71 lines
2.5 KiB
Go
71 lines
2.5 KiB
Go
package middlewares
|
|
|
|
import (
|
|
"github.com/snyk/driftctl/enumeration/resource"
|
|
"github.com/snyk/driftctl/pkg/resource/aws"
|
|
)
|
|
|
|
// AwsEbsEncryptionByDefaultReconciler is a middleware that either creates an 'aws_ebs_encryption_by_default' resource
|
|
// based on its equivalent state one just for the purpose of getting the Terraform custom Id, or removes the resource
|
|
// from our list of remote resources if it is not managed and is disabled.
|
|
type AwsEbsEncryptionByDefaultReconciler struct {
|
|
resourceFactory resource.ResourceFactory
|
|
}
|
|
|
|
func NewAwsEbsEncryptionByDefaultReconciler(resourceFactory resource.ResourceFactory) AwsEbsEncryptionByDefaultReconciler {
|
|
return AwsEbsEncryptionByDefaultReconciler{
|
|
resourceFactory: resourceFactory,
|
|
}
|
|
}
|
|
|
|
func (m AwsEbsEncryptionByDefaultReconciler) Execute(remoteResources, resourcesFromState *[]*resource.Resource) error {
|
|
newStateResources := make([]*resource.Resource, 0)
|
|
newRemoteResources := make([]*resource.Resource, 0)
|
|
|
|
var found bool
|
|
var defaultEbsEncryption *resource.Resource
|
|
|
|
for _, res := range *remoteResources {
|
|
// Ignore all resources other than aws_ebs_encryption_by_default
|
|
if res.ResourceType() != aws.AwsEbsEncryptionByDefaultResourceType {
|
|
newRemoteResources = append(newRemoteResources, res)
|
|
continue
|
|
}
|
|
defaultEbsEncryption = res
|
|
}
|
|
|
|
// We can encounter this case when we don't have permission to get this setting from AWS.
|
|
if defaultEbsEncryption == nil {
|
|
return nil
|
|
}
|
|
|
|
for _, res := range *resourcesFromState {
|
|
newStateResources = append(newStateResources, res)
|
|
|
|
// Ignore all resources other than aws_ebs_encryption_by_default
|
|
if res.ResourceType() != aws.AwsEbsEncryptionByDefaultResourceType {
|
|
continue
|
|
}
|
|
|
|
// Create a new remote resource that will be similar to the state resource but with the 'enabled' attribute of the remote one.
|
|
// The reason why is that the id is a random string created by Terraform that we need to compare two resources.
|
|
newRemoteResources = append(newRemoteResources, m.resourceFactory.CreateAbstractResource(
|
|
res.ResourceType(),
|
|
res.ResourceId(),
|
|
map[string]interface{}{
|
|
"id": res.ResourceId(),
|
|
"enabled": *defaultEbsEncryption.Attributes().GetBool("enabled"),
|
|
},
|
|
))
|
|
found = true
|
|
}
|
|
|
|
if defaultEbsEncryption != nil && !found && *defaultEbsEncryption.Attributes().GetBool("enabled") {
|
|
newRemoteResources = append(newRemoteResources, defaultEbsEncryption)
|
|
}
|
|
|
|
*resourcesFromState = newStateResources
|
|
*remoteResources = newRemoteResources
|
|
return nil
|
|
}
|