333:policy/policy-1",
"Description": "",
"Id": "arn:aws:iam::929327065333:policy/policy-1",
"Name": "policy-1",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":\"ec2:*\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2Admin\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
"Type": "aws_iam_policy",
"Attrs": {
"arn": "arn:aws:iam::929327065333:policy/policy-1",
"description": "",
"id": "arn:aws:iam::929327065333:policy/policy-1",
"name": "policy-1",
"path": "/",
"policy": "{\"Statement\":[{\"Action\":\"ec2:*\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2Admin\"}],\"Version\":\"2012-10-17\"}"
}
},
{
"Id": "arn:aws:iam::929327065333:policy/policy-2",
"Type": "aws_iam_policy",
"Attrs": {
"arn": "arn:aws:iam::929327065333:policy/policy-2",
"description": "",
"id": "arn:aws:iam::929327065333:policy/policy-2",
"name": "policy-2",
"path": "/",
"policy": "{\"Statement\":[{\"Action\":\"ec2:*\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"EC2Admin\"}],\"Version\":\"2012-10-17\"}"
}
}
]

70124
pkg/iac/terraform/state/test/iam_policy_multiple/schema.golden.json
View File

File diff suppressed because it is too large Load Diff

78
pkg/iac/terraform/state/test/iam_role_multiple/result.golden.json
View File

@ -1,56 +1,56 @@
[
{
"Arn": "arn:aws:iam::929327065333:role/test/test_role_0",
"AssumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"CreateDate": "2020-11-04T10:09:37Z",
"Description": "",
"ForceDetachPolicies": true,
"Id": "test_role_0",
"MaxSessionDuration": 3600,
"Name": "test_role_0",
"NamePrefix": null,
"Path": "/test/",
"PermissionsBoundary": null,
"Tags": {
"Type": "aws_iam_role",
"Attrs": {
"arn": "arn:aws:iam::929327065333:role/test/test_role_0",
"assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"create_date": "2020-11-04T10:09:37Z",
"description": "",
"id": "test_role_0",
"max_session_duration": 3600,
"name": "test_role_0",
"path": "/test/",
"tags": {
"foo": "bar0"
},
"UniqueId": "AROA5QYBVVD24YSTJXHHO",
"CtyVal": {}
"unique_id": "AROA5QYBVVD24YSTJXHHO"
}
},
{
"Arn": "arn:aws:iam::929327065333:role/test/test_role_1",
"AssumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"CreateDate": "2020-11-04T10:09:37Z",
"Description": "",
"ForceDetachPolicies": true,
"Id": "test_role_1",
"MaxSessionDuration": 3600,
"Name": "test_role_1",
"NamePrefix": null,
"Path": "/test/",
"PermissionsBoundary": null,
"Tags": {
"Type": "aws_iam_role",
"Attrs": {
"arn": "arn:aws:iam::929327065333:role/test/test_role_1",
"assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"create_date": "2020-11-04T10:09:37Z",
"description": "",
"id": "test_role_1",
"max_session_duration": 3600,
"name": "test_role_1",
"path": "/test/",
"tags": {
"foo": "bar1"
},
"UniqueId": "AROA5QYBVVD2UGXJCEDXF",
"CtyVal": {}
"unique_id": "AROA5QYBVVD2UGXJCEDXF"
}
},
{
"Arn": "arn:aws:iam::929327065333:role/test/test_role_2",
"AssumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"CreateDate": "2020-11-04T10:09:37Z",
"Description": "",
"ForceDetachPolicies": true,
"Id": "test_role_2",
"MaxSessionDuration": 3600,
"Name": "test_role_2",
"NamePrefix": null,
"Path": "/test/",
"PermissionsBoundary": null,
"Tags": {
"Type": "aws_iam_role",
"Attrs": {
"arn": "arn:aws:iam::929327065333:role/test/test_role_2",
"assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"create_date": "2020-11-04T10:09:37Z",
"description": "",
"id": "test_role_2",
"max_session_duration": 3600,
"name": "test_role_2",
"path": "/test/",
"tags": {
"foo": "bar2"
},
"UniqueId": "AROA5QYBVVD2WGP2ZEG73",
"CtyVal": {}
"unique_id": "AROA5QYBVVD2WGP2ZEG73"
}
}
]

70124
pkg/iac/terraform/state/test/iam_role_multiple/schema.golden.json
View File

File diff suppressed because it is too large Load Diff

148
pkg/iac/terraform/state/test/iam_role_policy_attachment/result.golden.json
View File

@ -1,120 +1,38 @@
[
{
"Arn": "arn:aws:iam::526954929923:role/test-role2",
"AssumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"CreateDate": "2020-11-18T16:29:08Z",
"Description": "",
"ForceDetachPolicies": false,
"Id": "test-role2",
"MaxSessionDuration": 3600,
"Name": "test-role2",
"NamePrefix": null,
"Path": "/",
"PermissionsBoundary": null,
"Tags": {},
"UniqueId": "AROAXVMHWD4BXFUYMSDRB",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::526954929923:role/test-role",
"AssumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"CreateDate": "2020-11-18T16:28:49Z",
"Description": "",
"ForceDetachPolicies": false,
"Id": "test-role",
"MaxSessionDuration": 3600,
"Name": "test-role",
"NamePrefix": null,
"Path": "/",
"PermissionsBoundary": null,
"Tags": {},
"UniqueId": "AROAXVMHWD4BRFKSROAS3",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::526954929923:policy/test-policy",
"Description": "A test policy",
"Id": "arn:aws:iam::526954929923:policy/test-policy",
"Name": "test-policy",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":[\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::526954929923:policy/test-policy3",
"Description": "A test policy 3",
"Id": "arn:aws:iam::526954929923:policy/test-policy3",
"Name": "test-policy3",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":[\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::526954929923:policy/test-policy2",
"Description": "A test policy 2",
"Id": "arn:aws:iam::526954929923:policy/test-policy2",
"Name": "test-policy2",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":[\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
},
{
"Groups": null,
"Id": "test-attachment5",
"Name": "test-attachment5",
"PolicyArn": "arn:aws:iam::526954929923:policy/test-policy3",
"Roles": [
"test-role",
"test-role2"
],
"Users": null,
"CtyVal": {}
},
{
"Groups": null,
"Id": "test-role-arn:aws:iam::526954929923:policy/test-policy",
"Name": "test-role-20201118162849968800000001",
"PolicyArn": "arn:aws:iam::526954929923:policy/test-policy",
"Roles": [
"test-role"
],
"Users": null,
"CtyVal": {}
},
{
"Groups": null,
"Id": "test-role-arn:aws:iam::526954929923:policy/test-policy2",
"Name": "test-role-20201118162849994600000002",
"PolicyArn": "arn:aws:iam::526954929923:policy/test-policy2",
"Roles": [
"test-role"
],
"Users": null,
"CtyVal": {}
},
{
"Groups": null,
"Id": "test-role2-arn:aws:iam::526954929923:policy/test-policy",
"Name": "test-role2-20201118162908999800000001",
"PolicyArn": "arn:aws:iam::526954929923:policy/test-policy",
"Roles": [
"test-role2"
],
"Users": null,
"CtyVal": {}
},
{
"Groups": null,
"Id": "test-role2-arn:aws:iam::526954929923:policy/test-policy2",
"Name": "test-role2-20201118162909011200000002",
"PolicyArn": "arn:aws:iam::526954929923:policy/test-policy2",
"Roles": [
"test-role2"
],
"Users": null,
"CtyVal": {}
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "test-role2-20201118162909011200000002",
"policy_arn": "arn:aws:iam::526954929923:policy/test-policy2",
"role": "test-role2"
}
},
{
"Id": "test-role-arn:aws:iam::526954929923:policy/test-policy",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "test-role-20201118162849968800000001",
"policy_arn": "arn:aws:iam::526954929923:policy/test-policy",
"role": "test-role"
}
},
{
"Id": "test-role-arn:aws:iam::526954929923:policy/test-policy2",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "test-role-20201118162849994600000002",
"policy_arn": "arn:aws:iam::526954929923:policy/test-policy2",
"role": "test-role"
}
},
{
"Id": "test-role2-arn:aws:iam::526954929923:policy/test-policy",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "test-role2-20201118162908999800000001",
"policy_arn": "arn:aws:iam::526954929923:policy/test-policy",
"role": "test-role2"
}
}
]

70124
pkg/iac/terraform/state/test/iam_role_policy_attachment/schema.golden.json
View File

File diff suppressed because it is too large Load Diff

145
pkg/iac/terraform/state/test/iam_role_policy_attachment/terraform.tfstate
View File

