fix: handle access denied exceptions on resource details fetching
sundowndev
parent
47785e7b3a
commit
9ea358fbae
|
|
@ -104,7 +104,7 @@ func (c *Console) Write(analysis *analyser.Analysis) error {
|
|||
for _, alerts := range analysis.Alerts() {
|
||||
for _, alert := range alerts {
|
||||
fmt.Println(color.YellowString(alert.Message()))
|
||||
if alert, ok := alert.(*remote.EnumerationAccessDeniedAlert); ok && enumerationErrorMessage == "" {
|
||||
if alert, ok := alert.(*remote.RemoteAccessDeniedAlert); ok && enumerationErrorMessage == "" {
|
||||
enumerationErrorMessage = alert.GetProviderMessage()
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -85,9 +85,9 @@ func fakeAnalysisWithAlerts() *analyser.Analysis {
|
|||
a := fakeAnalysis()
|
||||
a.SetAlerts(alerter.Alerts{
|
||||
"": []alerter.Alert{
|
||||
remote.NewEnumerationAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc"),
|
||||
remote.NewEnumerationAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sqs", "aws_sqs"),
|
||||
remote.NewEnumerationAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sns", "aws_sns"),
|
||||
remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", remote.EnumerationPhase),
|
||||
remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sqs", "aws_sqs", remote.EnumerationPhase),
|
||||
remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sns", "aws_sns", remote.EnumerationPhase),
|
||||
},
|
||||
})
|
||||
a.ProviderVersion = "3.19.0"
|
||||
|
|
@ -318,9 +318,9 @@ func fakeAnalysisWithAWSEnumerationError() *analyser.Analysis {
|
|||
a := analyser.Analysis{}
|
||||
a.SetAlerts(alerter.Alerts{
|
||||
"": []alerter.Alert{
|
||||
remote.NewEnumerationAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc"),
|
||||
remote.NewEnumerationAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sqs", "aws_sqs"),
|
||||
remote.NewEnumerationAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sns", "aws_sns"),
|
||||
remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", remote.EnumerationPhase),
|
||||
remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sqs", "aws_sqs", remote.EnumerationPhase),
|
||||
remote.NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_sns", "aws_sns", remote.EnumerationPhase),
|
||||
},
|
||||
})
|
||||
a.ProviderName = "AWS"
|
||||
|
|
@ -332,8 +332,8 @@ func fakeAnalysisWithGithubEnumerationError() *analyser.Analysis {
|
|||
a := analyser.Analysis{}
|
||||
a.SetAlerts(alerter.Alerts{
|
||||
"": []alerter.Alert{
|
||||
remote.NewEnumerationAccessDeniedAlert(github.RemoteGithubTerraform, "github_team", "github_team"),
|
||||
remote.NewEnumerationAccessDeniedAlert(github.RemoteGithubTerraform, "github_team_membership", "github_team"),
|
||||
remote.NewRemoteAccessDeniedAlert(github.RemoteGithubTerraform, "github_team", "github_team", remote.EnumerationPhase),
|
||||
remote.NewRemoteAccessDeniedAlert(github.RemoteGithubTerraform, "github_team_membership", "github_team", remote.EnumerationPhase),
|
||||
},
|
||||
})
|
||||
a.ProviderName = "AWS"
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *CloudfrontDistributionEnumerator) SupportedType() resource.ResourceType
|
|||
func (e *CloudfrontDistributionEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
distributions, err := e.repository.ListAllDistributions()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(distributions))
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ func (e *DefaultVPCEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *DefaultVPCEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
_, defaultVPCs, err := e.repo.ListAllVPCs()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsDefaultVpcResourceType)
|
||||
return nil, remoteerror.NewResourceScanningError(err, aws.AwsDefaultVpcResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0, len(defaultVPCs))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *DynamoDBTableDetailsFetcher) ReadDetails(res resource.Resource) (resour
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsDynamodbTableResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *DynamoDBTableEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *DynamoDBTableEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
tables, err := e.repository.ListAllTables()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(tables))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2AmiEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2AmiEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
images, err := e.repository.ListAllImages()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(images))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *EC2DefaultRouteTableDetailsFetcher) ReadDetails(res resource.Resource)
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsDefaultRouteTableResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2DefaultRouteTableEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2DefaultRouteTableEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
routeTables, err := e.repository.ListAllRouteTables()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
var results []resource.Resource
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2DefaultSubnetEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2DefaultSubnetEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
_, defaultSubnets, err := e.repository.ListAllSubnets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(defaultSubnets))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2EbsSnapshotEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2EbsSnapshotEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
snapshots, err := e.repository.ListAllSnapshots()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(snapshots))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2EbsVolumeEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2EbsVolumeEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
volumes, err := e.repository.ListAllVolumes()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(volumes))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2EipAssociationEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2EipAssociationEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
addresses, err := e.repository.ListAllAddressesAssociation()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0, len(addresses))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2EipEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2EipEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
