sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change signature of NormalizeFunc + fix security_group

main
William Beuil 2021-05-24 17:19:06 +02:00
parent b39215f188
commit f6cfbd3cb4
No known key found for this signature in database
GPG Key ID: BED2072C5C2BF537
50 changed files with 403 additions and 378 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
pkg/driftctl_test.go
View File

@ -1049,8 +1049,8 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "tcp",
"from_port": 0,
"to_port": 65535,
"from_port": float64(0),
"to_port": float64(65535),
"self": true,
"source_security_group_id": "sg-0254c038e32f25530",
},
@ -1063,10 +1063,10 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "egress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"0.0.0.0/0"},
"ipv6_cidr_blocks": &[]string{"::/0"},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"0.0.0.0/0"},
"ipv6_cidr_blocks": []interface{}{"::/0"},
},
},
&resource.AbstractResource{
@ -1077,9 +1077,9 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"1.2.0.0/16", "5.6.7.0/24"},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"1.2.0.0/16", "5.6.7.0/24"},
},
},
&resource.AbstractResource{
@ -1090,9 +1090,9 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "tcp",
"from_port": 0,
"to_port": 0,
"prefix_list_ids": &[]string{"pl-abb451c2"},
"from_port": float64(0),
"to_port": float64(0),
"prefix_list_ids": []interface{}{"pl-abb451c2"},
},
},
&resource.AbstractResource{
@ -1103,8 +1103,8 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "tcp",
"from_port": 0,
"to_port": 65535,
"from_port": float64(0),
"to_port": float64(65535),
"source_security_group_id": "sg-9e0204ff",
},
},
@ -1118,8 +1118,8 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "tcp",
"from_port": 0,
"to_port": 65535,
"from_port": float64(0),
"to_port": float64(65535),
"self": true,
"source_security_group_id": "sg-0254c038e32f25530",
},
@ -1132,11 +1132,11 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "egress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"0.0.0.0/0"},
"ipv6_cidr_blocks": &[]string{},
"prefix_list_ids": &[]string{},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"0.0.0.0/0"},
"ipv6_cidr_blocks": []interface{}{},
"prefix_list_ids": []interface{}{},
},
},
&resource.AbstractResource{
@ -1147,11 +1147,11 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "egress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{},
"ipv6_cidr_blocks": &[]string{"::/0"},
"prefix_list_ids": &[]string{},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{},
"ipv6_cidr_blocks": []interface{}{"::/0"},
"prefix_list_ids": []interface{}{},
},
},
&resource.AbstractResource{
@ -1162,11 +1162,11 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"5.6.7.0/24"},
"ipv6_cidr_blocks": &[]string{},
"prefix_list_ids": &[]string{},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"5.6.7.0/24"},
"ipv6_cidr_blocks": []interface{}{},
"prefix_list_ids": []interface{}{},
},
},
&resource.AbstractResource{
@ -1177,11 +1177,11 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"1.2.0.0/16"},
"ipv6_cidr_blocks": &[]string{},
"prefix_list_ids": &[]string{},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"1.2.0.0/16"},
"ipv6_cidr_blocks": []interface{}{},
"prefix_list_ids": []interface{}{},
},
},
&resource.AbstractResource{
@ -1192,9 +1192,9 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "tcp",
"from_port": 0,
"to_port": 0,
"prefix_list_ids": &[]string{"pl-abb451c2"},
"from_port": float64(0),
"to_port": float64(0),
"prefix_list_ids": []interface{}{"pl-abb451c2"},
},
},
&resource.AbstractResource{
@ -1205,8 +1205,8 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "tcp",
"from_port": 0,
"to_port": 65535,
"from_port": float64(0),
"to_port": float64(65535),
"source_security_group_id": "sg-9e0204ff",
},
},
@ -1220,13 +1220,13 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "egress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": []string{
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{
"0.0.0.0/0",
},
"ipv6_cidr_blocks": []string{},
"prefix_list_ids": []string{},
"ipv6_cidr_blocks": []interface{}{},
"prefix_list_ids": []interface{}{},
},
}
factory.(*terraform.MockResourceFactory).On("CreateAbstractResource", "aws_security_group_rule", rule1.Id,
@ -1236,11 +1236,11 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "egress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"0.0.0.0/0"},
"ipv6_cidr_blocks": &[]string{},
"prefix_list_ids": &[]string{},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"0.0.0.0/0"},
"ipv6_cidr_blocks": []interface{}{},
"prefix_list_ids": []interface{}{},
})
})).Times(1).Return(&rule1, nil)
@ -1252,13 +1252,13 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "egress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": []string{},
"ipv6_cidr_blocks": []string{
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{},
"ipv6_cidr_blocks": []interface{}{
"::/0",
},
"prefix_list_ids": []string{},
"prefix_list_ids": []interface{}{},
},
}
factory.(*terraform.MockResourceFactory).On("CreateAbstractResource", "aws_security_group_rule", rule2.Id,
@ -1268,11 +1268,11 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "egress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{},
"ipv6_cidr_blocks": &[]string{"::/0"},
"prefix_list_ids": &[]string{},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{},
"ipv6_cidr_blocks": []interface{}{"::/0"},
"prefix_list_ids": []interface{}{},
})
})).Times(1).Return(&rule2, nil)
@ -1284,13 +1284,13 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": []string{
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{
"5.6.7.0/24",
},
"ipv6_cidr_blocks": []string{},
"prefix_list_ids": []string{},
"ipv6_cidr_blocks": []interface{}{},
"prefix_list_ids": []interface{}{},
},
}
factory.(*terraform.MockResourceFactory).On("CreateAbstractResource", "aws_security_group_rule", rule3.Id,
@ -1300,11 +1300,11 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"5.6.7.0/24"},
"ipv6_cidr_blocks": &[]string{},
"prefix_list_ids": &[]string{},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"5.6.7.0/24"},
"ipv6_cidr_blocks": []interface{}{},
"prefix_list_ids": []interface{}{},
})
})).Times(1).Return(&rule3, nil)
@ -1316,13 +1316,13 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": []string{
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{
"1.2.0.0/16",
},
"ipv6_cidr_blocks": []string{},
"prefix_list_ids": []string{},
"ipv6_cidr_blocks": []interface{}{},
"prefix_list_ids": []interface{}{},
},
}
factory.(*terraform.MockResourceFactory).On("CreateAbstractResource", "aws_security_group_rule", rule4.Id,
@ -1332,11 +1332,11 @@ func TestDriftctlRun_Middlewares(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"1.2.0.0/16"},
"ipv6_cidr_blocks": &[]string{},
"prefix_list_ids": &[]string{},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"1.2.0.0/16"},
"ipv6_cidr_blocks": []interface{}{},
"prefix_list_ids": []interface{}{},
})
})).Times(1).Return(&rule4, nil)
},