@ -5,151 +5,6 @@
"lineage": "b4b284a7-9835-6ae1-b6c5-21100080f61e",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_iam_policy",
"name": "policy",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:policy/test-policy",
"description": "A test policy",
"id": "arn:aws:iam::526954929923:policy/test-policy",
"name": "test-policy",
"name_prefix": null,
"path": "/",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_policy",
"name": "policy2",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:policy/test-policy2",
"description": "A test policy 2",
"id": "arn:aws:iam::526954929923:policy/test-policy2",
"name": "test-policy2",
"name_prefix": null,
"path": "/",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_policy",
"name": "policy3",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:policy/test-policy3",
"description": "A test policy 3",
"id": "arn:aws:iam::526954929923:policy/test-policy3",
"name": "test-policy3",
"name_prefix": null,
"path": "/",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_policy_attachment",
"name": "test-attach5",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"groups": [],
"id": "test-attachment5",
"name": "test-attachment5",
"policy_arn": "arn:aws:iam::526954929923:policy/test-policy3",
"roles": [
"test-role",
"test-role2"
],
"users": []
},
"private": "bnVsbA==",
"dependencies": [
"aws_iam_policy.policy3",
"aws_iam_role.test",
"aws_iam_role.test2"
]
}
]
},
{
"mode": "managed",
"type": "aws_iam_role",
"name": "test",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:role/test-role",
"assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"create_date": "2020-11-18T16:28:49Z",
"description": "",
"force_detach_policies": false,
"id": "test-role",
"max_session_duration": 3600,
"name": "test-role",
"name_prefix": null,
"path": "/",
"permissions_boundary": null,
"tags": {},
"unique_id": "AROAXVMHWD4BRFKSROAS3"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_role",
"name": "test2",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:role/test-role2",
"assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"create_date": "2020-11-18T16:29:08Z",
"description": "",
"force_detach_policies": false,
"id": "test-role2",
"max_session_duration": 3600,
"name": "test-role2",
"name_prefix": null,
"path": "/",
"permissions_boundary": null,
"tags": {},
"unique_id": "AROAXVMHWD4BXFUYMSDRB"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_role_policy_attachment",

110
pkg/iac/terraform/state/test/iam_role_policy_multiple/result.golden.json
View File

@ -1,82 +1,62 @@
[
{
"Arn": "arn:aws:iam::929327065333:role/test_role_0",
"AssumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"CreateDate": "2020-11-05T13:30:59Z",
"Description": "",
"ForceDetachPolicies": false,
"Id": "test_role_0",
"MaxSessionDuration": 3600,
"Name": "test_role_0",
"NamePrefix": null,
"Path": "/",
"PermissionsBoundary": null,
"Tags": null,
"UniqueId": "AROA5QYBVVD2U6C7MVZRS",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::929327065333:role/test_role_1",
"AssumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"CreateDate": "2020-11-05T13:30:59Z",
"Description": "",
"ForceDetachPolicies": false,
"Id": "test_role_1",
"MaxSessionDuration": 3600,
"Name": "test_role_1",
"NamePrefix": null,
"Path": "/",
"PermissionsBoundary": null,
"Tags": null,
"UniqueId": "AROA5QYBVVD26ZIDQHGWV",
"CtyVal": {}
},
{
"Id": "test_role_0:policy-role0-2",
"Name": "policy-role0-2",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"Role": "test_role_0",
"CtyVal": {}
},
{
"Id": "test_role_0:policy-role0-0",
"Name": "policy-role0-0",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"Role": "test_role_0",
"CtyVal": {}
"Type": "aws_iam_role_policy",
"Attrs": {
"id": "test_role_0:policy-role0-0",
"name": "policy-role0-0",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"role": "test_role_0"
}
},
{
"Id": "test_role_0:policy-role0-1",
"Name": "policy-role0-1",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"Role": "test_role_0",
"CtyVal": {}
"Type": "aws_iam_role_policy",
"Attrs": {
"id": "test_role_0:policy-role0-1",
"name": "policy-role0-1",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"role": "test_role_0"
}
},
{
"Id": "test_role_0:policy-role0-2",
"Type": "aws_iam_role_policy",
"Attrs": {
"id": "test_role_0:policy-role0-2",
"name": "policy-role0-2",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"role": "test_role_0"
}
},
{
"Id": "test_role_1:policy-role1-0",
"Name": "policy-role1-0",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"Role": "test_role_1",
"CtyVal": {}
"Type": "aws_iam_role_policy",
"Attrs": {
"id": "test_role_1:policy-role1-0",
"name": "policy-role1-0",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"role": "test_role_1"
}
},
{
"Id": "test_role_1:policy-role1-1",
"Name": "policy-role1-1",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"Role": "test_role_1",
"CtyVal": {}
"Type": "aws_iam_role_policy",
"Attrs": {
"id": "test_role_1:policy-role1-1",
"name": "policy-role1-1",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"role": "test_role_1"
}
},
{
"Id": "test_role_1:policy-role1-2",
"Name": "policy-role1-2",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"Role": "test_role_1",
"CtyVal": {}
"Type": "aws_iam_role_policy",
"Attrs": {
"id": "test_role_1:policy-role1-2",
"name": "policy-role1-2",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": \"account:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"role": "test_role_1"
}
}
]

70124
pkg/iac/terraform/state/test/iam_role_policy_multiple/schema.golden.json
View File

File diff suppressed because it is too large Load Diff

49
pkg/iac/terraform/state/test/iam_role_policy_multiple/terraform.tfstate
View File

@ -5,55 +5,6 @@
"lineage": "76ff886d-b3c6-fca4-1e8c-a49979afd103",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_iam_role",
"name": "test_role",
"each": "list",
"provider": "provider.aws",
"instances": [
{
"index_key": 0,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::929327065333:role/test_role_0",
"assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"create_date": "2020-11-05T13:30:59Z",
"description": "",
"force_detach_policies": false,
"id": "test_role_0",
"max_session_duration": 3600,
"name": "test_role_0",
"name_prefix": null,
"path": "/",
"permissions_boundary": null,
"tags": null,
"unique_id": "AROA5QYBVVD2U6C7MVZRS"
},
"private": "bnVsbA=="
},
{
"index_key": 1,
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::929327065333:role/test_role_1",
"assume_role_policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}",
"create_date": "2020-11-05T13:30:59Z",
"description": "",
"force_detach_policies": false,
"id": "test_role_1",
"max_session_duration": 3600,
"name": "test_role_1",
"name_prefix": null,
"path": "/",
"permissions_boundary": null,
"tags": null,
"unique_id": "AROA5QYBVVD26ZIDQHGWV"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_role_policy",

51
pkg/iac/terraform/state/test/iam_user_multiple/result.golden.json
View File

@ -1,41 +1,44 @@
[
{
"Arn": "arn:aws:iam::929327065333:user/test/test-driftctl-0",
"ForceDestroy": true,
"Id": "test-driftctl-0",
"Name": "test-driftctl-0",
"Path": "/test/",
"PermissionsBoundary": null,
"Tags": {
"Type": "aws_iam_user",
"Attrs": {
"arn": "arn:aws:iam::929327065333:user/test/test-driftctl-0",
"id": "test-driftctl-0",
"name": "test-driftctl-0",
"path": "/test/",
"tags": {
"foo": "bar"
},
"UniqueId": "AIDA5QYBVVD2ZWIW56NWS",
"CtyVal": {}
"unique_id": "AIDA5QYBVVD2ZWIW56NWS"
}
},
{
"Arn": "arn:aws:iam::929327065333:user/test/test-driftctl-1",
"ForceDestroy": true,
"Id": "test-driftctl-1",
"Name": "test-driftctl-1",
"Path": "/test/",
"PermissionsBoundary": null,
"Tags": {
"Type": "aws_iam_user",
"Attrs": {
"arn": "arn:aws:iam::929327065333:user/test/test-driftctl-1",
"id": "test-driftctl-1",
"name": "test-driftctl-1",
"path": "/test/",
"tags": {
"foo": "bar"
},
"UniqueId": "AIDA5QYBVVD2UMP6CZEGZ",
"CtyVal": {}
"unique_id": "AIDA5QYBVVD2UMP6CZEGZ"
}
},
{
"Arn": "arn:aws:iam::929327065333:user/test/test-driftctl-2",
"ForceDestroy": true,
"Id": "test-driftctl-2",
"Name": "test-driftctl-2",
"Path": "/test/",
"PermissionsBoundary": null,
"Tags": {
"Type": "aws_iam_user",
"Attrs": {
"arn": "arn:aws:iam::929327065333:user/test/test-driftctl-2",
"id": "test-driftctl-2",
"name": "test-driftctl-2",
"path": "/test/",
"tags": {
"foo": "bar"
},
"UniqueId": "AIDA5QYBVVD23ZWIILRUW",
"CtyVal": {}
"unique_id": "AIDA5QYBVVD23ZWIILRUW"
}
}
]

