Split aws_iam_role_policy_attachment
Elie
Louis TOUSSAINT
parent
8909d1517d
commit
f2e95423b5
|
|
@ -0,0 +1,39 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
)
|
||||
|
||||
type IamRolePolicyAttachmentDetailsFetcher struct {
|
||||
reader terraform.ResourceReader
|
||||
deserializer *resource.Deserializer
|
||||
}
|
||||
|
||||
func NewIamRolePolicyAttachmentDetailsFetcher(provider terraform.ResourceReader, deserializer *resource.Deserializer) *IamRolePolicyAttachmentDetailsFetcher {
|
||||
return &IamRolePolicyAttachmentDetailsFetcher{
|
||||
reader: provider,
|
||||
deserializer: deserializer,
|
||||
}
|
||||
}
|
||||
|
||||
func (r *IamRolePolicyAttachmentDetailsFetcher) ReadDetails(res resource.Resource) (resource.Resource, error) {
|
||||
ctyVal, err := r.reader.ReadResource(terraform.ReadResourceArgs{
|
||||
Ty: aws.AwsIamRolePolicyAttachmentResourceType,
|
||||
ID: res.TerraformId(),
|
||||
Attributes: map[string]string{
|
||||
"role": *res.Attributes().GetString("role"),
|
||||
"policy_arn": *res.Attributes().GetString("policy_arn"),
|
||||
},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
deserializedRes, err := r.deserializer.DeserializeOne(aws.AwsIamRolePolicyAttachmentResourceType, *ctyVal)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return deserializedRes, nil
|
||||
}
|
||||
|
|
@ -0,0 +1,69 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/aws/aws-sdk-go/service/iam"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
)
|
||||
|
||||
type IamRolePolicyAttachmentEnumerator struct {
|
||||
repository repository.IAMRepository
|
||||
factory resource.ResourceFactory
|
||||
}
|
||||
|
||||
func NewIamRolePolicyAttachmentEnumerator(repository repository.IAMRepository, factory resource.ResourceFactory) *IamRolePolicyAttachmentEnumerator {
|
||||
return &IamRolePolicyAttachmentEnumerator{
|
||||
repository,
|
||||
factory,
|
||||
}
|
||||
}
|
||||
|
||||
func (e *IamRolePolicyAttachmentEnumerator) SupportedType() resource.ResourceType {
|
||||
return resourceaws.AwsIamRolePolicyAttachmentResourceType
|
||||
}
|
||||
|
||||
func (e *IamRolePolicyAttachmentEnumerator) Enumerate() ([]resource.Resource, error) {
|
||||
roles, err := e.repository.ListAllRoles()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, string(e.SupportedType()), resourceaws.AwsIamRoleResourceType)
|
||||
}
|
||||
|
||||
results := make([]resource.Resource, 0)
|
||||
rolesNotIgnored := make([]*iam.Role, 0)
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RoleName != nil && awsIamRoleShouldBeIgnored(*role.RoleName) {
|
||||
continue
|
||||
}
|
||||
rolesNotIgnored = append(rolesNotIgnored, role)
|
||||
}
|
||||
|
||||
if len(rolesNotIgnored) == 0 {
|
||||
return results, nil
|
||||
}
|
||||
|
||||
policyAttachments, err := e.repository.ListAllRolePolicyAttachments(rolesNotIgnored)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, string(e.SupportedType()))
|
||||
}
|
||||
|
||||
for _, attachedPol := range policyAttachments {
|
||||
results = append(
|
||||
results,
|
||||
e.factory.CreateAbstractResource(
|
||||
string(e.SupportedType()),
|
||||
fmt.Sprintf("%s-%s", *attachedPol.PolicyName, attachedPol.RoleName),
|
||||
map[string]interface{}{
|
||||
"role": attachedPol.RoleName,
|
||||
"policy_arn": *attachedPol.PolicyArn,
|
||||
},
|
||||
),
|
||||
)
|
||||
}
|
||||
|
||||
return results, nil
|
||||
}
|
||||
|
|
@ -1,78 +0,0 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
)
|
||||
|
||||
type IamRolePolicyAttachmentSupplier struct {
|
||||
reader terraform.ResourceReader
|
||||
deserializer *resource.Deserializer