7
pkg/iac/terraform/state/terraform_state_reader.go
View File

@ -182,15 +182,14 @@ func (r *TerraformStateReader) decode(values map[string][]cty.Value) ([]resource
schema, exist := r.resourceSchemaRepository.GetSchema(res.TerraformType())
ctyAttr := resource.ToResourceAttributes(res.CtyValue())
ctyAttr.SanitizeDefaults()
if exist && schema.NormalizeFunc != nil {
schema.NormalizeFunc(ctyAttr)
}
newRes := &resource.AbstractResource{
Id: res.TerraformId(),
Type: res.TerraformType(),
Attrs: ctyAttr,
}
if exist && schema.NormalizeFunc != nil {
schema.NormalizeFunc(newRes)
}
results = append(results, newRes)
continue
}

25
pkg/iac/terraform/state/test/vpc_security_group/result.golden.json
View File

@ -5,35 +5,10 @@
"Attrs": {
"arn": "arn:aws:ec2:eu-west-3:047081014315:security-group/sg-0254c038e32f25530",
"description": "Managed by Terraform",
"egress": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Bar",
"from_port": 0,
"protocol": "-1",
"self": false,
"to_port": 0
}
],
"id": "sg-0254c038e32f25530",
"ingress": [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Foo",
"from_port": 0,
"protocol": "-1",
"self": false,
"to_port": 0
}
],
"name": "foo",
"name_prefix": "",
"owner_id": "047081014315",
"revoke_rules_on_delete": false,
"tags": {
"Name": "Foo SG"
},

275
pkg/iac/terraform/state/test/vpc_security_group_rule/result.golden.json
View File

@ -1,143 +1,4 @@
[
{
"Id": "sgrule-2990167998",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Bar Full Open",
"from_port": 0,
"id": "sgrule-2990167998",
"ipv6_cidr_blocks": [
"::/0"
],
"protocol": "-1",
"security_group_id": "sg-06910b842af0d3a8f",
"self": false,
"to_port": 0,
"type": "egress"
}
},
{
"Id": "sgrule-752281532",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Bar Full Open",
"from_port": 0,
"id": "sgrule-752281532",
"protocol": "tcp",
"security_group_id": "sg-0d290f68e48de546b",
"self": false,
"to_port": 0,
"type": "egress"
}
},
{
"Id": "sgrule-3602495974",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Foo 1",
"from_port": 0,
"id": "sgrule-3602495974",
"protocol": "-1",
"security_group_id": "sg-0254c038e32f25530",
"self": false,
"to_port": 0,
"type": "ingress"
}
},
{
"Id": "sgrule-294318973",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"1.2.0.0/16",
"5.6.7.0/24"
],
"description": "Foo 5",
"from_port": 0,
"id": "sgrule-294318973",
"protocol": "-1",
"security_group_id": "sg-0254c038e32f25530",
"self": false,
"to_port": 0,
"type": "ingress"
}
},
{
"Id": "sgrule-3970541193",
"Type": "aws_security_group_rule",
"Attrs": {
"description": "Test 1",
"from_port": 0,
"id": "sgrule-3970541193",
"protocol": "tcp",
"security_group_id": "sg-0254c038e32f25530",
"self": true,
"source_security_group_id": "sg-0254c038e32f25530",
"to_port": 65535,
"type": "ingress"
}
},
{
"Id": "sgrule-1872529830",
"Type": "aws_security_group_rule",
"Attrs": {
"description": "",
"from_port": 0,
"id": "sgrule-1872529830",
"protocol": "icmp",
"security_group_id": "sg-0254c038e32f25530",
"self": true,
"source_security_group_id": "sg-0254c038e32f25530",
"to_port": 0,
"type": "ingress"
}
},
{
"Id": "sgrule-894498715",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Stream",
"from_port": 10,
"id": "sgrule-894498715",
"protocol": "5",
"security_group_id": "sg-0cc8b3c3c2851705a",
"self": false,
"to_port": 55,
"type": "egress"
}
},
{
"Id": "sgrule-845917806",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Bar Full Open",
"from_port": 0,
"id": "sgrule-845917806",
"ipv6_cidr_blocks": [
"::/0"
],
"protocol": "-1",
"security_group_id": "sg-0cc8b3c3c2851705a",
"self": false,
"to_port": 0,
"type": "egress"
}
},
{
"Id": "sgrule-2471889226",
"Type": "aws_security_group_rule",
@ -191,5 +52,141 @@
"to_port": 0,
"type": "egress"
}
},
{
"Id": "sgrule-3970541193",
"Type": "aws_security_group_rule",
"Attrs": {
"description": "Test 1",
"from_port": 0,
"id": "sgrule-3970541193",
"protocol": "tcp",
"security_group_id": "sg-0254c038e32f25530",
"self": true,
"source_security_group_id": "sg-0254c038e32f25530",
"to_port": 65535,
"type": "ingress"
}
},
{
"Id": "sgrule-1872529830",
"Type": "aws_security_group_rule",
"Attrs": {
"from_port": 0,
"id": "sgrule-1872529830",
"protocol": "icmp",
"security_group_id": "sg-0254c038e32f25530",
"self": true,
"source_security_group_id": "sg-0254c038e32f25530",
"to_port": 0,
"type": "ingress"
}
},
{
"Id": "sgrule-845917806",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Bar Full Open",
"from_port": 0,
"id": "sgrule-845917806",
"ipv6_cidr_blocks": [
"::/0"
],
"protocol": "-1",
"security_group_id": "sg-0cc8b3c3c2851705a",
"self": false,
"to_port": 0,
"type": "egress"
}
},
{
"Id": "sgrule-2990167998",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Bar Full Open",
"from_port": 0,
"id": "sgrule-2990167998",
"ipv6_cidr_blocks": [
"::/0"
],
"protocol": "-1",
"security_group_id": "sg-06910b842af0d3a8f",
"self": false,
"to_port": 0,
"type": "egress"
}
},
{
"Id": "sgrule-3602495974",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Foo 1",
"from_port": 0,
"id": "sgrule-3602495974",
"protocol": "-1",
"security_group_id": "sg-0254c038e32f25530",
"self": false,
"to_port": 0,
"type": "ingress"
}
},
{
"Id": "sgrule-850043874",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Stream",
"id": "sgrule-850043874",
"protocol": "5",
"security_group_id": "sg-0cc8b3c3c2851705a",
"self": false,
"type": "egress"
}
},
{
"Id": "sgrule-294318973",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"1.2.0.0/16",
"5.6.7.0/24"
],
"description": "Foo 5",
"from_port": 0,
"id": "sgrule-294318973",
"protocol": "-1",
"security_group_id": "sg-0254c038e32f25530",
"self": false,
"to_port": 0,
"type": "ingress"
}
},
{
"Id": "sgrule-752281532",
"Type": "aws_security_group_rule",
"Attrs": {
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Bar Full Open",
"from_port": 0,
"id": "sgrule-752281532",
"protocol": "tcp",
"security_group_id": "sg-0d290f68e48de546b",
"self": false,
"to_port": 0,
"type": "egress"
}
}
]