addresses, err := e.repository.ListAllAddresses()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(addresses))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2InstanceEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2InstanceEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
instances, err := e.repository.ListAllInstances()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(instances))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2InternetGatewayEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2InternetGatewayEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
internetGateways, err := e.repository.ListAllInternetGateways()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(internetGateways))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2KeyPairEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2KeyPairEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
keyPairs, err := e.repository.ListAllKeyPairs()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(keyPairs))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2NatGatewayEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2NatGatewayEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
natGateways, err := e.repository.ListAllNatGateways()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(natGateways))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -34,7 +35,7 @@ func (r *EC2RouteDetailsFetcher) ReadDetails(res resource.Resource) (resource.Re
|
|||
Attributes: attributes,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsRouteResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2RouteEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2RouteEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
routeTables, err := e.repository.ListAllRouteTables()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsRouteTableResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsRouteTableResourceType)
|
||||
}
|
||||
|
||||
var results []resource.Resource
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *EC2RouteTableAssociationDetailsFetcher) ReadDetails(res resource.Resour
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsRouteTableAssociationResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ func (e *EC2RouteTableAssociationEnumerator) SupportedType() resource.ResourceTy
|
|||
func (e *EC2RouteTableAssociationEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
routeTables, err := e.repository.ListAllRouteTables()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsRouteTableResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsRouteTableResourceType)
|
||||
}
|
||||
|
||||
var results []resource.Resource
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ func (e *EC2RouteTableEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2RouteTableEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
routeTables, err := e.repository.ListAllRouteTables()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
var results []resource.Resource
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *EC2SubnetEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *EC2SubnetEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
subnets, _, err := e.repository.ListAllSubnets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(subnets))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *ECRRepositoryEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *ECRRepositoryEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
repos, err := e.repository.ListAllRepositories()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(repos))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *IamAccessKeyDetailsFetcher) ReadDetails(res resource.Resource) (resourc
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsIamAccessKeyResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -26,12 +26,12 @@ func (e *IamAccessKeyEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *IamAccessKeyEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
users, err := e.repository.ListAllUsers()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), resourceaws.AwsIamUserResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), resourceaws.AwsIamUserResourceType)
|
||||
}
|
||||
|
||||
keys, err := e.repository.ListAllAccessKeys(users)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, resourceaws.AwsIamAccessKeyResourceType)
|
||||
return nil, remoteerror.NewResourceScanningError(err, resourceaws.AwsIamAccessKeyResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0)
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ func (e *IamPolicyEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *IamPolicyEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
policies, err := e.repository.ListAllPolicies()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(policies))
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ func awsIamRoleShouldBeIgnored(roleName string) bool {
|
|||
func (e *IamRoleEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
roles, err := e.repository.ListAllRoles()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -28,7 +29,7 @@ func (r *IamRolePolicyAttachmentDetailsFetcher) ReadDetails(res resource.Resourc
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsIamRolePolicyAttachmentResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ func (e *IamRolePolicyAttachmentEnumerator) SupportedType() resource.ResourceTyp
|
|||
func (e *IamRolePolicyAttachmentEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
roles, err := e.repository.ListAllRoles()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), resourceaws.AwsIamRoleResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), resourceaws.AwsIamRoleResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0)
|
||||
|
|
@ -48,7 +48,7 @@ func (e *IamRolePolicyAttachmentEnumerator) Enumerate() ([]resource.Resource, er
|
|||
|
||||
policyAttachments, err := e.repository.ListAllRolePolicyAttachments(rolesNotIgnored)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
for _, attachedPol := range policyAttachments {
|
||||
|
|
|
|||
|
|
@ -29,12 +29,12 @@ func (e *IamRolePolicyEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *IamRolePolicyEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
roles, err := e.repository.ListAllRoles()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, resourceaws.AwsIamRolePolicyResourceType, resourceaws.AwsIamRoleResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, resourceaws.AwsIamRolePolicyResourceType, resourceaws.AwsIamRoleResourceType)
