Add middleware
William Beuil
parent
3197b83938
commit
fad0147566
|
|
@ -38,6 +38,7 @@ func (d DriftCTL) Run() *analyser.Analysis {
|
|||
middlewares.NewVPCSecurityGroupRuleSanitizer(),
|
||||
middlewares.NewIamPolicyAttachmentSanitizer(),
|
||||
middlewares.AwsInstanceEIP{},
|
||||
middlewares.NewAwsDefaultInternetGatewayRoute(),
|
||||
middlewares.NewAwsDefaultInternetGateway(),
|
||||
middlewares.NewAwsDefaultVPC(),
|
||||
middlewares.NewAwsDefaultSubnet(),
|
||||
|
|
|
|||
|
|
@ -0,0 +1,72 @@
|
|||
package middlewares
|
||||
|
||||
import (
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// Each region has a default vpc which has an internet gateway attached and thus the route table of this
|
||||
// same vpc has a specific default route that should not be seen as unmanaged if not managed by IaC
|
||||
// This middleware ignores the above route from unmanaged resources if not managed by IaC
|
||||
type AwsDefaultInternetGatewayRoute struct{}
|
||||
|
||||
func NewAwsDefaultInternetGatewayRoute() AwsDefaultInternetGatewayRoute {
|
||||
return AwsDefaultInternetGatewayRoute{}
|
||||
}
|
||||
|
||||
func (m AwsDefaultInternetGatewayRoute) Execute(remoteResources, resourcesFromState *[]resource.Resource) error {
|
||||
newRemoteResources := make([]resource.Resource, 0)
|
||||
|
||||
for _, remoteResource := range *remoteResources {
|
||||
// Ignore all resources other than routes
|
||||
if remoteResource.TerraformType() != aws.AwsRouteResourceType {
|
||||
newRemoteResources = append(newRemoteResources, remoteResource)
|
||||
continue
|
||||
}
|
||||
|
||||
route, _ := remoteResource.(*aws.AwsRoute)
|
||||
// Ignore all routes except the one that came from the default internet gateway
|
||||
if !isDefaultInternetGatewayRoute(route, remoteResources) {
|
||||
newRemoteResources = append(newRemoteResources, remoteResource)
|
||||
continue
|
||||
}
|
||||
|
||||
// Check if route is managed by IaC
|
||||
existInState := false
|
||||
for _, stateResource := range *resourcesFromState {
|
||||
if resource.IsSameResource(remoteResource, stateResource) {
|
||||
existInState = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
// Include resource if it's managed in IaC
|
||||
if existInState {
|
||||
newRemoteResources = append(newRemoteResources, remoteResource)
|
||||
continue
|
||||
}
|
||||
|
||||
// Else, resource is not added to newRemoteResources slice so it will be ignored
|
||||
logrus.WithFields(logrus.Fields{
|
||||
"route": route.String(),
|
||||
"id": route.TerraformId(),
|
||||
"type": route.TerraformType(),
|
||||
}).Debug("Ignoring default internet gateway route as it is not managed by IaC")
|
||||
}
|
||||
|
||||
*remoteResources = newRemoteResources
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// Return true if the route's target is the default internet gateway (e.g. attached to the default vpc)
|
||||
func isDefaultInternetGatewayRoute(route *aws.AwsRoute, remoteResources *[]resource.Resource) bool {
|
||||
for _, remoteResource := range *remoteResources {
|
||||
if remoteResource.TerraformType() == aws.AwsInternetGatewayResourceType &&
|
||||
isDefaultInternetGateway(remoteResource.(*aws.AwsInternetGateway), remoteResources) {
|
||||
return route.GatewayId != nil && *route.GatewayId == remoteResource.TerraformId()
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
|
@ -0,0 +1,141 @@
|
|||
package middlewares
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
awssdk "github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/awsutil"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource"