20
pkg/middlewares/vpc_security_group_default_test.go
View File

@ -3,7 +3,6 @@ package middlewares
import (
"testing"
awssdk "github.com/aws/aws-sdk-go/aws"
"github.com/cloudskiff/driftctl/pkg/resource"
"github.com/cloudskiff/driftctl/pkg/resource/aws"
)
@ -15,21 +14,21 @@ func TestDefaultVPCSecurityGroupShouldBeIgnored(t *testing.T) {
Id: "sg-test",
Type: aws.AwsSecurityGroupResourceType,
Attrs: &resource.Attributes{
"name": awssdk.String("test"),
"name": "test",
},
},
&resource.AbstractResource{
Id: "sg-foo",
Type: aws.AwsSecurityGroupResourceType,
Attrs: &resource.Attributes{
"name": awssdk.String("foo"),
"name": "foo",
},
},
&resource.AbstractResource{
Id: "sg-default",
Type: aws.AwsDefaultSecurityGroupResourceType,
Attrs: &resource.Attributes{
"name": awssdk.String("default"),
"name": "default",
},
},
}
@ -38,7 +37,7 @@ func TestDefaultVPCSecurityGroupShouldBeIgnored(t *testing.T) {
Id: "sg-bar",
Type: aws.AwsSecurityGroupResourceType,
Attrs: &resource.Attributes{
"name": awssdk.String("bar"),
"name": "bar",
},
},
}
@ -58,21 +57,21 @@ func TestDefaultVPCSecurityGroupShouldNotBeIgnoredWhenManaged(t *testing.T) {
Id: "sg-test",
Type: aws.AwsSecurityGroupResourceType,
Attrs: &resource.Attributes{
"name": awssdk.String("test"),
"name": "test",
},
},
&resource.AbstractResource{
Id: "sg-foo",
Type: aws.AwsSecurityGroupResourceType,
Attrs: &resource.Attributes{
"name": awssdk.String("foo"),
"name": "foo",
},
},
&resource.AbstractResource{
Id: "sg-default",
Type: aws.AwsDefaultSecurityGroupResourceType,
Attrs: &resource.Attributes{
"name": awssdk.String("default"),
"name": "default",
},
},
}
@ -81,7 +80,7 @@ func TestDefaultVPCSecurityGroupShouldNotBeIgnoredWhenManaged(t *testing.T) {
Id: "sg-default",
Type: aws.AwsDefaultSecurityGroupResourceType,
Attrs: &resource.Attributes{
"name": awssdk.String("default"),
"name": "default",
},
},
}
@ -93,8 +92,7 @@ func TestDefaultVPCSecurityGroupShouldNotBeIgnoredWhenManaged(t *testing.T) {
t.Error("Default security group was ignored")
}
managedDefaultSecurityGroup := remoteResources[2].(*resource.AbstractResource)
name, _ := managedDefaultSecurityGroup.Attrs.Get("name")
if *name.(*string) != "default" {
if *managedDefaultSecurityGroup.Attrs.GetString("name") != "default" {
t.Error("Default security group is ignored when it should not be")
}
}