|
||||
}
|
||||
|
||||
policies, err := e.repository.ListAllRolePolicies(roles)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, resourceaws.AwsIamRolePolicyResourceType)
|
||||
return nil, remoteerror.NewResourceScanningError(err, resourceaws.AwsIamRolePolicyResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(policies))
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ func (e *IamUserEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *IamUserEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
users, err := e.repository.ListAllUsers()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(users))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -28,7 +29,7 @@ func (r *IamUserPolicyAttachmentDetailsFetcher) ReadDetails(res resource.Resourc
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsIamUserPolicyAttachmentResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -28,13 +28,13 @@ func (e *IamUserPolicyAttachmentEnumerator) SupportedType() resource.ResourceTyp
|
|||
func (e *IamUserPolicyAttachmentEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
users, err := e.repository.ListAllUsers()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), resourceaws.AwsIamUserResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), resourceaws.AwsIamUserResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0)
|
||||
policyAttachments, err := e.repository.ListAllUserPolicyAttachments(users)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
for _, attachedPol := range policyAttachments {
|
||||
|
|
|
|||
|
|
@ -26,11 +26,11 @@ func (e *IamUserPolicyEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *IamUserPolicyEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
users, err := e.repository.ListAllUsers()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsIamUserResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsIamUserResourceType)
|
||||
}
|
||||
userPolicies, err := e.repository.ListAllUserPolicies(users)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(userPolicies))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *KMSAliasEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *KMSAliasEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
aliases, err := e.repository.ListAllAliases()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(aliases))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *KMSKeyEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *KMSKeyEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
keys, err := e.repository.ListAllKeys()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(keys))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *LambdaEventSourceMappingEnumerator) SupportedType() resource.ResourceTy
|
|||
func (e *LambdaEventSourceMappingEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
eventSourceMappings, err := e.repository.ListAllLambdaEventSourceMappings()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(eventSourceMappings))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
|
||||
|
|
@ -30,7 +31,7 @@ func (r *LambdaFunctionDetailsFetcher) ReadDetails(topic resource.Resource) (res
|
|||
})
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, resourceaws.AwsLambdaFunctionResourceType)
|
||||
}
|
||||
return r.deserializer.DeserializeOne(resourceaws.AwsLambdaFunctionResourceType, *val)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *LambdaFunctionEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *LambdaFunctionEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
functions, err := e.repository.ListAllLambdaFunctions()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(functions))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *RDSDBInstanceEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *RDSDBInstanceEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
instances, err := e.repository.ListAllDBInstances()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(instances))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *RDSDBSubnetGroupEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *RDSDBSubnetGroupEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
subnetGroups, err := e.repository.ListAllDBSubnetGroups()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(subnetGroups))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *Route53HealthCheckEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *Route53HealthCheckEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
healthChecks, err := e.repository.ListAllHealthChecks()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(healthChecks))
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ func (e *Route53RecordEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
|
||||
zones, err := e.client.ListAllZones()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), resourceaws.AwsRoute53ZoneResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), resourceaws.AwsRoute53ZoneResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(zones))
|
||||
|
|
@ -39,7 +39,7 @@ func (e *Route53RecordEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
for _, hostedZone := range zones {
|
||||
records, err := e.listRecordsForZone(strings.TrimPrefix(*hostedZone.Id, "/hostedzone/"))
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results = append(results, records...)
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ func (e *Route53ZoneSupplier) SupportedType() resource.ResourceType {
|
|||
func (e *Route53ZoneSupplier) Enumerate() ([]resource.Resource, error) {
|
||||
zones, err := e.client.ListAllZones()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(zones))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *S3BucketAnalyticDetailsFetcher) ReadDetails(res resource.Resource) (res
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketAnalyticsConfigurationResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ func (e *S3BucketAnalyticEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *S3BucketAnalyticEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
buckets, err := e.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(buckets))
|
||||
|
|
@ -40,7 +40,7 @@ func (e *S3BucketAnalyticEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
for _, bucket := range buckets {
|
||||
region, err := e.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
if region == "" || region != e.providerConfig.DefaultAlias {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
|
|
@ -52,7 +52,7 @@ func (e *S3BucketAnalyticEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
|
||||
analyticsConfigurationList, err := e.repository.ListBucketAnalyticsConfigurations(bucket, region)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
for _, analytics := range analyticsConfigurationList {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *S3BucketDetailsFetcher) ReadDetails(res resource.Resource) (resource.Re
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ func (e *S3BucketEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *S3BucketEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
buckets, err := e.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(buckets))
|
||||
|
|
@ -38,7 +38,7 @@ func (e *S3BucketEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
for _, bucket := range buckets {
|
||||
region, err := e.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
if region == "" || region != e.providerConfig.DefaultAlias {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *S3BucketInventoryDetailsFetcher) ReadDetails(res resource.Resource) (re
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketInventoryResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ func (e *S3BucketInventoryEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *S3BucketInventoryEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
buckets, err := e.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(buckets))
|
||||
|
|
@ -40,7 +40,7 @@ func (e *S3BucketInventoryEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
for _, bucket := range buckets {
|
||||
region, err := e.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
if region == "" || region != e.providerConfig.DefaultAlias {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
|
|
@ -52,7 +52,7 @@ func (e *S3BucketInventoryEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
|
||||
inventoryConfigurations, err := e.repository.ListBucketInventoryConfigurations(bucket, region)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsS3BucketInventoryResourceType)
|
||||
return nil, remoteerror.NewResourceScanningError(err, aws.AwsS3BucketInventoryResourceType)
|
||||
}
|
||||
|
||||
for _, config := range inventoryConfigurations {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *S3BucketMetricsDetailsFetcher) ReadDetails(res resource.Resource) (reso
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketMetricResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ func (e *S3BucketMetricsEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *S3BucketMetricsEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
buckets, err := e.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, aws.AwsS3BucketMetricResourceType, aws.AwsS3BucketResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, aws.AwsS3BucketMetricResourceType, aws.AwsS3BucketResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(buckets))
|
||||
|
|
@ -40,7 +40,7 @@ func (e *S3BucketMetricsEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
for _, bucket := range buckets {
|
||||
region, err := e.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, aws.AwsS3BucketMetricResourceType, aws.AwsS3BucketResourceType)
|
||||
}
|
||||
if region == "" || region != e.providerConfig.DefaultAlias {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
|
|
@ -52,7 +52,7 @@ func (e *S3BucketMetricsEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
|
||||
metricsConfigurationList, err := e.repository.ListBucketMetricsConfigurations(bucket, region)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsS3BucketMetricResourceType)
|
||||
return nil, remoteerror.NewResourceScanningError(err, aws.AwsS3BucketMetricResourceType)
|
||||
}
|
||||
|
||||
for _, metric := range metricsConfigurationList {
|
||||
|
|
@ -70,5 +70,5 @@ func (e *S3BucketMetricsEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
}
|
||||
}
|
||||
|
||||
return results, err
|
||||
return results, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *S3BucketNotificationDetailsFetcher) ReadDetails(res resource.Resource)
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketNotificationResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ func (e *S3BucketNotificationEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *S3BucketNotificationEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
buckets, err := e.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(buckets))
|
||||
|
|
@ -38,7 +38,7 @@ func (e *S3BucketNotificationEnumerator) Enumerate() ([]resource.Resource, error
|
|||
for _, bucket := range buckets {
|
||||
region, err := e.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
if region == "" || region != e.providerConfig.DefaultAlias {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
|
|
@ -50,7 +50,7 @@ func (e *S3BucketNotificationEnumerator) Enumerate() ([]resource.Resource, error
|
|||
|
||||
notification, err := e.repository.GetBucketNotification(*bucket.Name, region)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
if notification == nil {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -27,7 +28,7 @@ func (r *S3BucketPolicyDetailsFetcher) ReadDetails(res resource.Resource) (resou
|
|||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsS3BucketPolicyResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ func (e *S3BucketPolicyEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *S3BucketPolicyEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
buckets, err := e.repository.ListAllBuckets()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(buckets))
|
||||
|
|
@ -38,7 +38,7 @@ func (e *S3BucketPolicyEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
for _, bucket := range buckets {
|
||||
region, err := e.repository.GetBucketLocation(*bucket.Name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsS3BucketResourceType)
|
||||
}
|
||||
if region == "" || region != e.providerConfig.DefaultAlias {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
|
|
@ -50,7 +50,7 @@ func (e *S3BucketPolicyEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
|
||||
policy, err := e.repository.GetBucketPolicy(*bucket.Name, region)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsS3BucketPolicyResourceType)
|
||||
return nil, remoteerror.NewResourceScanningError(err, aws.AwsS3BucketPolicyResourceType)
|
||||
}
|
||||
|
||||
if policy != nil {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
|
