sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into fix/vpc-permissions

main
William BEUIL 2020-12-23 11:16:55 +01:00 committed by GitHub
parent 99af6992a2 6aa5da86ea
commit db3d0d1923
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 100 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.circleci/config.yml
View File

@ -17,6 +17,17 @@ jobs:
- image: golang:1.15
steps:
- checkout
- run:
name: Enforce Go Formatted Code
command: |
go fmt ./...
if [[ -z $(git status --porcelain) ]]; then
echo "Git directory is clean."
else
echo "Git directory is dirty. Run make fmt locally and commit any formatting fixes or generated code."
git status --porcelain
exit 1
fi
- run: make install-tools
- run: make test
- run:

2
README.md
View File

@ -126,7 +126,7 @@ curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_wi
### Run
Be sure to have [configured](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) your AWS credentials.
Be sure to have [configured](doc/cmd/scan/supported_resources/aws.md#authentication) your AWS credentials.
You will need to assign [proper permissions](doc/cmd/scan/supported_resources/aws.md#least-privileged-policy) to allow driftctl to scan your account.

21
doc/cmd/scan/supported_resources/aws.md
View File

@ -1,5 +1,26 @@
# AWS Supported resources
## Authentication
To use driftctl, we need credentials to make authenticated requests to AWS. Just like the AWS CLI, we use [credentials and configuration](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) settings declared as user environment variables, or in local AWS configuration files.
Driftctl supports [named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html). By default, the CLI uses the settings found in the profile named `default`. You can override an individual setting by declaring the supported environment variables such as `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_PROFILE` ...
If you are using an [IAM role](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html) as an authorization tool, which is considered a good practice, please be aware that you can still use driftctl by defining a profile for the role in your `~/.aws/config` file.
```bash
[profile driftctlrole]
role_arn = arn:aws:iam::123456789012:role/<NAMEOFTHEROLE>
source_profile = user # profile to assume the role
region = eu-west-3
```
You can now use driftctl by overriding the profile setting.
```bash
$ AWS_PROFILE=driftctlrole driftctl scan
```
## Least privileged policy
Driftctl needs access to your cloud provider account so that it can list resources on your behalf.

36
pkg/analyser/analyzer_test.go
View File

@ -39,7 +39,7 @@ func TestAnalyze(t *testing.T) {
{
name: "TestIgnoreFromCoverageIacNotInCloud",
iac: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
},
},
@ -50,7 +50,7 @@ func TestAnalyze(t *testing.T) {
TotalDeleted: 1,
},
deleted: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
},
},
@ -60,18 +60,18 @@ func TestAnalyze(t *testing.T) {
{
name: "Test100PercentCoverage",
iac: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
},
},
cloud: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
},
},
expected: Analysis{
managed: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
},
},
@ -85,7 +85,7 @@ func TestAnalyze(t *testing.T) {
name: "TestUnmanagedResource",
iac: []resource.Resource{},
cloud: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
},
},
@ -95,7 +95,7 @@ func TestAnalyze(t *testing.T) {
TotalUnmanaged: 1,
},
unmanaged: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
},
},
@ -105,14 +105,14 @@ func TestAnalyze(t *testing.T) {
{
name: "TestDiff",
iac: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
FooBar: "foobar",
BarFoo: "barfoo",
},
},
cloud: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
FooBar: "barfoo",
BarFoo: "foobar",
@ -120,7 +120,7 @@ func TestAnalyze(t *testing.T) {
},
expected: Analysis{
managed: []resource.Resource{
testresource.FakeResource{
&testresource.FakeResource{
Id: "foobar",
FooBar: "foobar",
BarFoo: "barfoo",
@ -133,7 +133,7 @@ func TestAnalyze(t *testing.T) {
},
differences: []Difference{
{
Res: testresource.FakeResource{
Res: &testresource.FakeResource{
Id: "foobar",
FooBar: "foobar",
BarFoo: "barfoo",
@ -237,36 +237,36 @@ func TestAnalysis_MarshalJSON(t *testing.T) {
goldenFile := "./testdata/output.json"
analysis := Analysis{}
analysis.AddManaged(
testresource.FakeResource{
&testresource.FakeResource{
Id: "AKIA5QYBVVD25KFXJHYJ",
Type: "aws_iam_access_key",
}, testresource.FakeResource{
}, &testresource.FakeResource{
Id: "driftctl2",
Type: "aws_managed_resource",
},
)
analysis.AddUnmanaged(
testresource.FakeResource{
&testresource.FakeResource{
Id: "driftctl",
Type: "aws_s3_bucket_policy",
}, testresource.FakeResource{
}, &testresource.FakeResource{
Id: "driftctl",
Type: "aws_s3_bucket_notification",
},
)
analysis.AddDeleted(
testresource.FakeResource{
&testresource.FakeResource{
Id: "test-driftctl2",
Type: "aws_iam_user",
FooBar: "test",
},
testresource.FakeResource{
&testresource.FakeResource{
Id: "AKIA5QYBVVD2Y6PBAAPY",
Type: "aws_iam_access_key",
},
)
analysis.AddDifference(Difference{
Res: testresource.FakeResource{
Res: &testresource.FakeResource{
Id: "AKIA5QYBVVD25KFXJHYJ",
Type: "aws_iam_access_key",
},