70124
pkg/iac/terraform/state/test/iam_user_multiple/schema.golden.json
View File

File diff suppressed because it is too large Load Diff

260
pkg/iac/terraform/state/test/iam_user_policy_attachment/result.golden.json
View File

@ -1,219 +1,83 @@
[
{
"Arn": "arn:aws:iam::526954929923:user/system/loadbalancer",
"ForceDestroy": false,
"Id": "loadbalancer",
"Name": "loadbalancer",
"Path": "/system/",
"PermissionsBoundary": null,
"Tags": {},
"UniqueId": "AIDAXVMHWD4B7BHWL7YKF",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::526954929923:user/system/loadbalancer3",
"ForceDestroy": false,
"Id": "loadbalancer3",
"Name": "loadbalancer3",
"Path": "/system/",
"PermissionsBoundary": null,
"Tags": {},
"UniqueId": "AIDAXVMHWD4BUICVKAIIT",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::526954929923:user/system/loadbalancer2",
"ForceDestroy": false,
"Id": "loadbalancer2",
"Name": "loadbalancer2",
"Path": "/system/",
"PermissionsBoundary": null,
"Tags": {},
"UniqueId": "AIDAXVMHWD4BTVLVQM236",
"CtyVal": {}
},
{
"Groups": null,
"Id": "loadbalancer-arn:aws:iam::526954929923:policy/test2",
"Name": "loadbalancer-2020111317225517310000000a",
"PolicyArn": "arn:aws:iam::526954929923:policy/test2",
"Roles": [],
"Users": [
"loadbalancer"
],
"CtyVal": {}
},
{
"Groups": null,
"Id": "loadbalancer3-arn:aws:iam::526954929923:policy/test",
"Name": "loadbalancer3-2020111317225590250000000c",
"PolicyArn": "arn:aws:iam::526954929923:policy/test",
"Roles": [],
"Users": [
"loadbalancer3"
],
"CtyVal": {}
},
{
"Groups": null,
"Id": "loadbalancer3-arn:aws:iam::526954929923:policy/test2",
"Name": "loadbalancer3-20201113172255118300000007",
"PolicyArn": "arn:aws:iam::526954929923:policy/test2",
"Roles": [],
"Users": [
"loadbalancer3"
],
"CtyVal": {}
},
{
"Groups": null,
"Id": "loadbalancer-arn:aws:iam::526954929923:policy/test",
"Name": "loadbalancer-20201113172255158500000009",
"PolicyArn": "arn:aws:iam::526954929923:policy/test",
"Roles": [],
"Users": [
"loadbalancer"
],
"CtyVal": {}
},
{
"Groups": null,
"Id": "loadbalancer3-arn:aws:iam::526954929923:policy/test3",
"Name": "loadbalancer3-20201113172254986500000006",
"PolicyArn": "arn:aws:iam::526954929923:policy/test3",
"Roles": [],
"Users": [
"loadbalancer3"
],
"CtyVal": {}
},
{
"Groups": null,
"Id": "loadbalancer-arn:aws:iam::526954929923:policy/test3",
"Name": "loadbalancer-20201113172254928300000005",
"PolicyArn": "arn:aws:iam::526954929923:policy/test3",
"Roles": [],
"Users": [
"loadbalancer"
],
"CtyVal": {}
},
{
"Groups": null,
"Id": "loadbalancer2-arn:aws:iam::526954929923:policy/test",
"Name": "loadbalancer2-2020111317225587220000000b",
"PolicyArn": "arn:aws:iam::526954929923:policy/test",
"Roles": [],
"Users": [
"loadbalancer2"
],
"CtyVal": {}
},
{
"Groups": null,
"Id": "loadbalancer2-arn:aws:iam::526954929923:policy/test2",
"Name": "loadbalancer2-20201113172255122400000008",
"PolicyArn": "arn:aws:iam::526954929923:policy/test2",
"Roles": [],
"Users": [
"loadbalancer2"
],
"CtyVal": {}
},
{
"Groups": null,
"Id": "loadbalancer2-arn:aws:iam::526954929923:policy/test3",
"Name": "loadbalancer2-20201113172254923500000004",
"PolicyArn": "arn:aws:iam::526954929923:policy/test3",
"Roles": [],
"Users": [
"loadbalancer2"
],
"CtyVal": {}
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "loadbalancer2-20201113172254923500000004",
"policy_arn": "arn:aws:iam::526954929923:policy/test3",
"user": "loadbalancer2"
}
},
{
"EncryptedSecret": null,
"Id": "AKIAXVMHWD4BZZ46XCIU",
"KeyFingerprint": null,
"PgpKey": null,
"Secret": null,
"SesSmtpPasswordV4": null,
"Status": "Active",
"User": "loadbalancer2",
"CtyVal": {}
"Id": "loadbalancer3-arn:aws:iam::526954929923:policy/test3",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "loadbalancer3-20201113172254986500000006",
"policy_arn": "arn:aws:iam::526954929923:policy/test3",
"user": "loadbalancer3"
}
},
{
"EncryptedSecret": null,
"Id": "AKIAXVMHWD4BYCOUMTPB",
"KeyFingerprint": null,
"PgpKey": null,
"Secret": null,
"SesSmtpPasswordV4": null,
"Status": "Active",
"User": "loadbalancer",
"CtyVal": {}
"Id": "loadbalancer3-arn:aws:iam::526954929923:policy/test2",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "loadbalancer3-20201113172255118300000007",
"policy_arn": "arn:aws:iam::526954929923:policy/test2",
"user": "loadbalancer3"
}
},
{
"EncryptedSecret": null,
"Id": "AKIAXVMHWD4BQM7NGPEU",
"KeyFingerprint": null,
"PgpKey": null,
"Secret": null,
"SesSmtpPasswordV4": null,
"Status": "Active",
"User": "loadbalancer3",
"CtyVal": {}
"Id": "loadbalancer-arn:aws:iam::526954929923:policy/test",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "loadbalancer-20201113172255158500000009",
"policy_arn": "arn:aws:iam::526954929923:policy/test",
"user": "loadbalancer"
}
},
{
"Arn": "arn:aws:iam::526954929923:policy/test3",
"Description": "",
"Id": "arn:aws:iam::526954929923:policy/test3",
"Name": "test3",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":[\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
"Id": "loadbalancer-arn:aws:iam::526954929923:policy/test2",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "loadbalancer-2020111317225517310000000a",
"policy_arn": "arn:aws:iam::526954929923:policy/test2",
"user": "loadbalancer"
}
},
{
"Arn": "arn:aws:iam::526954929923:policy/test",
"Description": "",
"Id": "arn:aws:iam::526954929923:policy/test",
"Name": "test",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":[\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
"Id": "loadbalancer2-arn:aws:iam::526954929923:policy/test",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "loadbalancer2-2020111317225587220000000b",
"policy_arn": "arn:aws:iam::526954929923:policy/test",
"user": "loadbalancer2"
}
},
{
"Arn": "arn:aws:iam::526954929923:policy/test2",
"Description": "",
"Id": "arn:aws:iam::526954929923:policy/test2",
"Name": "test2",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":[\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
"Id": "loadbalancer2-arn:aws:iam::526954929923:policy/test2",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "loadbalancer2-20201113172255122400000008",
"policy_arn": "arn:aws:iam::526954929923:policy/test2",
"user": "loadbalancer2"
}
},
{
"Arn": "arn:aws:iam::526954929923:policy/test4",
"Description": "",
"Id": "arn:aws:iam::526954929923:policy/test4",
"Name": "test4",
"NamePrefix": null,
"Path": "/",
"Policy": "{\"Statement\":[{\"Action\":[\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}",
"CtyVal": {}
"Id": "loadbalancer-arn:aws:iam::526954929923:policy/test3",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "loadbalancer-20201113172254928300000005",
"policy_arn": "arn:aws:iam::526954929923:policy/test3",
"user": "loadbalancer"
}
},
{
"Groups": null,
"Id": "test-attachment",
"Name": "test-attachment",
"PolicyArn": "arn:aws:iam::526954929923:policy/test4",
"Roles": [],
"Users": [
"loadbalancer",
"loadbalancer2"
],
"CtyVal": {}
"Id": "loadbalancer3-arn:aws:iam::526954929923:policy/test",
"Type": "aws_iam_policy_attachment",
"Attrs": {
"id": "loadbalancer3-2020111317225590250000000c",
"policy_arn": "arn:aws:iam::526954929923:policy/test",
"user": "loadbalancer3"
}
}
]

