From a21e0a7cb347f62340e1473fc42c0084bc087de1 Mon Sep 17 00:00:00 2001
From: Erik Kristensen <erik@erikkristensen.com>
Date: Thu, 30 Jan 2025 17:13:25 -0700
Subject: [PATCH] feat(ec2-route-table): filter shared resource

---
 resources/ec2-route-table.go      |  7 +++++
 resources/ec2-route-table_test.go | 45 +++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 resources/ec2-route-table_test.go

diff --git a/resources/ec2-route-table.go b/resources/ec2-route-table.go
index 223c6adb..82d81778 100644
--- a/resources/ec2-route-table.go
+++ b/resources/ec2-route-table.go
@@ -2,6 +2,7 @@ package resources
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	"github.com/gotidy/ptr"
@@ -55,6 +56,7 @@ func (l *EC2RouteTableLister) List(_ context.Context, o interface{}) ([]resource
 
 		resources = append(resources, &EC2RouteTable{
 			svc:        svc,
+			accountID:  opts.AccountID,
 			routeTable: out,
 			defaultVPC: defVpcID == ptr.ToString(out.VpcId),
 			vpc:        vpc,
@@ -67,6 +69,7 @@ func (l *EC2RouteTableLister) List(_ context.Context, o interface{}) ([]resource
 
 type EC2RouteTable struct {
 	svc        *ec2.EC2
+	accountID  *string
 	routeTable *ec2.RouteTable
 	defaultVPC bool
 	vpc        *ec2.Vpc
@@ -80,6 +83,10 @@ func (r *EC2RouteTable) Filter() error {
 		}
 	}
 
+	if ptr.ToString(r.vpc.OwnerId) != ptr.ToString(r.accountID) {
+		return errors.New("not owned by account, likely shared")
+	}
+
 	return nil
 }
 
diff --git a/resources/ec2-route-table_test.go b/resources/ec2-route-table_test.go
new file mode 100644
index 00000000..ce4a73c7
--- /dev/null
+++ b/resources/ec2-route-table_test.go
@@ -0,0 +1,45 @@
+package resources
+
+import (
+	"testing"
+
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/gotidy/ptr"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_EC2RouteTable_Filter(t *testing.T) {
+	cases := []struct {
+		ownerID   *string
+		accountID *string
+		filtered  bool
+	}{
+		{
+			ownerID:   ptr.String("123456789012"),
+			accountID: ptr.String("123456789012"),
+			filtered:  false,
+		},
+		{
+			ownerID:   ptr.String("123456789012"),
+			accountID: ptr.String("123456789013"),
+			filtered:  true,
+		},
+	}
+
+	for _, c := range cases {
+		r := EC2RouteTable{
+			svc:        nil,
+			accountID:  c.accountID,
+			routeTable: &ec2.RouteTable{OwnerId: c.ownerID},
+			vpc:        &ec2.Vpc{VpcId: ptr.String("vpc-12345678"), OwnerId: c.ownerID},
+		}
+
+		err := r.Filter()
+
+		if c.filtered {
+			assert.Error(t, err)
+		} else {
+			assert.NoError(t, err)
+		}
+	}
+}