@ -30,7 +31,7 @@ func (r *SNSTopicDetailsFetcher) ReadDetails(topic resource.Resource) (resource.
|
|||
})
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, topic.TerraformType())
|
||||
}
|
||||
return r.deserializer.DeserializeOne(aws.AwsSnsTopicResourceType, *val)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *SNSTopicEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *SNSTopicEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
topics, err := e.repository.ListAllTopics()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(topics))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
|
@ -30,7 +31,7 @@ func (r *SNSTopicPolicyDetailsFetcher) ReadDetails(topic resource.Resource) (res
|
|||
})
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, topic.TerraformType())
|
||||
}
|
||||
return r.deserializer.DeserializeOne(aws.AwsSnsTopicPolicyResourceType, *val)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func (e *SNSTopicPolicyEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *SNSTopicPolicyEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
topics, err := e.repository.ListAllTopics()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsSnsTopicResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsSnsTopicResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(topics))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
|
@ -30,7 +31,7 @@ func (r *SNSTopicSubscriptionDetailsFetcher) ReadDetails(res resource.Resource)
|
|||
})
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsSnsTopicSubscriptionResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ func (e *SNSTopicSubscriptionEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *SNSTopicSubscriptionEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
allSubscriptions, err := e.repository.ListAllSubscriptions()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(allSubscriptions))
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package aws
|
|||
import (
|
||||
"strings"
|
||||
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -35,7 +36,7 @@ func (r *SQSQueueDetailsFetcher) ReadDetails(res resource.Resource) (resource.Re
|
|||
return nil, nil
|
||||
}
|
||||
logrus.Error(err)
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsSqsQueueResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ func (e *SQSQueueEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *SQSQueueEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
queues, err := e.repository.ListAllQueues()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(queues))
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ func (e *SQSQueuePolicyEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *SQSQueuePolicyEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
queues, err := e.repository.ListAllQueues()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), aws.AwsSqsQueueResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), aws.AwsSqsQueueResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0, len(queues))
|
||||
|
|
@ -50,7 +50,7 @@ func (e *SQSQueuePolicyEnumerator) Enumerate() ([]resource.Resource, error) {
|
|||
}).Debugf("Ignoring queue that seems to be already deleted: %+v", err)
|
||||
continue
|
||||
}
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
if attributes.Attributes != nil {
|
||||
attrs["policy"] = *attributes.Attributes[sqs.QueueAttributeNamePolicy]
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ func (e *VPCDefaultSecurityGroupEnumerator) SupportedType() resource.ResourceTyp
|
|||
func (e *VPCDefaultSecurityGroupEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
_, defaultSecurityGroups, err := e.repository.ListAllSecurityGroups()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0, len(defaultSecurityGroups))
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ func (e *VPCEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *VPCEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
VPCs, _, err := e.repo.ListAllVPCs()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, aws.AwsVpcResourceType)
|
||||
return nil, remoteerror.NewResourceScanningError(err, aws.AwsVpcResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0, len(VPCs))
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ func (e *VPCSecurityGroupEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *VPCSecurityGroupEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
securityGroups, _, err := e.repository.ListAllSecurityGroups()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0, len(securityGroups))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
|
@ -59,7 +60,7 @@ func (r *VPCSecurityGroupRuleDetailsFetcher) ReadDetails(res resource.Resource)
|
|||
Attributes: flatmap.Flatten(attrs),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsSecurityGroupRuleResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ func (e *VPCSecurityGroupRuleEnumerator) SupportedType() resource.ResourceType {
|
|||
func (e *VPCSecurityGroupRuleEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
securityGroups, defaultSecurityGroups, err := e.repository.ListAllSecurityGroups()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), resourceaws.AwsSecurityGroupResourceType)
|
||||
return nil, remoteerror.NewResourceScanningErrorWithType(err, string(e.SupportedType()), resourceaws.AwsSecurityGroupResourceType)
|
||||
}
|
||||
|
||||
secGroups := make([]*ec2.SecurityGroup, 0, len(securityGroups)+len(defaultSecurityGroups))
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package common
|
||||
|
||||
import (
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
|
@ -30,7 +31,7 @@ func (f *GenericDetailsFetcher) ReadDetails(res resource.Resource) (resource.Res
|
|||
ID: res.TerraformId(),
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, remoteerror.NewResourceScanningError(err, res.TerraformType())
|
||||
}
|
||||
if ctyVal.IsNull() {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
|
|
|
|||
|
|
@ -29,25 +29,25 @@ func (b *SupplierError) Context() map[string]string {
|
|||
return b.context
|
||||
}
|
||||
|
||||
type ResourceEnumerationError struct {
|
||||
type ResourceScanningError struct {
|
||||
SupplierError
|
||||
listedTypeError string
|
||||
}
|
||||
|
||||
func NewResourceEnumerationErrorWithType(error error, supplierType string, listedTypeError string) *ResourceEnumerationError {
|
||||
func NewResourceScanningErrorWithType(error error, supplierType string, listedTypeError string) *ResourceScanningError {
|
||||
context := map[string]string{
|
||||