70124
pkg/iac/terraform/state/test/iam_user_policy_attachment/schema.golden.json
View File

File diff suppressed because it is too large Load Diff

254
pkg/iac/terraform/state/test/iam_user_policy_attachment/terraform.tfstate
View File

@ -5,260 +5,6 @@
"lineage": "b4b284a7-9835-6ae1-b6c5-21100080f61e",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_iam_access_key",
"name": "test",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"encrypted_secret": null,
"id": "AKIAXVMHWD4BYCOUMTPB",
"key_fingerprint": null,
"pgp_key": null,
"secret": "DYVYgsbLiprEPVEyOajWeh8P5FuEqbZDhkqA+fmz",
"ses_smtp_password_v4": "BMaGkq7vt1A2RCsFNTlMOVxBWxQU6mEnrVSB59QZ57aM",
"status": "Active",
"user": "loadbalancer"
},
"private": "bnVsbA==",
"dependencies": [
"aws_iam_user.test"
]
}
]
},
{
"mode": "managed",
"type": "aws_iam_access_key",
"name": "test2",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"encrypted_secret": null,
"id": "AKIAXVMHWD4BZZ46XCIU",
"key_fingerprint": null,
"pgp_key": null,
"secret": "83RiEBVlRMlJsbr/bogeVhlypkjR11sHs/tV/k1j",
"ses_smtp_password_v4": "BLecQIwGZ0kyduTmskrxY1kVNQNeTAyGncyNLPnFc8mo",
"status": "Active",
"user": "loadbalancer2"
},
"private": "bnVsbA==",
"dependencies": [
"aws_iam_user.test2"
]
}
]
},
{
"mode": "managed",
"type": "aws_iam_access_key",
"name": "test3",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"encrypted_secret": null,
"id": "AKIAXVMHWD4BQM7NGPEU",
"key_fingerprint": null,
"pgp_key": null,
"secret": "lJRGYs2Mf7up+dAzzOMmlyzHeHWybM4R7JlpFHyt",
"ses_smtp_password_v4": "BBKWjtfZJzaxvzLuLDZ/sSd0dLBO+eJFN8marDCkUBDK",
"status": "Active",
"user": "loadbalancer3"
},
"private": "bnVsbA==",
"dependencies": [
"aws_iam_user.test3"
]
}
]
},
{
"mode": "managed",
"type": "aws_iam_policy",
"name": "test_ro",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:policy/test",
"description": "",
"id": "arn:aws:iam::526954929923:policy/test",
"name": "test",
"name_prefix": null,
"path": "/",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_policy",
"name": "test_ro2",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:policy/test2",
"description": "",
"id": "arn:aws:iam::526954929923:policy/test2",
"name": "test2",
"name_prefix": null,
"path": "/",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_policy",
"name": "test_ro3",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:policy/test3",
"description": "",
"id": "arn:aws:iam::526954929923:policy/test3",
"name": "test3",
"name_prefix": null,
"path": "/",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_policy",
"name": "test_ro4",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:policy/test4",
"description": "",
"id": "arn:aws:iam::526954929923:policy/test4",
"name": "test4",
"name_prefix": null,
"path": "/",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_policy_attachment",
"name": "test-attach4",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"groups": [],
"id": "test-attachment",
"name": "test-attachment",
"policy_arn": "arn:aws:iam::526954929923:policy/test4",
"roles": [],
"users": [
"loadbalancer",
"loadbalancer2"
]
},
"private": "bnVsbA==",
"dependencies": [
"aws_iam_policy.test_ro4",
"aws_iam_user.test",
"aws_iam_user.test2",
"aws_iam_user.test3"
]
}
]
},
{
"mode": "managed",
"type": "aws_iam_user",
"name": "test",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:user/system/loadbalancer",
"force_destroy": false,
"id": "loadbalancer",
"name": "loadbalancer",
"path": "/system/",
"permissions_boundary": null,
"tags": {},
"unique_id": "AIDAXVMHWD4B7BHWL7YKF"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_user",
"name": "test2",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:user/system/loadbalancer2",
"force_destroy": false,
"id": "loadbalancer2",
"name": "loadbalancer2",
"path": "/system/",
"permissions_boundary": null,
"tags": {},
"unique_id": "AIDAXVMHWD4BTVLVQM236"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_user",
"name": "test3",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:user/system/loadbalancer3",
"force_destroy": false,
"id": "loadbalancer3",
"name": "loadbalancer3",
"path": "/system/",
"permissions_boundary": null,
"tags": {},
"unique_id": "AIDAXVMHWD4BUICVKAIIT"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_user_policy_attachment",

250
pkg/iac/terraform/state/test/iam_user_policy_multiple/result.golden.json
View File

@ -1,164 +1,122 @@
[
{
"Arn": "arn:aws:iam::526954929923:user/system/loadbalancer3",
"ForceDestroy": false,
"Id": "loadbalancer3",
"Name": "loadbalancer3",
"Path": "/system/",
"PermissionsBoundary": null,
"Tags": null,
"UniqueId": "AIDAXVMHWD4BUICVKAIIT",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::526954929923:user/system/loadbalancer2",
"ForceDestroy": false,
"Id": "loadbalancer2",
"Name": "loadbalancer2",
"Path": "/system/",
"PermissionsBoundary": null,
"Tags": null,
"UniqueId": "AIDAXVMHWD4BTVLVQM236",
"CtyVal": {}
},
{
"Arn": "arn:aws:iam::526954929923:user/system/loadbalancer",
"ForceDestroy": false,
"Id": "loadbalancer",
"Name": "loadbalancer",
"Path": "/system/",
"PermissionsBoundary": null,
"Tags": null,
"UniqueId": "AIDAXVMHWD4B7BHWL7YKF",
"CtyVal": {}
},
{
"Id": "loadbalancer3:test34",
"Name": "test34",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer3",
"CtyVal": {}
},
{
"Id": "loadbalancer:test4",
"Name": "test4",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer",
"CtyVal": {}
},
{
"Id": "loadbalancer2:test23",
"Name": "test23",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer2",
"CtyVal": {}
},
{
"Id": "loadbalancer:test2",
"Name": "test2",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer",
"CtyVal": {}
},
{
"Id": "loadbalancer2:test22",
"Name": "test22",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer2",
"CtyVal": {}
},
{
"Id": "loadbalancer3:test32",
"Name": "test32",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer3",
"CtyVal": {}
},
{
"Id": "loadbalancer:test3",
"Name": "test3",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer",
"CtyVal": {}
"Id": "loadbalancer2:test2",
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer2:test2",
"name": "test2",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer2"
}
},
{
"Id": "loadbalancer2:test24",
"Name": "test24",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer2",
"CtyVal": {}
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer2:test24",
"name": "test24",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer2"
}
},
{
"Id": "loadbalancer3:test3",
"Name": "test3",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer3",
"CtyVal": {}
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer3:test3",
"name": "test3",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer3"
}
},
{
"Id": "loadbalancer3:test33",
"Name": "test33",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer3",
"CtyVal": {}
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer3:test33",
"name": "test33",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer3"
}
},
{
"Id": "loadbalancer3:test34",
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer3:test34",
"name": "test34",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer3"
}
},
{
"Id": "loadbalancer:test3",
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer:test3",
"name": "test3",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer"
}
},
{
"Id": "loadbalancer:test4",
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer:test4",
"name": "test4",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer"
}
},
{
"Id": "loadbalancer2:test22",
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer2:test22",
"name": "test22",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer2"
}
},
{
"Id": "loadbalancer2:test23",
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer2:test23",
"name": "test23",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer2"
}
},
{
"Id": "loadbalancer3:test32",
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer3:test32",
"name": "test32",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer3"
}
},
{
"Id": "loadbalancer:test",
"Name": "test",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer",
"CtyVal": {}
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer:test",
"name": "test",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer"
}
},
{
"Id": "loadbalancer2:test2",
"Name": "test2",
"NamePrefix": null,
"Policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"User": "loadbalancer2",
"CtyVal": {}
},
{
"EncryptedSecret": null,
"Id": "AKIAXVMHWD4BZZ46XCIU",
"KeyFingerprint": null,
"PgpKey": null,
"Secret": null,
"SesSmtpPasswordV4": null,
"Status": "Active",
"User": "loadbalancer2",
"CtyVal": {}
},
{
"EncryptedSecret": null,
"Id": "AKIAXVMHWD4BYCOUMTPB",
"KeyFingerprint": null,
"PgpKey": null,
"Secret": null,
"SesSmtpPasswordV4": null,
"Status": "Active",
"User": "loadbalancer",
"CtyVal": {}
},
{
"EncryptedSecret": null,
"Id": "AKIAXVMHWD4BQM7NGPEU",
"KeyFingerprint": null,
"PgpKey": null,
"Secret": null,
"SesSmtpPasswordV4": null,
"Status": "Active",
"User": "loadbalancer3",
"CtyVal": {}
"Id": "loadbalancer:test2",
"Type": "aws_iam_user_policy",
"Attrs": {
"id": "loadbalancer:test2",
"name": "test2",
"policy": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n",
"user": "loadbalancer"
}
}
]

