feat(ec2-route-table): filter shared resource

resources/ec2-route-table.go

@@ -2,6 +2,7 @@ package resources
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"github.com/gotidy/ptr"
@@ -55,6 +56,7 @@ func (l *EC2RouteTableLister) List(_ context.Context, o interface{}) ([]resource
 
 		resources = append(resources, &EC2RouteTable{
 			svc:        svc,
+			accountID:  opts.AccountID,
 			routeTable: out,
 			defaultVPC: defVpcID == ptr.ToString(out.VpcId),
 			vpc:        vpc,
@@ -67,6 +69,7 @@ func (l *EC2RouteTableLister) List(_ context.Context, o interface{}) ([]resource
 
 type EC2RouteTable struct {
 	svc        *ec2.EC2
+	accountID  *string
 	routeTable *ec2.RouteTable
 	defaultVPC bool
 	vpc        *ec2.Vpc
@@ -80,6 +83,10 @@ func (r *EC2RouteTable) Filter() error {
 		}
 	}
 
+	if ptr.ToString(r.vpc.OwnerId) != ptr.ToString(r.accountID) {
+		return errors.New("not owned by account, likely shared")
+	}
+
 	return nil
 }
 

resources/ec2-route-table_test.go

@@ -0,0 +1,45 @@
+package resources
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/gotidy/ptr"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_EC2RouteTable_Filter(t *testing.T) {
+	cases := []struct {
+		ownerID   *string
+		accountID *string
+		filtered  bool
+	}{
+		{
+			ownerID:   ptr.String("123456789012"),
+			accountID: ptr.String("123456789012"),
+			filtered:  false,
+		},
+		{
+			ownerID:   ptr.String("123456789012"),
+			accountID: ptr.String("123456789013"),
+			filtered:  true,
+		},
+	}
+
+	for _, c := range cases {
+		r := EC2RouteTable{
+			svc:        nil,
+			accountID:  c.accountID,
+			routeTable: &ec2.RouteTable{OwnerId: c.ownerID},
+			vpc:        &ec2.Vpc{VpcId: ptr.String("vpc-12345678"), OwnerId: c.ownerID},
+		}
+
+		err := r.Filter()
+
+		if c.filtered {
+			assert.Error(t, err)
+		} else {
+			assert.NoError(t, err)
+		}
+	}
+}