diff --git a/pkg/middlewares/aws_defaults.go b/pkg/middlewares/aws_defaults.go index e5baeb25..fdb5a423 100644 --- a/pkg/middlewares/aws_defaults.go +++ b/pkg/middlewares/aws_defaults.go @@ -59,6 +59,11 @@ func (m AwsDefaults) awsIamRolePolicyDefaults(remoteResources []resource.Resourc } } + if role == nil { + logrus.Warnf("Role for %s role policy not found. Is that supposed to happen ?", remoteResource.TerraformId()) + continue + } + if match := strings.HasPrefix((*role.Attrs)["path"].(string), defaultIamRolePathPrefix); match { resourcesToIgnore = append(resourcesToIgnore, remoteResource) } diff --git a/pkg/remote/aws/iam_role_policy_enumerator.go b/pkg/remote/aws/iam_role_policy_enumerator.go index 2e4b79f7..53ba026e 100644 --- a/pkg/remote/aws/iam_role_policy_enumerator.go +++ b/pkg/remote/aws/iam_role_policy_enumerator.go @@ -1,6 +1,8 @@ package aws import ( + "fmt" + "github.com/cloudskiff/driftctl/pkg/remote/aws/repository" remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error" @@ -41,8 +43,10 @@ func (e *IamRolePolicyEnumerator) Enumerate() ([]resource.Resource, error) { results, e.factory.CreateAbstractResource( string(e.SupportedType()), - policy, - map[string]interface{}{}, + fmt.Sprintf("%s:%s", policy.RoleName, policy.Policy), + map[string]interface{}{ + "role": policy.RoleName, + }, ), ) } diff --git a/pkg/remote/aws/repository/iam_repository.go b/pkg/remote/aws/repository/iam_repository.go index ae2c8383..faec6522 100644 --- a/pkg/remote/aws/repository/iam_repository.go +++ b/pkg/remote/aws/repository/iam_repository.go @@ -16,7 +16,7 @@ type IAMRepository interface { ListAllPolicies() ([]*iam.Policy, error) ListAllRoles() ([]*iam.Role, error) ListAllRolePolicyAttachments([]*iam.Role) ([]*AttachedRolePolicy, error) - ListAllRolePolicies([]*iam.Role) ([]string, error) + ListAllRolePolicies([]*iam.Role) ([]RolePolicy, error) ListAllUserPolicyAttachments([]*iam.User) ([]*AttachedUserPolicy, error) ListAllUserPolicies([]*iam.User) ([]string, error) } @@ -154,22 +154,22 @@ func (r *iamRepository) ListAllRolePolicyAttachments(roles []*iam.Role) ([]*Atta return resources, nil } -func (r *iamRepository) ListAllRolePolicies(roles []*iam.Role) ([]string, error) { - var resources []string +func (r *iamRepository) ListAllRolePolicies(roles []*iam.Role) ([]RolePolicy, error) { + var resources []RolePolicy for _, role := range roles { cacheKey := fmt.Sprintf("iamListAllRolePolicies_role_%s", *role.RoleName) if v := r.cache.Get(cacheKey); v != nil { - resources = append(resources, v.([]string)...) + resources = append(resources, v.([]RolePolicy)...) continue } - roleResources := make([]string, 0) + roleResources := make([]RolePolicy, 0) input := &iam.ListRolePoliciesInput{ RoleName: role.RoleName, } err := r.client.ListRolePoliciesPages(input, func(res *iam.ListRolePoliciesOutput, lastPage bool) bool { for _, policy := range res.PolicyNames { - roleResources = append(roleResources, fmt.Sprintf("%s:%s", *input.RoleName, *policy)) + roleResources = append(roleResources, RolePolicy{*policy, *input.RoleName}) } return !lastPage }) @@ -257,3 +257,8 @@ type AttachedRolePolicy struct { iam.AttachedPolicy RoleName string } + +type RolePolicy struct { + Policy string + RoleName string +} diff --git a/pkg/remote/aws/repository/iam_repository_test.go b/pkg/remote/aws/repository/iam_repository_test.go