70124
pkg/iac/terraform/state/test/iam_user_policy_multiple/schema.golden.json
View File

File diff suppressed because it is too large Load Diff

141
pkg/iac/terraform/state/test/iam_user_policy_multiple/terraform.tfstate
View File

@ -5,147 +5,6 @@
"lineage": "b4b284a7-9835-6ae1-b6c5-21100080f61e",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_iam_access_key",
"name": "test",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"encrypted_secret": null,
"id": "AKIAXVMHWD4BYCOUMTPB",
"key_fingerprint": null,
"pgp_key": null,
"secret": "DYVYgsbLiprEPVEyOajWeh8P5FuEqbZDhkqA+fmz",
"ses_smtp_password_v4": "BMaGkq7vt1A2RCsFNTlMOVxBWxQU6mEnrVSB59QZ57aM",
"status": "Active",
"user": "loadbalancer"
},
"private": "bnVsbA==",
"dependencies": [
"aws_iam_user.test"
]
}
]
},
{
"mode": "managed",
"type": "aws_iam_access_key",
"name": "test2",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"encrypted_secret": null,
"id": "AKIAXVMHWD4BZZ46XCIU",
"key_fingerprint": null,
"pgp_key": null,
"secret": "83RiEBVlRMlJsbr/bogeVhlypkjR11sHs/tV/k1j",
"ses_smtp_password_v4": "BLecQIwGZ0kyduTmskrxY1kVNQNeTAyGncyNLPnFc8mo",
"status": "Active",
"user": "loadbalancer2"
},
"private": "bnVsbA==",
"dependencies": [
"aws_iam_user.test2"
]
}
]
},
{
"mode": "managed",
"type": "aws_iam_access_key",
"name": "test3",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"encrypted_secret": null,
"id": "AKIAXVMHWD4BQM7NGPEU",
"key_fingerprint": null,
"pgp_key": null,
"secret": "lJRGYs2Mf7up+dAzzOMmlyzHeHWybM4R7JlpFHyt",
"ses_smtp_password_v4": "BBKWjtfZJzaxvzLuLDZ/sSd0dLBO+eJFN8marDCkUBDK",
"status": "Active",
"user": "loadbalancer3"
},
"private": "bnVsbA==",
"dependencies": [
"aws_iam_user.test3"
]
}
]
},
{
"mode": "managed",
"type": "aws_iam_user",
"name": "test",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:user/system/loadbalancer",
"force_destroy": false,
"id": "loadbalancer",
"name": "loadbalancer",
"path": "/system/",
"permissions_boundary": null,
"tags": null,
"unique_id": "AIDAXVMHWD4B7BHWL7YKF"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_user",
"name": "test2",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:user/system/loadbalancer2",
"force_destroy": false,
"id": "loadbalancer2",
"name": "loadbalancer2",
"path": "/system/",
"permissions_boundary": null,
"tags": null,
"unique_id": "AIDAXVMHWD4BTVLVQM236"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_user",
"name": "test3",
"provider": "provider.aws",
"instances": [
{
"schema_version": 0,
"attributes": {
"arn": "arn:aws:iam::526954929923:user/system/loadbalancer3",
"force_destroy": false,
"id": "loadbalancer3",
"name": "loadbalancer3",
"path": "/system/",
"permissions_boundary": null,
"tags": null,
"unique_id": "AIDAXVMHWD4BUICVKAIIT"
},
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "aws_iam_user_policy",

16
pkg/iac/terraform/state/test/module.iam_iam-user/result.golden.json
View File

@ -1,14 +1,14 @@
[
{
"Arn": "arn:aws:iam::929327065333:user/MODULE-USER",
"ForceDestroy": false,
"Id": "MODULE-USER",
"Name": "MODULE-USER",
"Path": "/",
"PermissionsBoundary": null,
"Tags": null,
"UniqueId": "AIDA5QYBVVD22N3IK6SAR",
"CtyVal": {}
"Type": "aws_iam_user",
"Attrs": {
"arn": "arn:aws:iam::929327065333:user/MODULE-USER",
"id": "MODULE-USER",
"name": "MODULE-USER",
"path": "/",
"unique_id": "AIDA5QYBVVD22N3IK6SAR"
}
},
{
"EncryptedSecret": null,

11
pkg/middlewares/aws_defaults.go
View File

@ -28,7 +28,7 @@ func (m AwsDefaults) awsIamRoleDefaults(remoteResources []resource.Resource) []r
continue
}
if match := strings.HasPrefix(*remoteResource.(*aws.AwsIamRole).Path, defaultIamRolePathPrefix); match {
if match := strings.HasPrefix((*remoteResource.(*resource.AbstractResource).Attrs)["path"].(string), defaultIamRolePathPrefix); match {
resourcesToIgnore = append(resourcesToIgnore, remoteResource)
}
}
@ -45,15 +45,16 @@ func (m AwsDefaults) awsIamRolePolicyDefaults(remoteResources []resource.Resourc
continue
}
var role *aws.AwsIamRole
var role *resource.AbstractResource
for _, res := range remoteResources {
if res.TerraformType() == aws.AwsIamRoleResourceType && res.TerraformId() == *remoteResource.(*aws.AwsIamRolePolicy).Role {
role = res.(*aws.AwsIamRole)
if res.TerraformType() == aws.AwsIamRoleResourceType &&
res.TerraformId() == (*remoteResource.(*resource.AbstractResource).Attrs)["role"] {
role = res.(*resource.AbstractResource)
break
}
}
if match := strings.HasPrefix(*role.Path, defaultIamRolePathPrefix); match {
if match := strings.HasPrefix((*role.Attrs)["path"].(string), defaultIamRolePathPrefix); match {
resourcesToIgnore = append(resourcesToIgnore, remoteResource)
}
}