|
||||
"github.com/cloudskiff/driftctl/pkg/resource/aws"
|
||||
"github.com/r3labs/diff/v2"
|
||||
)
|
||||
|
||||
func TestAwsDefaultInternetGatewayRoute_Execute(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
remoteResources []resource.Resource
|
||||
resourcesFromState []resource.Resource
|
||||
expected []resource.Resource
|
||||
}{
|
||||
{
|
||||
"default internet gateway route is not ignored when managed by IaC",
|
||||
[]resource.Resource{
|
||||
&aws.AwsDefaultVpc{
|
||||
Id: "default-vpc",
|
||||
},
|
||||
&aws.AwsInternetGateway{
|
||||
Id: "default-igw",
|
||||
VpcId: awssdk.String("default-vpc"),
|
||||
},
|
||||
&aws.AwsDefaultRouteTable{
|
||||
Id: "default-route-table",
|
||||
VpcId: awssdk.String("default-vpc"),
|
||||
},
|
||||
&aws.AwsRoute{
|
||||
Id: "default-igw-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("default-igw"),
|
||||
},
|
||||
&aws.AwsRoute{
|
||||
Id: "dummy-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("local"),
|
||||
},
|
||||
},
|
||||
[]resource.Resource{
|
||||
&aws.AwsRoute{
|
||||
Id: "default-igw-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("default-igw"),
|
||||
},
|
||||
},
|
||||
[]resource.Resource{
|
||||
&aws.AwsDefaultVpc{
|
||||
Id: "default-vpc",
|
||||
},
|
||||
&aws.AwsInternetGateway{
|
||||
Id: "default-igw",
|
||||
VpcId: awssdk.String("default-vpc"),
|
||||
},
|
||||
&aws.AwsDefaultRouteTable{
|
||||
Id: "default-route-table",
|
||||
VpcId: awssdk.String("default-vpc"),
|
||||
},
|
||||
&aws.AwsRoute{
|
||||
Id: "default-igw-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("default-igw"),
|
||||
},
|
||||
&aws.AwsRoute{
|
||||
Id: "dummy-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("local"),
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
"default internet gateway route is ignored when not managed by IaC",
|
||||
[]resource.Resource{
|
||||
&aws.AwsDefaultVpc{
|
||||
Id: "default-vpc",
|
||||
},
|
||||
&aws.AwsInternetGateway{
|
||||
Id: "default-igw",
|
||||
VpcId: awssdk.String("default-vpc"),
|
||||
},
|
||||
&aws.AwsDefaultRouteTable{
|
||||
Id: "default-route-table",
|
||||
VpcId: awssdk.String("default-vpc"),
|
||||
},
|
||||
&aws.AwsRoute{
|
||||
Id: "default-igw-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("default-igw"),
|
||||
},
|
||||
&aws.AwsRoute{
|
||||
Id: "dummy-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("local"),
|
||||
},
|
||||
},
|
||||
[]resource.Resource{},
|
||||
[]resource.Resource{
|
||||
&aws.AwsDefaultVpc{
|
||||
Id: "default-vpc",
|
||||
},
|
||||
&aws.AwsInternetGateway{
|
||||
Id: "default-igw",
|
||||
VpcId: awssdk.String("default-vpc"),
|
||||
},
|
||||
&aws.AwsDefaultRouteTable{
|
||||
Id: "default-route-table",
|
||||
VpcId: awssdk.String("default-vpc"),
|
||||
},
|
||||
&aws.AwsRoute{
|
||||
Id: "dummy-route",
|
||||
RouteTableId: awssdk.String("default-route-table"),
|
||||
GatewayId: awssdk.String("local"),
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
m := NewAwsDefaultInternetGatewayRoute()
|
||||
err := m.Execute(&tt.remoteResources, &tt.resourcesFromState)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
changelog, err := diff.Diff(tt.expected, tt.remoteResources)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if len(changelog) > 0 {
|
||||
for _, change := range changelog {
|
||||
t.Errorf("%s got = %v, want %v", strings.Join(change.Path, "."), awsutil.Prettify(change.From), awsutil.Prettify(change.To))
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue