driftctl/pkg/middlewares/aws_iam_policy_attachement_...

90 lines
3.1 KiB
Go

package middlewares
import (
"github.com/snyk/driftctl/enumeration/resource"
"github.com/snyk/driftctl/pkg/resource/aws"
)
/**
When listing policy attachment from aws we retrieve only user_policy_attachment or role_policy_attachment thus making it
impossible to compare with policy_attachment that could exist in terraform.
We decided to transform all attachments to policy_attachment so we can find which attachments are managed.
*/
type IamPolicyAttachmentTransformer struct {
resourceFactory resource.ResourceFactory
}
func NewIamPolicyAttachmentTransformer(resourceFactory resource.ResourceFactory) IamPolicyAttachmentTransformer {
return IamPolicyAttachmentTransformer{
resourceFactory,
}
}
func (m IamPolicyAttachmentTransformer) Execute(remoteResources, resourcesFromState *[]*resource.Resource) error {
*remoteResources = m.transform(remoteResources)
*resourcesFromState = m.transform(resourcesFromState)
return nil
}
func (m IamPolicyAttachmentTransformer) transform(resources *[]*resource.Resource) []*resource.Resource {
var newResources []*resource.Resource
for _, res := range *resources {
if res.ResourceType() != aws.AwsIamUserPolicyAttachmentResourceType &&
res.ResourceType() != aws.AwsIamRolePolicyAttachmentResourceType &&
res.ResourceType() != aws.AwsIamGroupPolicyAttachmentResourceType {
newResources = append(newResources, res)
continue
}
if res.ResourceType() == aws.AwsIamUserPolicyAttachmentResourceType {
attrs := *res.Attributes()
policyAttachmentData := resource.Attributes{
"id": res.ResourceId(),
"policy_arn": attrs["policy_arn"],
"users": []interface{}{attrs["user"]},
"groups": []interface{}{},
"roles": []interface{}{},
}
policyAttachment := m.resourceFactory.CreateAbstractResource(aws.AwsIamPolicyAttachmentResourceType, res.ResourceId(), policyAttachmentData)
newResources = append(newResources, policyAttachment)
continue
}
if res.ResourceType() == aws.AwsIamRolePolicyAttachmentResourceType {
attrs := *res.Attributes()
policyAttachmentData := resource.Attributes{
"id": res.ResourceId(),
"policy_arn": attrs["policy_arn"],
"users": []interface{}{},
"groups": []interface{}{},
"roles": []interface{}{attrs["role"]},
}
policyAttachment := m.resourceFactory.CreateAbstractResource(aws.AwsIamPolicyAttachmentResourceType, res.ResourceId(), policyAttachmentData)
newResources = append(newResources, policyAttachment)
continue
}
if res.ResourceType() == aws.AwsIamGroupPolicyAttachmentResourceType {
attrs := *res.Attributes()
policyAttachmentData := resource.Attributes{
"id": res.ResourceId(),
"policy_arn": attrs["policy_arn"],
"users": []interface{}{},
"groups": []interface{}{attrs["group"]},
"roles": []interface{}{},
}
policyAttachment := m.resourceFactory.CreateAbstractResource(aws.AwsIamPolicyAttachmentResourceType, res.ResourceId(), policyAttachmentData)
newResources = append(newResources, policyAttachment)
continue
}
}
return newResources
}