"ListedTypeError": listedTypeError,
|
||||
}
|
||||
return &ResourceEnumerationError{
|
||||
return &ResourceScanningError{
|
||||
SupplierError: *NewSupplierError(error, context, supplierType),
|
||||
listedTypeError: listedTypeError,
|
||||
}
|
||||
}
|
||||
|
||||
func NewResourceEnumerationError(error error, supplierType string) *ResourceEnumerationError {
|
||||
return NewResourceEnumerationErrorWithType(error, supplierType, supplierType)
|
||||
func NewResourceScanningError(error error, supplierType string) *ResourceScanningError {
|
||||
return NewResourceScanningErrorWithType(error, supplierType, supplierType)
|
||||
}
|
||||
|
||||
func (b *ResourceEnumerationError) ListedTypeError() string {
|
||||
func (b *ResourceScanningError) ListedTypeError() string {
|
||||
return b.listedTypeError
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ func (g *GithubBranchProtectionEnumerator) SupportedType() resource.ResourceType
|
|||
func (g *GithubBranchProtectionEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
ids, err := g.repository.ListBranchProtection()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(g.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(g.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(ids))
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ func (g *GithubMembershipEnumerator) SupportedType() resource.ResourceType {
|
|||
func (g *GithubMembershipEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
ids, err := g.Membership.ListMembership()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(g.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(g.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(ids))
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ func (g *GithubRepositoryEnumerator) SupportedType() resource.ResourceType {
|
|||
func (g *GithubRepositoryEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
ids, err := g.repository.ListRepositories()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(g.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(g.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(ids))
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ func (g *GithubTeamEnumerator) SupportedType() resource.ResourceType {
|
|||
func (g *GithubTeamEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
resourceList, err := g.repository.ListTeams()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(g.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(g.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(resourceList))
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ func (g *GithubTeamMembershipEnumerator) SupportedType() resource.ResourceType {
|
|||
func (g *GithubTeamMembershipEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
ids, err := g.repository.ListTeamMemberships()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(g.SupportedType()))
|
||||
return nil, remoteerror.NewResourceScanningError(err, string(g.SupportedType()))
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, len(ids))
|
||||
|
|
|
|||
|
|
@ -12,26 +12,51 @@ import (
|
|||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
type EnumerationAccessDeniedAlert struct {
|
||||
type ScanningPhase int
|
||||
|
||||
const (
|
||||
EnumerationPhase ScanningPhase = iota
|
||||
DetailsFetchingPhase
|
||||
)
|
||||
|
||||
type RemoteAccessDeniedAlert struct {
|
||||
message string
|
||||
provider string
|
||||
scanningPhase ScanningPhase
|
||||
}
|
||||
|
||||
func NewEnumerationAccessDeniedAlert(provider, supplierType, listedTypeError string) *EnumerationAccessDeniedAlert {
|
||||
message := fmt.Sprintf("Ignoring %s from drift calculation: Listing %s is forbidden.", supplierType, listedTypeError)
|
||||
return &EnumerationAccessDeniedAlert{message, provider}
|
||||
func NewRemoteAccessDeniedAlert(provider, supplierType, listedTypeError string, scanningPhase ScanningPhase) *RemoteAccessDeniedAlert {
|
||||
var message string
|
||||
switch scanningPhase {
|
||||
case EnumerationPhase:
|
||||
message = fmt.Sprintf("Ignoring %s from drift calculation: Listing %s is forbidden.", supplierType, listedTypeError)
|
||||
case DetailsFetchingPhase:
|
||||
message = fmt.Sprintf("Ignoring %s from drift calculation: Reading details of %s is forbidden.", supplierType, listedTypeError)
|
||||
default:
|
||||
message = fmt.Sprintf("Ignoring %s from drift calculation: %s", supplierType, listedTypeError)
|
||||
}
|
||||
return &RemoteAccessDeniedAlert{message, provider, scanningPhase}
|
||||
}
|
||||
|
||||
func (e *EnumerationAccessDeniedAlert) Message() string {
|
||||
func (e *RemoteAccessDeniedAlert) Message() string {
|
||||
return e.message
|
||||
}
|
||||
|
||||
func (e *EnumerationAccessDeniedAlert) ShouldIgnoreResource() bool {
|
||||
func (e *RemoteAccessDeniedAlert) ShouldIgnoreResource() bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func (e *EnumerationAccessDeniedAlert) GetProviderMessage() string {
|
||||
message := "It seems that we got access denied exceptions while listing resources.\n"
|
||||
func (e *RemoteAccessDeniedAlert) GetProviderMessage() string {
|
||||
var message string
|
||||
switch e.scanningPhase {
|
||||
case DetailsFetchingPhase:
|
||||
message = "It seems that we got access denied exceptions while reading details of resources.\n"
|
||||
case EnumerationPhase:
|
||||
fallthrough
|
||||
default:
|
||||
message = "It seems that we got access denied exceptions while listing resources.\n"
|
||||
}
|
||||
|
||||
switch e.provider {
|
||||
case github.RemoteGithubTerraform:
|
||||
message += "Please be sure that your Github token has the right permissions, check the last up-to-date documentation there: https://docs.driftctl.com/github/policy"
|
||||
|
|
@ -44,7 +69,7 @@ func (e *EnumerationAccessDeniedAlert) GetProviderMessage() string {
|
|||
}
|
||||
|
||||
func HandleResourceEnumerationError(err error, alerter alerter.AlerterInterface) error {
|
||||
listError, ok := err.(*remoteerror.ResourceEnumerationError)
|
||||
listError, ok := err.(*remoteerror.ResourceScanningError)
|
||||
if !ok {
|
||||
return err
|
||||
}
|
||||
|
|
@ -56,6 +81,11 @@ func HandleResourceEnumerationError(err error, alerter alerter.AlerterInterface)
|
|||
return handleAWSError(alerter, listError, reqerr)
|
||||
}
|
||||
|
||||
if strings.Contains(rootCause.Error(), "AccessDenied") {
|
||||
sendEnumerationAlert(aws.RemoteAWSTerraform, alerter, listError)
|
||||
return nil
|
||||
}
|
||||
|
||||
if strings.HasPrefix(
|
||||
rootCause.Error(),
|
||||