63
pkg/middlewares/vpc_security_group_rules.go
View File

@ -18,7 +18,7 @@ func NewVPCSecurityGroupRuleSanitizer(resourceFactory resource.ResourceFactory)
}
}
func (m VPCSecurityGroupRuleSanitizer) Execute(_, resourcesFromState *[]resource.Resource) error {
func (m VPCSecurityGroupRuleSanitizer) Execute(remoteResources, resourcesFromState *[]resource.Resource) error {
newStateResources := make([]resource.Resource, 0)
for _, stateResource := range *resourcesFromState {
@ -31,51 +31,55 @@ func (m VPCSecurityGroupRuleSanitizer) Execute(_, resourcesFromState *[]resource
rule, _ := stateResource.(*resource.AbstractResource)
if !shouldBeSplit(rule) {
rule.Attrs.SafeDelete([]string{"self"})
newStateResources = append(newStateResources, stateResource)
continue
}
if rule.Attrs.GetStringSlice("cidr_blocks") != nil && len(rule.Attrs.GetStringSlice("cidr_blocks")) > 0 {
for _, ipRange := range rule.Attrs.GetStringSlice("cidr_blocks") {
if rule.Attrs.GetSlice("cidr_blocks") != nil && len(rule.Attrs.GetSlice("cidr_blocks")) > 0 {
for _, ipRange := range rule.Attrs.GetSlice("cidr_blocks") {
attrs := rule.Attrs.Copy()
attrs.Set("cidr_blocks", &[]string{ipRange})
attrs.Set("ipv6_cidr_blocks", &[]string{})
attrs.Set("prefix_list_ids", &[]string{})
_ = attrs.SafeSet([]string{"cidr_blocks"}, []interface{}{ipRange})
_ = attrs.SafeSet([]string{"ipv6_cidr_blocks"}, []interface{}{})
_ = attrs.SafeSet([]string{"prefix_list_ids"}, []interface{}{})
res := m.createRule(attrs)
logrus.WithFields(logrus.Fields{
"formerRuleId": rule.TerraformId(),
"newRuleId": res.TerraformId(),
}).Debug("Splitting aws_security_group_rule")
res.Attrs.SafeDelete([]string{"self"})
newStateResources = append(newStateResources, res)
}
}
if rule.Attrs.GetStringSlice("ipv6_cidr_blocks") != nil && len(rule.Attrs.GetStringSlice("ipv6_cidr_blocks")) > 0 {
for _, ipRange := range rule.Attrs.GetStringSlice("ipv6_cidr_blocks") {
if rule.Attrs.GetSlice("ipv6_cidr_blocks") != nil && len(rule.Attrs.GetSlice("ipv6_cidr_blocks")) > 0 {
for _, ipRange := range rule.Attrs.GetSlice("ipv6_cidr_blocks") {
attrs := rule.Attrs.Copy()
attrs.Set("cidr_blocks", &[]string{})
attrs.Set("ipv6_cidr_blocks", &[]string{ipRange})
attrs.Set("prefix_list_ids", &[]string{})
_ = attrs.SafeSet([]string{"cidr_blocks"}, []interface{}{})
_ = attrs.SafeSet([]string{"ipv6_cidr_blocks"}, []interface{}{ipRange})
_ = attrs.SafeSet([]string{"prefix_list_ids"}, []interface{}{})
res := m.createRule(attrs)
logrus.WithFields(logrus.Fields{
"formerRuleId": rule.TerraformId(),
"newRuleId": res.TerraformId(),
}).Debug("Splitting aws_security_group_rule")
res.Attrs.SafeDelete([]string{"self"})
newStateResources = append(newStateResources, res)
}
}
if rule.Attrs.GetStringSlice("prefix_list_ids") != nil && len(rule.Attrs.GetStringSlice("prefix_list_ids")) > 0 {
for _, listId := range rule.Attrs.GetStringSlice("prefix_list_ids") {
if rule.Attrs.GetSlice("prefix_list_ids") != nil && len(rule.Attrs.GetSlice("prefix_list_ids")) > 0 {
for _, listId := range rule.Attrs.GetSlice("prefix_list_ids") {
attrs := rule.Attrs.Copy()
attrs.Set("cidr_blocks", &[]string{})
attrs.Set("ipv6_cidr_blocks", &[]string{})
attrs.Set("prefix_list_ids", &[]string{listId})
_ = attrs.SafeSet([]string{"cidr_blocks"}, []interface{}{})
_ = attrs.SafeSet([]string{"ipv6_cidr_blocks"}, []interface{}{})
_ = attrs.SafeSet([]string{"prefix_list_ids"}, []interface{}{listId})
res := m.createRule(attrs)
logrus.WithFields(logrus.Fields{
"formerRuleId": rule.TerraformId(),
"newRuleId": res.TerraformId(),
}).Debug("Splitting aws_security_group_rule")
res.Attrs.SafeDelete([]string{"self"})
newStateResources = append(newStateResources, res)
}
}
@ -83,20 +87,29 @@ func (m VPCSecurityGroupRuleSanitizer) Execute(_, resourcesFromState *[]resource
if (rule.Attrs.GetBool("self") != nil && *rule.Attrs.GetBool("self")) ||
(rule.Attrs.GetString("source_security_group_id") != nil && *rule.Attrs.GetString("source_security_group_id") != "") {
attrs := rule.Attrs.Copy()
attrs.Set("cidr_blocks", &[]string{})
attrs.Set("ipv6_cidr_blocks", &[]string{})
attrs.Set("prefix_list_ids", &[]string{})
_ = attrs.SafeSet([]string{"cidr_blocks"}, []interface{}{})
_ = attrs.SafeSet([]string{"ipv6_cidr_blocks"}, []interface{}{})
_ = attrs.SafeSet([]string{"prefix_list_ids"}, []interface{}{})
res := m.createRule(attrs)
logrus.WithFields(logrus.Fields{
"formerRuleId": rule.TerraformId(),
"newRuleId": res.TerraformId(),
}).Debug("Splitting aws_security_group_rule")
res.Attrs.SafeDelete([]string{"self"})
newStateResources = append(newStateResources, res)
}
}
*resourcesFromState = newStateResources
for _, res := range *remoteResources {
if res.TerraformType() != resourceaws.AwsSecurityGroupRuleResourceType {
continue
}
rule, _ := res.(*resource.AbstractResource)
rule.Attrs.SafeDelete([]string{"self"})
}
return nil
}
@ -122,16 +135,16 @@ func (m *VPCSecurityGroupRuleSanitizer) createRule(res *resource.Attributes) *re
func shouldBeSplit(r *resource.AbstractResource) bool {
var i int
if r.Attrs.GetStringSlice("cidr_blocks") != nil && len(r.Attrs.GetStringSlice("cidr_blocks")) > 0 {
i += len(r.Attrs.GetStringSlice("cidr_blocks"))
if r.Attrs.GetSlice("cidr_blocks") != nil && len(r.Attrs.GetSlice("cidr_blocks")) > 0 {
i += len(r.Attrs.GetSlice("cidr_blocks"))
}
if r.Attrs.GetStringSlice("ipv6_cidr_blocks") != nil && len(r.Attrs.GetStringSlice("ipv6_cidr_blocks")) > 0 {
i += len(r.Attrs.GetStringSlice("ipv6_cidr_blocks"))
if r.Attrs.GetSlice("ipv6_cidr_blocks") != nil && len(r.Attrs.GetSlice("ipv6_cidr_blocks")) > 0 {
i += len(r.Attrs.GetSlice("ipv6_cidr_blocks"))
}
if r.Attrs.GetStringSlice("prefix_list_ids") != nil && len(r.Attrs.GetStringSlice("prefix_list_ids")) > 0 {
i += len(r.Attrs.GetStringSlice("prefix_list_ids"))
if r.Attrs.GetSlice("prefix_list_ids") != nil && len(r.Attrs.GetSlice("prefix_list_ids")) > 0 {
i += len(r.Attrs.GetSlice("prefix_list_ids"))
}
if r.Attrs.GetBool("self") != nil && *r.Attrs.GetBool("self") ||

