Merge pull request #508 from cloudskiff/refacto_aws_iam_access_key

Refacto aws_iam_access_key

pkg/iac/terraform/state/test/iam_access_key_multiple/result.golden.json

@@ -1,46 +1,38 @@
 [
  {
-  "EncryptedSecret": null,
   "Id": "AKIA5QYBVVD223VWU32A",
-  "KeyFingerprint": null,
-  "PgpKey": null,
-  "Secret": null,
-  "SesSmtpPasswordV4": null,
-  "Status": "Active",
-  "User": "test-driftctl",
-  "CtyVal": {}
+  "Type": "aws_iam_access_key",
+  "Attrs": {
+   "id": "AKIA5QYBVVD223VWU32A",
+   "status": "Active",
+   "user": "test-driftctl"
+  }
  },
  {
-  "EncryptedSecret": null,
   "Id": "AKIA5QYBVVD2QYI36UZP",
-  "KeyFingerprint": null,
-  "PgpKey": null,
-  "Secret": null,
-  "SesSmtpPasswordV4": null,
-  "Status": "Active",
-  "User": "test-driftctl",
-  "CtyVal": {}
+  "Type": "aws_iam_access_key",
+  "Attrs": {
+   "id": "AKIA5QYBVVD2QYI36UZP",
+   "status": "Active",
+   "user": "test-driftctl"
+  }
  },
  {
-  "EncryptedSecret": null,
-  "Id": "AKIA5QYBVVD26EJME25D",
-  "KeyFingerprint": null,
-  "PgpKey": null,
-  "Secret": null,
-  "SesSmtpPasswordV4": null,
-  "Status": "Active",
-  "User": "test-driftctl2",
-  "CtyVal": {}
- },
- {
-  "EncryptedSecret": null,
   "Id": "AKIA5QYBVVD2SWDFVVMG",
-  "KeyFingerprint": null,
-  "PgpKey": null,
-  "Secret": null,
-  "SesSmtpPasswordV4": null,
-  "Status": "Active",
-  "User": "test-driftctl2",
-  "CtyVal": {}
+  "Type": "aws_iam_access_key",
+  "Attrs": {
+   "id": "AKIA5QYBVVD2SWDFVVMG",
+   "status": "Active",
+   "user": "test-driftctl2"
+  }
+ },
+ {
+  "Id": "AKIA5QYBVVD26EJME25D",
+  "Type": "aws_iam_access_key",
+  "Attrs": {
+   "id": "AKIA5QYBVVD26EJME25D",
+   "status": "Active",
+   "user": "test-driftctl2"
+  }
  }
 ]

pkg/iac/terraform/state/test/module.iam_iam-user/result.golden.json

@@ -11,14 +11,12 @@
   }
  },
  {
-  "EncryptedSecret": null,
   "Id": "AKIA5QYBVVD2VIEMMUIQ",
-  "KeyFingerprint": null,
-  "PgpKey": null,
-  "Secret": null,
-  "SesSmtpPasswordV4": null,
-  "Status": "Active",
-  "User": "MODULE-USER",
-  "CtyVal": {}
+  "Type": "aws_iam_access_key",
+  "Attrs": {
+   "id": "AKIA5QYBVVD2VIEMMUIQ",
+   "status": "Active",
+   "user": "MODULE-USER"
+  }
  }
 ]

pkg/resource/aws/aws_iam_access_key.go

@@ -1,7 +1,10 @@
 // GENERATED, DO NOT EDIT THIS FILE
 package aws
 
-import "github.com/zclconf/go-cty/cty"
+import (
+	"github.com/cloudskiff/driftctl/pkg/resource"
+	"github.com/zclconf/go-cty/cty"
+)
 
 const AwsIamAccessKeyResourceType = "aws_iam_access_key"
 
@@ -28,3 +31,13 @@ func (r *AwsIamAccessKey) TerraformType() string {
 func (r *AwsIamAccessKey) CtyValue() *cty.Value {
 	return r.CtyVal
 }
+
+func initAwsIAMAccessKeyMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) {
+	resourceSchemaRepository.SetNormalizeFunc(AwsIamAccessKeyResourceType, func(val *resource.Attributes) {
+		// As we can't read secrets from aws API once access_key created we need to set
+		// fields retrieved from state to nil to avoid drift
+		// We can't detect drift if we cannot retrieve latest value from aws API for fields like secrets, passwords etc ...
+		val.SafeDelete([]string{"secret"})
+		val.SafeDelete([]string{"ses_smtp_password_v4"})
+	})
+}

pkg/resource/aws/aws_iam_access_key_ext_test.go

@@ -0,0 +1,37 @@
+package aws
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+)
+
+func TestAwsIamAccessKey_String(t *testing.T) {
+	tests := []struct {
+		user   string
+		access AwsIamAccessKey
+		want   string
+	}{
+		{user: "test iam access key stringer with user and id",
+			access: AwsIamAccessKey{
+				User: aws.String("test_user"),
+				Id:   "AKIA2SIQ53JH4CMB42VB",
+			},
+			want: "AKIA2SIQ53JH4CMB42VB (User: test_user)",
+		},
+		{user: "test iam access key stringer without user",
+			access: AwsIamAccessKey{
+				User: nil,
+				Id:   "AKIA2SIQ53JH4CMB42VB",
+			},
+			want: "AKIA2SIQ53JH4CMB42VB",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.user, func(t *testing.T) {
+			if got := tt.access.String(); got != tt.want {
+				t.Errorf("String() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

pkg/resource/aws/aws_iam_access_key_test.go

@@ -1,37 +1,31 @@
-package aws
+package aws_test
 
 import (
 	"testing"
 
-	"github.com/aws/aws-sdk-go/aws"
+	"github.com/cloudskiff/driftctl/test"
+	"github.com/cloudskiff/driftctl/test/acceptance"
 )
 
-func TestAwsIamAccessKey_String(t *testing.T) {
-	tests := []struct {
-		user   string
-		access AwsIamAccessKey
-		want   string
-	}{
-		{user: "test iam access key stringer with user and id",
-			access: AwsIamAccessKey{
-				User: aws.String("test_user"),
-				Id:   "AKIA2SIQ53JH4CMB42VB",
+func TestAcc_Aws_IamAccessKey(t *testing.T) {
+	acceptance.Run(t, acceptance.AccTestCase{
+		TerraformVersion: "0.14.9",
+		Paths:            []string{"./testdata/acc/aws_iam_access_key"},
+		Args:             []string{"scan", "--filter", "Type=='aws_iam_access_key'"},
+		Checks: []acceptance.AccCheck{
+			{
+				Env: map[string]string{
+					"AWS_REGION": "us-east-1",
+				},
+				Check: func(result *test.ScanResult, stdout string, err error) {
+					if err != nil {
+						t.Fatal(err)
+					}
+					result.AssertDriftCountTotal(0)
+					result.AssertDeletedCount(0)
+					result.AssertManagedCount(1)
+				},
 			},
-			want: "AKIA2SIQ53JH4CMB42VB (User: test_user)",
 		},
-		{user: "test iam access key stringer without user",
-			access: AwsIamAccessKey{
-				User: nil,
-				Id:   "AKIA2SIQ53JH4CMB42VB",
-			},
-			want: "AKIA2SIQ53JH4CMB42VB",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.user, func(t *testing.T) {
-			if got := tt.access.String(); got != tt.want {
-				t.Errorf("String() = %v, want %v", got, tt.want)
-			}
-		})
-	}
+	})
 }

pkg/resource/aws/metadatas.go

@@ -20,6 +20,7 @@ func InitResourcesMetadata(resourceSchemaRepository resource.SchemaRepositoryInt
 	initAwsRouteMetaData(resourceSchemaRepository)
 	initSnsTopicSubscriptionMetaData(resourceSchemaRepository)
 	initSnsTopicPolicyMetaData(resourceSchemaRepository)
+	initAwsIAMAccessKeyMetaData(resourceSchemaRepository)
 	initAwsIAMPolicyMetaData(resourceSchemaRepository)
 	initAwsIAMPolicyAttachmentMetaData(resourceSchemaRepository)
 	initAwsIAMRoleMetaData(resourceSchemaRepository)

pkg/resource/aws/testdata/acc/aws_iam_access_key/.terraform.lock.hcl

@@ -0,0 +1,20 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "3.19.0"
+  constraints = "~> 3.19.0"
+  hashes = [
+    "h1:+7Vi7p13+cnrxjXbfJiTimGSFR97xCaQwkkvWcreLns=",
+    "zh:185a5259153eb9ee4699d4be43b3d509386b473683392034319beee97d470c3b",
+    "zh:2d9a0a01f93e8d16539d835c02b8b6e1927b7685f4076e96cb07f7dd6944bc6c",
+    "zh:703f6da36b1b5f3497baa38fccaa7765fb8a2b6440344e4c97172516b49437dd",
+    "zh:770855565462abadbbddd98cb357d2f1a8f30f68a358cb37cbd5c072cb15b377",
+    "zh:8008db43149fe4345301f81e15e6d9ddb47aa5e7a31648f9b290af96ad86e92a",
+    "zh:8cdd27d375da6dcb7687f1fed126b7c04efce1671066802ee876dbbc9c66ec79",
+    "zh:be22ae185005690d1a017c1b909e0d80ab567e239b4f06ecacdba85080667c1c",
+    "zh:d2d02e72dbd80f607636cd6237a6c862897caabc635c7b50c0cb243d11246723",
+    "zh:d8f125b66a1eda2555c0f9bbdf12036a5f8d073499a22ca9e4812b68067fea31",
+    "zh:f5a98024c64d5d2973ff15b093725a074c0cb4afde07ef32c542e69f17ac90bc",
+  ]
+}

pkg/resource/aws/testdata/acc/aws_iam_access_key/terraform.tf

@@ -0,0 +1,18 @@
+provider "aws" {
+  region = "us-east-1"
+}
+terraform {
+  required_providers {
+    aws = {
+      version = "~> 3.19.0"
+    }
+  }
+}
+
+resource "aws_iam_user" "testuser_access_key" {
+    name = "testuser_access_key"
+}
+
+resource "aws_iam_access_key" "accesskey" {
+    user = aws_iam_user.testuser_access_key.name
+}

pkg/resource/resource.go

@@ -33,7 +33,7 @@ var refactoredResources = []string{
 	"aws_ecr_repository",
 	"aws_eip",
 	"aws_eip_association",
-	// "aws_iam_access_key",
+	"aws_iam_access_key",
 	"aws_iam_policy",
 	"aws_iam_policy_attachment",
 	"aws_iam_role",