186
pkg/middlewares/aws_defaults_test.go
View File

@ -22,17 +22,26 @@ func TestAwsDefaults_Execute(t *testing.T) {
{
"default iam roles when they're not managed by IaC",
[]resource.Resource{
&aws.AwsIamRole{
&resource.AbstractResource{
Id: "AWSServiceRoleForSSO",
Path: func(path string) *string { return &path }("/aws-service-role/sso.amazonaws.com"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/aws-service-role/sso.amazonaws.com",
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "OrganizationAccountAccessRole",
Path: func(path string) *string { return &path }("/not-aws-service-role/sso.amazonaws.com/"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/sso.amazonaws.com/",
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "terraform-20210408093258091700000001",
Path: func(path string) *string { return &path }("/"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/",
},
},
&aws.AwsRoute{
Id: "dummy-route",
@ -46,18 +55,24 @@ func TestAwsDefaults_Execute(t *testing.T) {
RouteTableId: awssdk.String("default-route-table"),
GatewayId: awssdk.String("local"),
},
&aws.AwsIamRole{
&resource.AbstractResource{
Id: "terraform-20210408093258091700000001",
Path: func(path string) *string { return &path }("/"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/",
},
},
},
diff.Changelog{
{
Type: "delete",
Path: []string{"0"},
From: &aws.AwsIamRole{
From: &resource.AbstractResource{
Id: "OrganizationAccountAccessRole",
Path: func(path string) *string { return &path }("/not-aws-service-role/sso.amazonaws.com/"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/sso.amazonaws.com/",
},
},
To: nil,
},
@ -66,42 +81,60 @@ func TestAwsDefaults_Execute(t *testing.T) {
{
"default iam roles when they're managed by IaC",
[]resource.Resource{
&aws.AwsIamRole{
&resource.AbstractResource{
Id: "AWSServiceRoleForSSO",
Path: func(path string) *string { return &path }("/aws-service-role/sso.amazonaws.com/"),
Description: func(path string) *string { return &path }("test"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/aws-service-role/sso.amazonaws.com/",
"description": "test",
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "OrganizationAccountAccessRole",
Path: func(path string) *string { return &path }("/not-aws-service-role/sso.amazonaws.com/"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/sso.amazonaws.com/",
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "driftctl_assume_role:driftctl_policy.10",
Path: func(path string) *string { return &path }("/"),
Tags: map[string]string{
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/",
"tags": map[string]string{
"test": "value",
},
},
},
},
[]resource.Resource{
&aws.AwsIamRole{
&resource.AbstractResource{
Id: "AWSServiceRoleForSSO",
Path: func(path string) *string { return &path }("/aws-service-role/sso.amazonaws.com/"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/aws-service-role/sso.amazonaws.com/",
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "OrganizationAccountAccessRole",
Path: func(path string) *string { return &path }("/not-aws-service-role/sso.amazonaws.com/"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/sso.amazonaws.com/",
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "driftctl_assume_role:driftctl_policy.10",
Path: func(path string) *string { return &path }("/"),
Tags: map[string]string{},
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/",
"tags": map[string]string{},
},
},
},
diff.Changelog{
{
Type: diff.DELETE,
Path: []string{"1", "Tags", "test"},
Path: []string{"1", "Attrs", "tags", "test"},
From: "value",
To: nil,
},
@ -110,21 +143,33 @@ func TestAwsDefaults_Execute(t *testing.T) {
{
"ignore default iam role policies when they're not managed by IaC",
[]resource.Resource{
&aws.AwsIamRole{
&resource.AbstractResource{
Id: "AWSServiceRoleForSSO",
Path: func(p string) *string { return &p }("/aws-service-role/sso.amazonaws.com"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/aws-service-role/sso.amazonaws.com",
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "OrganizationAccountAccessRole",
Path: func(p string) *string { return &p }("/not-aws-service-role/sso.amazonaws.com"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/sso.amazonaws.com",
},
&aws.AwsIamRolePolicy{
Id: "AWSServiceRoleForSSO:AdministratorAccess",
Role: func(p string) *string { return &p }("AWSServiceRoleForSSO"),
},
&aws.AwsIamRolePolicy{
Id: "OrganizationAccountAccessRole:AdministratorAccess",
Role: func(p string) *string { return &p }("OrganizationAccountAccessRole"),
&resource.AbstractResource{
Id: "AWSServiceRoleForSSO",
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "AWSServiceRoleForSSO",
},
},
&resource.AbstractResource{
Id: "OrganizationAccountAccessRole",
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "OrganizationAccountAccessRole",
},
},
&aws.AwsRoute{
Id: "dummy-route",
@ -143,18 +188,24 @@ func TestAwsDefaults_Execute(t *testing.T) {
{
Type: diff.DELETE,
Path: []string{"0"},
From: &aws.AwsIamRole{
From: &resource.AbstractResource{
Id: "OrganizationAccountAccessRole",
Path: func(p string) *string { return &p }("/not-aws-service-role/sso.amazonaws.com"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/sso.amazonaws.com",
},
},
To: nil,
},
{
Type: diff.DELETE,
Path: []string{"1"},
From: &aws.AwsIamRolePolicy{
Id: "OrganizationAccountAccessRole:AdministratorAccess",
Role: func(p string) *string { return &p }("OrganizationAccountAccessRole"),
From: &resource.AbstractResource{
Id: "OrganizationAccountAccessRole",
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "OrganizationAccountAccessRole",
},
},
To: nil,
},
@ -163,47 +214,68 @@ func TestAwsDefaults_Execute(t *testing.T) {
{
"ignore default iam role policies even when they're managed by IaC",
[]resource.Resource{
&aws.AwsIamRole{
&resource.AbstractResource{
Id: "custom-role",
Path: func(p string) *string { return &p }("/not-aws-service-role/sso.amazonaws.com"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/sso.amazonaws.com",
},
&aws.AwsIamRole{
},
&resource.AbstractResource{
Id: "OrganizationAccountAccessRole",
Path: func(p string) *string { return &p }("/aws-service-role/sso.amazonaws.com"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/aws-service-role/sso.amazonaws.com",
},
&aws.AwsIamRolePolicy{
},
&resource.AbstractResource{
Id: "driftctl_assume_role:driftctl_policy.10",
Role: func(p string) *string { return &p }("custom-role"),
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "custom-role",
},
&aws.AwsIamRolePolicy{
},
&resource.AbstractResource{
Id: "OrganizationAccountAccessRole:AdministratorAccess",
Role: func(p string) *string { return &p }("OrganizationAccountAccessRole"),
NamePrefix: nil,
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "OrganizationAccountAccessRole",
"name_prefix": nil,
},
},
},
[]resource.Resource{
&aws.AwsIamRolePolicy{
&resource.AbstractResource{
Id: "OrganizationAccountAccessRole:AdministratorAccess",
Role: func(p string) *string { return &p }("OrganizationAccountAccessRole"),
NamePrefix: func(p string) *string { return &p }("tf-"),
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "OrganizationAccountAccessRole",
"name_prefix": "tf-",
},
},
},
diff.Changelog{
{
Type: diff.DELETE,
Path: []string{"0"},
From: &aws.AwsIamRole{
From: &resource.AbstractResource{
Id: "custom-role",
Path: func(p string) *string { return &p }("/not-aws-service-role/sso.amazonaws.com"),
Type: aws.AwsIamRoleResourceType,
Attrs: &resource.Attributes{
"path": "/not-aws-service-role/sso.amazonaws.com",
},
},
To: nil,
},
{
Type: diff.DELETE,
Path: []string{"1"},
From: &aws.AwsIamRolePolicy{
From: &resource.AbstractResource{
Id: "driftctl_assume_role:driftctl_policy.10",
Role: func(p string) *string { return &p }("custom-role"),
Type: aws.AwsIamRolePolicyResourceType,
Attrs: &resource.Attributes{
"role": "custom-role",
},
},
To: nil,
},

56
pkg/middlewares/iam_policy_attachment_sanitizer.go
View File

@ -8,10 +8,14 @@ import (
)
// Split Policy attachment when there is multiple user and groups and generate a repeatable id
type IamPolicyAttachmentSanitizer struct{}
type IamPolicyAttachmentSanitizer struct {
resourceFactory resource.ResourceFactory
}
func NewIamPolicyAttachmentSanitizer() IamPolicyAttachmentSanitizer {
return IamPolicyAttachmentSanitizer{}
func NewIamPolicyAttachmentSanitizer(resourceFactory resource.ResourceFactory) IamPolicyAttachmentSanitizer {
return IamPolicyAttachmentSanitizer{
resourceFactory,
}
}
func (m IamPolicyAttachmentSanitizer) Execute(remoteResources, resourcesFromState *[]resource.Resource) error {
@ -24,7 +28,7 @@ func (m IamPolicyAttachmentSanitizer) Execute(remoteResources, resourcesFromStat
continue
}
policyAttachment := stateResource.(*resourceaws.AwsIamPolicyAttachment)
policyAttachment := stateResource.(*resource.AbstractResource)
newStateResources = append(newStateResources, m.sanitize(policyAttachment)...)
}
@ -38,7 +42,7 @@ func (m IamPolicyAttachmentSanitizer) Execute(remoteResources, resourcesFromStat
continue
}
policyAttachment := stateResource.(*resourceaws.AwsIamPolicyAttachment)
policyAttachment := stateResource.(*resource.AbstractResource)
newRemoteResources = append(newRemoteResources, m.sanitize(policyAttachment)...)
}
@ -49,33 +53,37 @@ func (m IamPolicyAttachmentSanitizer) Execute(remoteResources, resourcesFromStat
return nil
}
func (m IamPolicyAttachmentSanitizer) sanitize(policyAttachment *resourceaws.AwsIamPolicyAttachment) []resource.Resource {
func (m IamPolicyAttachmentSanitizer) sanitize(policyAttachment *resource.AbstractResource) []resource.Resource {
var newResources []resource.Resource
if policyAttachment.Users != nil {
users := (*policyAttachment.Attrs)["users"]
if users != nil {
// we create one attachment per user
for _, user := range *policyAttachment.Users {
newAttachment := *policyAttachment
// Id is generated with unique id in state so we override it with something repeatable
newAttachment.Id = fmt.Sprintf("%s-%s", user, *policyAttachment.PolicyArn)
newAttachment.Users = &[]string{user}
newResources = append(newResources, &newAttachment)
for _, user := range users.([]string) {
newAttachment := m.resourceFactory.CreateAbstractResource(
resourceaws.AwsIamPolicyAttachmentResourceType,
fmt.Sprintf("%s-%s", user, (*policyAttachment.Attrs)["policy_arn"]),
map[string]interface{}{
"users": []string{user},
},
)
newResources = append(newResources, newAttachment)
}
}
if policyAttachment.Roles != nil {
roles := (*policyAttachment.Attrs)["roles"]
if roles != nil {
// we create one attachment per role
for _, role := range *policyAttachment.Roles {
newAttachment := *policyAttachment
// Id is generated with unique id in state so we override it with something repeatable
newAttachment.Id = fmt.Sprintf("%s-%s", role, *policyAttachment.PolicyArn)
newAttachment.Roles = &[]string{role}
newResources = append(newResources, &newAttachment)
for _, role := range roles.([]string) {
newAttachment := m.resourceFactory.CreateAbstractResource(
resourceaws.AwsIamPolicyAttachmentResourceType,
fmt.Sprintf("%s-%s", role, (*policyAttachment.Attrs)["policy_arn"]),
map[string]interface{}{
"roles": []string{role},
},
)
newResources = append(newResources, newAttachment)
}
}
return newResources

299
pkg/middlewares/iam_policy_attachment_sanitizer_test.go
View File

@ -4,8 +4,8 @@ import (
"strings"
"testing"
awssdk "github.com/aws/aws-sdk-go/aws"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/r3labs/diff/v2"
@ -21,31 +21,121 @@ func TestIamPolicyAttachmentSanitizer_Execute(t *testing.T) {
tests := []struct {
name string
args resources
mocks func(*terraform.MockResourceFactory)
expected resources
wantErr bool
}{
{
name: "Split users and ReId", args: struct {
name: "Split users and ReId",
mocks: func(factory *terraform.MockResourceFactory) {
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"jean-arn",
map[string]interface{}{
"users": []string{"jean"},
},
).Once().Return(&resource.AbstractResource{
Id: "jean-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"paul-arn",
map[string]interface{}{
"users": []string{"paul"},
},
).Once().Return(&resource.AbstractResource{
Id: "paul-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"pierre-arn",
map[string]interface{}{
"users": []string{"pierre"},
},
).Once().Return(&resource.AbstractResource{
Id: "pierre-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"jean-thisisarn",
map[string]interface{}{
"users": []string{"jean"},
},
).Once().Return(&resource.AbstractResource{
Id: "jean-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"paul-thisisarn",
map[string]interface{}{
"users": []string{"paul"},
},
).Once().Return(&resource.AbstractResource{
Id: "paul-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"jacques-thisisarn",
map[string]interface{}{
"users": []string{"jacques"},
},
).Once().Return(&resource.AbstractResource{
Id: "jacques-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"jean-fromstatearn",
map[string]interface{}{
"users": []string{"jean"},
},
).Once().Return(&resource.AbstractResource{
Id: "jean-fromstatearn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
},
args: struct {
RemoteResources *[]resource.Resource
ResourcesFromState *[]resource.Resource
}{
RemoteResources: &[]resource.Resource{
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "wrongId",
PolicyArn: awssdk.String("arn"),
Users: &[]string{"jean", "paul", "pierre"},
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "arn",
"users": []string{"jean", "paul", "pierre"},
},
&aws.AwsIamPolicyAttachment{
},
&resource.AbstractResource{
Id: "wrongId2",
PolicyArn: awssdk.String("thisisarn"),
Users: &[]string{"jean", "paul", "jacques"},
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "thisisarn",
"users": []string{"jean", "paul", "jacques"},
},
},
},
ResourcesFromState: &[]resource.Resource{
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "wrongId",
PolicyArn: awssdk.String("fromstatearn"),
Users: &[]string{"jean"},
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "fromstatearn",
"users": []string{"jean"},
},
},
},
},
@ -54,69 +144,151 @@ func TestIamPolicyAttachmentSanitizer_Execute(t *testing.T) {
ResourcesFromState *[]resource.Resource
}{
RemoteResources: &[]resource.Resource{
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "jean-arn",
PolicyArn: awssdk.String("arn"),
Users: &[]string{"jean"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "paul-arn",
PolicyArn: awssdk.String("arn"),
Users: &[]string{"paul"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "pierre-arn",
PolicyArn: awssdk.String("arn"),
Users: &[]string{"pierre"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "jean-thisisarn",
PolicyArn: awssdk.String("thisisarn"),
Users: &[]string{"jean"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "paul-thisisarn",
PolicyArn: awssdk.String("thisisarn"),
Users: &[]string{"paul"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "jacques-thisisarn",
PolicyArn: awssdk.String("thisisarn"),
Users: &[]string{"jacques"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
ResourcesFromState: &[]resource.Resource{
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "jean-fromstatearn",
PolicyArn: awssdk.String("fromstatearn"),
Users: &[]string{"jean"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
},
wantErr: false,
},
{
name: "Split Roles and ReId", args: struct {
name: "Split Roles and ReId",
mocks: func(factory *terraform.MockResourceFactory) {
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role1-arn",
map[string]interface{}{
"roles": []string{"role1"},
},
).Once().Return(&resource.AbstractResource{
Id: "role1-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role2-arn",
map[string]interface{}{
"roles": []string{"role2"},
},
).Once().Return(&resource.AbstractResource{
Id: "role2-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"pierre-arn",
map[string]interface{}{
"roles": []string{"pierre"},
},
).Once().Return(&resource.AbstractResource{
Id: "pierre-arn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role1-thisisarn",
map[string]interface{}{
"roles": []string{"role1"},
},
).Once().Return(&resource.AbstractResource{
Id: "role1-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role2-thisisarn",
map[string]interface{}{
"roles": []string{"role2"},
},
).Once().Return(&resource.AbstractResource{
Id: "role2-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role3-thisisarn",
map[string]interface{}{
"roles": []string{"role3"},
},
).Once().Return(&resource.AbstractResource{
Id: "role3-thisisarn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
factory.On(
"CreateAbstractResource",
aws.AwsIamPolicyAttachmentResourceType,
"role1-fromstatearn",
map[string]interface{}{
"roles": []string{"role1"},
},
).Once().Return(&resource.AbstractResource{
Id: "role1-fromstatearn",
Type: aws.AwsIamPolicyAttachmentResourceType,
})
},
args: struct {
RemoteResources *[]resource.Resource
ResourcesFromState *[]resource.Resource
}{
RemoteResources: &[]resource.Resource{
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "wrongId",
PolicyArn: awssdk.String("arn"),
Roles: &[]string{"role1", "role2", "pierre"},
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "arn",
"roles": []string{"role1", "role2", "pierre"},
},
&aws.AwsIamPolicyAttachment{
},
&resource.AbstractResource{
Id: "wrongId2",
PolicyArn: awssdk.String("thisisarn"),
Roles: &[]string{"role1", "role2", "role3"},
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "thisisarn",
"roles": []string{"role1", "role2", "role3"},
},
},
},
ResourcesFromState: &[]resource.Resource{
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "wrongId",
PolicyArn: awssdk.String("fromstatearn"),
Roles: &[]string{"role1"},
Type: aws.AwsIamPolicyAttachmentResourceType,
Attrs: &resource.Attributes{
"policy_arn": "fromstatearn",
"roles": []string{"role1"},
},
},
},
},
@ -125,42 +297,35 @@ func TestIamPolicyAttachmentSanitizer_Execute(t *testing.T) {
ResourcesFromState *[]resource.Resource
}{
RemoteResources: &[]resource.Resource{
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "role1-arn",
PolicyArn: awssdk.String("arn"),
Roles: &[]string{"role1"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "role2-arn",
PolicyArn: awssdk.String("arn"),
Roles: &[]string{"role2"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "pierre-arn",
PolicyArn: awssdk.String("arn"),
Roles: &[]string{"pierre"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "role1-thisisarn",
PolicyArn: awssdk.String("thisisarn"),
Roles: &[]string{"role1"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "role2-thisisarn",
PolicyArn: awssdk.String("thisisarn"),
Roles: &[]string{"role2"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "role3-thisisarn",
PolicyArn: awssdk.String("thisisarn"),
Roles: &[]string{"role3"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
ResourcesFromState: &[]resource.Resource{
&aws.AwsIamPolicyAttachment{
&resource.AbstractResource{
Id: "role1-fromstatearn",
PolicyArn: awssdk.String("fromstatearn"),
Roles: &[]string{"role1"},
Type: aws.AwsIamPolicyAttachmentResourceType,
},
},
},
@ -169,7 +334,13 @@ func TestIamPolicyAttachmentSanitizer_Execute(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
m := IamPolicyAttachmentSanitizer{}
factory := &terraform.MockResourceFactory{}
if tt.mocks != nil {
tt.mocks(factory)
}
m := NewIamPolicyAttachmentSanitizer(factory)
if err := m.Execute(tt.args.RemoteResources, tt.args.ResourcesFromState); (err != nil) != tt.wantErr {
t.Errorf("Execute() error = %v, wantErr %v", err, tt.wantErr)
}