index 99c742e8..ef714fec 100644 --- a/pkg/remote/aws/repository/iam_repository_test.go +++ b/pkg/remote/aws/repository/iam_repository_test.go @@ -412,17 +412,17 @@ func Test_IAMRepository_ListAllRolePolicyAttachments(t *testing.T) { return false } callback(&iam.ListAttachedRolePoliciesOutput{AttachedPolicies: []*iam.AttachedPolicy{ - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy"), PolicyName: aws.String("policy"), }, - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy2"), PolicyName: aws.String("policy2"), }, }}, false) callback(&iam.ListAttachedRolePoliciesOutput{AttachedPolicies: []*iam.AttachedPolicy{ - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy3"), PolicyName: aws.String("policy3"), }, @@ -440,17 +440,17 @@ func Test_IAMRepository_ListAllRolePolicyAttachments(t *testing.T) { return false } callback(&iam.ListAttachedRolePoliciesOutput{AttachedPolicies: []*iam.AttachedPolicy{ - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy"), PolicyName: aws.String("policy"), }, - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy2"), PolicyName: aws.String("policy2"), }, }}, false) callback(&iam.ListAttachedRolePoliciesOutput{AttachedPolicies: []*iam.AttachedPolicy{ - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy3"), PolicyName: aws.String("policy3"), }, @@ -544,7 +544,7 @@ func Test_IAMRepository_ListAllRolePolicies(t *testing.T) { name string roles []*iam.Role mocks func(client *awstest.MockFakeIAM) - want []string + want []RolePolicy wantErr error }{ { @@ -600,13 +600,13 @@ func Test_IAMRepository_ListAllRolePolicies(t *testing.T) { return true })).Once().Return(nil) }, - want: []string{ - *aws.String("test_role_0:policy-role0-0"), - *aws.String("test_role_0:policy-role0-1"), - *aws.String("test_role_0:policy-role0-2"), - *aws.String("test_role_1:policy-role1-0"), - *aws.String("test_role_1:policy-role1-1"), - *aws.String("test_role_1:policy-role1-2"), + want: []RolePolicy{ + {Policy: "policy-role0-0", RoleName: "test_role_0"}, + {Policy: "policy-role0-1", RoleName: "test_role_0"}, + {Policy: "policy-role0-2", RoleName: "test_role_0"}, + {Policy: "policy-role1-0", RoleName: "test_role_1"}, + {Policy: "policy-role1-1", RoleName: "test_role_1"}, + {Policy: "policy-role1-2", RoleName: "test_role_1"}, }, }, } @@ -628,7 +628,7 @@ func Test_IAMRepository_ListAllRolePolicies(t *testing.T) { assert.NoError(t, err) assert.Equal(t, got, cachedData) for _, role := range tt.roles { - assert.IsType(t, []string{}, store.Get(fmt.Sprintf("iamListAllRolePolicies_role_%s", *role.RoleName))) + assert.IsType(t, []RolePolicy{}, store.Get(fmt.Sprintf("iamListAllRolePolicies_role_%s", *role.RoleName))) } } @@ -670,17 +670,17 @@ func Test_IAMRepository_ListAllUserPolicyAttachments(t *testing.T) { }, mock.MatchedBy(func(callback func(res *iam.ListAttachedUserPoliciesOutput, lastPage bool) bool) bool { callback(&iam.ListAttachedUserPoliciesOutput{AttachedPolicies: []*iam.AttachedPolicy{ - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test"), PolicyName: aws.String("test-attach"), }, - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test2"), PolicyName: aws.String("test-attach2"), }, }}, false) callback(&iam.ListAttachedUserPoliciesOutput{AttachedPolicies: []*iam.AttachedPolicy{ - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test3"), PolicyName: aws.String("test-attach3"), }, @@ -694,17 +694,17 @@ func Test_IAMRepository_ListAllUserPolicyAttachments(t *testing.T) { }, mock.MatchedBy(func(callback func(res *iam.ListAttachedUserPoliciesOutput, lastPage bool) bool) bool { callback(&iam.ListAttachedUserPoliciesOutput{AttachedPolicies: []*iam.AttachedPolicy{ - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test"), PolicyName: aws.String("test-attach"), }, - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test2"), PolicyName: aws.String("test-attach2"), }, }}, false) callback(&iam.ListAttachedUserPoliciesOutput{AttachedPolicies: []*iam.AttachedPolicy{ - &iam.AttachedPolicy{ + { PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test3"), PolicyName: aws.String("test-attach3"), }, diff --git a/pkg/remote/aws/repository/mock_IAMRepository.go b/pkg/remote/aws/repository/mock_IAMRepository.go index d7581b7d..40131e9e 100644 --- a/pkg/remote/aws/repository/mock_IAMRepository.go +++ b/pkg/remote/aws/repository/mock_IAMRepository.go @@ -1,4 +1,4 @@ -// Code generated by mockery v1.0.0. DO NOT EDIT. +// Code generated by mockery v0.0.0-dev. DO NOT EDIT. package repository @@ -7,7 +7,7 @@ import ( mock "github.com/stretchr/testify/mock" ) -// MockIAMRepository is an autogenerated mock type for the MockIAMRepository type +// MockIAMRepository is an autogenerated mock type for the IAMRepository type type MockIAMRepository struct { mock.Mock } @@ -59,15 +59,15 @@ func (_m *MockIAMRepository) ListAllPolicies() ([]*iam.Policy, error) { } // ListAllRolePolicies provides a mock function with given fields: _a0 -func (_m *MockIAMRepository) ListAllRolePolicies(_a0 []*iam.Role) ([]string, error) { +func (_m *MockIAMRepository) ListAllRolePolicies(_a0 []*iam.Role) ([]RolePolicy, error) { ret := _m.Called(_a0) - var r0 []string - if rf, ok := ret.Get(0).(func([]*iam.Role) []string); ok { + var r0 []RolePolicy + if rf, ok := ret.Get(0).(func([]*iam.Role) []RolePolicy); ok { r0 = rf(_a0) } else { if ret.Get(0) != nil { - r0 = ret.Get(0).([]string) + r0 = ret.Get(0).([]RolePolicy) } } diff --git a/pkg/remote/iam_scanner_test.go b/pkg/remote/iam_scanner_test.go index 7ca64805..815194b6 100644 --- a/pkg/remote/iam_scanner_test.go +++ b/pkg/remote/iam_scanner_test.go @@ -982,7 +982,7 @@ func TestIamRolePolicy(t *testing.T) { }, } repo.On("ListAllRoles").Return(roles, nil) - repo.On("ListAllRolePolicies", roles).Return([]string{}, nil) + repo.On("ListAllRolePolicies", roles).Return([]repository.RolePolicy{}, nil) }, wantErr: nil, }, @@ -999,13 +999,13 @@ func TestIamRolePolicy(t *testing.T) { }, } repo.On("ListAllRoles").Return(roles, nil) - repo.On("ListAllRolePolicies", roles).Return([]string{ - *aws.String("test_role_0:policy-role0-0"), - *aws.String("test_role_0:policy-role0-1"), - *aws.String("test_role_0:policy-role0-2"), - *aws.String("test_role_1:policy-role1-0"), - *aws.String("test_role_1:policy-role1-1"), - *aws.String("test_role_1:policy-role1-2"), + repo.On("ListAllRolePolicies", roles).Return([]repository.RolePolicy{ + {Policy: "policy-role0-0", RoleName: "test_role_0"}, + {Policy: "policy-role0-1", RoleName: "test_role_0"}, + {Policy: "policy-role0-2", RoleName: "test_role_0"}, + {Policy: "policy-role1-0", RoleName: "test_role_1"}, + {Policy: "policy-role1-1", RoleName: "test_role_1"}, + {Policy: "policy-role1-2", RoleName: "test_role_1"}, }, nil).Once() }, wantErr: nil,