From cafde28e214afb8a08ab8f48e926eabb346ea2f6 Mon Sep 17 00:00:00 2001 From: Elie Date: Tue, 11 May 2021 17:02:08 +0200 Subject: [PATCH] Refacto aws_iam_access_key --- .../result.golden.json | 62 ++++++++----------- .../module.iam_iam-user/result.golden.json | 14 ++--- pkg/resource/aws/aws_iam_access_key.go | 15 ++++- .../aws/aws_iam_access_key_ext_test.go | 37 +++++++++++ pkg/resource/aws/aws_iam_access_key_test.go | 50 +++++++-------- pkg/resource/aws/metadatas.go | 1 + .../aws_iam_access_key/.terraform.lock.hcl | 20 ++++++ .../acc/aws_iam_access_key/terraform.tf | 18 ++++++ pkg/resource/resource.go | 2 +- 9 files changed, 146 insertions(+), 73 deletions(-) create mode 100644 pkg/resource/aws/aws_iam_access_key_ext_test.go create mode 100644 pkg/resource/aws/testdata/acc/aws_iam_access_key/.terraform.lock.hcl create mode 100644 pkg/resource/aws/testdata/acc/aws_iam_access_key/terraform.tf diff --git a/pkg/iac/terraform/state/test/iam_access_key_multiple/result.golden.json b/pkg/iac/terraform/state/test/iam_access_key_multiple/result.golden.json index d2b45e1b..c5a97d0d 100755 --- a/pkg/iac/terraform/state/test/iam_access_key_multiple/result.golden.json +++ b/pkg/iac/terraform/state/test/iam_access_key_multiple/result.golden.json @@ -1,46 +1,38 @@ [ { - "EncryptedSecret": null, "Id": "AKIA5QYBVVD223VWU32A", - "KeyFingerprint": null, - "PgpKey": null, - "Secret": null, - "SesSmtpPasswordV4": null, - "Status": "Active", - "User": "test-driftctl", - "CtyVal": {} + "Type": "aws_iam_access_key", + "Attrs": { + "id": "AKIA5QYBVVD223VWU32A", + "status": "Active", + "user": "test-driftctl" + } }, { - "EncryptedSecret": null, "Id": "AKIA5QYBVVD2QYI36UZP", - "KeyFingerprint": null, - "PgpKey": null, - "Secret": null, - "SesSmtpPasswordV4": null, - "Status": "Active", - "User": "test-driftctl", - "CtyVal": {} + "Type": "aws_iam_access_key", + "Attrs": { + "id": "AKIA5QYBVVD2QYI36UZP", + "status": "Active", + "user": "test-driftctl" + } }, { - "EncryptedSecret": null, - "Id": "AKIA5QYBVVD26EJME25D", - "KeyFingerprint": null, - "PgpKey": null, - "Secret": null, - "SesSmtpPasswordV4": null, - "Status": "Active", - "User": "test-driftctl2", - "CtyVal": {} - }, - { - "EncryptedSecret": null, "Id": "AKIA5QYBVVD2SWDFVVMG", - "KeyFingerprint": null, - "PgpKey": null, - "Secret": null, - "SesSmtpPasswordV4": null, - "Status": "Active", - "User": "test-driftctl2", - "CtyVal": {} + "Type": "aws_iam_access_key", + "Attrs": { + "id": "AKIA5QYBVVD2SWDFVVMG", + "status": "Active", + "user": "test-driftctl2" + } + }, + { + "Id": "AKIA5QYBVVD26EJME25D", + "Type": "aws_iam_access_key", + "Attrs": { + "id": "AKIA5QYBVVD26EJME25D", + "status": "Active", + "user": "test-driftctl2" + } } ] \ No newline at end of file diff --git a/pkg/iac/terraform/state/test/module.iam_iam-user/result.golden.json b/pkg/iac/terraform/state/test/module.iam_iam-user/result.golden.json index 93a0effa..b23c0416 100755 --- a/pkg/iac/terraform/state/test/module.iam_iam-user/result.golden.json +++ b/pkg/iac/terraform/state/test/module.iam_iam-user/result.golden.json @@ -11,14 +11,12 @@ } }, { - "EncryptedSecret": null, "Id": "AKIA5QYBVVD2VIEMMUIQ", - "KeyFingerprint": null, - "PgpKey": null, - "Secret": null, - "SesSmtpPasswordV4": null, - "Status": "Active", - "User": "MODULE-USER", - "CtyVal": {} + "Type": "aws_iam_access_key", + "Attrs": { + "id": "AKIA5QYBVVD2VIEMMUIQ", + "status": "Active", + "user": "MODULE-USER" + } } ] \ No newline at end of file diff --git a/pkg/resource/aws/aws_iam_access_key.go b/pkg/resource/aws/aws_iam_access_key.go index c70b9eed..8dd7df40 100644 --- a/pkg/resource/aws/aws_iam_access_key.go +++ b/pkg/resource/aws/aws_iam_access_key.go @@ -1,7 +1,10 @@ // GENERATED, DO NOT EDIT THIS FILE package aws -import "github.com/zclconf/go-cty/cty" +import ( + "github.com/cloudskiff/driftctl/pkg/resource" + "github.com/zclconf/go-cty/cty" +) const AwsIamAccessKeyResourceType = "aws_iam_access_key" @@ -28,3 +31,13 @@ func (r *AwsIamAccessKey) TerraformType() string { func (r *AwsIamAccessKey) CtyValue() *cty.Value { return r.CtyVal } + +func initAwsIAMAccessKeyMetaData(resourceSchemaRepository resource.SchemaRepositoryInterface) { + resourceSchemaRepository.SetNormalizeFunc(AwsIamAccessKeyResourceType, func(val *resource.Attributes) { + // As we can't read secrets from aws API once access_key created we need to set + // fields retrieved from state to nil to avoid drift + // We can't detect drift if we cannot retrieve latest value from aws API for fields like secrets, passwords etc ... + val.SafeDelete([]string{"secret"}) + val.SafeDelete([]string{"ses_smtp_password_v4"}) + }) +} diff --git a/pkg/resource/aws/aws_iam_access_key_ext_test.go b/pkg/resource/aws/aws_iam_access_key_ext_test.go new file mode 100644 index 00000000..330d5cd8 --- /dev/null +++ b/pkg/resource/aws/aws_iam_access_key_ext_test.go @@ -0,0 +1,37 @@ +package aws + +import ( + "testing" + + "github.com/aws/aws-sdk-go/aws" +) + +func TestAwsIamAccessKey_String(t *testing.T) { + tests := []struct { + user string + access AwsIamAccessKey + want string + }{ + {user: "test iam access key stringer with user and id", + access: AwsIamAccessKey{ + User: aws.String("test_user"), + Id: "AKIA2SIQ53JH4CMB42VB", + }, + want: "AKIA2SIQ53JH4CMB42VB (User: test_user)", + }, + {user: "test iam access key stringer without user", + access: AwsIamAccessKey{ + User: nil, + Id: "AKIA2SIQ53JH4CMB42VB", + }, + want: "AKIA2SIQ53JH4CMB42VB", + }, + } + for _, tt := range tests { + t.Run(tt.user, func(t *testing.T) { + if got := tt.access.String(); got != tt.want { + t.Errorf("String() = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/pkg/resource/aws/aws_iam_access_key_test.go b/pkg/resource/aws/aws_iam_access_key_test.go index 330d5cd8..28b41397 100644 --- a/pkg/resource/aws/aws_iam_access_key_test.go +++ b/pkg/resource/aws/aws_iam_access_key_test.go @@ -1,37 +1,31 @@ -package aws +package aws_test import ( "testing" - "github.com/aws/aws-sdk-go/aws" + "github.com/cloudskiff/driftctl/test" + "github.com/cloudskiff/driftctl/test/acceptance" ) -func TestAwsIamAccessKey_String(t *testing.T) { - tests := []struct { - user string - access AwsIamAccessKey - want string - }{ - {user: "test iam access key stringer with user and id", - access: AwsIamAccessKey{ - User: aws.String("test_user"), - Id: "AKIA2SIQ53JH4CMB42VB", +func TestAcc_Aws_IamAccessKey(t *testing.T) { + acceptance.Run(t, acceptance.AccTestCase{ + TerraformVersion: "0.14.9", + Paths: []string{"./testdata/acc/aws_iam_access_key"}, + Args: []string{"scan", "--filter", "Type=='aws_iam_access_key'"}, + Checks: []acceptance.AccCheck{ + { + Env: map[string]string{ + "AWS_REGION": "us-east-1", + }, + Check: func(result *test.ScanResult, stdout string, err error) { + if err != nil { + t.Fatal(err) + } + result.AssertDriftCountTotal(0) + result.AssertDeletedCount(0) + result.AssertManagedCount(1) + }, }, - want: "AKIA2SIQ53JH4CMB42VB (User: test_user)", }, - {user: "test iam access key stringer without user", - access: AwsIamAccessKey{ - User: nil, - Id: "AKIA2SIQ53JH4CMB42VB", - }, - want: "AKIA2SIQ53JH4CMB42VB", - }, - } - for _, tt := range tests { - t.Run(tt.user, func(t *testing.T) { - if got := tt.access.String(); got != tt.want { - t.Errorf("String() = %v, want %v", got, tt.want) - } - }) - } + }) } diff --git a/pkg/resource/aws/metadatas.go b/pkg/resource/aws/metadatas.go index 88e8aa62..9f520d1e 100644 --- a/pkg/resource/aws/metadatas.go +++ b/pkg/resource/aws/metadatas.go @@ -20,6 +20,7 @@ func InitResourcesMetadata(resourceSchemaRepository resource.SchemaRepositoryInt initAwsRouteMetaData(resourceSchemaRepository) initSnsTopicSubscriptionMetaData(resourceSchemaRepository) initSnsTopicPolicyMetaData(resourceSchemaRepository) + initAwsIAMAccessKeyMetaData(resourceSchemaRepository) initAwsIAMPolicyMetaData(resourceSchemaRepository) initAwsIAMPolicyAttachmentMetaData(resourceSchemaRepository) initAwsIAMRoleMetaData(resourceSchemaRepository) diff --git a/pkg/resource/aws/testdata/acc/aws_iam_access_key/.terraform.lock.hcl b/pkg/resource/aws/testdata/acc/aws_iam_access_key/.terraform.lock.hcl new file mode 100644 index 00000000..442356e0 --- /dev/null +++ b/pkg/resource/aws/testdata/acc/aws_iam_access_key/.terraform.lock.hcl @@ -0,0 +1,20 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.19.0" + constraints = "~> 3.19.0" + hashes = [ + "h1:+7Vi7p13+cnrxjXbfJiTimGSFR97xCaQwkkvWcreLns=", + "zh:185a5259153eb9ee4699d4be43b3d509386b473683392034319beee97d470c3b", + "zh:2d9a0a01f93e8d16539d835c02b8b6e1927b7685f4076e96cb07f7dd6944bc6c", + "zh:703f6da36b1b5f3497baa38fccaa7765fb8a2b6440344e4c97172516b49437dd", + "zh:770855565462abadbbddd98cb357d2f1a8f30f68a358cb37cbd5c072cb15b377", + "zh:8008db43149fe4345301f81e15e6d9ddb47aa5e7a31648f9b290af96ad86e92a", + "zh:8cdd27d375da6dcb7687f1fed126b7c04efce1671066802ee876dbbc9c66ec79", + "zh:be22ae185005690d1a017c1b909e0d80ab567e239b4f06ecacdba85080667c1c", + "zh:d2d02e72dbd80f607636cd6237a6c862897caabc635c7b50c0cb243d11246723", + "zh:d8f125b66a1eda2555c0f9bbdf12036a5f8d073499a22ca9e4812b68067fea31", + "zh:f5a98024c64d5d2973ff15b093725a074c0cb4afde07ef32c542e69f17ac90bc", + ] +} diff --git a/pkg/resource/aws/testdata/acc/aws_iam_access_key/terraform.tf b/pkg/resource/aws/testdata/acc/aws_iam_access_key/terraform.tf new file mode 100644 index 00000000..cd540a6f --- /dev/null +++ b/pkg/resource/aws/testdata/acc/aws_iam_access_key/terraform.tf @@ -0,0 +1,18 @@ +provider "aws" { + region = "us-east-1" +} +terraform { + required_providers { + aws = { + version = "~> 3.19.0" + } + } +} + +resource "aws_iam_user" "testuser_access_key" { + name = "testuser_access_key" +} + +resource "aws_iam_access_key" "accesskey" { + user = aws_iam_user.testuser_access_key.name +} diff --git a/pkg/resource/resource.go b/pkg/resource/resource.go index a4e5fc2a..1e6b707b 100644 --- a/pkg/resource/resource.go +++ b/pkg/resource/resource.go @@ -33,7 +33,7 @@ var refactoredResources = []string{ "aws_ecr_repository", "aws_eip", "aws_eip_association", - // "aws_iam_access_key", + "aws_iam_access_key", "aws_iam_policy", "aws_iam_policy_attachment", "aws_iam_role",