51
pkg/remote/aws/ec2_key_pair_supplier_test.go
View File

@ -19,9 +19,6 @@ import (
"github.com/cloudskiff/driftctl/test/goldenfile"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/r3labs/diff/v2"
"github.com/cloudskiff/driftctl/pkg/resource"
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
"github.com/cloudskiff/driftctl/pkg/terraform"
@ -100,51 +97,3 @@ func TestEC2KeyPairSupplier_Resources(t *testing.T) {
})
}
}
func TestEC2KeyPair_Diff(t *testing.T) {
tests := []struct {
test string
firstRes resourceaws.AwsKeyPair
secondRes resourceaws.AwsKeyPair
wantErr bool
}{
{
test: "no diff - identical resource",
firstRes: resourceaws.AwsKeyPair{
Id: "foo",
},
secondRes: resourceaws.AwsKeyPair{
Id: "foo",
},
wantErr: false,
},
{
test: "no diff - with PublicKey and KeyNamePrefix",
firstRes: resourceaws.AwsKeyPair{
Id: "bar",
PublicKey: aws.String("ssh-rsa BBBBB3NzaC1yc2E"),
KeyNamePrefix: aws.String("test"),
},
secondRes: resourceaws.AwsKeyPair{
Id: "bar",
PublicKey: nil,
KeyNamePrefix: nil,
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.test, func(t *testing.T) {
changelog, err := diff.Diff(tt.firstRes, tt.secondRes)
if err != nil {
panic(err)
}
if len(changelog) > 0 {
for _, change := range changelog {
t.Errorf("got = %v, want %v", awsutil.Prettify(change.From), awsutil.Prettify(change.To))
}
}
})
}
}

22
pkg/resource/aws/aws_iam_policy.go
View File

@ -1,7 +1,11 @@
// GENERATED, DO NOT EDIT THIS FILE
package aws
import "github.com/zclconf/go-cty/cty"
import (
"github.com/cloudskiff/driftctl/pkg/helpers"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/zclconf/go-cty/cty"
)
const AwsIamPolicyResourceType = "aws_iam_policy"
@ -27,3 +31,19 @@ func (r *AwsIamPolicy) TerraformType() string {
func (r *AwsIamPolicy) CtyValue() *cty.Value {
return r.CtyVal
}
func initAwsIAMPolicyMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.UpdateSchema(AwsIamPolicyResourceType, map[string]func(attributeSchema *resource.AttributeSchema){
"policy": func(attributeSchema *resource.AttributeSchema) {
attributeSchema.JsonString = true
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsIamPolicyResourceType, func(val *resource.Attributes) {
jsonString, err := helpers.NormalizeJsonString((*val)["policy"])
if err == nil {
val.SafeSet([]string{"policy"}, jsonString)
}
val.SafeDelete([]string{"name_prefix"})
})
}

11
pkg/resource/aws/aws_iam_policy_attachment.go
View File

@ -1,7 +1,10 @@
// GENERATED, DO NOT EDIT THIS FILE
package aws
import "github.com/zclconf/go-cty/cty"
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/zclconf/go-cty/cty"
)
const AwsIamPolicyAttachmentResourceType = "aws_iam_policy_attachment"
@ -26,3 +29,9 @@ func (r *AwsIamPolicyAttachment) TerraformType() string {
func (r *AwsIamPolicyAttachment) CtyValue() *cty.Value {
return r.CtyVal
}
func initAwsIAMPolicyAttachmentMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamPolicyAttachmentResourceType, func(val *resource.Attributes) {
val.SafeDelete([]string{"name"})
})
}

16
pkg/resource/aws/aws_iam_role.go
View File

@ -1,7 +1,10 @@
// GENERATED, DO NOT EDIT THIS FILE
package aws
import "github.com/zclconf/go-cty/cty"
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/zclconf/go-cty/cty"
)
const AwsIamRoleResourceType = "aws_iam_role"
@ -33,3 +36,14 @@ func (r *AwsIamRole) TerraformType() string {
func (r *AwsIamRole) CtyValue() *cty.Value {
return r.CtyVal
}
func initAwsIAMRoleMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.UpdateSchema(AwsIamRoleResourceType, map[string]func(attributeSchema *resource.AttributeSchema){
"assume_role_policy": func(attributeSchema *resource.AttributeSchema) {
attributeSchema.JsonString = true
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsIamRoleResourceType, func(val *resource.Attributes) {
val.SafeDelete([]string{"force_detach_policies"})
})
}

13
pkg/resource/aws/aws_iam_role_policy.go
View File

@ -1,7 +1,10 @@
// GENERATED, DO NOT EDIT THIS FILE
package aws
import "github.com/zclconf/go-cty/cty"
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/zclconf/go-cty/cty"
)
const AwsIamRolePolicyResourceType = "aws_iam_role_policy"
@ -25,3 +28,11 @@ func (r *AwsIamRolePolicy) TerraformType() string {
func (r *AwsIamRolePolicy) CtyValue() *cty.Value {
return r.CtyVal
}
func initAwsIAMRolePolicyMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.UpdateSchema(AwsIamRolePolicyResourceType, map[string]func(attributeSchema *resource.AttributeSchema){
"policy": func(attributeSchema *resource.AttributeSchema) {
attributeSchema.JsonString = true
},
})
}

15
pkg/resource/aws/aws_iam_user.go
View File

@ -1,7 +1,10 @@
// GENERATED, DO NOT EDIT THIS FILE
package aws
import "github.com/zclconf/go-cty/cty"
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/zclconf/go-cty/cty"
)
const AwsIamUserResourceType = "aws_iam_user"
@ -28,3 +31,13 @@ func (r *AwsIamUser) TerraformType() string {
func (r *AwsIamUser) CtyValue() *cty.Value {
return r.CtyVal
}
func initAwsIAMUserMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamUserResourceType, func(val *resource.Attributes) {
permissionsBoundary, exist := val.Get("permissions_boundary")
if exist && permissionsBoundary == "" {
val.SafeDelete([]string{"permissions_boundary"})
}
val.SafeDelete([]string{"force_destroy"})
})
}

13
pkg/resource/aws/aws_iam_user_policy.go
View File

@ -1,7 +1,10 @@
// GENERATED, DO NOT EDIT THIS FILE
package aws
import "github.com/zclconf/go-cty/cty"
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/zclconf/go-cty/cty"
)
const AwsIamUserPolicyResourceType = "aws_iam_user_policy"
@ -25,3 +28,11 @@ func (r *AwsIamUserPolicy) TerraformType() string {
func (r *AwsIamUserPolicy) CtyValue() *cty.Value {
return r.CtyVal
}
func initAwsIAMUserPolicyMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.UpdateSchema(AwsIamUserPolicyResourceType, map[string]func(attributeSchema *resource.AttributeSchema){
"policy": func(attributeSchema *resource.AttributeSchema) {
attributeSchema.JsonString = true
},
})
}

12
pkg/resource/aws/aws_key_pair.go
View File

@ -1,7 +1,10 @@
// GENERATED, DO NOT EDIT THIS FILE
package aws
import "github.com/zclconf/go-cty/cty"
import (
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/zclconf/go-cty/cty"
)
const AwsKeyPairResourceType = "aws_key_pair"
@ -28,3 +31,10 @@ func (r *AwsKeyPair) TerraformType() string {
func (r *AwsKeyPair) CtyValue() *cty.Value {
return r.CtyVal
}
func initAwsKeyPairMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsKeyPairResourceType, func(val *resource.Attributes) {
val.SafeDelete([]string{"key_name_prefix"})
val.SafeDelete([]string{"public_key"})
})
}

7
pkg/resource/aws/metadatas.go
View File

@ -19,4 +19,11 @@ func InitResourcesMetadata(resourceSchemaRepository resource.SchemaRepositoryInt
initAwsRouteMetaData(resourceSchemaRepository)
initSnsTopicSubscriptionMetaData(resourceSchemaRepository)
initSnsTopicPolicyMetaData(resourceSchemaRepository)
initAwsIAMPolicyMetaData(resourceSchemaRepository)
initAwsIAMPolicyAttachmentMetaData(resourceSchemaRepository)
initAwsIAMRoleMetaData(resourceSchemaRepository)
initAwsIAMRolePolicyMetaData(resourceSchemaRepository)
initAwsIAMUserMetaData(resourceSchemaRepository)
initAwsIAMUserPolicyMetaData(resourceSchemaRepository)
initAwsKeyPairMetaData(resourceSchemaRepository)
}

9
pkg/resource/resource.go
View File

@ -43,6 +43,15 @@ var refactoredResources = []string{
"aws_sns_topic_subscription",
"aws_sns_topic_policy",
"aws_sns_topic",
"aws_iam_policy",
"aws_iam_policy_attachment",
"aws_iam_role",
"aws_iam_role_policy",
"aws_iam_role_policy_attachment",
"aws_iam_user",
"aws_iam_user_policy",
"aws_iam_user_policy_attachment",
"aws_key_pair",
}
func IsRefactoredResource(typ string) bool {