38
pkg/middlewares/vpc_security_group_rules_test.go
View File

@ -17,28 +17,28 @@ func TestVPCSecurityGroupRuleSanitizer(t *testing.T) {
&resource.AbstractResource{
Id: "sgrule-1175318309",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: nil,
Attrs: &resource.Attributes{},
}, nil)
factory.On("CreateAbstractResource", aws.AwsSecurityGroupRuleResourceType, "sgrule-2582518759", mock.Anything).Times(1).Return(
&resource.AbstractResource{
Id: "sgrule-2582518759",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: nil,
Attrs: &resource.Attributes{},
}, nil)
factory.On("CreateAbstractResource", aws.AwsSecurityGroupRuleResourceType, "sgrule-2165103420", mock.Anything).Times(1).Return(
&resource.AbstractResource{
Id: "sgrule-2165103420",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: nil,
Attrs: &resource.Attributes{},
}, nil)
factory.On("CreateAbstractResource", aws.AwsSecurityGroupRuleResourceType, "sgrule-350400929", mock.Anything).Times(1).Return(
&resource.AbstractResource{
Id: "sgrule-350400929",
Type: aws.AwsSecurityGroupRuleResourceType,
Attrs: nil,
Attrs: &resource.Attributes{},
}, nil)
middleware := NewVPCSecurityGroupRuleSanitizer(factory)
@ -60,8 +60,8 @@ func TestVPCSecurityGroupRuleSanitizer(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "tcp",
"from_port": 0,
"to_port": 65535,
"from_port": float64(0),
"to_port": float64(65535),
"self": true,
"source_security_group_id": "sg-0254c038e32f25530",
},
@ -74,10 +74,10 @@ func TestVPCSecurityGroupRuleSanitizer(t *testing.T) {
"type": "egress",
"security_group_id": "sg-0cc8b3c3c2851705a",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"0.0.0.0/0"},
"ipv6_cidr_blocks": &[]string{"::/0"},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"0.0.0.0/0"},
"ipv6_cidr_blocks": []interface{}{"::/0"},
},
},
&resource.AbstractResource{
@ -88,9 +88,9 @@ func TestVPCSecurityGroupRuleSanitizer(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "-1",
"from_port": 0,
"to_port": 0,
"cidr_blocks": &[]string{"1.2.0.0/16", "5.6.7.0/24"},
"from_port": float64(0),
"to_port": float64(0),
"cidr_blocks": []interface{}{"1.2.0.0/16", "5.6.7.0/24"},
},
},
&resource.AbstractResource{
@ -101,9 +101,9 @@ func TestVPCSecurityGroupRuleSanitizer(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "tcp",
"from_port": 0,
"to_port": 0,
"prefix_list_id": &[]string{"pl-abb451c2"},
"from_port": float64(0),
"to_port": float64(0),
"prefix_list_id": []interface{}{"pl-abb451c2"},
},
},
&resource.AbstractResource{
@ -114,9 +114,9 @@ func TestVPCSecurityGroupRuleSanitizer(t *testing.T) {
"type": "ingress",
"security_group_id": "sg-0254c038e32f25530",
"protocol": "tcp",
"from_port": 0,
"to_port": 65535,
"prefix_list_id": &[]string{"sg-9e0204ff"},
"from_port": float64(0),
"to_port": float64(65535),
"prefix_list_id": []interface{}{"sg-9e0204ff"},
},
},
}

3
pkg/resource/aws/aws_ami.go
View File

@ -58,7 +58,8 @@ func (r *AwsAmi) CtyValue() *cty.Value {
}
func initAwsAmiMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsAmiResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsAmiResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
})
}

3
pkg/resource/aws/aws_cloudfront_distribution.go
View File

@ -161,7 +161,8 @@ func (r *AwsCloudfrontDistribution) CtyValue() *cty.Value {
}
func initAwsCloudfrontDistributionMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsCloudfrontDistributionResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsCloudfrontDistributionResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"etag"})
val.SafeDelete([]string{"last_modified_time"})
val.SafeDelete([]string{"retain_on_delete"})

3
pkg/resource/aws/aws_db_instance.go
View File

@ -102,7 +102,8 @@ func (r *AwsDbInstance) CtyValue() *cty.Value {
}
func initAwsDbInstanceMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsDbInstanceResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsDbInstanceResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"delete_automated_backups"})
val.SafeDelete([]string{"final_snapshot_identifier"})
val.SafeDelete([]string{"latest_restorable_time"})

3
pkg/resource/aws/aws_db_subnet_group.go
View File

@ -32,7 +32,8 @@ func (r *AwsDbSubnetGroup) CtyValue() *cty.Value {
}
func initAwsDbSubnetGroupMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsDbSubnetGroupResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsDbSubnetGroupResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"name_prefix"})
})
}

3
pkg/resource/aws/aws_default_security_group.go
View File

@ -55,7 +55,8 @@ func (r *AwsDefaultSecurityGroup) CtyValue() *cty.Value {
}
func initAwsDefaultSecurityGroupMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsDefaultSecurityGroupResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsDefaultSecurityGroupResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"revoke_rules_on_delete"})
val.SafeDelete([]string{"ingress"})
val.SafeDelete([]string{"egress"})

3
pkg/resource/aws/aws_default_subnet.go
View File

@ -43,7 +43,8 @@ func (r *AwsDefaultSubnet) CtyValue() *cty.Value {
}
func initAwsDefaultSubnetMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsDefaultSubnetResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsDefaultSubnetResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
})
}

3
pkg/resource/aws/aws_dynamodb_table.go
View File

@ -76,7 +76,8 @@ func (r *AwsDynamodbTable) CtyValue() *cty.Value {
}
func initAwsDynamodbTableMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsDynamodbTableResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsDynamodbTableResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
})
}

3
pkg/resource/aws/aws_ebs_snapshot.go
View File

@ -40,7 +40,8 @@ func (r *AwsEbsSnapshot) CtyValue() *cty.Value {
}
func initAwsEbsSnapshotMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsEbsSnapshotResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsEbsSnapshotResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
})
}

3
pkg/resource/aws/aws_ebs_volume.go
View File

@ -37,7 +37,8 @@ func (r *AwsEbsVolume) CtyValue() *cty.Value {
}
func initAwsEbsVolumeMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsEbsVolumeResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsEbsVolumeResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"arn"})
val.SafeDelete([]string{"outpost_arn"})
val.SafeDelete([]string{"snapshot_id"})

3
pkg/resource/aws/aws_ecr_repository.go
View File

@ -42,7 +42,8 @@ func (r *AwsEcrRepository) CtyValue() *cty.Value {
}
func initAwsEcrRepositoryMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsEcrRepositoryResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsEcrRepositoryResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
})
}

3
pkg/resource/aws/aws_eip.go
View File

@ -47,7 +47,8 @@ func (r *AwsEip) CtyValue() *cty.Value {
}
func initAwsEipMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsEipResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsEipResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
})
}

3
pkg/resource/aws/aws_iam_access_key.go
View File

@ -33,7 +33,8 @@ func (r *AwsIamAccessKey) CtyValue() *cty.Value {
}
func initAwsIAMAccessKeyMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamAccessKeyResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamAccessKeyResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
// As we can't read secrets from aws API once access_key created we need to set
// fields retrieved from state to nil to avoid drift
// We can't detect drift if we cannot retrieve latest value from aws API for fields like secrets, passwords etc ...

3
pkg/resource/aws/aws_iam_policy.go
View File

@ -38,7 +38,8 @@ func initAwsIAMPolicyMetaData(resourceSchemaRepository resource.SchemaRepository
attributeSchema.JsonString = true
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsIamPolicyResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamPolicyResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
jsonString, err := helpers.NormalizeJsonString((*val)["policy"])
if err == nil {
val.SafeSet([]string{"policy"}, jsonString)

3
pkg/resource/aws/aws_iam_policy_attachment.go
View File

@ -31,7 +31,8 @@ func (r *AwsIamPolicyAttachment) CtyValue() *cty.Value {
}
func initAwsIAMPolicyAttachmentMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamPolicyAttachmentResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamPolicyAttachmentResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"name"})
})
}

3
pkg/resource/aws/aws_iam_role.go
View File

@ -43,7 +43,8 @@ func initAwsIAMRoleMetaData(resourceSchemaRepository resource.SchemaRepositoryIn
attributeSchema.JsonString = true
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsIamRoleResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamRoleResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"force_detach_policies"})
})
}

3
pkg/resource/aws/aws_iam_user.go
View File

@ -33,7 +33,8 @@ func (r *AwsIamUser) CtyValue() *cty.Value {
}
func initAwsIAMUserMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamUserResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamUserResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
permissionsBoundary, exist := val.Get("permissions_boundary")
if exist && permissionsBoundary == "" {
val.SafeDelete([]string{"permissions_boundary"})

3
pkg/resource/aws/aws_instance.go
View File

@ -107,7 +107,8 @@ func (r *AwsInstance) CtyValue() *cty.Value {
}
func initAwsInstanceMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsInstanceResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsInstanceResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
val.SafeDelete([]string{"instance_initiated_shutdown_behavior"})
})

3
pkg/resource/aws/aws_key_pair.go
View File

@ -33,7 +33,8 @@ func (r *AwsKeyPair) CtyValue() *cty.Value {
}
func initAwsKeyPairMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsKeyPairResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsKeyPairResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"key_name_prefix"})
val.SafeDelete([]string{"public_key"})
})

3
pkg/resource/aws/aws_kms_alias.go
View File

@ -31,7 +31,8 @@ func (r *AwsKmsAlias) CtyValue() *cty.Value {
}
func initAwsKmsAliasMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsKmsAliasResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsKmsAliasResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"name"})
val.SafeDelete([]string{"name_prefix"})
})

3
pkg/resource/aws/aws_kms_key.go
View File

@ -42,7 +42,8 @@ func initAwsKmsKeyMetaData(resourceSchemaRepository resource.SchemaRepositoryInt
attributeSchema.JsonString = true
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsKmsKeyResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsKmsKeyResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"deletion_window_in_days"})
jsonString, err := helpers.NormalizeJsonString((*val)["policy"])
if err != nil {

3
pkg/resource/aws/aws_lambda_event_source_mapping.go
View File

@ -48,7 +48,8 @@ func (r *AwsLambdaEventSourceMapping) CtyValue() *cty.Value {
}
func initAwsLambdaEventSourceMappingMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsLambdaEventSourceMappingResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsLambdaEventSourceMappingResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"state_transition_reason"})
val.SafeDelete([]string{"state"})
val.SafeDelete([]string{"starting_position_timestamp"})

3
pkg/resource/aws/aws_lambda_function.go
View File

@ -80,7 +80,8 @@ func (r *AwsLambdaFunction) CtyValue() *cty.Value {
}
func initAwsLambdaFunctionMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsLambdaFunctionResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsLambdaFunctionResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
val.SafeDelete([]string{"publish"})
val.SafeDelete([]string{"last_modified"})

3
pkg/resource/aws/aws_route.go
View File

@ -46,7 +46,8 @@ func (r *AwsRoute) CtyValue() *cty.Value {
}
func initAwsRouteMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsRouteResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsRouteResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
val.DeleteIfDefault("vpc_endpoint_id")

3
pkg/resource/aws/aws_route53_record.go
View File

@ -55,7 +55,8 @@ func (r *AwsRoute53Record) CtyValue() *cty.Value {
}
func initAwsRoute53RecordMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsRoute53RecordResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsRoute53RecordResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.DeleteIfDefault("health_check_id")
val.DeleteIfDefault("set_identifier")
val.DeleteIfDefault("ttl")

3
pkg/resource/aws/aws_route53_zone.go
View File

@ -37,7 +37,8 @@ func (r *AwsRoute53Zone) CtyValue() *cty.Value {
}
func initAwsRoute53ZoneMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsRoute53ZoneResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsRoute53ZoneResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"force_destroy"})
})
}

3
pkg/resource/aws/aws_s3_bucket.go
View File

@ -142,7 +142,8 @@ func initAwsS3BucketMetaData(resourceSchemaRepository resource.SchemaRepositoryI
attributeSchema.JsonString = true
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsS3BucketResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsS3BucketResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"force_destroy"})
})
}

3
pkg/resource/aws/aws_s3_bucket_policy.go
View File

@ -34,7 +34,8 @@ func initAwsS3BucketPolicyMetaData(resourceSchemaRepository resource.SchemaRepos
attributeSchema.JsonString = true
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsS3BucketPolicyResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsS3BucketPolicyResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
jsonString, err := helpers.NormalizeJsonString((*val)["policy"])
if err != nil {
return

3
pkg/resource/aws/aws_security_group.go
View File

@ -61,7 +61,8 @@ func (r *AwsSecurityGroup) CtyValue() *cty.Value {
}
func initAwsSecurityGroupMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsSecurityGroupResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsSecurityGroupResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"revoke_rules_on_delete"})
val.SafeDelete([]string{"timeouts"})

29
pkg/resource/aws/aws_security_group_rule.go
View File

@ -53,20 +53,20 @@ func CreateSecurityGroupRuleIdHash(attrs *resource.Attributes) string {
buf.WriteString(fmt.Sprintf("%s-", *attrs.GetString("protocol")))
buf.WriteString(fmt.Sprintf("%s-", *attrs.GetString("type")))
if attrs.GetStringSlice("cidr_blocks") != nil {
for _, v := range attrs.GetStringSlice("cidr_blocks") {
if attrs.GetSlice("cidr_blocks") != nil {
for _, v := range attrs.GetSlice("cidr_blocks") {
buf.WriteString(fmt.Sprintf("%s-", v))
}
}
if attrs.GetStringSlice("ipv6_cidr_blocks") != nil {
for _, v := range attrs.GetStringSlice("ipv6_cidr_blocks") {
if attrs.GetSlice("ipv6_cidr_blocks") != nil {
for _, v := range attrs.GetSlice("ipv6_cidr_blocks") {
buf.WriteString(fmt.Sprintf("%s-", v))
}
}
if attrs.GetStringSlice("prefix_list_ids") != nil {
for _, v := range attrs.GetStringSlice("prefix_list_ids") {
if attrs.GetSlice("prefix_list_ids") != nil {
for _, v := range attrs.GetSlice("prefix_list_ids") {
buf.WriteString(fmt.Sprintf("%s-", v))
}
}
@ -85,17 +85,14 @@ func CreateSecurityGroupRuleIdHash(attrs *resource.Attributes) string {
}
func initAwsSecurityGroupRuleMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsDefaultSecurityGroupResourceType, func(val *resource.Attributes) {
val.SafeDelete([]string{"self"})
if sgid := val.GetString("security_group_id"); sgid != nil && *sgid == "" {
val.SafeDelete([]string{"security_group_id"})
}
resourceSchemaRepository.SetNormalizeFunc(AwsSecurityGroupRuleResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.DeleteIfDefault("security_group_id")
val.DeleteIfDefault("source_security_group_id")
// On first run, this field is set to null in state file and to "" after one refresh or apply
// This ensure that if we find a nil value we dont drift
if desc := val.GetString("description"); desc != nil && *desc == "" {
val.SafeDelete([]string{"description"})
}
val.DeleteIfDefault("description")
// If protocol is all (e.g. -1), tcp, udp, icmp or icmpv6 then we leave the resource untouched
// Else we delete the FromPort/ToPort and recreate the rule's id
@ -106,6 +103,8 @@ func initAwsSecurityGroupRuleMetaData(resourceSchemaRepository resource.SchemaRe
val.SafeDelete([]string{"from_port"})
val.SafeDelete([]string{"to_port"})
val.Set("id", CreateSecurityGroupRuleIdHash(val))
id := CreateSecurityGroupRuleIdHash(val)
val.SafeSet([]string{"id"}, id)
res.Id = id
})
}

3
pkg/resource/aws/aws_sns_topic.go
View File

@ -55,7 +55,8 @@ func initSnsTopicMetaData(resourceSchemaRepository resource.SchemaRepositoryInte
attributeSchema.JsonString = true
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsSnsTopicResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsSnsTopicResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.DeleteIfDefault("sqs_success_feedback_sample_rate")
val.DeleteIfDefault("lambda_success_feedback_sample_rate")
val.DeleteIfDefault("http_success_feedback_sample_rate")

3
pkg/resource/aws/aws_sns_topic_policy.go
View File

@ -36,7 +36,8 @@ func initSnsTopicPolicyMetaData(resourceSchemaRepository resource.SchemaReposito
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsSnsTopicPolicyResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsSnsTopicPolicyResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
jsonString, err := helpers.NormalizeJsonString((*val)["policy"])
if err != nil {
return

3
pkg/resource/aws/aws_sns_topic_subscription.go
View File

@ -46,7 +46,8 @@ func initSnsTopicSubscriptionMetaData(resourceSchemaRepository resource.SchemaRe
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsSnsTopicSubscriptionResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsSnsTopicSubscriptionResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
jsonString, err := helpers.NormalizeJsonString((*val)["delivery_policy"])
if err == nil {
val.SafeSet([]string{"delivery_policy"}, jsonString)

3
pkg/resource/aws/aws_sqs_queue_policy.go
View File

@ -35,7 +35,8 @@ func initAwsSqsQueuePolicyMetaData(resourceSchemaRepository resource.SchemaRepos
attributeSchema.JsonString = true
},
})
resourceSchemaRepository.SetNormalizeFunc(AwsSqsQueuePolicyResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsSqsQueuePolicyResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
jsonString, err := helpers.NormalizeJsonString((*val)["policy"])
if err != nil {
return