22
pkg/cmd/scan/output/output_test.go
View File

@ -11,35 +11,35 @@ import (
func fakeAnalysis() *analyser.Analysis {
a := analyser.Analysis{}
a.AddUnmanaged(
testresource.FakeResource{
&testresource.FakeResource{
Id: "unmanaged-id-1",
Type: "aws_unmanaged_resource",
},
testresource.FakeResource{
&testresource.FakeResource{
Id: "unmanaged-id-2",
Type: "aws_unmanaged_resource",
},
)
a.AddDeleted(
testresource.FakeResource{
&testresource.FakeResource{
Id: "deleted-id-1",
Type: "aws_deleted_resource",
}, testresource.FakeResource{
}, &testresource.FakeResource{
Id: "deleted-id-2",
Type: "aws_deleted_resource",
},
)
a.AddManaged(
testresource.FakeResource{
&testresource.FakeResource{
Id: "diff-id-1",
Type: "aws_diff_resource",
},
testresource.FakeResource{
&testresource.FakeResource{
Id: "no-diff-id-1",
Type: "aws_no_diff_resource",
},
)
a.AddDifference(analyser.Difference{Res: testresource.FakeResource{
a.AddDifference(analyser.Difference{Res: &testresource.FakeResource{
Id: "diff-id-1",
Type: "aws_diff_resource",
}, Changelog: []diff.Change{
@ -68,7 +68,7 @@ func fakeAnalysis() *analyser.Analysis {
func fakeAnalysisNoDrift() *analyser.Analysis {
a := analyser.Analysis{}
for i := 0; i < 5; i++ {
a.AddManaged(testresource.FakeResource{
a.AddManaged(&testresource.FakeResource{
Id: "managed-id-" + fmt.Sprintf("%d", i),
Type: "aws_managed_resource",
})
@ -79,18 +79,18 @@ func fakeAnalysisNoDrift() *analyser.Analysis {
func fakeAnalysisWithJsonFields() *analyser.Analysis {
a := analyser.Analysis{}
a.AddManaged(
testresource.FakeResource{
&testresource.FakeResource{
Id: "diff-id-1",
Type: "aws_diff_resource",
},
)
a.AddManaged(
testresource.FakeResource{
&testresource.FakeResource{
Id: "diff-id-2",
Type: "aws_diff_resource",
},
)
a.AddDifference(analyser.Difference{Res: testresource.FakeResource{
a.AddDifference(analyser.Difference{Res: &testresource.FakeResource{
Id: "diff-id-1",
Type: "aws_diff_resource",
}, Changelog: []diff.Change{

28
pkg/filter/driftignore_test.go
View File

@ -20,13 +20,13 @@ func TestDriftIgnore_Run(t *testing.T) {
{
name: "drift_ignore_no_file",
resources: []resource.Resource{
resource2.FakeResource{
&resource2.FakeResource{
Type: "type1",
Id: "id1",
},
},
want: []resource.Resource{
resource2.FakeResource{
&resource2.FakeResource{
Type: "type1",
Id: "id1",
},
@ -35,13 +35,13 @@ func TestDriftIgnore_Run(t *testing.T) {
{
name: "drift_ignore_empty",
resources: []resource.Resource{
resource2.FakeResource{
&resource2.FakeResource{
Type: "type1",
Id: "id1",
},
},
want: []resource.Resource{
resource2.FakeResource{
&resource2.FakeResource{
Type: "type1",
Id: "id1",
},
@ -50,17 +50,17 @@ func TestDriftIgnore_Run(t *testing.T) {
{
name: "drift_ignore_invalid_lines",
resources: []resource.Resource{
resource2.FakeResource{
&resource2.FakeResource{
Type: "type1",
Id: "id1",
},
resource2.FakeResource{
&resource2.FakeResource{
Type: "ignored_resource",
Id: "id2",
},
},
want: []resource.Resource{
resource2.FakeResource{
&resource2.FakeResource{
Type: "type1",
Id: "id1",
},
@ -69,33 +69,33 @@ func TestDriftIgnore_Run(t *testing.T) {
{
name: "drift_ignore_valid",
resources: []resource.Resource{
resource2.FakeResource{
&resource2.FakeResource{
Type: "type1",
Id: "id1",
},
resource2.FakeResource{
&resource2.FakeResource{
Type: "wildcard_resource",
Id: "id1",
},
resource2.FakeResource{
&resource2.FakeResource{
Type: "wildcard_resource",
Id: "id2",
},
resource2.FakeResource{
&resource2.FakeResource{
Type: "wildcard_resource",
Id: "id3",
},
resource2.FakeResource{
&resource2.FakeResource{
Type: "ignored_resource",
Id: "id2",
},
resource2.FakeResource{
&resource2.FakeResource{
Type: "resource_type",
Id: "id.with.dots",
},
},
want: []resource.Resource{
resource2.FakeResource{
&resource2.FakeResource{
Type: "type1",
Id: "id1",
},