|
||||
repository repository.IAMRepository
|
||||
runner *terraform.ParallelResourceReader
|
||||
}
|
||||
|
||||
func NewIamRolePolicyAttachmentSupplier(provider *AWSTerraformProvider, deserializer *resource.Deserializer, repository repository.IAMRepository) *IamRolePolicyAttachmentSupplier {
|
||||
return &IamRolePolicyAttachmentSupplier{
|
||||
provider,
|
||||
deserializer,
|
||||
repository,
|
||||
terraform.NewParallelResourceReader(provider.Runner().SubRunner()),
|
||||
}
|
||||
}
|
||||
|
||||
func (s *IamRolePolicyAttachmentSupplier) Resources() ([]resource.Resource, error) {
|
||||
roles, err := s.repository.ListAllRoles()
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationErrorWithType(err, resourceaws.AwsIamRolePolicyAttachmentResourceType, resourceaws.AwsIamRoleResourceType)
|
||||
}
|
||||
policyAttachments, err := s.repository.ListAllRolePolicyAttachments(roles)
|
||||
if err != nil {
|
||||
return nil, remoteerror.NewResourceEnumerationError(err, resourceaws.AwsIamRolePolicyAttachmentResourceType)
|
||||
}
|
||||
|
||||
results := make([]cty.Value, 0)
|
||||
if len(policyAttachments) > 0 {
|
||||
for _, attachedPolicy := range policyAttachments {
|
||||
attached := *attachedPolicy
|
||||
s.runner.Run(func() (cty.Value, error) {
|
||||
return s.readRolePolicyAttachment(&attached)
|
||||
})
|
||||
}
|
||||
results, err = s.runner.Wait()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return s.deserializer.Deserialize(resourceaws.AwsIamRolePolicyAttachmentResourceType, results)
|
||||
}
|
||||
|
||||
func (s *IamRolePolicyAttachmentSupplier) readRolePolicyAttachment(attachedPol *repository.AttachedRolePolicy) (cty.Value, error) {
|
||||
res, err := s.reader.ReadResource(
|
||||
terraform.ReadResourceArgs{
|
||||
Ty: resourceaws.AwsIamRolePolicyAttachmentResourceType,
|
||||
ID: fmt.Sprintf("%s-%s", *attachedPol.PolicyName, attachedPol.RoleName),
|
||||
Attributes: map[string]string{
|
||||
"role": attachedPol.RoleName,
|
||||
"policy_arn": *attachedPol.PolicyArn,
|
||||
},
|
||||
},
|
||||
)
|
||||
|
||||
if err != nil {
|
||||
logrus.Warnf("Error reading iam role policy attachment %s[%s]: %+v", attachedPol, resourceaws.AwsIamRolePolicyAttachmentResourceType, err)
|
||||
return cty.NilVal, err
|
||||
}
|
||||
return *res, nil
|
||||
}
|
||||
|
|
@ -1,168 +0,0 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/cache"
|
||||
testresource "github.com/cloudskiff/driftctl/test/resource"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws/awserr"
|
||||
"github.com/cloudskiff/driftctl/pkg/parallel"
|
||||
"github.com/cloudskiff/driftctl/pkg/remote/aws/repository"
|
||||
remoteerror "github.com/cloudskiff/driftctl/pkg/remote/error"
|
||||
resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
|
||||
"github.com/aws/aws-sdk-go/service/iam"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/mock"
|
||||
|
||||
"github.com/cloudskiff/driftctl/test/goldenfile"
|
||||
"github.com/cloudskiff/driftctl/test/mocks"
|
||||
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/terraform"
|
||||
"github.com/cloudskiff/driftctl/test"
|
||||
)
|
||||
|
||||
func TestIamRolePolicyAttachmentSupplier_Resources(t *testing.T) {
|
||||
|
||||
cases := []struct {
|
||||
test string
|
||||
dirName string
|
||||
mocks func(repo *repository.MockIAMRepository)
|
||||
err error
|
||||
}{
|
||||
{
|
||||
test: "no iam role policy",
|
||||
dirName: "iam_role_policy_empty",
|
||||
mocks: func(repo *repository.MockIAMRepository) {
|
||||
roles := []*iam.Role{
|
||||
{
|
||||
RoleName: aws.String("test-role"),
|
||||
},
|
||||
}
|
||||