"Your token has not been granted the required scopes to execute this query.",
|
||||
|
|
@ -67,7 +97,33 @@ func HandleResourceEnumerationError(err error, alerter alerter.AlerterInterface)
|
|||
return err
|
||||
}
|
||||
|
||||
func handleAWSError(alerter alerter.AlerterInterface, listError *remoteerror.ResourceEnumerationError, reqerr awserr.RequestFailure) error {
|
||||
func HandleResourceDetailsFetchingError(err error, alerter alerter.AlerterInterface) error {
|
||||
listError, ok := err.(*remoteerror.ResourceScanningError)
|
||||
if !ok {
|
||||
return err
|
||||
}
|
||||
|
||||
rootCause := listError.RootCause()
|
||||
|
||||
if strings.HasPrefix(rootCause.Error(), "AccessDeniedException") {
|
||||
sendDetailsFetchingAlert(aws.RemoteAWSTerraform, alerter, listError)
|
||||
return nil
|
||||
}
|
||||
|
||||
if strings.Contains(rootCause.Error(), "AccessDenied") {
|
||||
sendDetailsFetchingAlert(aws.RemoteAWSTerraform, alerter, listError)
|
||||
return nil
|
||||
}
|
||||
|
||||
if strings.Contains(rootCause.Error(), "AuthorizationError") {
|
||||
sendDetailsFetchingAlert(aws.RemoteAWSTerraform, alerter, listError)
|
||||
return nil
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func handleAWSError(alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError, reqerr awserr.RequestFailure) error {
|
||||
if reqerr.StatusCode() == 403 || (reqerr.StatusCode() == 400 && strings.Contains(reqerr.Code(), "AccessDenied")) {
|
||||
sendEnumerationAlert(aws.RemoteAWSTerraform, alerter, listError)
|
||||
return nil
|
||||
|
|
@ -76,10 +132,18 @@ func handleAWSError(alerter alerter.AlerterInterface, listError *remoteerror.Res
|
|||
return reqerr
|
||||
}
|
||||
|
||||
func sendEnumerationAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceEnumerationError) {
|
||||
func sendEnumerationAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError) {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"supplier_type": listError.SupplierType(),
|
||||
"listed_type": listError.ListedTypeError(),
|
||||
}).Debugf("Got an access denied error")
|
||||
alerter.SendAlert(listError.SupplierType(), NewEnumerationAccessDeniedAlert(provider, listError.SupplierType(), listError.ListedTypeError()))
|
||||
alerter.SendAlert(listError.SupplierType(), NewRemoteAccessDeniedAlert(provider, listError.SupplierType(), listError.ListedTypeError(), EnumerationPhase))
|
||||
}
|
||||
|
||||
func sendDetailsFetchingAlert(provider string, alerter alerter.AlerterInterface, listError *remoteerror.ResourceScanningError) {
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"supplier_type": listError.SupplierType(),
|
||||
"listed_type": listError.ListedTypeError(),
|
||||
}).Debugf("Got an access denied error")
|
||||
alerter.SendAlert(listError.SupplierType(), NewRemoteAccessDeniedAlert(provider, listError.SupplierType(), listError.ListedTypeError(), DetailsFetchingPhase))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ import (
|
|||
"github.com/cloudskiff/driftctl/pkg/alerter"
|
||||
)
|
||||
|
||||
func TestHandleListAwsError(t *testing.T) {
|
||||
func TestHandleAwsEnumerationErrors(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
|
|
@ -27,19 +27,19 @@ func TestHandleListAwsError(t *testing.T) {
|
|||
}{
|
||||
{
|
||||
name: "Handled error 403",
|
||||
err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(awserr.New("", "", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
|
||||
wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewEnumerationAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc")}},
|
||||
err: remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("", "", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
|
||||
wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", EnumerationPhase)}},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "Handled error AccessDenied",
|
||||
err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(awserr.New("AccessDeniedException", "", errors.New("")), 403, ""), resourceaws.AwsDynamodbTableResourceType),
|
||||
wantAlerts: alerter.Alerts{"aws_dynamodb_table": []alerter.Alert{NewEnumerationAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_dynamodb_table", "aws_dynamodb_table")}},
|
||||
err: remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("AccessDeniedException", "", errors.New("")), 403, ""), resourceaws.AwsDynamodbTableResourceType),
|
||||
wantAlerts: alerter.Alerts{"aws_dynamodb_table": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_dynamodb_table", "aws_dynamodb_table", EnumerationPhase)}},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "Not Handled error code",
|
||||
err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(awserr.New("", "", errors.New("")), 404, ""), resourceaws.AwsVpcResourceType),
|
||||
err: remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("", "", errors.New("")), 404, ""), resourceaws.AwsVpcResourceType),
|
||||
wantAlerts: map[string][]alerter.Alert{},
|
||||
wantErr: true,
|
||||
},
|
||||
|
|
@ -57,10 +57,16 @@ func TestHandleListAwsError(t *testing.T) {
|
|||
},
|
||||
{
|
||||
name: "Not Handled root error type",
|
||||
err: remoteerror.NewResourceEnumerationError(errors.New("error"), resourceaws.AwsVpcResourceType),
|
||||
err: remoteerror.NewResourceScanningError(errors.New("error"), resourceaws.AwsVpcResourceType),
|
||||
wantAlerts: map[string][]alerter.Alert{},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "Handle AccessDenied error",
|
||||
err: remoteerror.NewResourceScanningError(errors.New("an error occured: AccessDenied: 403"), resourceaws.AwsVpcResourceType),
|
||||
wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", EnumerationPhase)}},
|
||||
wantErr: false,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
|
|
@ -75,7 +81,7 @@ func TestHandleListAwsError(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestHandleListGithubError(t *testing.T) {
|
||||
func TestHandleGithubEnumerationErrors(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
|
|
@ -85,13 +91,13 @@ func TestHandleListGithubError(t *testing.T) {
|
|||
}{
|
||||
{
|
||||
name: "Handled graphql error",
|
||||
err: remoteerror.NewResourceEnumerationError(errors.New("Your token has not been granted the required scopes to execute this query."), resourcegithub.GithubTeamResourceType),
|
||||
wantAlerts: alerter.Alerts{"github_team": []alerter.Alert{NewEnumerationAccessDeniedAlert(github.RemoteGithubTerraform, "github_team", "github_team")}},
|
||||
