sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1591 from snyk/fix/account_public_access_block 

fix issue when scanning without any s3_account_public_access_block
main
Martin 2022-10-13 11:08:56 +02:00 committed by GitHub
parent a1427f478b 4969995594
commit a28bac977c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 40 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
enumeration/remote/aws/repository/s3control_repository.go
View File

@ -2,6 +2,7 @@ package repository
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/s3control"
"github.com/snyk/driftctl/enumeration/remote/aws/client"
"github.com/snyk/driftctl/enumeration/remote/cache"
@ -33,6 +34,10 @@ func (s *s3ControlRepository) DescribeAccountPublicAccessBlock(accountID string)
})
if err != nil {
if s.shouldSuppressError(err) {
return nil, nil
}
return nil, err
}
@ -41,3 +46,13 @@ func (s *s3ControlRepository) DescribeAccountPublicAccessBlock(accountID string)
s.cache.Put(cacheKey, result)
return result, nil
}
func (s *s3ControlRepository) shouldSuppressError(err error) bool {
if requestFailure, ok := err.(awserr.RequestFailure); ok {
if requestFailure.Code() == "NoSuchPublicAccessBlockConfiguration" {
// do not throw the error up if there is no access block config
return true
}
}
return false
}

29
enumeration/remote/aws/repository/s3control_repository_test.go
View File

@ -10,7 +10,6 @@ import (
"github.com/stretchr/testify/mock"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/r3labs/diff/v2"
awstest "github.com/snyk/driftctl/test/aws"
"github.com/stretchr/testify/assert"
@ -23,10 +22,10 @@ func Test_s3ControlRepository_DescribeAccountPublicAccessBlock(t *testing.T) {
name string
mocks func(client *awstest.MockFakeS3Control)
want *s3control.PublicAccessBlockConfiguration
wantErr error
wantErr bool
}{
{
name: "describe account public accessblock",
name: "describe account public access block",
mocks: func(client *awstest.MockFakeS3Control) {
client.On("GetPublicAccessBlock", mock.Anything).Return(
&s3control.GetPublicAccessBlockOutput{
@ -48,15 +47,29 @@ func Test_s3ControlRepository_DescribeAccountPublicAccessBlock(t *testing.T) {
},
},
{
name: "Error detting account public accessblock",
name: "Error getting account public access block",
mocks: func(client *awstest.MockFakeS3Control) {
fakeRequestFailure := &awstest.MockFakeRequestFailure{}
fakeRequestFailure.On("Code").Return("FakeErrorCode")
client.On("GetPublicAccessBlock", mock.Anything).Return(
nil,
awserr.NewRequestFailure(nil, 403, ""),
fakeRequestFailure,
).Once()
},
want: nil,
wantErr: awserr.NewRequestFailure(nil, 403, ""),
wantErr: true,
},
{
name: "Error no account public access block",
mocks: func(client *awstest.MockFakeS3Control) {
fakeRequestFailure := &awstest.MockFakeRequestFailure{}
fakeRequestFailure.On("Code").Return("NoSuchPublicAccessBlockConfiguration")
client.On("GetPublicAccessBlock", mock.Anything).Return(
nil,
fakeRequestFailure,
).Once()
},
want: nil,
},
}
for _, tt := range tests {
@ -69,9 +82,9 @@ func Test_s3ControlRepository_DescribeAccountPublicAccessBlock(t *testing.T) {
r := NewS3ControlRepository(&factory, store)
got, err := r.DescribeAccountPublicAccessBlock(accountID)
factory.AssertExpectations(t)
assert.Equal(t, tt.wantErr, err)
assert.Equal(t, tt.wantErr, err != nil)
if err == nil {
if err == nil && got != nil {
// Check that results were cached
cachedData, err := r.DescribeAccountPublicAccessBlock(accountID)
assert.NoError(t, err)

4
enumeration/remote/aws/s3_account_public_access_block_enumerator.go
View File

@ -37,6 +37,10 @@ func (e *S3AccountPublicAccessBlockEnumerator) Enumerate() ([]*resource.Resource
results := make([]*resource.Resource, 0, 1)
if accountPublicAccessBlock == nil {
return results, nil
}
results = append(
results,
e.factory.CreateAbstractResource(