repo.On("ListAllRoles").Return(roles, nil)
|
||||
repo.On("ListAllRolePolicyAttachments", roles).Return([]*repository.AttachedRolePolicy{}, nil)
|
||||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
test: "iam multiples roles multiple policies",
|
||||
dirName: "iam_role_policy_attachment_multiple",
|
||||
mocks: func(repo *repository.MockIAMRepository) {
|
||||
roles := []*iam.Role{
|
||||
{
|
||||
RoleName: aws.String("test-role"),
|
||||
},
|
||||
{
|
||||
RoleName: aws.String("test-role2"),
|
||||
},
|
||||
}
|
||||
repo.On("ListAllRoles").Return(roles, nil)
|
||||
repo.On("ListAllRolePolicyAttachments", roles).Return([]*repository.AttachedRolePolicy{
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy"),
|
||||
PolicyName: aws.String("policy"),
|
||||
},
|
||||
RoleName: *aws.String("test-role"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy2"),
|
||||
PolicyName: aws.String("policy2"),
|
||||
},
|
||||
RoleName: *aws.String("test-role"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy3"),
|
||||
PolicyName: aws.String("policy3"),
|
||||
},
|
||||
RoleName: *aws.String("test-role"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy"),
|
||||
PolicyName: aws.String("policy"),
|
||||
},
|
||||
RoleName: *aws.String("test-role2"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy2"),
|
||||
PolicyName: aws.String("policy2"),
|
||||
},
|
||||
RoleName: *aws.String("test-role2"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::526954929923:policy/test-policy3"),
|
||||
PolicyName: aws.String("policy3"),
|
||||
},
|
||||
RoleName: *aws.String("test-role2"),
|
||||
},
|
||||
}, nil)
|
||||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
test: "Cannot list roles",
|
||||
dirName: "iam_role_policy_attachment_for_ignored_roles",
|
||||
mocks: func(repo *repository.MockIAMRepository) {
|
||||
repo.On("ListAllRoles").Once().Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
err: remoteerror.NewResourceEnumerationErrorWithType(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsIamRolePolicyAttachmentResourceType, resourceaws.AwsIamRoleResourceType),
|
||||
},
|
||||
{
|
||||
test: "Cannot list roles policy attachment",
|
||||
dirName: "iam_role_policy_attachment_for_ignored_roles",
|
||||
mocks: func(repo *repository.MockIAMRepository) {
|
||||
repo.On("ListAllRoles").Once().Return([]*iam.Role{}, nil)
|
||||
repo.On("ListAllRolePolicyAttachments", mock.Anything).Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
err: remoteerror.NewResourceEnumerationError(awserr.NewRequestFailure(nil, 403, ""), resourceaws.AwsIamRolePolicyAttachmentResourceType),
|
||||
},
|
||||
}
|
||||
for _, c := range cases {
|
||||
shouldUpdate := c.dirName == *goldenfile.Update
|
||||
|
||||
providerLibrary := terraform.NewProviderLibrary()
|
||||
supplierLibrary := resource.NewSupplierLibrary()
|
||||
|
||||
repo := testresource.InitFakeSchemaRepository("aws", "3.19.0")
|
||||
resourceaws.InitResourcesMetadata(repo)
|
||||
factory := terraform.NewTerraformResourceFactory(repo)
|
||||
|
||||
deserializer := resource.NewDeserializer(factory)
|
||||
if shouldUpdate {
|
||||
provider, err := InitTestAwsProvider(providerLibrary)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
supplierLibrary.AddSupplier(NewIamRolePolicyAttachmentSupplier(provider, deserializer, repository.NewIAMRepository(provider.session, cache.New(0))))
|
||||
}
|
||||
|
||||
t.Run(c.test, func(tt *testing.T) {
|
||||
fakeIam := repository.MockIAMRepository{}
|
||||
c.mocks(&fakeIam)
|
||||
|
||||
provider := mocks.NewMockedGoldenTFProvider(c.dirName, providerLibrary.Provider(terraform.AWS), shouldUpdate)