3
pkg/resource/aws/aws_subnet.go
View File

@ -43,7 +43,8 @@ func (r *AwsSubnet) CtyValue() *cty.Value {
}
func initAwsSubnetMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsSubnetResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(AwsSubnetResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"timeouts"})
})
}

3
pkg/resource/github/github_branch_protection.go
View File

@ -43,7 +43,8 @@ func (r *GithubBranchProtection) CtyValue() *cty.Value {
}
func initGithubBranchProtectionMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(GithubBranchProtectionResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(GithubBranchProtectionResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"repository_id"}) // Terraform provider is always returning nil
})
}

3
pkg/resource/github/github_membership.go
View File

@ -29,7 +29,8 @@ func (r *GithubMembership) CtyValue() *cty.Value {
}
func initGithubMembershipMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(GithubMembershipResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(GithubMembershipResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"etag"})
})
}

3
pkg/resource/github/github_repository.go
View File

@ -71,7 +71,8 @@ func (r *GithubRepository) CtyValue() *cty.Value {
}
func initGithubRepositoryMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(GithubRepositoryResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(GithubRepositoryResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"auto_init"})
val.SafeDelete([]string{"etag"})
})

3
pkg/resource/github/github_team.go
View File

@ -36,7 +36,8 @@ func (r *GithubTeam) CtyValue() *cty.Value {
}
func initGithubTeamMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(GithubTeamResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(GithubTeamResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
if defaultMaintainer, exist := val.Get("create_default_maintainer"); !exist || defaultMaintainer == nil {
(*val)["create_default_maintainer"] = false
}

3
pkg/resource/github/github_team_membership.go
View File

@ -30,7 +30,8 @@ func (r *GithubTeamMembership) CtyValue() *cty.Value {
}
func initGithubTeamMembershipMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(GithubTeamMembershipResourceType, func(val *resource.Attributes) {
resourceSchemaRepository.SetNormalizeFunc(GithubTeamMembershipResourceType, func(res *resource.AbstractResource) {
val := res.Attrs
val.SafeDelete([]string{"etag"})
})
}

21
pkg/resource/resource.go
View File

@ -186,7 +186,7 @@ func (a *Attributes) Copy() *Attributes {
res := Attributes{}
for key, value := range *a {
res.Set(key, value)
_ = res.SafeSet([]string{key}, value)
}
return &res
@ -202,7 +202,7 @@ func (a *Attributes) GetSlice(path string) []interface{} {
if !exist {
return nil
}
return *val.(*[]interface{})
return val.([]interface{})
}
func (a *Attributes) GetString(path string) *string {
@ -219,7 +219,7 @@ func (a *Attributes) GetStringSlice(path string) []string {
if !exist {
return nil
}
return *val.(*[]string)
return val.([]string)
}
func (a *Attributes) GetBool(path string) *bool {
@ -232,18 +232,23 @@ func (a *Attributes) GetBool(path string) *bool {
}
func (a *Attributes) GetInt(path string) *int {
val := a.GetFloat64(path)
if val == nil {
return nil
}
v := int(*val)
return &v
}
func (a *Attributes) GetFloat64(path string) *float64 {
val, exist := (*a)[path]
if !exist {
return nil
}
v := val.(int)
v := val.(float64)
return &v
}
func (a *Attributes) Set(path string, value interface{}) {
(*a)[path] = value
}
func (a *Attributes) SafeDelete(path []string) {
for i, key := range path {
if i == len(path)-1 {

6
pkg/resource/schemas.go
View File

@ -15,7 +15,7 @@ type AttributeSchema struct {
type Schema struct {
Attributes map[string]AttributeSchema
NormalizeFunc func(val *Attributes)
NormalizeFunc func(res *AbstractResource)
}
func (s *Schema) IsComputedField(path []string) bool {
@ -37,7 +37,7 @@ func (s *Schema) IsJsonStringField(path []string) bool {
type SchemaRepositoryInterface interface {
GetSchema(resourceType string) (*Schema, bool)
UpdateSchema(typ string, schemasMutators map[string]func(attributeSchema *AttributeSchema))
SetNormalizeFunc(typ string, normalizeFunc func(val *Attributes))
SetNormalizeFunc(typ string, normalizeFunc func(res *AbstractResource))
}
type SchemaRepository struct {
@ -101,7 +101,7 @@ func (r *SchemaRepository) UpdateSchema(typ string, schemasMutators map[string]f
}
}
func (r *SchemaRepository) SetNormalizeFunc(typ string, normalizeFunc func(val *Attributes)) {
func (r *SchemaRepository) SetNormalizeFunc(typ string, normalizeFunc func(res *AbstractResource)) {
metadata, exist := r.GetSchema(typ)
if !exist {
logrus.WithFields(logrus.Fields{"type": typ}).Warning("Unable to set normalize func, no schema found")

7
pkg/scanner.go
View File

@ -63,15 +63,14 @@ loop:
schema, exist := s.resourceSchemaRepository.GetSchema(res.TerraformType())
ctyAttr := resource.ToResourceAttributes(res.CtyValue())
ctyAttr.SanitizeDefaults()
if exist && schema.NormalizeFunc != nil {
schema.NormalizeFunc(ctyAttr)
}
newRes := &resource.AbstractResource{
Id: res.TerraformId(),
Type: res.TerraformType(),
Attrs: ctyAttr,
}
if exist && schema.NormalizeFunc != nil {
schema.NormalizeFunc(newRes)
}
results = append(results, newRes)
continue
}

14
pkg/terraform/resource_factory.go
View File

@ -54,14 +54,16 @@ func (r *TerraformResourceFactory) CreateAbstractResource(ty, id string, data ma
attributes := resource.Attributes(data)
attributes.SanitizeDefaults()
schema, exist := r.resourceSchemaRepository.(*resource.SchemaRepository).GetSchema(ty)
if exist && schema.NormalizeFunc != nil {
schema.NormalizeFunc(&attributes)
}
return &resource.AbstractResource{
res := resource.AbstractResource{
Id: id,
Type: ty,
Attrs: &attributes,
}
schema, exist := r.resourceSchemaRepository.(*resource.SchemaRepository).GetSchema(ty)
if exist && schema.NormalizeFunc != nil {
schema.NormalizeFunc(&res)
}
return &res
}