err: remoteerror.NewResourceScanningError(errors.New("Your token has not been granted the required scopes to execute this query."), resourcegithub.GithubTeamResourceType),
|
||||
wantAlerts: alerter.Alerts{"github_team": []alerter.Alert{NewRemoteAccessDeniedAlert(github.RemoteGithubTerraform, "github_team", "github_team", EnumerationPhase)}},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "Not handled graphql error",
|
||||
err: remoteerror.NewResourceEnumerationError(errors.New("This is a not handler graphql error"), resourcegithub.GithubTeamResourceType),
|
||||
err: remoteerror.NewResourceScanningError(errors.New("This is a not handler graphql error"), resourcegithub.GithubTeamResourceType),
|
||||
wantAlerts: map[string][]alerter.Alert{},
|
||||
wantErr: true,
|
||||
},
|
||||
|
|
@ -121,6 +127,52 @@ func TestHandleListGithubError(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestHandleAwsDetailsFetchingErrors(t *testing.T) {
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
err error
|
||||
wantAlerts alerter.Alerts
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "Handle AccessDeniedException error",
|
||||
err: remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("AccessDeniedException", "test", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
|
||||
wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", DetailsFetchingPhase)}},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "Handle AccessDenied error",
|
||||
err: remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("test", "error: AccessDenied", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
|
||||
wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", DetailsFetchingPhase)}},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "Handle AccessDenied error",
|
||||
err: remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("test", "error: AuthorizationError", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
|
||||
wantAlerts: alerter.Alerts{"aws_vpc": []alerter.Alert{NewRemoteAccessDeniedAlert(aws.RemoteAWSTerraform, "aws_vpc", "aws_vpc", DetailsFetchingPhase)}},
|
||||
wantErr: false,
|
||||
},
|
||||
{
|
||||
name: "Unhandled error",
|
||||
err: remoteerror.NewResourceScanningError(awserr.NewRequestFailure(awserr.New("test", "error: dummy error", errors.New("")), 403, ""), resourceaws.AwsVpcResourceType),
|
||||
wantAlerts: alerter.Alerts{},
|
||||
wantErr: true,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
alertr := alerter.NewAlerter()
|
||||
gotErr := HandleResourceDetailsFetchingError(tt.err, alertr)
|
||||
assert.Equal(t, tt.wantErr, gotErr != nil)
|
||||
|
||||
retrieve := alertr.Retrieve()
|
||||
assert.Equal(t, tt.wantAlerts, retrieve)
|
||||
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestEnumerationAccessDeniedAlert_GetProviderMessage(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
|
|
@ -145,7 +197,39 @@ func TestEnumerationAccessDeniedAlert_GetProviderMessage(t *testing.T) {
|
|||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
e := NewEnumerationAccessDeniedAlert(tt.provider, "supplier_type", "listed_type_error")
|
||||
e := NewRemoteAccessDeniedAlert(tt.provider, "supplier_type", "listed_type_error", EnumerationPhase)
|
||||
if got := e.GetProviderMessage(); got != tt.want {
|
||||
t.Errorf("GetProviderMessage() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestDetailsFetchingAccessDeniedAlert_GetProviderMessage(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
provider string
|
||||
want string
|
||||
}{
|
||||
{
|
||||
name: "test for unsupported provider",
|
||||
provider: "foobar",
|
||||
want: "",
|
||||
},
|
||||
{
|
||||
name: "test for AWS",
|
||||
provider: aws.RemoteAWSTerraform,
|
||||
want: "It seems that we got access denied exceptions while reading details of resources.\nThe latest minimal read-only IAM policy for driftctl is always available here, please update yours: https://docs.driftctl.com/aws/policy",
|
||||
},
|
||||
{
|
||||
name: "test for github",
|
||||
provider: github.RemoteGithubTerraform,
|
||||
want: "It seems that we got access denied exceptions while reading details of resources.\nPlease be sure that your Github token has the right permissions, check the last up-to-date documentation there: https://docs.driftctl.com/github/policy",
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
e := NewRemoteAccessDeniedAlert(tt.provider, "supplier_type", "listed_type_error", DetailsFetchingPhase)
|
||||
if got := e.GetProviderMessage(); got != tt.want {
|
||||
t.Errorf("GetProviderMessage() = %v, want %v", got, tt.want)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -76,13 +76,13 @@ func (s *Scanner) scan() ([]resource.Resource, error) {
|
|||
}
|
||||
return nil, err
|
||||
}
|
||||
for _, resource := range resources {
|
||||
if resource == nil {
|
||||
for _, res := range resources {
|
||||
if res == nil {
|
||||
continue
|
||||
}
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"id": resource.TerraformId(),
|
||||
"type": resource.TerraformType(),
|
||||
"id": res.TerraformId(),
|
||||
"type": res.TerraformType(),
|
||||
}).Debug("Found cloud resource")
|
||||
}
|
||||
return resources, nil
|
||||
|
|
@ -102,14 +102,18 @@ func (s *Scanner) scan() ([]resource.Resource, error) {
|
|||
res := res
|
||||
s.detailsFetcherRunner.Run(func() (interface{}, error) {
|
||||
fetcher := s.remoteLibrary.GetDetailsFetcher(resource.ResourceType(res.TerraformType()))
|
||||
if fetcher != nil {
|
||||
if fetcher == nil {
|
||||
return []resource.Resource{res}, nil
|
||||
}
|
||||
|
||||
resourceWithDetails, err := fetcher.ReadDetails(res)
|
||||
if err != nil {
|
||||
if err := HandleResourceDetailsFetchingError(err, s.alerter); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return []resource.Resource{resourceWithDetails}, nil
|
||||
return []resource.Resource{}, nil
|
||||
}
|
||||
return []resource.Resource{res}, nil
|
||||
return []resource.Resource{resourceWithDetails}, nil
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -279,7 +279,7 @@ func TestSNSTopicSubscriptionScan(t *testing.T) {
|
|||
},
|
||||
alerts: map[string][]alerter.Alert{
|
||||
resourceaws.AwsSnsTopicSubscriptionResourceType: {
|
||||
NewEnumerationAccessDeniedAlert("aws+tf", resourceaws.AwsSnsTopicSubscriptionResourceType, resourceaws.AwsSnsTopicSubscriptionResourceType),
|
||||
NewRemoteAccessDeniedAlert("aws+tf", resourceaws.AwsSnsTopicSubscriptionResourceType, resourceaws.AwsSnsTopicSubscriptionResourceType, EnumerationPhase),
|
||||
},
|
||||
},
|
||||
err: nil,
|
||||
|
|
|
|||
Loading…
Reference in New Issue