|
||||
s := &IamRolePolicyAttachmentSupplier{
|
||||
provider,
|
||||
deserializer,
|
||||
&fakeIam,
|
||||
terraform.NewParallelResourceReader(parallel.NewParallelRunner(context.TODO(), 1)),
|
||||
}
|
||||
got, err := s.Resources()
|
||||
assert.Equal(tt, c.err, err)
|
||||
|
||||
mock.AssertExpectationsForObjects(tt)
|
||||
test.CtyTestDiff(got, c.dirName, provider, deserializer, shouldUpdate, t)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
@ -161,13 +161,14 @@ func Init(version string, alerter *alerter.Alerter,
|
|||
remoteLibrary.AddDetailsFetcher(aws.AwsIamRoleResourceType, common.NewGenericDetailsFetcher(aws.AwsIamRoleResourceType, provider, deserializer))
|
||||
remoteLibrary.AddEnumerator(NewIamAccessKeyEnumerator(iamRepository, factory))
|
||||
remoteLibrary.AddDetailsFetcher(aws.AwsIamAccessKeyResourceType, NewIamAccessKeyDetailsFetcher(provider, deserializer))
|
||||
remoteLibrary.AddEnumerator(NewIamRolePolicyAttachmentEnumerator(iamRepository, factory))
|
||||
remoteLibrary.AddDetailsFetcher(aws.AwsIamRolePolicyAttachmentResourceType, NewIamRolePolicyAttachmentDetailsFetcher(provider, deserializer))
|
||||
|
||||
remoteLibrary.AddEnumerator(NewECRRepositoryEnumerator(ecrRepository, factory))
|
||||
remoteLibrary.AddDetailsFetcher(aws.AwsEcrRepositoryResourceType, common.NewGenericDetailsFetcher(aws.AwsEcrRepositoryResourceType, provider, deserializer))
|
||||
|
||||
supplierLibrary.AddSupplier(NewIamUserPolicyAttachmentSupplier(provider, deserializer, iamRepository))
|
||||
supplierLibrary.AddSupplier(NewIamRolePolicySupplier(provider, deserializer, iamRepository))
|
||||
supplierLibrary.AddSupplier(NewIamRolePolicyAttachmentSupplier(provider, deserializer, iamRepository))
|
||||
supplierLibrary.AddSupplier(NewVPCSecurityGroupRuleSupplier(provider, deserializer, ec2repository))
|
||||
|
||||
err = resourceSchemaRepository.Init(version, provider.Schema())
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "bnVsbA==",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "bnVsbA==",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "bnVsbA==",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "bnVsbA==",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "bnVsbA==",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "bnVsbA==",
|
||||
"Err": null
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -457,6 +457,178 @@ func TestIamRole(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestIamRolePolicyAttachment(t *testing.T) {
|
||||
|
||||
cases := []struct {
|
||||
test string
|
||||
dirName string
|
||||
mocks func(repo *repository.MockIAMRepository)
|
||||
err error
|
||||
}{
|
||||
{
|
||||
test: "no iam role policy",
|
||||
dirName: "aws_iam_role_policy_empty",
|
||||
mocks: func(repo *repository.MockIAMRepository) {
|
||||
roles := []*iam.Role{
|
||||
{
|
||||
RoleName: aws.String("test-role"),
|
||||
},
|
||||
}
|
||||
repo.On("ListAllRoles").Return(roles, nil)
|
||||
repo.On("ListAllRolePolicyAttachments", roles).Return([]*repository.AttachedRolePolicy{}, nil)
|
||||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
test: "iam multiples roles multiple policies",
|
||||
dirName: "aws_iam_role_policy_attachment_multiple",
|
||||
mocks: func(repo *repository.MockIAMRepository) {
|
||||
roles := []*iam.Role{
|
||||
{
|
||||
RoleName: aws.String("test-role"),
|
||||
},
|
||||
{
|
||||
RoleName: aws.String("test-role2"),
|
||||
},
|
||||
}
|
||||
repo.On("ListAllRoles").Return(roles, nil)
|
||||
repo.On("ListAllRolePolicyAttachments", roles).Return([]*repository.AttachedRolePolicy{
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::929327065333:policy/test-policy"),
|
||||
PolicyName: aws.String("test-policy"),
|
||||
},
|
||||
RoleName: *aws.String("test-role"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::929327065333:policy/test-policy2"),
|
||||
PolicyName: aws.String("test-policy2"),
|
||||
},
|
||||
RoleName: *aws.String("test-role"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::929327065333:policy/test-policy3"),
|
||||
PolicyName: aws.String("test-policy3"),
|
||||
},
|
||||
RoleName: *aws.String("test-role"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::929327065333:policy/test-policy"),
|
||||
PolicyName: aws.String("test-policy"),
|
||||
},
|
||||
RoleName: *aws.String("test-role2"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::929327065333:policy/test-policy2"),
|
||||
PolicyName: aws.String("test-policy2"),
|
||||
},
|
||||
RoleName: *aws.String("test-role2"),
|
||||
},
|
||||
{
|
||||
AttachedPolicy: iam.AttachedPolicy{
|
||||
PolicyArn: aws.String("arn:aws:iam::929327065333:policy/test-policy3"),
|
||||
PolicyName: aws.String("test-policy3"),
|
||||
},
|
||||
RoleName: *aws.String("test-role2"),
|
||||
},
|
||||
}, nil)
|
||||
},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
test: "iam multiples roles for ignored roles",
|
||||
dirName: "aws_iam_role_policy_attachment_empty",
|
||||
mocks: func(repo *repository.MockIAMRepository) {
|
||||
roles := []*iam.Role{
|
||||
{
|
||||
RoleName: aws.String("AWSServiceRoleForSupport"),
|
||||
},
|
||||
{
|
||||
RoleName: aws.String("AWSServiceRoleForOrganizations"),
|
||||
},
|
||||
{
|
||||
RoleName: aws.String("AWSServiceRoleForTrustedAdvisor"),
|
||||
},
|
||||
}
|
||||
repo.On("ListAllRoles").Return(roles, nil)
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "Cannot list roles",
|
||||
dirName: "aws_iam_role_policy_attachment_empty",
|
||||
mocks: func(repo *repository.MockIAMRepository) {
|
||||
repo.On("ListAllRoles").Once().Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
},
|
||||
{
|
||||
test: "Cannot list roles policy attachment",
|
||||
dirName: "aws_iam_role_policy_attachment_empty",
|
||||
mocks: func(repo *repository.MockIAMRepository) {
|
||||
repo.On("ListAllRoles").Once().Return([]*iam.Role{}, nil)
|
||||
repo.On("ListAllRolePolicyAttachments", mock.Anything).Return(nil, awserr.NewRequestFailure(nil, 403, ""))
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
schemaRepository := testresource.InitFakeSchemaRepository("aws", "3.19.0")
|
||||
resourceaws.InitResourcesMetadata(schemaRepository)
|
||||
factory := terraform.NewTerraformResourceFactory(schemaRepository)
|
||||
deserializer := resource.NewDeserializer(factory)
|
||||
|
||||
for _, c := range cases {
|
||||
t.Run(c.test, func(tt *testing.T) {
|
||||
shouldUpdate := c.dirName == *goldenfile.Update
|
||||
|
||||
sess := session.Must(session.NewSessionWithOptions(session.Options{
|
||||
SharedConfigState: session.SharedConfigEnable,
|
||||
}))
|
||||
|
||||
scanOptions := ScannerOptions{Deep: true}
|
||||
providerLibrary := terraform.NewProviderLibrary()
|
||||
remoteLibrary := common.NewRemoteLibrary()
|
||||
|
||||
// Initialize mocks
|
||||
alerter := &mocks.AlerterInterface{}
|
||||
alerter.On("SendAlert", mock.Anything, mock.Anything).Maybe().Return()
|
||||
fakeRepo := &repository.MockIAMRepository{}
|
||||
c.mocks(fakeRepo)
|
||||
var repo repository.IAMRepository = fakeRepo
|
||||
providerVersion := "3.19.0"
|
||||
realProvider, err := terraform2.InitTestAwsProvider(providerLibrary, providerVersion)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
provider := terraform2.NewFakeTerraformProvider(realProvider)
|
||||
provider.WithResponse(c.dirName)
|
||||
|
||||
// Replace mock by real resources if we are in update mode
|
||||
if shouldUpdate {
|
||||
err := realProvider.Init()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
provider.ShouldUpdate()
|
||||
repo = repository.NewIAMRepository(sess, cache.New(0))
|
||||
}
|
||||
|
||||
remoteLibrary.AddEnumerator(remoteaws.NewIamRolePolicyAttachmentEnumerator(repo, factory))
|
||||
remoteLibrary.AddDetailsFetcher(resourceaws.AwsIamRolePolicyAttachmentResourceType, remoteaws.NewIamRolePolicyAttachmentDetailsFetcher(provider, deserializer))
|
||||
|
||||
s := NewScanner(nil, remoteLibrary, alerter, scanOptions)
|
||||
got, err := s.Resources()
|
||||
assert.Equal(tt, c.err, err)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
test.TestAgainstGoldenFile(got, resourceaws.AwsIamRolePolicyAttachmentResourceType, c.dirName, provider, deserializer, shouldUpdate, tt)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestIamAccessKey(t *testing.T) {
|
||||
|
||||
cases := []struct {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "eyJpZCI6InRlc3QtcG9saWN5LXRlc3Qtcm9sZSIsInBvbGljeV9hcm4iOiJhcm46YXdzOmlhbTo6OTI5MzI3MDY1MzMzOnBvbGljeS90ZXN0LXBvbGljeSIsInJvbGUiOiJ0ZXN0LXJvbGUifQ==",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "eyJpZCI6InRlc3QtcG9saWN5LXRlc3Qtcm9sZTIiLCJwb2xpY3lfYXJuIjoiYXJuOmF3czppYW06OjkyOTMyNzA2NTMzMzpwb2xpY3kvdGVzdC1wb2xpY3kiLCJyb2xlIjoidGVzdC1yb2xlMiJ9",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "eyJpZCI6InRlc3QtcG9saWN5Mi10ZXN0LXJvbGUiLCJwb2xpY3lfYXJuIjoiYXJuOmF3czppYW06OjkyOTMyNzA2NTMzMzpwb2xpY3kvdGVzdC1wb2xpY3kyIiwicm9sZSI6InRlc3Qtcm9sZSJ9",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "eyJpZCI6InRlc3QtcG9saWN5Mi10ZXN0LXJvbGUyIiwicG9saWN5X2FybiI6ImFybjphd3M6aWFtOjo5MjkzMjcwNjUzMzM6cG9saWN5L3Rlc3QtcG9saWN5MiIsInJvbGUiOiJ0ZXN0LXJvbGUyIn0=",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "eyJpZCI6InRlc3QtcG9saWN5My10ZXN0LXJvbGUiLCJwb2xpY3lfYXJuIjoiYXJuOmF3czppYW06OjkyOTMyNzA2NTMzMzpwb2xpY3kvdGVzdC1wb2xpY3kzIiwicm9sZSI6InRlc3Qtcm9sZSJ9",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"Typ": "WyJvYmplY3QiLHsiaWQiOiJzdHJpbmciLCJwb2xpY3lfYXJuIjoic3RyaW5nIiwicm9sZSI6InN0cmluZyJ9XQ==",
|
||||
"Val": "eyJpZCI6InRlc3QtcG9saWN5My10ZXN0LXJvbGUyIiwicG9saWN5X2FybiI6ImFybjphd3M6aWFtOjo5MjkzMjcwNjUzMzM6cG9saWN5L3Rlc3QtcG9saWN5MyIsInJvbGUiOiJ0ZXN0LXJvbGUyIn0=",
|
||||
"Err": null
|
||||
}
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
[
|
||||
{
|
||||
"id": "test-policy2-test-role2",
|
||||
"policy_arn": "arn:aws:iam::929327065333:policy/test-policy2",
|
||||
"role": "test-role2"
|
||||
},
|
||||
{
|
||||
"id": "test-policy3-test-role2",
|
||||
"policy_arn": "arn:aws:iam::929327065333:policy/test-policy3",
|
||||
"role": "test-role2"
|
||||
},
|
||||
{
|
||||
"id": "test-policy-test-role2",
|
||||
"policy_arn": "arn:aws:iam::929327065333:policy/test-policy",
|
||||
"role": "test-role2"
|
||||
},
|
||||
{
|
||||
"id": "test-policy3-test-role",
|
||||
"policy_arn": "arn:aws:iam::929327065333:policy/test-policy3",
|
||||
"role": "test-role"
|
||||
},
|
||||
{
|
||||
"id": "test-policy-test-role",
|
||||
"policy_arn": "arn:aws:iam::929327065333:policy/test-policy",
|
||||
"role": "test-role"
|
||||
},
|
||||
{
|
||||
"id": "test-policy2-test-role",
|
||||
"policy_arn": "arn:aws:iam::929327065333:policy/test-policy2",
|
||||
"role": "test-role"
|
||||
}
|
||||
]
|
||||
|
|
@ -0,0 +1 @@
|
|||
[]
|
||||
Loading…
Reference in New Issue